On Fri, Apr 23, 2010 at 11:49:38AM +0100, Daniel P. Berrange wrote:

In cases where the security driver failed to restore a label after a guest has saved, we mistakenly jumped to the error cleanup paths. This is not good, because the operation has in fact completed and cannot be rolled back completely. Label restore is non-critical, so just log the problem instead. Also add a missing restore call in the error cleanup path

* src/qemu/qemu_driver.c: Fix handling of security driver restore failures in QEMU domain save --- src/qemu/qemu_driver.c | 48 +++++++++++++++++++++++++----------------------- 1 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index faecfb7..862c030 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -5052,16 +5052,13 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path, driver->securityDriver && driver->securityDriver->domainRestoreSavedStateLabel && driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) - goto endjob; + VIR_WARN("failed to restore save state label on %s", path);

if (cgroup != NULL) { rc = virCgroupDenyDevicePath(cgroup, path); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to deny device %s for %s"), - path, vm->def->name); - goto endjob; - } + if (rc != 0) + VIR_WARN("Unable to deny device %s for %s %d", + path, vm->def->name, rc); }

ret = 0; @@ -5080,24 +5077,29 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,

endjob: if (vm) { - if (ret != 0 && header.was_running && priv->mon) { - qemuDomainObjEnterMonitorWithDriver(driver, vm); - rc = qemuMonitorStartCPUs(priv->mon, dom->conn); - qemuDomainObjExitMonitorWithDriver(driver, vm); - if (rc < 0) - VIR_WARN0("Unable to resume guest CPUs after save failure"); - else - vm->state = VIR_DOMAIN_RUNNING; - } + if (ret != 0) { + if (header.was_running && priv->mon) { + qemuDomainObjEnterMonitorWithDriver(driver, vm); + rc = qemuMonitorStartCPUs(priv->mon, dom->conn); + qemuDomainObjExitMonitorWithDriver(driver, vm); + if (rc < 0) + VIR_WARN0("Unable to resume guest CPUs after save failure"); + else + vm->state = VIR_DOMAIN_RUNNING; + }

- if (ret != 0 && cgroup != NULL) { - rc = virCgroupDenyDevicePath(cgroup, path); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to deny device %s for %s"), - path, vm->def->name); - goto endjob; + if (cgroup != NULL) { + rc = virCgroupDenyDevicePath(cgroup, path); + if (rc != 0) + VIR_WARN("Unable to deny device %s for %s: %d", + path, vm->def->name, rc); } + + if ((!bypassSecurityDriver) && + driver->securityDriver && + driver->securityDriver->domainRestoreSavedStateLabel && + driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) + VIR_WARN("failed to restore save state label on %s", path); }

if (qemuDomainObjEndJob(vm) == 0)

ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/