7:41 a.m.
With my namespace patches, we are spawning qemu in its own
namespace so that we can manage /dev entries ourselves. However,
some filesystems mounted under /dev needs to be preserved in
order to be shared with the parent namespace (e.g. /dev/pts).
Currently, the list of mount points to preserve is hardcoded
which ain't right - on some systems there might be less or more
items under real /dev that on our list. The solution is to parse
/proc/mounts and fetch the list from there.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_domain.c | 126 +++++++++++++++++++++++++++++++------------------
1 file changed, 81 insertions(+), 45 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 67e8836f3b..e0631bf55a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -99,14 +99,8 @@ VIR_ENUM_IMPL(qemuDomainNamespace, QEMU_DOMAIN_NS_LAST,
);
-static struct {
- const char *path;
- const char *suffix;
-} devPreserveMounts[] = {
- {"/dev/pts", "devpts"},
- {"/dev/shm", "devshm"},
- {"/dev/mqueue", "mqueue"},
-};
+#define PROC_MOUNTS "/proc/mounts"
+#define DEVPREFIX "/dev/"
struct _qemuDomainLogContext {
@@ -200,33 +194,73 @@ qemuDomainEnableNamespace(virDomainObjPtr vm,
}
+/**
+ * qemuDomainGetPreservedMounts:
+ *
+ * Process list of mounted filesystems and:
+ * a) save all FSs mounted under /dev to @devPath
+ * b) generate backup path for all the entries in a)
+ *
+ * Any of the return pointers can be NULL.
+ *
+ * Returns 0 on success, -1 otherwise (with error reported)
+ */
static int
qemuDomainGetPreservedMounts(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- char ***devMountsPath,
- size_t *ndevMountsPath)
+ char ***devPath,
+ char ***devSavePath,
+ size_t *ndevPath)
{
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
- char **paths;
- size_t i;
+ char **paths = NULL, **mounts = NULL;
+ size_t i, nmounts;
- if (VIR_ALLOC_N(paths, ARRAY_CARDINALITY(devPreserveMounts)) < 0)
+ if (virFileGetMountSubtree(PROC_MOUNTS, "/dev",
+ &mounts, &nmounts) < 0)
goto error;
- for (i = 0; i < ARRAY_CARDINALITY(devPreserveMounts); i++) {
+ if (!nmounts) {
+ if (ndevPath)
+ *ndevPath = 0;
+ return 0;
+ }
+
+ /* Okay, this is crazy. But virFileGetMountSubtree() fetched us all the
+ * mount points under /dev including /dev itself. Fortunately, the paths
+ * are sorted based in their length so we skip the first one (/dev) as it
+ * is handled differently anyway. */
+ VIR_DELETE_ELEMENT(mounts, 0, nmounts);
+
+ if (VIR_ALLOC_N(paths, nmounts) < 0)
+ goto error;
+
+ for (i = 0; i < nmounts; i++) {
if (virAsprintf(&paths[i], "%s/%s.%s",
cfg->stateDir, vm->def->name,
- devPreserveMounts[i].suffix) < 0)
+ mounts[i] + strlen(DEVPREFIX)) < 0)
goto error;
}
- *devMountsPath = paths;
- *ndevMountsPath = ARRAY_CARDINALITY(devPreserveMounts);
+ if (devPath)
+ *devPath = mounts;
+ else
+ virStringListFreeCount(mounts, nmounts);
+
+ if (devSavePath)
+ *devSavePath = paths;
+ else
+ virStringListFreeCount(paths, nmounts);
+
+ if (ndevPath)
+ *ndevPath = nmounts;
+
virObjectUnref(cfg);
return 0;
error:
- virStringListFreeCount(paths, ARRAY_CARDINALITY(devPreserveMounts));
+ virStringListFreeCount(mounts, nmounts);
+ virStringListFreeCount(paths, nmounts);
virObjectUnref(cfg);
return -1;
}
@@ -6917,8 +6951,6 @@ qemuDomainGetHostdevPath(virDomainHostdevDefPtr dev,
}
-#define DEVPREFIX "/dev/"
-
#if defined(__linux__)
static int
qemuDomainCreateDevice(const char *device,
@@ -7304,7 +7336,7 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
const unsigned long mount_flags = MS_MOVE;
char *devPath = NULL;
- char **devMountsPath = NULL;
+ char **devMountsPath = NULL, **devMountsSavePath = NULL;
size_t ndevMountsPath = 0, i;
int ret = -1;
@@ -7318,7 +7350,8 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
goto cleanup;
if (qemuDomainGetPreservedMounts(driver, vm,
- &devMountsPath, &ndevMountsPath) < 0)
+ &devMountsPath, &devMountsSavePath,
+ &ndevMountsPath) < 0)
goto cleanup;
if (qemuDomainSetupDev(driver, vm, devPath) < 0)
@@ -7326,11 +7359,11 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
/* Save some mount points because we want to share them with the host */
for (i = 0; i < ndevMountsPath; i++) {
- if (mount(devPreserveMounts[i].path, devMountsPath[i],
+ if (mount(devMountsPath[i], devMountsSavePath[i],
NULL, mount_flags, NULL) < 0) {
virReportSystemError(errno,
_("Unable to move %s mount"),
- devPreserveMounts[i].path);
+ devMountsPath[i]);
goto cleanup;
}
}
@@ -7361,18 +7394,18 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
}
for (i = 0; i < ndevMountsPath; i++) {
- if (virFileMakePath(devPreserveMounts[i].path) < 0) {
+ if (virFileMakePath(devMountsPath[i]) < 0) {
virReportSystemError(errno, _("Cannot create %s"),
- devPreserveMounts[i].path);
+ devMountsPath[i]);
goto cleanup;
}
- if (mount(devMountsPath[i], devPreserveMounts[i].path,
+ if (mount(devMountsSavePath[i], devMountsPath[i],
NULL, mount_flags, NULL) < 0) {
virReportSystemError(errno,
_("Failed to mount %s on %s"),
- devMountsPath[i],
- devPreserveMounts[i].path);
+ devMountsSavePath[i],
+ devMountsPath[i]);
goto cleanup;
}
}
@@ -7382,6 +7415,7 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
virObjectUnref(cfg);
VIR_FREE(devPath);
virStringListFreeCount(devMountsPath, ndevMountsPath);
+ virStringListFreeCount(devMountsSavePath, ndevMountsPath);
return ret;
}
@@ -7393,8 +7427,8 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
int ret = -1;
char *devPath = NULL;
- char **devMountsPath = NULL;
- size_t ndevMountsPath = 0, i;
+ char **devMountsSavePath = NULL;
+ size_t ndevMountsSavePath = 0, i;
if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) ||
!virQEMUDriverIsPrivileged(driver)) {
@@ -7407,7 +7441,8 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
goto cleanup;
if (qemuDomainGetPreservedMounts(driver, vm,
- &devMountsPath, &ndevMountsPath) < 0)
+ NULL, &devMountsSavePath,
+ &ndevMountsSavePath) < 0)
goto cleanup;
if (virFileMakePath(devPath) < 0) {
@@ -7417,11 +7452,11 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
goto cleanup;
}
- for (i = 0; i < ndevMountsPath; i++) {
- if (virFileMakePath(devMountsPath[i]) < 0) {
+ for (i = 0; i < ndevMountsSavePath; i++) {
+ if (virFileMakePath(devMountsSavePath[i]) < 0) {
virReportSystemError(errno,
_("Failed to create %s"),
- devMountsPath[i]);
+ devMountsSavePath[i]);
goto cleanup;
}
}
@@ -7434,10 +7469,10 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
if (ret < 0) {
if (devPath)
unlink(devPath);
- for (i = 0; i < ndevMountsPath; i++)
- unlink(devMountsPath[i]);
+ for (i = 0; i < ndevMountsSavePath; i++)
+ unlink(devMountsSavePath[i]);
}
- virStringListFreeCount(devMountsPath, ndevMountsPath);
+ virStringListFreeCount(devMountsSavePath, ndevMountsSavePath);
VIR_FREE(devPath);
virObjectUnref(cfg);
return ret;
@@ -7472,8 +7507,8 @@ qemuDomainDeleteNamespace(virQEMUDriverPtr driver,
{
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
char *devPath = NULL;
- char **devMountsPath = NULL;
- size_t ndevMountsPath = 0, i;
+ char **devMountsSavePath = NULL;
+ size_t ndevMountsSavePath = 0, i;
if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
@@ -7484,7 +7519,8 @@ qemuDomainDeleteNamespace(virQEMUDriverPtr driver,
goto cleanup;
if (qemuDomainGetPreservedMounts(driver, vm,
- &devMountsPath, &ndevMountsPath) < 0)
+ NULL, &devMountsSavePath,
+ &ndevMountsSavePath) < 0)
goto cleanup;
if (rmdir(devPath) < 0) {
@@ -7494,17 +7530,17 @@ qemuDomainDeleteNamespace(virQEMUDriverPtr driver,
/* Bet effort. Fall through. */
}
- for (i = 0; i < ndevMountsPath; i++) {
- if (rmdir(devMountsPath[i]) < 0) {
+ for (i = 0; i < ndevMountsSavePath; i++) {
+ if (rmdir(devMountsSavePath[i]) < 0) {
virReportSystemError(errno,
_("Unable to remove %s"),
- devMountsPath[i]);
+ devMountsSavePath[i]);
/* Bet effort. Fall through. */
}
}
cleanup:
virObjectUnref(cfg);
- virStringListFreeCount(devMountsPath, ndevMountsPath);
+ virStringListFreeCount(devMountsSavePath, ndevMountsSavePath);
VIR_FREE(devPath);
}
--
2.11.0
8:46 a.m.
On Thu, Jan 05, 2017 at 02:41:02PM +0100, Michal Privoznik wrote:
With my namespace patches, we are spawning qemu in its own
namespace so that we can manage /dev entries ourselves. However,
some filesystems mounted under /dev needs to be preserved in
order to be shared with the parent namespace (e.g. /dev/pts).
Currently, the list of mount points to preserve is hardcoded
which ain't right - on some systems there might be less or more
items under real /dev that on our list. The solution is to parse
/proc/mounts and fetch the list from there.
Works for me, ACK. I still wonder whether we should mark the mounts as
slaves. I was also wondering if there are multiple sub-subtrees and
from the code it looks like it will 'just work'. Nice.
Martin
8:57 p.m.
Hi Michal
☹ Nothing changes with your patch(without workaround and with /dev/mqueue mounted)
root@s2600wt:~/linux# cat /proc/mounts | grep mqueue
none /dev/mqueue mqueue rw,relatime 0 0
root@s2600wt:~/linux# vim /etc/libvirt/qemu.conf
root@s2600wt:~/linux# grep namespace /etc/libvirt/qemu.conf
# To enhance security, QEMU driver is capable of creating private namespaces
# for each domain started. Well, so far only "mount" namespace is supported.
If
# devices entries throughout the domain lifetime. This namespace is turned on
#namespaces = [ "mount" ]
#namespaces = []
root@s2600wt:~/linux# virsh start kvm02
error: Failed to start domain kvm02
error: An error occurred, but the cause is unknown
Attach kvm02.log, but seems nothing debug information helpful.
2017-01-06 02:47:37.544+0000: 74279: debug : virCommandHandshakeChild:435 : Notifying
parent for handshake start on 26
2017-01-06 02:47:37.544+0000: 74279: debug : virCommandHandshakeChild:443 : Waiting on
parent for handshake complete on 27
libvirt: error : libvirtd quit during handshake: Input/output error
Best Regards
Eli Qiao(乔立勇)OpenStack Core team OTC Intel.
--
On 05/01/2017, 10:46 PM, "Martin Kletzander" <mkletzan(a)redhat.com>
wrote:
On Thu, Jan 05, 2017 at 02:41:02PM +0100, Michal Privoznik wrote:
With my namespace patches, we are spawning qemu in its own
namespace so that we can manage /dev entries ourselves. However,
some filesystems mounted under /dev needs to be preserved in
order to be shared with the parent namespace (e.g. /dev/pts).
Currently, the list of mount points to preserve is hardcoded
which ain't right - on some systems there might be less or more
items under real /dev that on our list. The solution is to parse
/proc/mounts and fetch the list from there.
Works for me, ACK. I still wonder whether we should mark the mounts as
slaves. I was also wondering if there are multiple sub-subtrees and
from the code it looks like it will 'just work'. Nice.
Martin
1:22 a.m.
On Fri, Jan 06, 2017 at 02:57:21AM +0000, Qiao, Liyong wrote:
Hi Michal
☹ Nothing changes with your patch(without workaround and with /dev/mqueue mounted)
The workaround is turning off namespaces?
root@s2600wt:~/linux# cat /proc/mounts | grep mqueue
none /dev/mqueue mqueue rw,relatime 0 0
root@s2600wt:~/linux# vim /etc/libvirt/qemu.conf
root@s2600wt:~/linux# grep namespace /etc/libvirt/qemu.conf
# To enhance security, QEMU driver is capable of creating private namespaces
# for each domain started. Well, so far only "mount" namespace is supported. If
# devices entries throughout the domain lifetime. This namespace is turned on
#namespaces = [ "mount" ]
#namespaces = []
root@s2600wt:~/linux# virsh start kvm02
error: Failed to start domain kvm02
error: An error occurred, but the cause is unknown
Attach kvm02.log, but seems nothing debug information helpful.
2017-01-06 02:47:37.544+0000: 74279: debug : virCommandHandshakeChild:435 : Notifying
parent for handshake start on 26
2017-01-06 02:47:37.544+0000: 74279: debug : virCommandHandshakeChild:443 : Waiting on
parent for handshake complete on 27
libvirt: error : libvirtd quit during handshake: Input/output error
So, if I'm reading it correctly, this means that there was no problem in
qemuProcessHook, but probably there was a problem in the main thread
running qemuProcessLaunch. Would you mind looking at the libvirtd.log
as well, please? Since I can't reproduce it and neither there is error
set, it is pretty hard to find where the problem is. The log _might_ be
helpful in this regard.
Thanks,
Martin
Best Regards
Eli Qiao(乔立勇)OpenStack Core team OTC Intel.
--
On 05/01/2017, 10:46 PM, "Martin Kletzander" <mkletzan(a)redhat.com> wrote:
On Thu, Jan 05, 2017 at 02:41:02PM +0100, Michal Privoznik wrote:
>With my namespace patches, we are spawning qemu in its own
>namespace so that we can manage /dev entries ourselves. However,
>some filesystems mounted under /dev needs to be preserved in
>order to be shared with the parent namespace (e.g. /dev/pts).
>Currently, the list of mount points to preserve is hardcoded
>which ain't right - on some systems there might be less or more
>items under real /dev that on our list. The solution is to parse
>/proc/mounts and fetch the list from there.
>
Works for me, ACK. I still wonder whether we should mark the mounts as
slaves. I was also wondering if there are multiple sub-subtrees and
from the code it looks like it will 'just work'. Nice.
Martin
9:01 a.m.
On Thu, Jan 05, 2017 at 02:41:02PM +0100, Michal Privoznik wrote:
With my namespace patches, we are spawning qemu in its own
namespace so that we can manage /dev entries ourselves. However,
some filesystems mounted under /dev needs to be preserved in
order to be shared with the parent namespace (e.g. /dev/pts).
Currently, the list of mount points to preserve is hardcoded
which ain't right - on some systems there might be less or more
items under real /dev that on our list. The solution is to parse
/proc/mounts and fetch the list from there.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_domain.c | 126 +++++++++++++++++++++++++++++++------------------
1 file changed, 81 insertions(+), 45 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 67e8836f3b..e0631bf55a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -200,33 +194,73 @@ qemuDomainEnableNamespace(virDomainObjPtr vm,
}
+/**
+ * qemuDomainGetPreservedMounts:
+ *
+ * Process list of mounted filesystems and:
+ * a) save all FSs mounted under /dev to @devPath
+ * b) generate backup path for all the entries in a)
+ *
+ * Any of the return pointers can be NULL.
+ *
+ * Returns 0 on success, -1 otherwise (with error reported)
+ */
static int
qemuDomainGetPreservedMounts(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- char ***devMountsPath,
- size_t *ndevMountsPath)
+ char ***devPath,
+ char ***devSavePath,
+ size_t *ndevPath)
{
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
- char **paths;
- size_t i;
+ char **paths = NULL, **mounts = NULL;
+ size_t i, nmounts;
- if (VIR_ALLOC_N(paths, ARRAY_CARDINALITY(devPreserveMounts)) < 0)
+ if (virFileGetMountSubtree(PROC_MOUNTS, "/dev",
+ &mounts, &nmounts) < 0)
goto error;
- for (i = 0; i < ARRAY_CARDINALITY(devPreserveMounts); i++) {
+ if (!nmounts) {
+ if (ndevPath)
+ *ndevPath = 0;
+ return 0;
+ }
+
+ /* Okay, this is crazy. But virFileGetMountSubtree() fetched us all the
+ * mount points under /dev including /dev itself. Fortunately, the paths
+ * are sorted based in their length so we skip the first one (/dev) as it
"based on", abut it's not sorted by length, just sorted. But it will
work alright for this case.
2968
days inactive
2969
days old
4 comments
3 participants
participants (3)
-
Martin Kletzander -
Michal Privoznik -
Qiao, Liyong