Accepting request 748739 from Virtualization

OBS-URL: https://build.opensuse.org/request/show/748739 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=292
2019-11-18 19:02:48 +00:00 · 2019-11-18 19:02:48 +00:00 · 08a37a7ed4
commit 08a37a7ed4
parent 44feaf5a1d 25f8b5455b
4 changed files with 142 additions and 17 deletions
--- a/2552752f-libxl-fix-lock-manager-lock-ordering.patch
+++ b/2552752f-libxl-fix-lock-manager-lock-ordering.patch
@ -0,0 +1,87 @@
 commit 2552752f0b6504a80f6306e5aae2c7063d24f1ab
 Author: Jim Fehlig <jfehlig@suse.com>
 Date:   Mon Oct 14 14:01:00 2019 -0600
    libxl: Fix lock manager lock ordering
    The ordering of lock manager locks in the libxl driver has a flaw that was
    uncovered by a migration error path. In the perform phase of migration, the
    source host calls virDomainLockProcessPause to release the lock before
    sending the VM to the destination host. If the send fails an attempt is made
    to reacquire the lock with virDomainLockProcessResume, but that too can fail
    if the destination host has not finished cleaning up the failed VM and
    releasing the lock it acquired when starting to receive the VM.
    This change delays calling virDomainLockProcessResume in libxlDomainStart
    until the VM is successfully created, but before it is unpaused. A similar
    approach is used by the qemu driver, avoiding the need to release the lock
    if VM creation fails. In the migration perform phase, releasing the lock
    with virDomainLockProcessPause is delayed until the VM is successfully
    sent to the destination, which avoids reacquiring the lock if the send
    fails.
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
    Reviewed-by: Cole Robinson <crobinso@redhat.com>
 Index: libvirt-5.9.0/src/libxl/libxl_domain.c
 ===================================================================
 --- libvirt-5.9.0.orig/src/libxl/libxl_domain.c
 +++ libvirt-5.9.0/src/libxl/libxl_domain.c
@@ -1347,13 +1347,6 @@ libxlDomainStart(libxlDriverPrivatePtr d
                                   NULL) < 0)
         goto cleanup;
 -    if (virDomainLockProcessResume(driver->lockManager,
 -                                  "xen:///system",
 -                                  vm,
 -                                  priv->lockState) < 0)
 -        goto cleanup;
 -    VIR_FREE(priv->lockState);
 -
     if (libxlNetworkPrepareDevices(vm->def) < 0)
         goto cleanup_dom;
@@ -1436,6 +1429,13 @@ libxlDomainStart(libxlDriverPrivatePtr d
     libxlLoggerOpenFile(cfg->logger, domid, vm->def->name, config_json);
 +    if (virDomainLockProcessResume(driver->lockManager,
 +                                  "xen:///system",
 +                                  vm,
 +                                  priv->lockState) < 0)
 +        goto destroy_dom;
 +    VIR_FREE(priv->lockState);
 +
     /* Always enable domain death events */
     if (libxl_evenable_domain_death(cfg->ctx, vm->def->id, 0, &priv->deathW))
         goto destroy_dom;
 Index: libvirt-5.9.0/src/libxl/libxl_migration.c
 ===================================================================
 --- libvirt-5.9.0.orig/src/libxl/libxl_migration.c
 +++ libvirt-5.9.0/src/libxl/libxl_migration.c
@@ -1240,20 +1240,16 @@ libxlDomainMigrationSrcPerform(libxlDriv
     sockfd = virNetSocketDupFD(sock, true);
     virObjectUnref(sock);
 -    if (virDomainLockProcessPause(driver->lockManager, vm, &priv->lockState) < 0)
 -        VIR_WARN("Unable to release lease on %s", vm->def->name);
 -    VIR_DEBUG("Preserving lock state '%s'", NULLSTR(priv->lockState));
 -
     /* suspend vm and send saved data to dst through socket fd */
     virObjectUnlock(vm);
     ret = libxlDoMigrateSrcSend(driver, vm, flags, sockfd);
     virObjectLock(vm);
 -    if (ret < 0) {
 -        virDomainLockProcessResume(driver->lockManager,
 -                                   "xen:///system",
 -                                   vm,
 -                                   priv->lockState);
 +    if (ret == 0) {
 +        if (virDomainLockProcessPause(driver->lockManager, vm, &priv->lockState) < 0)
 +            VIR_WARN("Unable to release lease on %s", vm->def->name);
 +        VIR_DEBUG("Preserving lock state '%s'", NULLSTR(priv->lockState));
 +    } else {
         /*
          * Confirm phase will not be executed if perform fails. End the
          * job started in begin phase.
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,26 @@
 -------------------------------------------------------------------
 Thu Nov 14 17:31:35 UTC 2019 - James Fehlig <jfehlig@suse.com>
 - libxl: Fix lock manager lock ordering
  2552752f-libxl-fix-lock-manager-lock-ordering.patch
  bsc#1145774
 -------------------------------------------------------------------
 Tue Nov 12 22:51:54 UTC 2019 - James Fehlig <jfehlig@suse.com>
 - spec: Forcibly remove '--listen' option from LIBVIRTD_ARGS in
  /etc/sysconfig/libvirtd since it is incompatible with socket
  activation. Also add '--timeout' option for consistency with
  upstream.
  boo#1156161
 -------------------------------------------------------------------
 Mon Nov 11 23:32:43 UTC 2019 - James Fehlig <jfehlig@suse.com>
 - Enable automatic firmware seletction and add the new smm
  flavor to the build-time firmware list
  jsc#SLE-6997
 -------------------------------------------------------------------
 Wed Nov  6 14:55:39 UTC 2019 - James Fehlig <jfehlig@suse.com>
--- a/libvirt.spec
+++ b/libvirt.spec
@ -338,6 +338,7 @@ Source6:        libvirtd-relocation-server.xml
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
 Patch0:         2552752f-libxl-fix-lock-manager-lock-ordering.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -871,6 +872,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %prep
 %setup -q
 %patch0 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1
@ -1003,6 +1005,10 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %define arg_selinux_mount --with-selinux-mount="/selinux"
 # UEFI firmwares
 # For SLE15 SP2 (Leap 15.2) and newer, use firmware descriptor files from the
 # firmware packages, otherwise define firmwares via configure option
 %if ! (0%{?suse_version} > 1500 || 0%{?sle_version} > 150100)
    # x86_64 UEFI firmwares
    # To more closely resemble actual hardware, we use the firmwares with
    # embedded Microsoft keys
@ -1017,6 +1023,7 @@ LOADERS="$LOADERS:/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x
    # aarch64 UEFI firmwares
    LOADERS="$LOADERS:/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin"
    %define arg_loader_nvram --with-loader-nvram="$LOADERS"
 %endif
 autoreconf -f -i
 export CFLAGS="%{optflags}"
@ -1252,6 +1259,14 @@ fi
 %{fillup_only -n libvirtd}
 %{fillup_only -n virtlockd}
 %{fillup_only -n virtlogd}
 # The '--listen' option is incompatible with socket activation.
 # We need to forcibly remove it from /etc/sysconfig/libvirtd.
 # Also add the --timeout option to be consistent with upstream.
 # See boo#1156161 for details
 sed -i -e '/^\s*LIBVIRTD_ARGS=/s/--listen//g' %{_sysconfdir}/sysconfig/libvirtd
 if ! grep -q -E '^\s*LIBVIRTD_ARGS=.*--timeout' %{_sysconfdir}/sysconfig/libvirtd ; then
    sed -i 's/^\s*LIBVIRTD_ARGS="\(.*\)"/LIBVIRTD_ARGS="\1 --timeout 120"/' %{_sysconfdir}/sysconfig/libvirtd
 fi
 %preun daemon
 %service_del_preun libvirtd.service libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket virtlockd.service virtlockd.socket virtlogd.service virtlogd.socket virtlockd-admin.socket virtlogd-admin.socket
@ -1271,7 +1286,7 @@ fi
 # All connection drivers should be installed post transaction.
 # Time to restart libvirtd. With new socket activation we need to be a bit
 # smarter on update. Old libvirtd owns the sockets and will delete them on
-# shutdown. We can't use try-restart as libvirtd will one the sockets again
+# shutdown. We can't use try-restart as libvirtd will own the sockets again
 # after restart. So we must instead shutdown libvirtd, start the sockets,
 # then start libvirtd.
 if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then
--- a/libxl-set-migration-constraints.patch
+++ b/libxl-set-migration-constraints.patch
@ -255,7 +255,7 @@ Index: libvirt-5.9.0/src/libxl/libxl_migration.c
 {
     libxlDomainObjPrivatePtr priv = vm->privateData;
     char *hostname = NULL;
-@@ -1246,7 +1267,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
+@@ -1242,7 +1263,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
     /* suspend vm and send saved data to dst through socket fd */
     virObjectUnlock(vm);
@ -263,7 +263,7 @@ Index: libvirt-5.9.0/src/libxl/libxl_migration.c
 +    ret = libxlDoMigrateSrcSend(driver, vm, props, sockfd);
     virObjectLock(vm);
-     if (ret < 0) {
+     if (ret == 0) {
 Index: libvirt-5.9.0/src/libxl/libxl_migration.h
 ===================================================================
 --- libvirt-5.9.0.orig/src/libxl/libxl_migration.h