bump version to 2.9.0-1~rc3

[pve-qemu.git] / debian / patches / extra / 0001-block-ignore-guest-dev-permissions-during-incoming-migration.patch

From qemu-devel-bounces+w.bumiller=proxmox.com@nongnu.org  Wed Apr  5 08:57:05 2017
Return-Path: <qemu-devel-bounces+w.bumiller=proxmox.com@nongnu.org>
Received: from ronja.mits.lan (localhost [127.0.0.1])    by ronja (Cyrus v2.4.16-Debian-2.4.16-4.32.201410011447) with LMTPA;    Tue, 04 Apr 2017 17:40:54 +0200
X-Sieve: CMU Sieve 2.4
Received: from proxmox.maurer-it.com (mail.proxmox.com [192.168.2.110])         by ronja.mits.lan (Postfix) with ESMTPS id 666CAF61213  for <w.bumiller@proxmox.com>; Tue,  4 Apr 2017 17:40:54 +0200 (CEST)
Received: from proxmox.maurer-it.com (localhost [127.0.0.1])    by proxmox.maurer-it.com (Proxmox) with ESMTP id 9655510C7994   for <w.bumiller@proxmox.com>; Tue,  4 Apr 2017 17:40:54 +0200 (CEST)
Received-SPF: pass (nongnu.org ... gnu.org: 208.118.235.17 is authorized to use 'qemu-devel-bounces@nongnu.org' in 'mfrom' identity (mechanism 'ip4:208.118.235.0/24' matched)) receiver=proxmox.maurer-it.com; identity=mailfrom; envelope-from="qemu-devel-bounces@nongnu.org"; helo=lists.gnu.org; client-ip=208.118.235.17
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])   (using TLSv1 with cipher AES256-SHA (256/256 bits))     (No client certificate requested)       by proxmox.maurer-it.com (Proxmox) with ESMTPS id DDC8A110E4A3  for <w.bumiller@proxmox.com>; Tue,  4 Apr 2017 17:40:51 +0200 (CEST)
Received: from localhost ([::1]:36303 helo=lists.gnu.org)       by lists.gnu.org with esmtp (Exim 4.71)         (envelope-from <qemu-devel-bounces+w.bumiller=proxmox.com@nongnu.org>)  id 1cvQZd-0001pP-Un     for w.bumiller@proxmox.com; Tue, 04 Apr 2017 11:40:50 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50974)       by lists.gnu.org with esmtp (Exim 4.71)         (envelope-from <kwolf@redhat.com>) id 1cvQVK-0006YZ-Kd  for qemu-devel@nongnu.org; Tue, 04 Apr 2017 11:36:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)        (envelope-from <kwolf@redhat.com>) id 1cvQVI-0007lq-5E  for qemu-devel@nongnu.org; Tue, 04 Apr 2017 11:36:22 -0400
Received: from mx1.redhat.com ([209.132.183.28]:39314)  by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)        (Exim 4.71) (envelope-from <kwolf@redhat.com>)  id 1cvQVC-0007bj-0p; Tue, 04 Apr 2017 11:36:14 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com  [10.5.11.12])   (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))     (No client certificate requested)       by mx1.redhat.com (Postfix) with ESMTPS id CDFA6C05678E;        Tue,  4 Apr 2017 15:36:12 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com CDFA6C05678E
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;      dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;      spf=pass smtp.mailfrom=kwolf@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com CDFA6C05678E
Received: from noname.str.redhat.com (dhcp-192-175.str.redhat.com       [10.33.192.175])        by smtp.corp.redhat.com (Postfix) with ESMTP id 9EEA19F34F;     Tue,  4 Apr 2017 15:36:01 +0000 (UTC)
From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Date: Tue,  4 Apr 2017 17:35:56 +0200
Message-Id: <1491320156-4629-1-git-send-email-kwolf@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16        (mx1.redhat.com [10.5.110.32]);         Tue, 04 Apr 2017 15:36:13 +0000 (UTC)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]     [fuzzy]
X-Received-From: 209.132.183.28
Subject: [Qemu-devel] [RFC PATCH for-2.9] block: Ignore guest dev  permissions during incoming migration
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,        <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,         <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, armband@enea.com, jcody@redhat.com,       Ciprian.Barbu@enea.com, qemu-devel@nongnu.org, mreitz@redhat.com,       Alexandru.Avadanii@enea.com, pbonzini@redhat.com
Errors-To: qemu-devel-bounces+w.bumiller=proxmox.com@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+w.bumiller=proxmox.com@nongnu.org>
X-Proxmox-CTCH-Refid: str=0001.0A0C0201.58E3BE85.00B9:SCFSTAT37688011,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
x-proxmoxspam-level: Spam detection results:  0         AWL                     0.002 Adjusted score from AWL reputation of From: address       HEADER_FROM_DIFFERENT_DOMAINS  0.001 From and EnvelopeFrom 2nd level mail domains are different         RCVD_IN_DNSWL_HI           -5 Sender listed at http://www.dnswl.org/, high trust        RCVD_IN_MSPIKE_H3       -0.01 Good reputation (+3)      RCVD_IN_MSPIKE_WL       -0.01 Mailspike good senders    SPF_PASS               -0.001 SPF: sender matches SPF record
X-TUID: mR1+KkAcSCza

Usually guest devices don't like other writers to the same image, so
they use blk_set_perm() to prevent this from happening. In the migration
phase before the VM is actually running, though, they don't have a
problem with writes to the image. On the other hand, storage migration
needs to be able to write to the image in this phase, so the restrictive
blk_set_perm() call of qdev devices breaks it.

This patch flags all BlockBackends with a qdev device as
blk->disable_perm during incoming migration, which means that the
requested permissions are stored in the BlockBackend, but not actually
applied to its root node yet.

Once migration has finished and the VM should be resumed, the
permissions are applied. If they cannot be applied (e.g. because the NBD
server used for block migration hasn't been shut down), resuming the VM
fails.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/block-backend.c | 40 +++++++++++++++++++++++++++++++++++++++-
 include/block/block.h |  2 ++
 migration/migration.c |  8 ++++++++
 qmp.c                 |  6 ++++++
 4 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 0b63773..f817040 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -61,6 +61,7 @@ struct BlockBackend {
 
     uint64_t perm;
     uint64_t shared_perm;
+    bool disable_perm;
 
     bool allow_write_beyond_eof;
 
@@ -578,7 +579,7 @@ int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
 {
     int ret;
 
-    if (blk->root) {
+    if (blk->root && !blk->disable_perm) {
         ret = bdrv_child_try_set_perm(blk->root, perm, shared_perm, errp);
         if (ret < 0) {
             return ret;
@@ -597,15 +598,52 @@ void blk_get_perm(BlockBackend *blk, uint64_t *perm, uint64_t *shared_perm)
     *shared_perm = blk->shared_perm;
 }
 
+/*
+ * Notifies the user of all BlockBackends that migration has completed. qdev
+ * devices can tighten their permissions in response (specifically revoke
+ * shared write permissions that we needed for storage migration).
+ *
+ * If an error is returned, the VM cannot be allowed to be resumed.
+ */
+void blk_resume_after_migration(Error **errp)
+{
+    BlockBackend *blk;
+    Error *local_err = NULL;
+
+    for (blk = blk_next(NULL); blk; blk = blk_next(blk)) {
+        if (!blk->disable_perm) {
+            continue;
+        }
+
+        blk->disable_perm = false;
+
+        blk_set_perm(blk, blk->perm, blk->shared_perm, &local_err);
+        if (local_err) {
+            error_propagate(errp, local_err);
+            blk->disable_perm = true;
+            return;
+        }
+    }
+}
+
 static int blk_do_attach_dev(BlockBackend *blk, void *dev)
 {
     if (blk->dev) {
         return -EBUSY;
     }
+
+    /* While migration is still incoming, we don't need to apply the
+     * permissions of guest device BlockBackends. We might still have a block
+     * job or NBD server writing to the image for storage migration. */
+    if (runstate_check(RUN_STATE_INMIGRATE)) {
+        blk->disable_perm = true;
+    }
+
     blk_ref(blk);
     blk->dev = dev;
     blk->legacy_dev = false;
     blk_iostatus_reset(blk);
+
     return 0;
 }
 
diff --git a/include/block/block.h b/include/block/block.h
index 5149260..3e09222 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -366,6 +366,8 @@ void bdrv_invalidate_cache(BlockDriverState *bs, Error **errp);
 void bdrv_invalidate_cache_all(Error **errp);
 int bdrv_inactivate_all(void);
 
+void blk_resume_after_migration(Error **errp);
+
 /* Ensure contents are flushed to disk.  */
 int bdrv_flush(BlockDriverState *bs);
 int coroutine_fn bdrv_co_flush(BlockDriverState *bs);
diff --git a/migration/migration.c b/migration/migration.c
index 54060f7..ad4036f 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -349,6 +349,14 @@ static void process_incoming_migration_bh(void *opaque)
         exit(EXIT_FAILURE);
     }
 
+    /* If we get an error here, just don't restart the VM yet. */
+    blk_resume_after_migration(&local_err);
+    if (local_err) {
+        error_free(local_err);
+        local_err = NULL;
+        autostart = false;
+    }
+
     /*
      * This must happen after all error conditions are dealt with and
      * we're sure the VM is going to be running on this host.
diff --git a/qmp.c b/qmp.c
index fa82b59..a744e44 100644
--- a/qmp.c
+++ b/qmp.c
@@ -207,6 +207,12 @@ void qmp_cont(Error **errp)
         }
     }
 
+    blk_resume_after_migration(&local_err);
+    if (local_err) {
+        error_propagate(errp, local_err);
+        return;
+    }
+
     if (runstate_check(RUN_STATE_INMIGRATE)) {
         autostart = 1;
     } else {
-- 
1.8.3.1