Patchwork migration: Accept 'cont' only after successful incoming migration

login
register
mail settings
Submitter Amit Shah
Date July 27, 2010, 10:19 a.m.
Message ID <eb5635d6cbfc5bc3a4b937e314d3e1e0f76ed99d.1280225909.git.amit.shah@redhat.com>
Download mbox | patch
Permalink /patch/59991/
State New
Headers show

Comments

Amit Shah - July 27, 2010, 10:19 a.m.
When a 'cont' is issued on a VM that's just waiting for an incoming
migration, the VM reboots and boots into the guest, possibly corrupting
its storage since it could be shared with another VM running elsewhere.

Ensure that a VM started with '-incoming' is only run when an incoming
migration successfully completes.

A new qerror, QERR_MIGRATION_EXPECTED, is added to signal that 'cont'
failed due to no incoming migration has been attempted yet.

Reported-by: Laine Stump <laine@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
Luiz, does the QERR bit look OK?

 migration.c |    2 ++
 monitor.c   |    4 ++++
 qerror.c    |    4 ++++
 qerror.h    |    3 +++
 sysemu.h    |    1 +
 vl.c        |    2 ++
 6 files changed, 16 insertions(+), 0 deletions(-)
Luiz Capitulino - July 27, 2010, 5:59 p.m.
On Tue, 27 Jul 2010 15:49:19 +0530
Amit Shah <amit.shah@redhat.com> wrote:

> When a 'cont' is issued on a VM that's just waiting for an incoming
> migration, the VM reboots and boots into the guest, possibly corrupting
> its storage since it could be shared with another VM running elsewhere.
> 
> Ensure that a VM started with '-incoming' is only run when an incoming
> migration successfully completes.
> 
> A new qerror, QERR_MIGRATION_EXPECTED, is added to signal that 'cont'
> failed due to no incoming migration has been attempted yet.
> 
> Reported-by: Laine Stump <laine@redhat.com>
> Signed-off-by: Amit Shah <amit.shah@redhat.com>

Looks good to me now.

Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>

> ---
> Luiz, does the QERR bit look OK?
> 
>  migration.c |    2 ++
>  monitor.c   |    4 ++++
>  qerror.c    |    4 ++++
>  qerror.h    |    3 +++
>  sysemu.h    |    1 +
>  vl.c        |    2 ++
>  6 files changed, 16 insertions(+), 0 deletions(-)
> 
> diff --git a/migration.c b/migration.c
> index 650eb78..a160462 100644
> --- a/migration.c
> +++ b/migration.c
> @@ -67,6 +67,8 @@ void process_incoming_migration(QEMUFile *f)
>      qemu_announce_self();
>      DPRINTF("successfully loaded vm state\n");
>  
> +    incoming_expected = false;
> +
>      if (autostart)
>          vm_start();
>  }
> diff --git a/monitor.c b/monitor.c
> index 45fd482..5366c36 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1056,6 +1056,10 @@ static int do_cont(Monitor *mon, const QDict *qdict, QObject **ret_data)
>  {
>      struct bdrv_iterate_context context = { mon, 0 };
>  
> +    if (incoming_expected) {
> +        qerror_report(QERR_MIGRATION_EXPECTED);
> +        return -1;
> +    }
>      bdrv_iterate(encrypted_bdrv_it, &context);
>      /* only resume the vm if all keys are set and valid */
>      if (!context.err) {
> diff --git a/qerror.c b/qerror.c
> index 2f6f590..0af3ab3 100644
> --- a/qerror.c
> +++ b/qerror.c
> @@ -141,6 +141,10 @@ static const QErrorStringTable qerror_table[] = {
>          .desc      = "Using KVM without %(capability), %(feature) unavailable",
>      },
>      {
> +        .error_fmt = QERR_MIGRATION_EXPECTED,
> +        .desc      = "An incoming migration is expected before this command can be executed",
> +    },
> +    {
>          .error_fmt = QERR_MISSING_PARAMETER,
>          .desc      = "Parameter '%(name)' is missing",
>      },
> diff --git a/qerror.h b/qerror.h
> index 9ad00b4..62802ea 100644
> --- a/qerror.h
> +++ b/qerror.h
> @@ -121,6 +121,9 @@ QError *qobject_to_qerror(const QObject *obj);
>  #define QERR_KVM_MISSING_CAP \
>      "{ 'class': 'KVMMissingCap', 'data': { 'capability': %s, 'feature': %s } }"
>  
> +#define QERR_MIGRATION_EXPECTED \
> +    "{ 'class': 'MigrationExpected', 'data': {} }"
> +
>  #define QERR_MISSING_PARAMETER \
>      "{ 'class': 'MissingParameter', 'data': { 'name': %s } }"
>  
> diff --git a/sysemu.h b/sysemu.h
> index 9c988bb..a1f6466 100644
> --- a/sysemu.h
> +++ b/sysemu.h
> @@ -99,6 +99,7 @@ typedef enum DisplayType
>  } DisplayType;
>  
>  extern int autostart;
> +extern int incoming_expected;
>  extern int bios_size;
>  
>  typedef enum {
> diff --git a/vl.c b/vl.c
> index ba6ee11..c2e7cc1 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -182,6 +182,7 @@ int nb_nics;
>  NICInfo nd_table[MAX_NICS];
>  int vm_running;
>  int autostart;
> +int incoming_expected; /* Started with -incoming and waiting for incoming */
>  static int rtc_utc = 1;
>  static int rtc_date_offset = -1; /* -1 means no change */
>  QEMUClock *rtc_clock;
> @@ -2557,6 +2558,7 @@ int main(int argc, char **argv, char **envp)
>                  break;
>              case QEMU_OPTION_incoming:
>                  incoming = optarg;
> +                incoming_expected = true;
>                  break;
>              case QEMU_OPTION_nodefaults:
>                  default_serial = 0;
Aurelien Jarno - July 30, 2010, 9:23 p.m.
On Tue, Jul 27, 2010 at 03:49:19PM +0530, Amit Shah wrote:
> When a 'cont' is issued on a VM that's just waiting for an incoming
> migration, the VM reboots and boots into the guest, possibly corrupting
> its storage since it could be shared with another VM running elsewhere.
> 
> Ensure that a VM started with '-incoming' is only run when an incoming
> migration successfully completes.
> 
> A new qerror, QERR_MIGRATION_EXPECTED, is added to signal that 'cont'
> failed due to no incoming migration has been attempted yet.
> 
> Reported-by: Laine Stump <laine@redhat.com>
> Signed-off-by: Amit Shah <amit.shah@redhat.com>
> ---
> Luiz, does the QERR bit look OK?
> 
>  migration.c |    2 ++
>  monitor.c   |    4 ++++
>  qerror.c    |    4 ++++
>  qerror.h    |    3 +++
>  sysemu.h    |    1 +
>  vl.c        |    2 ++
>  6 files changed, 16 insertions(+), 0 deletions(-)

Thanks, applied.

> diff --git a/migration.c b/migration.c
> index 650eb78..a160462 100644
> --- a/migration.c
> +++ b/migration.c
> @@ -67,6 +67,8 @@ void process_incoming_migration(QEMUFile *f)
>      qemu_announce_self();
>      DPRINTF("successfully loaded vm state\n");
>  
> +    incoming_expected = false;
> +
>      if (autostart)
>          vm_start();
>  }
> diff --git a/monitor.c b/monitor.c
> index 45fd482..5366c36 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1056,6 +1056,10 @@ static int do_cont(Monitor *mon, const QDict *qdict, QObject **ret_data)
>  {
>      struct bdrv_iterate_context context = { mon, 0 };
>  
> +    if (incoming_expected) {
> +        qerror_report(QERR_MIGRATION_EXPECTED);
> +        return -1;
> +    }
>      bdrv_iterate(encrypted_bdrv_it, &context);
>      /* only resume the vm if all keys are set and valid */
>      if (!context.err) {
> diff --git a/qerror.c b/qerror.c
> index 2f6f590..0af3ab3 100644
> --- a/qerror.c
> +++ b/qerror.c
> @@ -141,6 +141,10 @@ static const QErrorStringTable qerror_table[] = {
>          .desc      = "Using KVM without %(capability), %(feature) unavailable",
>      },
>      {
> +        .error_fmt = QERR_MIGRATION_EXPECTED,
> +        .desc      = "An incoming migration is expected before this command can be executed",
> +    },
> +    {
>          .error_fmt = QERR_MISSING_PARAMETER,
>          .desc      = "Parameter '%(name)' is missing",
>      },
> diff --git a/qerror.h b/qerror.h
> index 9ad00b4..62802ea 100644
> --- a/qerror.h
> +++ b/qerror.h
> @@ -121,6 +121,9 @@ QError *qobject_to_qerror(const QObject *obj);
>  #define QERR_KVM_MISSING_CAP \
>      "{ 'class': 'KVMMissingCap', 'data': { 'capability': %s, 'feature': %s } }"
>  
> +#define QERR_MIGRATION_EXPECTED \
> +    "{ 'class': 'MigrationExpected', 'data': {} }"
> +
>  #define QERR_MISSING_PARAMETER \
>      "{ 'class': 'MissingParameter', 'data': { 'name': %s } }"
>  
> diff --git a/sysemu.h b/sysemu.h
> index 9c988bb..a1f6466 100644
> --- a/sysemu.h
> +++ b/sysemu.h
> @@ -99,6 +99,7 @@ typedef enum DisplayType
>  } DisplayType;
>  
>  extern int autostart;
> +extern int incoming_expected;
>  extern int bios_size;
>  
>  typedef enum {
> diff --git a/vl.c b/vl.c
> index ba6ee11..c2e7cc1 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -182,6 +182,7 @@ int nb_nics;
>  NICInfo nd_table[MAX_NICS];
>  int vm_running;
>  int autostart;
> +int incoming_expected; /* Started with -incoming and waiting for incoming */
>  static int rtc_utc = 1;
>  static int rtc_date_offset = -1; /* -1 means no change */
>  QEMUClock *rtc_clock;
> @@ -2557,6 +2558,7 @@ int main(int argc, char **argv, char **envp)
>                  break;
>              case QEMU_OPTION_incoming:
>                  incoming = optarg;
> +                incoming_expected = true;
>                  break;
>              case QEMU_OPTION_nodefaults:
>                  default_serial = 0;
> -- 
> 1.7.2
> 
> 
>

Patch

diff --git a/migration.c b/migration.c
index 650eb78..a160462 100644
--- a/migration.c
+++ b/migration.c
@@ -67,6 +67,8 @@  void process_incoming_migration(QEMUFile *f)
     qemu_announce_self();
     DPRINTF("successfully loaded vm state\n");
 
+    incoming_expected = false;
+
     if (autostart)
         vm_start();
 }
diff --git a/monitor.c b/monitor.c
index 45fd482..5366c36 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1056,6 +1056,10 @@  static int do_cont(Monitor *mon, const QDict *qdict, QObject **ret_data)
 {
     struct bdrv_iterate_context context = { mon, 0 };
 
+    if (incoming_expected) {
+        qerror_report(QERR_MIGRATION_EXPECTED);
+        return -1;
+    }
     bdrv_iterate(encrypted_bdrv_it, &context);
     /* only resume the vm if all keys are set and valid */
     if (!context.err) {
diff --git a/qerror.c b/qerror.c
index 2f6f590..0af3ab3 100644
--- a/qerror.c
+++ b/qerror.c
@@ -141,6 +141,10 @@  static const QErrorStringTable qerror_table[] = {
         .desc      = "Using KVM without %(capability), %(feature) unavailable",
     },
     {
+        .error_fmt = QERR_MIGRATION_EXPECTED,
+        .desc      = "An incoming migration is expected before this command can be executed",
+    },
+    {
         .error_fmt = QERR_MISSING_PARAMETER,
         .desc      = "Parameter '%(name)' is missing",
     },
diff --git a/qerror.h b/qerror.h
index 9ad00b4..62802ea 100644
--- a/qerror.h
+++ b/qerror.h
@@ -121,6 +121,9 @@  QError *qobject_to_qerror(const QObject *obj);
 #define QERR_KVM_MISSING_CAP \
     "{ 'class': 'KVMMissingCap', 'data': { 'capability': %s, 'feature': %s } }"
 
+#define QERR_MIGRATION_EXPECTED \
+    "{ 'class': 'MigrationExpected', 'data': {} }"
+
 #define QERR_MISSING_PARAMETER \
     "{ 'class': 'MissingParameter', 'data': { 'name': %s } }"
 
diff --git a/sysemu.h b/sysemu.h
index 9c988bb..a1f6466 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -99,6 +99,7 @@  typedef enum DisplayType
 } DisplayType;
 
 extern int autostart;
+extern int incoming_expected;
 extern int bios_size;
 
 typedef enum {
diff --git a/vl.c b/vl.c
index ba6ee11..c2e7cc1 100644
--- a/vl.c
+++ b/vl.c
@@ -182,6 +182,7 @@  int nb_nics;
 NICInfo nd_table[MAX_NICS];
 int vm_running;
 int autostart;
+int incoming_expected; /* Started with -incoming and waiting for incoming */
 static int rtc_utc = 1;
 static int rtc_date_offset = -1; /* -1 means no change */
 QEMUClock *rtc_clock;
@@ -2557,6 +2558,7 @@  int main(int argc, char **argv, char **envp)
                 break;
             case QEMU_OPTION_incoming:
                 incoming = optarg;
+                incoming_expected = true;
                 break;
             case QEMU_OPTION_nodefaults:
                 default_serial = 0;