|
 |
d0f569 |
From fa7cff4e684ededd184976d4fdf217cc155825b8 Mon Sep 17 00:00:00 2001
|
|
|
d0f569 |
Message-Id: <fa7cff4e684ededd184976d4fdf217cc155825b8@dist-git>
|
|
|
d0f569 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
d0f569 |
Date: Mon, 31 Jan 2022 12:55:47 +0100
|
|
|
d0f569 |
Subject: [PATCH] qemu: Validate domain definition even on migration
|
|
|
d0f569 |
|
|
|
d0f569 |
When we are about to spawn QEMU, we validate the domain
|
|
|
d0f569 |
definition against qemuCaps. Except when domain is/was already
|
|
|
d0f569 |
running before (i.e. on incoming migration, snapshots, resume
|
|
|
d0f569 |
from a file). However, especially on incoming migration it may
|
|
|
d0f569 |
happen that the destination QEMU is different to the source
|
|
|
d0f569 |
QEMU, e.g. the destination QEMU may have some devices disabled.
|
|
|
d0f569 |
|
|
|
d0f569 |
And we have a function that validates devices/features requested
|
|
|
d0f569 |
in domain XML against the desired QEMU capabilities (aka
|
|
|
d0f569 |
qemuCaps) - it's virDomainDefValidate() which calls
|
|
|
d0f569 |
qemuValidateDomainDef() and qemuValidateDomainDeviceDef()
|
|
|
d0f569 |
subsequently.
|
|
|
d0f569 |
|
|
|
d0f569 |
But the problem here is that the validation function is
|
|
|
d0f569 |
explicitly skipped over in specific scenarios (like incoming
|
|
|
d0f569 |
migration, restore from a snapshot or previously saved file).
|
|
|
d0f569 |
|
|
|
d0f569 |
This in turn means that we may spawn QEMU and request
|
|
|
d0f569 |
device/features it doesn't support. When that happens QEMU fails
|
|
|
d0f569 |
to load migration stream:
|
|
|
d0f569 |
|
|
|
d0f569 |
qemu-kvm: ... 'virtio-mem-pci' is not a valid device model name
|
|
|
d0f569 |
|
|
|
d0f569 |
(NB, while the example shows one particular device, the problem
|
|
|
d0f569 |
is paramount)
|
|
|
d0f569 |
|
|
|
d0f569 |
This problem is easier to run into since we are slowly moving
|
|
|
d0f569 |
validation from qemu_command.c into said validation functions.
|
|
|
d0f569 |
|
|
|
d0f569 |
The solution is simple: do the validation in all cases. And while
|
|
|
d0f569 |
it may happen that users would be unable to migrate/restore a
|
|
|
d0f569 |
guest due to a bug in our validator, spawning QEMU without
|
|
|
d0f569 |
validation is worse (especially when you consider that users can
|
|
|
d0f569 |
supply their own XMLs for migrate/restore operations - these were
|
|
|
d0f569 |
never validated).
|
|
|
d0f569 |
|
|
|
d0f569 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2048435
|
|
|
d0f569 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
d0f569 |
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
d0f569 |
(cherry picked from commit 517b8c12b98d7ac0bb4d582e0b491d50d776eb6d)
|
|
|
d0f569 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2050702
|
|
|
d0f569 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
d0f569 |
---
|
|
|
d0f569 |
src/qemu/qemu_process.c | 6 +-----
|
|
|
d0f569 |
1 file changed, 1 insertion(+), 5 deletions(-)
|
|
|
d0f569 |
|
|
|
d0f569 |
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
|
d0f569 |
index 5c9ca0fe4f..5c6657a876 100644
|
|
|
d0f569 |
--- a/src/qemu/qemu_process.c
|
|
|
d0f569 |
+++ b/src/qemu/qemu_process.c
|
|
|
d0f569 |
@@ -5411,11 +5411,7 @@ qemuProcessStartValidate(virQEMUDriver *driver,
|
|
|
d0f569 |
|
|
|
d0f569 |
}
|
|
|
d0f569 |
|
|
|
d0f569 |
- /* Checks below should not be executed when starting a qemu process for a
|
|
|
d0f569 |
- * VM that was running before (migration, snapshots, save). It's more
|
|
|
d0f569 |
- * important to start such VM than keep the configuration clean */
|
|
|
d0f569 |
- if ((flags & VIR_QEMU_PROCESS_START_NEW) &&
|
|
|
d0f569 |
- virDomainDefValidate(vm->def, 0, driver->xmlopt, qemuCaps) < 0)
|
|
|
d0f569 |
+ if (virDomainDefValidate(vm->def, 0, driver->xmlopt, qemuCaps) < 0)
|
|
|
d0f569 |
return -1;
|
|
|
d0f569 |
|
|
|
d0f569 |
if (qemuProcessStartValidateGraphics(vm) < 0)
|
|
|
d0f569 |
--
|
|
|
d0f569 |
2.35.1
|
|
|
d0f569 |
|