From nobody Sat Apr 27 23:08:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534974213929608.1853965329251; Wed, 22 Aug 2018 14:43:33 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 84BCFC03D479; Wed, 22 Aug 2018 21:43:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D80880699; Wed, 22 Aug 2018 21:43:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 37BCF4BB75; Wed, 22 Aug 2018 21:43:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7MLhQYV027622 for ; Wed, 22 Aug 2018 17:43:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id AFEE72010D98; Wed, 22 Aug 2018 21:43:26 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-58.phx2.redhat.com [10.3.116.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id 686892010D95 for ; Wed, 22 Aug 2018 21:43:24 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 22 Aug 2018 17:43:21 -0400 Message-Id: <20180822214321.29819-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] nwfilter: Handle libvirtd restart if nwfilter binding deleted X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 22 Aug 2018 21:43:32 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1607202 It's stated that if the admin wants to shoot themselves in the foot by removing the nwfilter binding while the domain is running we will certainly allow that. However, in doing so we also run the risk that a libvirtd restart will cause the domain to be shutdown, which isn't a good thing. So add another boolean to virDomainConfNWFilterInstantiate which allows us to recover somewhat gracefully in the event the virNWFilterBindingCreateXML fails when we come from qemuProcessReconnect and we determine that the filter has been deleted. It was there at some point (it had to be), but if it's missing, then we don't want to cause the guest to stop running, so issue a warning and continue on. Signed-off-by: John Ferlan --- src/conf/domain_nwfilter.c | 33 ++++++++++++++++++++++++++++----- src/conf/domain_nwfilter.h | 3 ++- src/lxc/lxc_process.c | 3 ++- src/qemu/qemu_hotplug.c | 7 ++++--- src/qemu/qemu_interface.c | 6 ++++-- src/qemu/qemu_process.c | 10 +++++++--- src/uml/uml_conf.c | 3 ++- 7 files changed, 49 insertions(+), 16 deletions(-) diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c index f39c8a1f9b..3e6e462def 100644 --- a/src/conf/domain_nwfilter.c +++ b/src/conf/domain_nwfilter.c @@ -85,16 +85,19 @@ int virDomainConfNWFilterInstantiate(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net, - bool ignoreExists) + bool ignoreExists, + bool ignoreDeleted) { virConnectPtr conn =3D virGetConnectNWFilter(); virNWFilterBindingDefPtr def =3D NULL; virNWFilterBindingPtr binding =3D NULL; + virNWFilterPtr nwfilter =3D NULL; char *xml =3D NULL; int ret =3D -1; =20 - VIR_DEBUG("vmname=3D%s portdev=3D%s filter=3D%s ignoreExists=3D%d", - vmname, NULLSTR(net->ifname), NULLSTR(net->filter), ignoreEx= ists); + VIR_DEBUG("vmname=3D%s portdev=3D%s filter=3D%s ignoreExists=3D%d igno= reDeleted=3D%d", + vmname, NULLSTR(net->ifname), NULLSTR(net->filter), + ignoreExists, ignoreDeleted); =20 if (!conn) goto cleanup; @@ -113,14 +116,34 @@ virDomainConfNWFilterInstantiate(const char *vmname, if (!(xml =3D virNWFilterBindingDefFormat(def))) goto cleanup; =20 - if (!(binding =3D virNWFilterBindingCreateXML(conn, xml, 0))) - goto cleanup; + if (!(binding =3D virNWFilterBindingCreateXML(conn, xml, 0))) { + virErrorPtr orig_err; + + if (!ignoreDeleted) + goto cleanup; + + /* Let's determine if the error was because the filter was deleted. + * Save the orig_err just in case it's not a failure to find the + * filter by name. */ + orig_err =3D virSaveLastError(); + nwfilter =3D virNWFilterLookupByName(conn, def->filter); + virSetError(orig_err); + virFreeError(orig_err); + if (nwfilter) + goto cleanup; + + VIR_WARN("filter '%s' for binding '%s' has been deleted while the " + "guest was running, ignoring for restart processing", + def->filter, def->portdevname); + virResetLastError(); + } =20 ret =3D 0; =20 cleanup: VIR_FREE(xml); virNWFilterBindingDefFree(def); + virObjectUnref(nwfilter); virObjectUnref(binding); virObjectUnref(conn); return ret; diff --git a/src/conf/domain_nwfilter.h b/src/conf/domain_nwfilter.h index 6bda228fc8..e3a2f7a7f2 100644 --- a/src/conf/domain_nwfilter.h +++ b/src/conf/domain_nwfilter.h @@ -26,7 +26,8 @@ int virDomainConfNWFilterInstantiate(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net, - bool ignoreExists); + bool ignoreExists, + bool ignoreDeleted); void virDomainConfNWFilterTeardown(virDomainNetDefPtr net); void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm); =20 diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 33c806630b..b8b014ca72 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -303,7 +303,8 @@ virLXCProcessSetupInterfaceTap(virDomainDefPtr vm, } =20 if (net->filter && - virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, false) <= 0) + virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, + false, false) < 0) goto cleanup; =20 ret =3D containerVeth; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 0b84a503bb..11b10cbe14 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3434,8 +3434,8 @@ qemuDomainChangeNetFilter(virDomainObjPtr vm, virDomainConfNWFilterTeardown(olddev); =20 if (newdev->filter && - virDomainConfNWFilterInstantiate(vm->def->name, - vm->def->uuid, newdev, false) < 0= ) { + virDomainConfNWFilterInstantiate(vm->def->name, vm->def->uuid, new= dev, + false, false) < 0) { virErrorPtr errobj; =20 virReportError(VIR_ERR_OPERATION_FAILED, @@ -3444,7 +3444,8 @@ qemuDomainChangeNetFilter(virDomainObjPtr vm, olddev->ifname); virErrorPreserveLast(&errobj); ignore_value(virDomainConfNWFilterInstantiate(vm->def->name, - vm->def->uuid, oldde= v, false)); + vm->def->uuid, oldde= v, + false, false)); virErrorRestore(&errobj); return -1; } diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c index a3f13093f5..fc5f39b76d 100644 --- a/src/qemu/qemu_interface.c +++ b/src/qemu/qemu_interface.c @@ -467,7 +467,8 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def, goto cleanup; =20 if (net->filter && - virDomainConfNWFilterInstantiate(def->name, def->uuid, net, false)= < 0) { + virDomainConfNWFilterInstantiate(def->name, def->uuid, net, + false, false) < 0) { goto cleanup; } =20 @@ -586,7 +587,8 @@ qemuInterfaceBridgeConnect(virDomainDefPtr def, goto cleanup; =20 if (net->filter && - virDomainConfNWFilterInstantiate(def->name, def->uuid, net, false)= < 0) { + virDomainConfNWFilterInstantiate(def->name, def->uuid, net, + false, false) < 0) { goto cleanup; } =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ab749389ee..4d8b3017b4 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3161,14 +3161,18 @@ qemuProcessNotifyNets(virDomainDefPtr def) } =20 static int -qemuProcessFiltersInstantiate(virDomainDefPtr def, bool ignoreExists) +qemuProcessFiltersInstantiate(virDomainDefPtr def, + bool ignoreExists, + bool ignoreDeleted) { size_t i; =20 for (i =3D 0; i < def->nnets; i++) { virDomainNetDefPtr net =3D def->nets[i]; if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net= , ignoreExists) < 0) + if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net, + ignoreExists, + ignoreDeleted) < 0) return 1; } } @@ -7892,7 +7896,7 @@ qemuProcessReconnect(void *opaque) =20 qemuProcessNotifyNets(obj->def); =20 - if (qemuProcessFiltersInstantiate(obj->def, true)) + if (qemuProcessFiltersInstantiate(obj->def, true, true)) goto error; =20 if (qemuProcessRefreshDisks(driver, obj, QEMU_ASYNC_JOB_NONE) < 0) diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index f116e619ef..29d26848f3 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -137,7 +137,8 @@ umlConnectTapDevice(virDomainDefPtr vm, } =20 if (net->filter) { - if (virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, fals= e) < 0) { + if (virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, + false, false) < 0) { if (template_ifname) VIR_FREE(net->ifname); goto error; --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list