snapshot: allow block devices past cgroup

It turns out that when cgroups are enabled, the use of a block device
for a snapshot target was failing with EPERM due to libvirt failing
to add the block device to the cgroup whitelist.  See also
https://bugzilla.redhat.com/show_bug.cgi?id=810200

* src/qemu/qemu_driver.c
(qemuDomainSnapshotCreateSingleDiskActive)
(qemuDomainSnapshotUndoSingleDiskActive): Account for cgroup.
(qemuDomainSnapshotCreateDiskActive): Update caller.
(cherry picked from commit 8be304ecb9c8294c9ca3ef7324dea8228e496f9c)
This commit is contained in:
Eric Blake 2012-05-07 16:56:08 -06:00 committed by Cole Robinson
parent fd9f487aca
commit 1d3218ab5e

View File

@ -9877,6 +9877,7 @@ cleanup:
static int
qemuDomainSnapshotCreateSingleDiskActive(struct qemud_driver *driver,
virDomainObjPtr vm,
virCgroupPtr cgroup,
virDomainSnapshotDiskDefPtr snap,
virDomainDiskDefPtr disk,
virDomainDiskDefPtr persistDisk,
@ -9930,8 +9931,15 @@ qemuDomainSnapshotCreateSingleDiskActive(struct qemud_driver *driver,
if (virDomainLockDiskAttach(driver->lockManager, vm, disk) < 0)
goto cleanup;
if (cgroup && qemuSetupDiskCgroup(driver, vm, cgroup, disk) < 0) {
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", source);
goto cleanup;
}
if (virSecurityManagerSetImageLabel(driver->securityManager, vm->def,
disk) < 0) {
if (cgroup && qemuTeardownDiskCgroup(driver, vm, cgroup, disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s", source);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", source);
goto cleanup;
@ -9991,6 +9999,7 @@ cleanup:
static void
qemuDomainSnapshotUndoSingleDiskActive(struct qemud_driver *driver,
virDomainObjPtr vm,
virCgroupPtr cgroup,
virDomainDiskDefPtr origdisk,
virDomainDiskDefPtr disk,
virDomainDiskDefPtr persistDisk,
@ -10015,6 +10024,8 @@ qemuDomainSnapshotUndoSingleDiskActive(struct qemud_driver *driver,
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
if (cgroup && qemuTeardownDiskCgroup(driver, vm, cgroup, disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s", disk->src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
VIR_WARN("Unable to release lock on %s", disk->src);
if (need_unlink && stat(disk->src, &st) == 0 &&
@ -10066,6 +10077,7 @@ qemuDomainSnapshotCreateDiskActive(virConnectPtr conn,
int thaw = 0; /* 1 if freeze succeeded, -1 if freeze failed */
bool atomic = (flags & VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC) != 0;
bool reuse = (flags & VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT) != 0;
virCgroupPtr cgroup = NULL;
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0)
return -1;
@ -10076,6 +10088,15 @@ qemuDomainSnapshotCreateDiskActive(virConnectPtr conn,
goto endjob;
}
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES) &&
virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0)) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
_("Unable to find cgroup for %s"),
vm->def->name);
goto endjob;
}
/* 'cgroup' is still NULL if cgroups are disabled. */
/* If quiesce was requested, then issue a freeze command, and a
* counterpart thaw command, no matter what. The command will
* fail if the guest is paused or the guest agent is not
@ -10138,7 +10159,7 @@ qemuDomainSnapshotCreateDiskActive(virConnectPtr conn,
}
}
ret = qemuDomainSnapshotCreateSingleDiskActive(driver, vm,
ret = qemuDomainSnapshotCreateSingleDiskActive(driver, vm, cgroup,
&snap->def->disks[i],
vm->def->disks[i],
persistDisk, actions,
@ -10166,7 +10187,7 @@ qemuDomainSnapshotCreateDiskActive(virConnectPtr conn,
persistDisk = vm->newDef->disks[indx];
}
qemuDomainSnapshotUndoSingleDiskActive(driver, vm,
qemuDomainSnapshotUndoSingleDiskActive(driver, vm, cgroup,
snap->def->dom->disks[i],
vm->def->disks[i],
persistDisk,
@ -10216,6 +10237,8 @@ cleanup:
}
endjob:
if (cgroup)
virCgroupFree(&cgroup);
if (vm && thaw != 0 &&
qemuDomainSnapshotFSThaw(driver, vm, thaw > 0) < 0) {
/* helper reported the error, if it was needed */