qemu: Reject 'rename-restart' action for 'on_reboot'/'on_poweroff'/'on_crash'

The qemu driver didn't ever implement any meaningful handling for the 'rename-restart' action. At this point the following handling would take place: 'on_reboot' set to 'rename-restart' is ignored on guest-initiated reboots, the guest simply reboots. For on_poweroff set to 'rename-restart' the following happens: guest initiated shutdown -> 'destroy' libvirt initiated shutdown -> 'reboot' In addition when 'on_reboot' is 'destroy' in addition to 'on_poweroff' being 'rename-restart' the guest is able to execute instructions after issuing a reset before libvirt terminates it. This will be addressed separately later. Forbid the flag in the qemu def validator and update the documentation to be factual. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-10-05 05:45:46 +00:00 · 2021-08-19 16:23:02 +02:00 · 2021-08-19 16:23:02 +02:00 · 2b81fbb22e
commit 2b81fbb22e
parent d28103b4c4
3 changed files with 40 additions and 3 deletions
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@ -1743,12 +1743,12 @@ Each of these states allow for the same four possible actions.
 ``preserve``
   The domain will be terminated and its resource preserved to allow analysis.
 ``rename-restart``
-   The domain will be terminated and then restarted with a new name.
+   The domain will be terminated and then restarted with a new name. (Only
+   supported by the libxl hypervisor driver.)

 QEMU/KVM supports the ``on_poweroff`` and ``on_reboot`` events handling the
 ``destroy`` and ``restart`` actions. The ``preserve`` action for an
-``on_reboot`` event is treated as a ``destroy`` and the ``rename-restart``
-action for an ``on_poweroff`` event is treated as a ``restart`` event.
+``on_reboot`` event is treated as a ``destroy``.

 The ``on_crash`` event supports these additional actions :since:`since 0.8.4` .

--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@ -1063,6 +1063,35 @@ qemuValidateDomainDeviceInfo(virDomainDef *def G_GNUC_UNUSED,
    return 0;
 }

+
+int
+qemuValidateLifecycleAction(virDomainLifecycleAction onPoweroff,
+                            virDomainLifecycleAction onReboot,
+                            virDomainLifecycleAction onCrash)
+{
+    /* The qemu driver doesn't yet implement any meaningful handling for
+     * VIR_DOMAIN_LIFECYCLE_ACTION_RESTART_RENAME */
+    if (onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART_RENAME ||
+        onReboot == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART_RENAME ||
+        onCrash == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART_RENAME) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("qemu driver doesn't support the 'rename-restart' action for 'on_reboot'/'on_poweroff'/'on_crash'"));
+        return -1;
+    }
+
+    return 0;
+}
+
+
+static int
+qemuValidateDomainLifecycleAction(const virDomainDef *def)
+{
+    return qemuValidateLifecycleAction(def->onPoweroff,
+                                       def->onReboot,
+                                       def->onCrash);
+}
+
+
 int
 qemuValidateDomainDef(const virDomainDef *def,
                      void *opaque,
@ -1157,6 +1186,9 @@ qemuValidateDomainDef(const virDomainDef *def,
        }
    }

+    if (qemuValidateDomainLifecycleAction(def) < 0)
+        return -1;
+
    if (qemuValidateDomainDefCpu(driver, def, qemuCaps) < 0)
        return -1;

--- a/src/qemu/qemu_validate.h
+++ b/src/qemu/qemu_validate.h
@ -38,3 +38,8 @@ qemuValidateDomainDeviceDef(const virDomainDeviceDef *dev,
                            const virDomainDef *def,
                            void *opaque,
                            void *parseOpaque);
+
+int
+qemuValidateLifecycleAction(virDomainLifecycleAction onPoweroff,
+                            virDomainLifecycleAction onReboot,
+                            virDomainLifecycleAction onCrash);