[libvirt] [PATCH] qemu: call drive_unplug in DetachPciDiskDevice
Ryan Harper
ryanh at us.ibm.com
Thu Oct 21 14:03:42 UTC 2010
* Ryan Harper <ryanh at us.ibm.com> [2010-10-21 09:01]:
> Currently libvirt doesn't confirm whether the guest has responded to the
> disk removal request. In some cases this can leave the guest with
> continued access to the device while the mgmt layer believes that it has
> been removed. With a recent qemu monitor command[1] we can
> deterministically revoke a guests access to the disk (on the QEMU side)
> to ensure no futher access is permitted.
>
> This patch adds support for the drive_unplug() command and introduces it
> in the disk removal paths. There is some discussion to be had about how
> to handle the case where the guest is running in a QEMU without this
> command (and the fact that we currently don't have a way of detecting
> what monitor commands are available).
>
> My current implementation assumes that if you don't have a QEMU with
> this capability that we should fail the device removal. This is a
> strong statement around hotplug that isn't consistent with previous
> releases so I'm open to other approachs, but given the potential data
> leakage problem hot-remove can lead to without drive_unplug, I think
> it's the right thing to do.
>
> Signed-off-by: Ryan Harper <ryanh at us.ibm.com>
>
>
1. http://lists.gnu.org/archive/html/qemu-devel/2010-10/msg01327.html
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index abd8e9d..c7f4746 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -8646,6 +8646,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
> virDomainDiskDefPtr detach = NULL;
> qemuDomainObjPrivatePtr priv = vm->privateData;
> virCgroupPtr cgroup = NULL;
> + char drivestr[PATH_MAX];
>
> i = qemudFindDisk(vm->def, dev->data.disk->dst);
>
> @@ -8673,13 +8674,34 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
> goto cleanup;
> }
>
> + /* build the actual drive id string as the disk->info.alias doesn't
> + * contain the QEMU_DRIVE_HOST_PREFIX that is passed to qemu */
> + if ((ret = snprintf(drivestr, sizeof(drivestr), "%s%s",
> + QEMU_DRIVE_HOST_PREFIX,
> + detach->info.alias))
> + < 0 || ret >= sizeof(drivestr)) {
> + virReportOOMError();
> + goto cleanup;
> + }
> +
> qemuDomainObjEnterMonitorWithDriver(driver, vm);
> if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
> + ret = qemuMonitorDriveUnplug(priv->mon, drivestr);
> + DEBUG("DriveUnplug ret=%d", ret);
> + if (ret != 0) {
> + qemuDomainObjExitMonitor(vm);
> + goto cleanup;
> + }
> if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
> qemuDomainObjExitMonitor(vm);
> goto cleanup;
> }
> } else {
> + ret = qemuMonitorDriveUnplug(priv->mon, drivestr);
> + if (ret != 0) {
> + qemuDomainObjExitMonitor(vm);
> + goto cleanup;
> + }
> if (qemuMonitorRemovePCIDevice(priv->mon,
> &detach->info.addr.pci) < 0) {
> qemuDomainObjExitMonitor(vm);
> @@ -8723,6 +8745,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
> virDomainDiskDefPtr detach = NULL;
> qemuDomainObjPrivatePtr priv = vm->privateData;
> virCgroupPtr cgroup = NULL;
> + char drivestr[PATH_MAX];
>
> i = qemudFindDisk(vm->def, dev->data.disk->dst);
>
> @@ -8749,7 +8772,21 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
> }
> }
>
> + /* build the actual drive id string as the disk->info.alias doesn't
> + * contain the QEMU_DRIVE_HOST_PREFIX that is passed to qemu */
> + if ((ret = snprintf(drivestr, sizeof(drivestr), "%s%s",
> + QEMU_DRIVE_HOST_PREFIX,
> + detach->info.alias))
> + < 0 || ret >= sizeof(drivestr)) {
> + virReportOOMError();
> + goto cleanup;
> + }
> +
> qemuDomainObjEnterMonitorWithDriver(driver, vm);
> + if (qemuMonitorDriveUnplug(priv->mon, drivestr) < 0) {
> + qemuDomainObjExitMonitor(vm);
> + goto cleanup;
> + }
> if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
> qemuDomainObjExitMonitor(vm);
> goto cleanup;
> diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
> index 2366fdb..285381d 100644
> --- a/src/qemu/qemu_monitor.c
> +++ b/src/qemu/qemu_monitor.c
> @@ -1781,6 +1781,25 @@ int qemuMonitorGetAllPCIAddresses(qemuMonitorPtr mon,
> return ret;
> }
>
> +int qemuMonitorDriveUnplug(qemuMonitorPtr mon,
> + const char *drivestr)
> +{
> + DEBUG("mon=%p drivestr=%s", mon, drivestr);
> + int ret;
> +
> + if (!mon) {
> + qemuReportError(VIR_ERR_INVALID_ARG, "%s",
> + _("monitor must not be NULL"));
> + return -1;
> + }
> +
> + if (mon->json)
> + ret = qemuMonitorJSONDriveUnplug(mon, drivestr);
> + else
> + ret = qemuMonitorTextDriveUnplug(mon, drivestr);
> + return ret;
> +}
> +
> int qemuMonitorDelDevice(qemuMonitorPtr mon,
> const char *devalias)
> {
> diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
> index 48f4c20..bfe3641 100644
> --- a/src/qemu/qemu_monitor.h
> +++ b/src/qemu/qemu_monitor.h
> @@ -381,6 +381,9 @@ int qemuMonitorDelDevice(qemuMonitorPtr mon,
> int qemuMonitorAddDrive(qemuMonitorPtr mon,
> const char *drivestr);
>
> +int qemuMonitorDriveUnplug(qemuMonitorPtr mon,
> + const char *drivestr);
> +
> int qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon,
> const char *alias,
> const char *passphrase);
> diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> index d3ab25f..e99adac 100644
> --- a/src/qemu/qemu_monitor_json.c
> +++ b/src/qemu/qemu_monitor_json.c
> @@ -2243,6 +2243,30 @@ int qemuMonitorJSONAddDrive(qemuMonitorPtr mon,
> }
>
>
> +int qemuMonitorJSONDriveUnplug(qemuMonitorPtr mon,
> + const char *drivestr)
> +{
> + int ret;
> + virJSONValuePtr cmd;
> + virJSONValuePtr reply = NULL;
> +
> + DEBUG("JSONDriveUnplug drivestr=%s", drivestr);
> + cmd = qemuMonitorJSONMakeCommand("drive_unplug",
> + "s:id", drivestr,
> + NULL);
> + if (!cmd)
> + return -1;
> +
> + ret = qemuMonitorJSONCommand(mon, cmd, &reply);
> +
> + if (ret == 0)
> + ret = qemuMonitorJSONCheckError(cmd, reply);
> +
> + virJSONValueFree(cmd);
> + virJSONValueFree(reply);
> + return ret;
> +}
> +
> int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon,
> const char *alias,
> const char *passphrase)
> diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
> index 94806c1..6a8692e 100644
> --- a/src/qemu/qemu_monitor_json.h
> +++ b/src/qemu/qemu_monitor_json.h
> @@ -188,6 +188,9 @@ int qemuMonitorJSONDelDevice(qemuMonitorPtr mon,
> int qemuMonitorJSONAddDrive(qemuMonitorPtr mon,
> const char *drivestr);
>
> +int qemuMonitorJSONDriveUnplug(qemuMonitorPtr mon,
> + const char *drivestr);
> +
> int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon,
> const char *alias,
> const char *passphrase);
> diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
> index 69971a6..ded3078 100644
> --- a/src/qemu/qemu_monitor_text.c
> +++ b/src/qemu/qemu_monitor_text.c
> @@ -2380,6 +2380,45 @@ cleanup:
> return ret;
> }
>
> +int qemuMonitorTextDriveUnplug(qemuMonitorPtr mon,
> + const char *drivestr)
> +{
> + char *cmd = NULL;
> + char *reply = NULL;
> + char *safedev;
> + int ret = -1;
> + DEBUG("TextDriveUnplug drivestr=%s", drivestr);
> +
> + if (!(safedev = qemuMonitorEscapeArg(drivestr))) {
> + virReportOOMError();
> + goto cleanup;
> + }
> +
> + if (virAsprintf(&cmd, "drive_unplug %s", safedev) < 0) {
> + virReportOOMError();
> + goto cleanup;
> + }
> +
> + if (qemuMonitorCommand(mon, cmd, &reply) < 0) {
> + qemuReportError(VIR_ERR_OPERATION_FAILED,
> + _("cannot unplug %s drive"), drivestr);
> + goto cleanup;
> + }
> +
> + if (STRNEQ(reply, "")) {
> + qemuReportError(VIR_ERR_OPERATION_FAILED,
> + _("unplugging %s drive failed: %s"), drivestr, reply);
> + goto cleanup;
> + }
> +
> + ret = 0;
> +
> +cleanup:
> + VIR_FREE(cmd);
> + VIR_FREE(reply);
> + VIR_FREE(safedev);
> + return ret;
> +}
>
> int qemuMonitorTextSetDrivePassphrase(qemuMonitorPtr mon,
> const char *alias,
> diff --git a/src/qemu/qemu_monitor_text.h b/src/qemu/qemu_monitor_text.h
> index c017509..8355ce8 100644
> --- a/src/qemu/qemu_monitor_text.h
> +++ b/src/qemu/qemu_monitor_text.h
> @@ -186,6 +186,9 @@ int qemuMonitorTextDelDevice(qemuMonitorPtr mon,
> int qemuMonitorTextAddDrive(qemuMonitorPtr mon,
> const char *drivestr);
>
> +int qemuMonitorTextDriveUnplug(qemuMonitorPtr mon,
> + const char *drivestr);
> +
> int qemuMonitorTextSetDrivePassphrase(qemuMonitorPtr mon,
> const char *alias,
> const char *passphrase);
>
>
> --
> Ryan Harper
> Software Engineer; Linux Technology Center
> IBM Corp., Austin, Tx
> ryanh at us.ibm.com
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
--
Ryan Harper
Software Engineer; Linux Technology Center
IBM Corp., Austin, Tx
ryanh at us.ibm.com
More information about the libvir-list
mailing list