From: Michal Privoznik <mprivozn@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Jie Wang <wangjie88@huawei.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org
Cc: eric.fangyi@huawei.com
Subject: Re: [Qemu-devel] [Qemu-block] [PATCH] pr-manager-helper: fix pr process been killed when reconectting
Date: Wed, 29 May 2019 09:33:04 +0200 [thread overview]
Message-ID: <f165741a-2ffd-62fd-b121-49bf1a3597f1@redhat.com> (raw)
In-Reply-To: <cac8ed16-7846-ca22-2463-c3c738066d61@redhat.com>
On 5/28/19 7:45 PM, Paolo Bonzini wrote:
> On 28/05/19 15:06, Jie Wang wrote:
>> if pr-helper been killed and qemu send disconnect event to libvirt
>> and libvirt started a new pr-helper process, the new pr-heleper
>> been killed again when qemu is connectting to the new pr-helper,
>> qemu will never send disconnect to libvirt, and libvirt will never
>> receive connected event.
>
> I think this would let a guest "spam" events just by sending a lot PR
> commands. Also, as you said, in this case QEMU has never sent a
> "connected" event, so I'm not sure why it should send a disconnection event.
So pr manager is initialized on the first PR command and not when qemu
is starting?
If a user inside the guest could somehow kill pr-helper process in the
host then yes, they could spam libvirt/qemu. But if a user from inside a
guest can kill a process in the host that is much bigger problem than
spaming libvirt.
>
> Does libvirt monitor at all the pr-helper to check if it dies? Or does
> it rely exclusively on QEMU's events?
Libvirt relies solely on QEMU's events. Just like with qemu process
itself, libvirt can't rely on SIGCHILD because the daemon might be
restarted which would reparent all qemu and pr-helper processes
rendering libvirt wait for SIGCHILD useless.
But there is an exception to this: when libvirt is spawning pr-helper it
does so by following these steps:
1) Try to acquire (lock) pidfile
2) unlink(socket)
3) spawn pr-helper process (this yields child's PID)
4) wait some time until socket is created
5) some follow up work (move child's PID into same cgroup as qemu's main
thread, relabel the socket so that qemu can access it)
If any of these steps fails then child is killed. However, the PID is
not recorded anywhere and thus is forgotten once control jumps out of
the function.
Michal
next prev parent reply other threads:[~2019-05-29 7:57 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 13:06 [Qemu-devel] [PATCH] pr-manager-helper: fix pr process been killed when reconectting Jie Wang
2019-05-28 17:45 ` [Qemu-devel] [Qemu-block] " Paolo Bonzini
2019-05-29 7:33 ` Michal Privoznik [this message]
2019-05-29 8:37 ` Jie Wang
2019-05-29 9:37 ` Paolo Bonzini
2019-05-29 9:34 ` Paolo Bonzini
2019-05-30 10:08 ` Michal Privoznik
2019-05-30 10:59 ` Paolo Bonzini
2019-06-11 13:51 ` wangjie (P)
2019-06-11 14:46 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f165741a-2ffd-62fd-b121-49bf1a3597f1@redhat.com \
--to=mprivozn@redhat.com \
--cc=eric.fangyi@huawei.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=wangjie88@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).