commit 8e84865e54cb66fd7b57bb18c312ad3d56b6e276
author Amit Shah <amit.shah@redhat.com> Tue Jul 27 15:49:19 2010 +0530
committer Aurelien Jarno <aurelien@aurel32.net> Fri Jul 30 23:14:08 2010 +0200
tree 92f787601f3a9d38ba05d4e98a8ed8b707c93a40
parent 7899f799b71ab502ddc2344e4e22265f3eb663c6

migration: Accept 'cont' only after successful incoming migration

When a 'cont' is issued on a VM that's just waiting for an incoming
migration, the VM reboots and boots into the guest, possibly corrupting
its storage since it could be shared with another VM running elsewhere.

Ensure that a VM started with '-incoming' is only run when an incoming
migration successfully completes.

A new qerror, QERR_MIGRATION_EXPECTED, is added to signal that 'cont'
failed due to no incoming migration has been attempted yet.

Reported-by: Laine Stump <laine@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

migration.c

diff --git a/migration.c b/migration.c
index 650eb78..a160462 100644
--- a/migration.c
+++ b/migration.c
@@ -67,6 +67,8 @@
     qemu_announce_self();
     DPRINTF("successfully loaded vm state\n");
 
+    incoming_expected = false;
+
     if (autostart)
         vm_start();
 }

monitor.c

diff --git a/monitor.c b/monitor.c
index 45fd482..5366c36 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1056,6 +1056,10 @@
 {
     struct bdrv_iterate_context context = { mon, 0 };
 
+    if (incoming_expected) {
+        qerror_report(QERR_MIGRATION_EXPECTED);
+        return -1;
+    }
     bdrv_iterate(encrypted_bdrv_it, &context);
     /* only resume the vm if all keys are set and valid */
     if (!context.err) {

qerror.c

diff --git a/qerror.c b/qerror.c
index 2f6f590..0af3ab3 100644
--- a/qerror.c
+++ b/qerror.c
@@ -141,6 +141,10 @@
         .desc      = "Using KVM without %(capability), %(feature) unavailable",
     },
     {
+        .error_fmt = QERR_MIGRATION_EXPECTED,
+        .desc      = "An incoming migration is expected before this command can be executed",
+    },
+    {
         .error_fmt = QERR_MISSING_PARAMETER,
         .desc      = "Parameter '%(name)' is missing",
     },

qerror.h

diff --git a/qerror.h b/qerror.h
index 9ad00b4..62802ea 100644
--- a/qerror.h
+++ b/qerror.h
@@ -121,6 +121,9 @@
 #define QERR_KVM_MISSING_CAP \
     "{ 'class': 'KVMMissingCap', 'data': { 'capability': %s, 'feature': %s } }"
 
+#define QERR_MIGRATION_EXPECTED \
+    "{ 'class': 'MigrationExpected', 'data': {} }"
+
 #define QERR_MISSING_PARAMETER \
     "{ 'class': 'MissingParameter', 'data': { 'name': %s } }"
 

sysemu.h

diff --git a/sysemu.h b/sysemu.h
index 9c988bb..a1f6466 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -99,6 +99,7 @@
 } DisplayType;
 
 extern int autostart;
+extern int incoming_expected;
 extern int bios_size;
 
 typedef enum {

vl.c

diff --git a/vl.c b/vl.c
index 1406831..b3e3676 100644
--- a/vl.c
+++ b/vl.c
@@ -182,6 +182,7 @@
 NICInfo nd_table[MAX_NICS];
 int vm_running;
 int autostart;
+int incoming_expected; /* Started with -incoming and waiting for incoming */
 static int rtc_utc = 1;
 static int rtc_date_offset = -1; /* -1 means no change */
 QEMUClock *rtc_clock;
@@ -2555,6 +2556,7 @@
                 break;
             case QEMU_OPTION_incoming:
                 incoming = optarg;
+                incoming_expected = true;
                 break;
             case QEMU_OPTION_nodefaults:
                 default_serial = 0;