git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Jiri Denemark <jdenemar@redhat.com>
	Tue, 13 Sep 2011 16:11:26 +0000 (18:11 +0200)
committer	Jiri Denemark <jdenemar@redhat.com>
	Fri, 16 Sep 2011 15:21:10 +0000 (17:21 +0200)
commit	96fc4784177ecb70357518fa863442455e45ad0e
tree	08b2b7eb8276b8ced5cd3de56a0281e2a760be6b	tree
parent	c2e9fab27381d1eed581648ca2f4a78ee2818f5b	commit \| diff

qemu: Prevent disk corruption on domain shutdown

Ever since we introduced fake reboot, we call qemuProcessKill as a
reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
flushed all internal buffers before sending SHUTDOWN, in which case
killing the process forcibly may result in (virtual) disk corruption.

By sending just SIGTERM without SIGKILL we give qemu time to to flush
all buffers and exit. Once qemu exits, we will see an EOF on monitor
connection and tear down the domain. In case qemu ignores SIGTERM or
just hangs there, the process stays running but that's not any different
from a possible hang anytime during the shutdown process so I think it's
just fine.

Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
which causes it not to exit but instead send new SHUTDOWN event and keep
waiting. I think the best we can do is to ignore duplicate SHUTDOWN
events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
state.

src/qemu/qemu_driver.c		diff \| blob \| blame \| history
src/qemu/qemu_process.c		diff \| blob \| blame \| history
src/qemu/qemu_process.h		diff \| blob \| blame \| history