aboutsummaryrefslogtreecommitdiff
path: root/qapi
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2017-08-21 18:58:56 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2017-09-22 01:06:51 +0200
commit7c9e527659c67d4d7b41d9504f93d2d7ee482488 (patch)
tree2f604a8ad523e8cf9217b464344900f86d0bbfba /qapi
parent092aa2fc65b7a35121616aad8f39d47b8f921618 (diff)
scsi, file-posix: add support for persistent reservation management
It is a common requirement for virtual machine to send persistent reservations, but this currently requires either running QEMU with CAP_SYS_RAWIO, or using out-of-tree patches that let an unprivileged QEMU bypass Linux's filter on SG_IO commands. As an alternative mechanism, the next patches will introduce a privileged helper to run persistent reservation commands without expanding QEMU's attack surface unnecessarily. The helper is invoked through a "pr-manager" QOM object, to which file-posix.c passes SG_IO requests for PERSISTENT RESERVE OUT and PERSISTENT RESERVE IN commands. For example: $ qemu-system-x86_64 -device virtio-scsi \ -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -drive if=none,id=hd,driver=raw,file.filename=/dev/sdb,file.pr-manager=helper0 -device scsi-block,drive=hd or: $ qemu-system-x86_64 -device virtio-scsi \ -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -blockdev node-name=hd,driver=raw,file.driver=host_device,file.filename=/dev/sdb,file.pr-manager=helper0 -device scsi-block,drive=hd Multiple pr-manager implementations are conceivable and possible, though only one is implemented right now. For example, a pr-manager could: - talk directly to the multipath daemon from a privileged QEMU (i.e. QEMU links to libmpathpersist); this makes reservation work properly with multipath, but still requires CAP_SYS_RAWIO - use the Linux IOC_PR_* ioctls (they require CAP_SYS_ADMIN though) - more interestingly, implement reservations directly in QEMU through file system locks or a shared database (e.g. sqlite) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'qapi')
-rw-r--r--qapi/block-core.json4
1 files changed, 4 insertions, 0 deletions
diff --git a/qapi/block-core.json b/qapi/block-core.json
index bb11815608..c69a395804 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2241,6 +2241,9 @@
# Driver specific block device options for the file backend.
#
# @filename: path to the image file
+# @pr-manager: the id for the object that will handle persistent reservations
+# for this device (default: none, forward the commands via SG_IO;
+# since 2.11)
# @aio: AIO backend (default: threads) (since: 2.8)
# @locking: whether to enable file locking. If set to 'auto', only enable
# when Open File Descriptor (OFD) locking API is available
@@ -2250,6 +2253,7 @@
##
{ 'struct': 'BlockdevOptionsFile',
'data': { 'filename': 'str',
+ '*pr-manager': 'str',
'*locking': 'OnOffAuto',
'*aio': 'BlockdevAioOptions' } }