libxl: acquire a pidfile in the driver root directory

When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/libxl/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/libxl/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h
index 136b5ae1ac049d5df578482ea873c74e39ea12b5..552f039d2ab3bb3558c872d1f47281b389bdab17 100644 (file)
--- a/src/libxl/libxl_conf.h
+++ b/src/libxl/libxl_conf.h
@@ -111,6 +111,9 @@ struct _libxlDriverPrivate {
      * then lockless thereafter */
     libxlDriverConfigPtr config;
 
+    /* pid file FD, ensures two copies of the driver can't use the same root */
+    int lockFD;
+
     /* Atomic inc/dec only */
     unsigned int nactive;
 

diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index ac10fb6dbc3f8887e890f274c887f4d3fe007881..a99c7471bb05766da2b21456a91a13d254c08819 100644 (file)
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -53,6 +53,7 @@
 #include "viraccessapicheck.h"
 #include "viratomic.h"
 #include "virhostdev.h"
+#include "virpidfile.h"
 #include "locking/domain_lock.h"
 #include "virnetdevtap.h"
 #include "cpu/cpu.h"
@@ -506,7 +507,6 @@ libxlStateCleanup(void)
         return -1;
 
     virObjectUnref(libxl_driver->hostdevMgr);
-    virObjectUnref(libxl_driver->config);
     virObjectUnref(libxl_driver->xmlopt);
     virObjectUnref(libxl_driver->domains);
     virPortAllocatorRangeFree(libxl_driver->reservedGraphicsPorts);
@@ -516,6 +516,10 @@ libxlStateCleanup(void)
     virObjectUnref(libxl_driver->domainEventState);
     virSysinfoDefFree(libxl_driver->hostsysinfo);
 
+    if (libxl_driver->lockFD != -1)
+        virPidFileRelease(libxl_driver->config->stateDir, "driver", libxl_driver->lockFD);
+
+    virObjectUnref(libxl_driver->config);
     virMutexDestroy(&libxl_driver->lock);
     VIR_FREE(libxl_driver);
 
@@ -658,6 +662,7 @@ libxlStateInitialize(bool privileged,
     if (VIR_ALLOC(libxl_driver) < 0)
         return -1;
 
+    libxl_driver->lockFD = -1;
     if (virMutexInit(&libxl_driver->lock) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        "%s", _("cannot initialize mutex"));
@@ -741,6 +746,10 @@ libxlStateInitialize(bool privileged,
         goto error;
     }
 
+    if ((libxl_driver->lockFD =
+         virPidFileAcquire(cfg->stateDir, "driver", true, getpid())) < 0)
+        goto error;
+
     if (!(libxl_driver->lockManager =
           virLockManagerPluginNew(cfg->lockManagerName ?
                                   cfg->lockManagerName : "nop",