[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] feature request - prevent user stupidity (eg mine)

To: Mark Williamson <mark.williamson@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
From: Masaki Kanno <kanno.masaki@xxxxxxxxxxxxxx>
Date: Fri, 29 Jun 2007 11:38:35 +0900
Cc: Masaki Kanno <kanno.masaki@xxxxxxxxxxxxxx>, Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>, Christian Limpach <Christian.Limpach@xxxxxxxxxxxxx>, James Harper <james.harper@xxxxxxxxxxxxxxxx>
Delivery-date: Thu, 28 Jun 2007 19:38:25 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

>> > Given that there is almost no way you would ever want to publish the
>> > same block device to the same virtual domain more than once, would
>>
>> there
>>
>> > be any value in flagging that as an error when you try and start the
>> > domain?
>>
>> I'm surprised that the existing block device safety checks don't pick up
>> on this, but I guess they're run before the guest is started rather than
>> before each virtual disk is attached.
>
>Looks like the hotplug scripts do contain the checking logic, and it does 
>check each device at a time, but it explicitly ignores if the same VM 
>already 
>has access to a device.  Maybe checking for duplicate exports here would be 
>too racey, since I guess the hotplug scripts are not run in any particular 
>order...
>
>> I certainly think there's a strong argument for protecting the user from
>> this kind of error, at least unless they've specified 'w!' and hence
>> indicated they want sharing.
>
>Agreed.  It's something that - whilst fairly unlikely - is easy to do in the 
>right circumstances.  And those circumstances usually lead to hosing off your 
>filesystem quite effectively.
>
>I looked at Kan's patch, which implements this checking within XendConfig.py.  
>It's not an awful lot of extra code, however it does seem like this stuff 
>would ideally be done in one place - either in Xend or in the hotplug 
>scripts.
>
>The nice thing about the hotplug scripts is that they Just Work for 
>dynamically adding devices.  Unless I've misread Kan's code, it won't catch a 
>user accidentally adding a duplicate blkdev to a running domain, which is a 
>shame.

Could you teach me a blkdev definition or a adding blkdev operation that 
my code cannot catch that you think of?  I'd like to test them by my code. 


>We should try to figure out if this can be added reliably to the blkdev 
>hotplug scripts.  If not, maybe we should put all the checking into Xend, 
>with hooks to validate added devices.

I'd like to check a duplicate blkdev for both xm new command and xm create 
command, so that I added the checking into xend(XendConfig.py).  
If the duplicate blkdev is notified of by xm start command, I think that 
it is late.

Best regards,
 Kan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] feature request - prevent user stupidity (eg mine)
  - From: Mark Williamson

References:
- [Xen-devel] feature request - prevent user stupidity (eg mine)
  - From: James Harper
- RE: [Xen-devel] feature request - prevent user stupidity (eg mine)
  - From: Ian Pratt
- Re: [Xen-devel] feature request - prevent user stupidity (eg mine)
  - From: Mark Williamson

Prev by Date: Re: [Xen-devel] Hypercall privilege check
Next by Date: Re: [Xen-devel] Hypercall privilege check
Previous by thread: Re: [Xen-devel] feature request - prevent user stupidity (eg mine)
Next by thread: Re: [Xen-devel] feature request - prevent user stupidity (eg mine)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.