Re: XSA-180 follow-up: repurpose xenconsoled for logging

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Wei Liu <wei.liu2@citrix.com>
To: Doug Goldstein <cardoe@cardoe.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
	George Dunlap <george.dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <Ian.Jackson@eu.citrix.com>,
	George Dunlap <george.dunlap@citrix.com>,
	Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: XSA-180 follow-up: repurpose xenconsoled for logging
Date: Tue, 7 Jun 2016 12:43:52 +0100	[thread overview]
Message-ID: <20160607114352.GJ25922@citrix.com> (raw)
In-Reply-To: <3a114c2e-198d-4ac3-5e9a-e1d1b63a056b@cardoe.com>

On Mon, Jun 06, 2016 at 03:47:37PM -0500, Doug Goldstein wrote:
> On 6/6/16 5:12 AM, George Dunlap wrote:
> > On 03/06/16 18:38, Andrew Cooper wrote:
> >> On 01/06/16 15:00, Wei Liu wrote:
> >>> Hi all
> >>>
> 
> <snip>
> 
> > FWIW, the libvirt project has exactly the same problem, and they did the
> > analog of what Wei is proposing -- they added a new daemon, virtlogd, to
> > handle all the console and debug log rotation in a fashion resistant to
> > DoSing.  Without reading their discussion, it's reasonable to assume
> > that using system logging was at least considered using system-level
> > logging before deciding to write their own code.
> 
> If I recall they use RPCs and the logs are generated as a best effort to
> not block QEMU.
> 

Does that mean it's more or less equivalent to O_NONBLOCK?

Is that configurable?  We might actually want to block in some cases.

> > 
> > We already have a daemon to do logging of consoles; it just doesn't have
> > any of the logrotate features that are needed to make it robust against
> > DoS.  There's no sense in having log rotation code in two places, so
> > upgrading xenconsoled to do what virtlogd is doing makes more sense than
> > say, either writing our own, or stealing virtlogd.
> 
> What if we made xl / libxl really good at the limited scope of things it
> should be good at and left the other bits to others. At this point it
> seems like yet another feature that xl / libxl is gaining that matches
> what libvirt does. Maybe an approach is something you appear to suggest
> and just point people to virtlogd and ask the libvirt guys if they would
> make it a separate package. Honestly it seems like xl could slim down
> from a feature set perspective and focus on improving libxl / libvirt
> interaction. That's something that the Xen community has been interested
> in to better support OpenStack anyway.
> 

To clarify: xenconsoled is not part of xl / libxl. I think it you're
talking about xen toolstack in general.

I think we can ask libvirt maintainers: 1. if it is possible to make
virtlogd a separate package, 2. if they can maintain a stable interface.

Then we can think about how to make sensible suggestions and provide a
way for sysamdins to configure that.

No matter what solution we end up with, the work to integrate that with
xl / libxl is unavoidable.

Wei.

> Just my 2 cents.
> 
> -- 
> Doug Goldstein
> 




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-06-07 11:44 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-01 14:00 XSA-180 follow-up: repurpose xenconsoled for logging Wei Liu
2016-06-03 10:57 ` George Dunlap
2016-06-03 13:30   ` Wei Liu
2016-06-03 14:10     ` George Dunlap
2016-06-03 14:21       ` Wei Liu
2016-06-03 16:57 ` Ian Jackson
2016-06-06 15:56   ` Wei Liu
2016-06-03 17:38 ` Andrew Cooper
2016-06-06 10:12   ` George Dunlap
2016-06-06 13:03     ` Andrew Cooper
2016-06-06 15:48       ` Wei Liu
2016-06-07  9:57         ` George Dunlap
2016-06-07 10:18           ` Wei Liu
2016-06-06 20:47     ` Doug Goldstein
2016-06-07 11:43       ` Wei Liu [this message]
2016-06-21 14:46 ` Wei Liu
2016-06-21 15:10   ` Juergen Gross
2016-06-21 15:23     ` Ian Jackson
2016-06-21 15:11   ` Ian Jackson
2016-06-21 15:53     ` George Dunlap
2016-06-21 16:04       ` Ian Jackson
2016-06-21 16:17         ` George Dunlap
2016-06-22  0:58       ` Jim Fehlig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160607114352.GJ25922@citrix.com \
    --to=wei.liu2@citrix.com \
    --cc=Ian.Jackson@eu.citrix.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=cardoe@cardoe.com \
    --cc=george.dunlap@citrix.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.