From: Jim Fehlig <jfehlig@suse.com>
To: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
Wei Liu <wei.liu2@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: Re: [RFC] libxl: relax readonly check introduced by XSA-142 fix
Date: Thu, 12 Nov 2015 10:53:57 -0700 [thread overview]
Message-ID: <5644D235.3020500@suse.com> (raw)
In-Reply-To: <1447345580.18450.81.camel@citrix.com>
Ian Campbell wrote:
> On Thu, 2015-11-12 at 08:45 -0700, Jim Fehlig wrote:
>>
>>> The commit message doesn't say anything about AHCI. Are AHCI disks
>>> actually emulated correctly by QEMU with readonly=on?
>> I just double checked, and good thing since AHCI + readonly is another
>> rejected
>> combination
>>
>> /usr/lib/xen/bin/qemu-system-i386 -device ahci,id=ahci0 \
>> -drive file=/tmp/disk.raw,if=none,id=ahcidisk-0,format=raw,readonly=on \
>> -device ide-hd,bus=ahci0.0,unit=0,drive=ahcidisk-0
>> qemu-system-i386: -device ide-hd,bus=ahci0.0,unit=0,drive=ahcidisk-0:
>> Can't use
>> a read-only drive
>>
>> So IDE/SATA/AHCI are all incompatible with readonly=on. I'll fix this and
>> ammend
>> the commit message in V2.
>
> Just to clarify when you say "rejected" and "incompatible" do you mean that
> qemu will fail to start if you try, or that it will ignore you and give a
> writeable disk?
qemu will fail to start.
>
> If, as I think, it will fail, why don't we just always ask and rely on qemu
> to reject, instead of trying to whitelist the ones we know work in the
> libxl code?
That would be possible, but makes it more difficult to track down why the domain
failed to start. With the check in libxl:
# xl create sles12-hvm.xl
Parsing config from sles12-hvm.xl
libxl: error: libxl_dm.c:1201:libxl__build_device_model_args_new: qemu-xen
doesn't support read-only IDE disk drivers
libxl: error: libxl_dm.c:1891:device_model_spawn_outcome: (null): spawn failed
(rc=-6)
libxl: error: libxl_create.c:1340:domcreate_devmodel_started: device model did
not start: -6
Allowing qemu to fail:
# xl create sles12-hvm.xl
Parsing config from sles12-hvm.xl
libxl: error: libxl_dm.c:1887:device_model_spawn_outcome: domain 14 device
model: spawn failed (rc=-3)
libxl: error: libxl_create.c:1340:domcreate_devmodel_started: device model did
not start: -3
libxl: error: libxl_dm.c:1997:kill_device_model: Device Model already exited
Ok, not so obvious why qemu failed to start. One would need to peek at
/var/log/xen/qemu-dm-sles12-hvm.log:
char device redirected to /dev/pts/3 (label serial0)
qemu-system-i386: Can't use a read-only drive
qemu-system-i386: Device initialization failed.
Regards,
Jim
next prev parent reply other threads:[~2015-11-12 17:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-11 17:15 [RFC] libxl: relax readonly check introduced by XSA-142 fix Jim Fehlig
2015-11-12 12:01 ` Stefano Stabellini
2015-11-12 15:45 ` Jim Fehlig
2015-11-12 16:13 ` Ian Jackson
2015-11-12 16:26 ` Ian Campbell
2015-11-12 17:53 ` Jim Fehlig [this message]
2015-11-13 9:22 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5644D235.3020500@suse.com \
--to=jfehlig@suse.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.