From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jim Fehlig <jfehlig@suse.com>
Subject: Re: [RFC] libxl: relax readonly check introduced by
	XSA-142 fix
Date: Thu, 12 Nov 2015 10:53:57 -0700
Message-ID: <5644D235.3020500@suse.com>
References: <5643779E.1010107@suse.com>	
	<alpine.DEB.2.02.1511121157590.526@kaball.uk.xensource.com>	
	<5644B410.4080000@suse.com> <1447345580.18450.81.camel@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1447345580.18450.81.camel@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Wei Liu <wei.liu2@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

Ian Campbell wrote:
> On Thu, 2015-11-12 at 08:45 -0700, Jim Fehlig wrote:
>>  
>>> The commit message doesn't say anything about AHCI. Are AHCI disks
>>> actually emulated correctly by QEMU with readonly=on?
>> I just double checked, and good thing since AHCI + readonly is another
>> rejected
>> combination
>>
>> /usr/lib/xen/bin/qemu-system-i386 -device ahci,id=ahci0 \
>>  -drive file=/tmp/disk.raw,if=none,id=ahcidisk-0,format=raw,readonly=on \
>>  -device ide-hd,bus=ahci0.0,unit=0,drive=ahcidisk-0
>> qemu-system-i386: -device ide-hd,bus=ahci0.0,unit=0,drive=ahcidisk-0:
>> Can't use
>> a read-only drive
>>
>> So IDE/SATA/AHCI are all incompatible with readonly=on. I'll fix this and
>> ammend
>> the commit message in V2.
> 
> Just to clarify when you say "rejected" and "incompatible" do you mean that
> qemu will fail to start if you try, or that it will ignore you and give a
> writeable disk?

qemu will fail to start.

> 
> If, as I think, it will fail, why don't we just always ask and rely on qemu
> to reject, instead of trying to whitelist the ones we know work in the
> libxl code?

That would be possible, but makes it more difficult to track down why the domain
failed to start. With the check in libxl:

# xl create sles12-hvm.xl
Parsing config from sles12-hvm.xl
libxl: error: libxl_dm.c:1201:libxl__build_device_model_args_new: qemu-xen
doesn't support read-only IDE disk drivers
libxl: error: libxl_dm.c:1891:device_model_spawn_outcome: (null): spawn failed
(rc=-6)
libxl: error: libxl_create.c:1340:domcreate_devmodel_started: device model did
not start: -6

Allowing qemu to fail:
# xl create sles12-hvm.xl
Parsing config from sles12-hvm.xl
libxl: error: libxl_dm.c:1887:device_model_spawn_outcome: domain 14 device
model: spawn failed (rc=-3)
libxl: error: libxl_create.c:1340:domcreate_devmodel_started: device model did
not start: -3
libxl: error: libxl_dm.c:1997:kill_device_model: Device Model already exited

Ok, not so obvious why qemu failed to start. One would need to peek at
/var/log/xen/qemu-dm-sles12-hvm.log:

char device redirected to /dev/pts/3 (label serial0)
qemu-system-i386: Can't use a read-only drive
qemu-system-i386: Device initialization failed.

Regards,
Jim