[Qemu-devel] Re: To O_EXCL or not to O_EXCL open host_cdrom

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Amit Shah <amit.shah@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
	Markus Armbruster <armbru@redhat.com>,
	Ryan Harper <ryanh@us.ibm.com>,
	qemu-devel <qemu-devel@nongnu.org>,
	Christoph Hellwig <hch@lst.de>
Subject: [Qemu-devel] Re: To O_EXCL or not to O_EXCL open host_cdrom
Date: Mon, 11 Apr 2011 10:37:32 +0530	[thread overview]
Message-ID: <20110411050732.GA7523@amit-x200.redhat.com> (raw)
In-Reply-To: <BANLkTin3+Hz2kmLnVTDrLyzQUs-Ksvvc0w@mail.gmail.com>

On (Fri) 08 Apr 2011 [12:33:27], Stefan Hajnoczi wrote:
> Amit and I were discussing the pros and cons of using O_EXCL to open
> host CD-ROM devices on IRC but this discussion could benefit from more
> input.
> 
> Linux block devices (like /dev/sr0 CD-ROMs) can be opened with O_EXCL
> and only one userspace process will succeed at a time.  This prevents
> programs from interfering with each other.  The polling daemons, hald
> and udisks, use O_EXCL and mount does too.
> 
> Today QEMU does not use O_EXCL and will therefore access host CD-ROMs
> while they are in use by other programs.  This also means that
> programs can be started on the host while QEMU is already running that
> may interfere with the virtual machine's ability to access the CD-ROM
> (for example by ejecting it).
> 
> Therefore, it sounds reasonable to switch to O_EXCL to prevent
> interfering with other programs and to prevent other programs
> interfering with QEMU.
> 
> On the downside, it will no longer be possible to share a host CD-ROM
> between multiple virtual machines or to mount it on host while passing
> it through to a guest.  These scenarios are not safe because on of the
> clients could eject the device, spoiling the party for everyone else.
> However, it is a handy feature for putting installation media into a
> machine and installing several guests at the same time.

I'm of the opinion that it's simply wrong to allow such concurrent
access.  The feature isn't too compelling, and it's really a bug IMO.
We should open O_EXCL and document somewhere about this.  Host CDROM
passthrough is such a niche concept that people should be able to
ensure to stop other services opening CDROMs in exclusive mode.

Also, since we're really cheating other programs that open the CDROM
device O_EXCL by bypassing that requirement, any actions the guest
takes is likely to hamper the host programs using CDROMs -- maybe even
causing guests to exploit security holes in other host programs.

> The other concern I have about using O_EXCL is that we expose
> ourselves to race conditions if there is ever a need to re-open the
> device.  When QEMU closes its file descriptor another program may be
> scheduled to run and open the device with O_EXCL.  Now QEMU will not
> be able to open the CD-ROM anymore.

The admins should really be the ones worrying about this, not QEMU.

		Amit

next prev parent reply	other threads:[~2011-04-11  5:07 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-08 11:33 [Qemu-devel] To O_EXCL or not to O_EXCL open host_cdrom Stefan Hajnoczi
2011-04-11  5:07 ` Amit Shah [this message]
2011-04-11  8:31   ` [Qemu-devel] " Stefan Hajnoczi
2011-04-11 13:30     ` Avi Kivity
2011-04-11 13:27 ` [Qemu-devel] " Avi Kivity
2011-04-11 18:19 ` Christoph Hellwig
2011-04-12  7:52 ` Daniel P. Berrange
2011-04-12  8:10   ` Kevin Wolf
2011-04-12  8:19     ` Daniel P. Berrange
2011-04-12  9:14       ` Stefan Hajnoczi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110411050732.GA7523@amit-x200.redhat.com \
    --to=amit.shah@redhat.com \
    --cc=armbru@redhat.com \
    --cc=hch@lst.de \
    --cc=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=ryanh@us.ibm.com \
    --cc=stefanha@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).