From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=49074 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q99Lh-0001pd-5e for qemu-devel@nongnu.org; Mon, 11 Apr 2011 01:07:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q99Lg-0005gW-5d for qemu-devel@nongnu.org; Mon, 11 Apr 2011 01:07:41 -0400 Received: from mx1.redhat.com ([209.132.183.28]:17964) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q99Lf-0005g1-Pb for qemu-devel@nongnu.org; Mon, 11 Apr 2011 01:07:40 -0400 Date: Mon, 11 Apr 2011 10:37:32 +0530 From: Amit Shah Message-ID: <20110411050732.GA7523@amit-x200.redhat.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: [Qemu-devel] Re: To O_EXCL or not to O_EXCL open host_cdrom List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: Kevin Wolf , Markus Armbruster , Ryan Harper , qemu-devel , Christoph Hellwig On (Fri) 08 Apr 2011 [12:33:27], Stefan Hajnoczi wrote: > Amit and I were discussing the pros and cons of using O_EXCL to open > host CD-ROM devices on IRC but this discussion could benefit from more > input. > > Linux block devices (like /dev/sr0 CD-ROMs) can be opened with O_EXCL > and only one userspace process will succeed at a time. This prevents > programs from interfering with each other. The polling daemons, hald > and udisks, use O_EXCL and mount does too. > > Today QEMU does not use O_EXCL and will therefore access host CD-ROMs > while they are in use by other programs. This also means that > programs can be started on the host while QEMU is already running that > may interfere with the virtual machine's ability to access the CD-ROM > (for example by ejecting it). > > Therefore, it sounds reasonable to switch to O_EXCL to prevent > interfering with other programs and to prevent other programs > interfering with QEMU. > > On the downside, it will no longer be possible to share a host CD-ROM > between multiple virtual machines or to mount it on host while passing > it through to a guest. These scenarios are not safe because on of the > clients could eject the device, spoiling the party for everyone else. > However, it is a handy feature for putting installation media into a > machine and installing several guests at the same time. I'm of the opinion that it's simply wrong to allow such concurrent access. The feature isn't too compelling, and it's really a bug IMO. We should open O_EXCL and document somewhere about this. Host CDROM passthrough is such a niche concept that people should be able to ensure to stop other services opening CDROMs in exclusive mode. Also, since we're really cheating other programs that open the CDROM device O_EXCL by bypassing that requirement, any actions the guest takes is likely to hamper the host programs using CDROMs -- maybe even causing guests to exploit security holes in other host programs. > The other concern I have about using O_EXCL is that we expose > ourselves to race conditions if there is ever a need to re-open the > device. When QEMU closes its file descriptor another program may be > scheduled to run and open the device with O_EXCL. Now QEMU will not > be able to open the CD-ROM anymore. The admins should really be the ones worrying about this, not QEMU. Amit