* [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine
@ 2014-01-27 2:50 Qixiaozhen
2014-01-27 11:35 ` Paolo Bonzini
2014-01-27 14:06 ` Stefan Hajnoczi
0 siblings, 2 replies; 6+ messages in thread
From: Qixiaozhen @ 2014-01-27 2:50 UTC (permalink / raw)
To: qemu-devel@nongnu.org; +Cc: Luohao (brian), Xujunxi
[-- Attachment #1.1: Type: text/plain, Size: 1989 bytes --]
Hi,all
A instance was created by virsh command in the CentOS 6.4.
The LUN in the Storage Array Network(SAN) was attached to the instance with the following xml.
<disk type='block' device='lun'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>
<controller type='scsi' model='virtio-scsi'/>
A scsi report command was executed in the instance, for example "sg_luns /dev/vdb". However, It returned the list of the Luns in the SAN.
1) The unrelated luns in the SAN were not isolated in the instance.
[root@localhost ~]# sg_luns /dev/vdb
Lun list length = 80 which imples 10 lun entries
Report luns [select_report=0]:
0000000000000000
0001000000000000
0002000000000000
0003000000000000
0004000000000000
0005000000000000
0006000000000000
0007000000000000
0008000000000000
0009000000000000
[root@localhost ~]#sg_map
Stopping because no sg device found
[root@localhost ~]#
[root@localhost ~]#
[cid:image009.png@01CF1B49.A36DAC30]
2) The report lun command in the physical server:
[root@qixiaozhen sdb]# sg_luns /dev/mapper/360022a110000ecba5db427db00000023
Lun list length = 80 which imples 10 lun entries
Report luns [select_report=0x0]:
0000000000000000
0001000000000000
0002000000000000
0003000000000000
0004000000000000
0005000000000000
0006000000000000
0007000000000000
0008000000000000
0009000000000000
[root@qixiaozhen sdb]#
Is there any security problem if the report lun command was not isolated ?
Sincerely,
Qi
-----------------------------------------------------------
Xiaozhen Qi
Huawei Technologies Co.,LTD.
IT Product Line CloudOS PDU
China, Xi'an
Mobile: +86-13609283376
Email: qixiaozhen@huawei.com
[-- Attachment #1.2: Type: text/html, Size: 12353 bytes --]
[-- Attachment #2: image009.png --]
[-- Type: image/png, Size: 22043 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine
2014-01-27 2:50 [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine Qixiaozhen
@ 2014-01-27 11:35 ` Paolo Bonzini
2014-01-27 12:22 ` Qixiaozhen
2014-01-27 14:06 ` Stefan Hajnoczi
1 sibling, 1 reply; 6+ messages in thread
From: Paolo Bonzini @ 2014-01-27 11:35 UTC (permalink / raw)
To: Qixiaozhen, qemu-devel@nongnu.org; +Cc: Luohao (brian), Xujunxi
Il 27/01/2014 03:50, Qixiaozhen ha scritto:
> A scsi report command was executed in the instance, for example “sg_luns
> /dev/vdb”. However, It returned the list of the Luns in the SAN.
This is a known problem in virtio-blk's SCSI emulation. Just don't use
it, use virtio-scsi or another SCSI adapter instead.
Paolo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine
2014-01-27 11:35 ` Paolo Bonzini
@ 2014-01-27 12:22 ` Qixiaozhen
2014-01-27 12:42 ` Paolo Bonzini
0 siblings, 1 reply; 6+ messages in thread
From: Qixiaozhen @ 2014-01-27 12:22 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel@nongnu.org; +Cc: Luohao (brian), Xujunxi
>
> Il 27/01/2014 03:50, Qixiaozhen ha scritto:
> > A scsi report command was executed in the instance, for example
> > "sg_luns /dev/vdb". However, It returned the list of the Luns in the SAN.
>
> This is a known problem in virtio-blk's SCSI emulation. Just don't use it, use
> virtio-scsi or another SCSI adapter instead.
I am not sure whether there was something wrong with my xml. The content of the configuration xml lists:
[root@qixiaozhen sdb]# virsh dumpxml 6
<domain type='kvm' id='6'>
<name>instance-00000qxz</name>
<uuid>2052f60e-a273-42b4-bdb7-e633f41e1624</uuid>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>4</vcpu>
<sysinfo type='smbios'>
<system>
<entry name='manufacturer'>Red Hat Inc.</entry>
<entry name='product'>OpenStack Nova</entry>
<entry name='version'>2013.2-5.el6</entry>
<entry name='serial'>1b800e36-ed60-117b-8567-000000821800</entry>
<entry name='uuid'>2052f60e-a273-42b4-bdb7-e633f41e1624</entry>
</system>
</sysinfo>
<os>
<type arch='x86_64' machine='rhel6.4.0'>hvm</type>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode='host-model'>
<model fallback='allow'/>
</cpu>
<clock offset='utc'>
<timer name='pit' tickpolicy='delay'/>
<timer name='rtc' tickpolicy='catchup'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none'/>
<source file='/home/sdb/centos64.qcow2'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<!-- #############Raw Device Mapping with virtio-scsi################## -->
<disk type='block' device='lun'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
<target dev='vdb' bus='virtio'/>
<alias name='virtio-disk1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>
<!-- ########### Compare with the above one ################## -->
<disk type='block' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db4074800000022'/>
<target dev='vdc' bus='virtio'/>
<alias name='virtio-disk2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<alias name='usb0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<!-- #################virtio-scsi controller##################### -->
<controller type='scsi' index='0' model='virtio-scsi'>
<alias name='scsi0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</controller>
<serial type='pty'>
<source path='/dev/pts/2'/>
<target port='1'/>
<alias name='serial0'/>
</serial>
<console type='pty'>
<source path='/dev/pts/2'/>
<target type='serial' port='1'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes' listen='186.100.8.169' keymap='en-us'>
<listen type='address' address='186.100.8.169'/>
</graphics>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>unconfined_u:system_r:svirt_t:s0:c156,c614</label>
<imagelabel>unconfined_u:object_r:svirt_image_t:s0:c156,c614</imagelabel>
</seclabel>
</domain>
[root@qixiaozhen sdb]#
Paolo, would you mind to give me some advice to fix my xml? And I am not familiar with this.
Sincerely,
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine
2014-01-27 12:22 ` Qixiaozhen
@ 2014-01-27 12:42 ` Paolo Bonzini
0 siblings, 0 replies; 6+ messages in thread
From: Paolo Bonzini @ 2014-01-27 12:42 UTC (permalink / raw)
To: Qixiaozhen, qemu-devel@nongnu.org; +Cc: Luohao (brian), Xujunxi
Il 27/01/2014 13:22, Qixiaozhen ha scritto:
> <!-- #############Raw Device Mapping with virtio-scsi################## -->
> <disk type='block' device='lun'>
> <driver name='qemu' type='raw' cache='none'/>
> <source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
> <target dev='vdb' bus='virtio'/>
> <alias name='virtio-disk1'/>
> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
> </disk>
This is not using virtio-scsi.
A virtio-scsi disk would appear as /devs/sda in the VM. For example:
<disk type='block' device='lun'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
<target dev='sdb' bus='scsi'/>
<address type='drive' controller='0' bus='0'/>
</disk>
<disk type='block' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db4074800000022'/>
<target dev='sda' bus='scsi'/>
<address type='drive' controller='0' bus='1'/>
</disk>
<controller type='scsi' index='0' model='virtio-scsi'/>
You can now try sg_inq for both disks. One will show your NAS's product
and vendor names, the other will show QEMU as vendor and QEMU HARD DISK
as product.
Paolo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine
2014-01-27 2:50 [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine Qixiaozhen
2014-01-27 11:35 ` Paolo Bonzini
@ 2014-01-27 14:06 ` Stefan Hajnoczi
2014-01-28 1:28 ` Qixiaozhen
1 sibling, 1 reply; 6+ messages in thread
From: Stefan Hajnoczi @ 2014-01-27 14:06 UTC (permalink / raw)
To: Qixiaozhen; +Cc: Paolo Bonzini, Luohao (brian), qemu-devel@nongnu.org, Xujunxi
On Mon, Jan 27, 2014 at 02:50:04AM +0000, Qixiaozhen wrote:
> A instance was created by virsh command in the CentOS 6.4.
>
> The LUN in the Storage Array Network(SAN) was attached to the instance with the following xml.
>
> <disk type='block' device='lun'>
> <driver name='qemu' type='raw' cache='none'/>
> <source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
> <target dev='vdb' bus='virtio'/>
> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
> </disk>
> <controller type='scsi' model='virtio-scsi'/>
>
>
> A scsi report command was executed in the instance, for example "sg_luns /dev/vdb". However, It returned the list of the Luns in the SAN.
>
>
> 1) The unrelated luns in the SAN were not isolated in the instance.
> [root@localhost ~]# sg_luns /dev/vdb
> Lun list length = 80 which imples 10 lun entries
> Report luns [select_report=0]:
> 0000000000000000
> 0001000000000000
> 0002000000000000
> 0003000000000000
> 0004000000000000
> 0005000000000000
> 0006000000000000
> 0007000000000000
> 0008000000000000
> 0009000000000000
You are using virtio-blk with SCSI-passthrough, not virtio-scsi (it's
confusing but libvirt type='block' device='lun' means virtio-blk). This
feature has fallen out of favor and is generally best replaced with
virtio-scsi instead of virtio-blk.
If you do not require raw SCSI commands from the guest, then change
device='lun' to device='disk'.
What exactly are you trying to do?
Stefan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine
2014-01-27 14:06 ` Stefan Hajnoczi
@ 2014-01-28 1:28 ` Qixiaozhen
0 siblings, 0 replies; 6+ messages in thread
From: Qixiaozhen @ 2014-01-28 1:28 UTC (permalink / raw)
To: Stefan Hajnoczi, Paolo Bonzini
Cc: Luohao (brian), qemu-devel@nongnu.org, Xujunxi
> On Mon, Jan 27, 2014 at 02:50:04AM +0000, Qixiaozhen wrote:
> > A instance was created by virsh command in the CentOS 6.4.
> >
> > The LUN in the Storage Array Network(SAN) was attached to the instance
> with the following xml.
> >
> > <disk type='block' device='lun'>
> > <driver name='qemu' type='raw' cache='none'/>
> > <source
> dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
> > <target dev='vdb' bus='virtio'/>
> > <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
> > function='0x0'/> </disk> <controller type='scsi' model='virtio-scsi'/>
> >
> >
> > A scsi report command was executed in the instance, for example "sg_luns
> /dev/vdb". However, It returned the list of the Luns in the SAN.
> >
> >
> > 1) The unrelated luns in the SAN were not isolated in the instance.
> > [root@localhost ~]# sg_luns /dev/vdb
> > Lun list length = 80 which imples 10 lun entries Report luns
> > [select_report=0]:
> > 0000000000000000
> > 0001000000000000
> > 0002000000000000
> > 0003000000000000
> > 0004000000000000
> > 0005000000000000
> > 0006000000000000
> > 0007000000000000
> > 0008000000000000
> > 0009000000000000
>
> You are using virtio-blk with SCSI-passthrough, not virtio-scsi (it's confusing but
> libvirt type='block' device='lun' means virtio-blk). This feature has fallen out of
> favor and is generally best replaced with virtio-scsi instead of virtio-blk.
>
> If you do not require raw SCSI commands from the guest, then change
> device='lun' to device='disk'.
>
> What exactly are you trying to do?
VMware document said that 'In physical mode, the VMkernel passes all SCSI commands to the device, with one exception: the REPORT LUNs command is virtualized so that the VMkernel can isolate the LUN to the owning virtual machine.'
So I want to test the very RDM feature in Qemu.
With Paolo's kindly help, a mistake was found in the configuration. Thanks for all your help.
Sincerely,
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-01-28 1:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-27 2:50 [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine Qixiaozhen
2014-01-27 11:35 ` Paolo Bonzini
2014-01-27 12:22 ` Qixiaozhen
2014-01-27 12:42 ` Paolo Bonzini
2014-01-27 14:06 ` Stefan Hajnoczi
2014-01-28 1:28 ` Qixiaozhen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).