From: Stefan Hajnoczi <stefanha@gmail.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
Anthony Liguori <aliguori@us.ibm.com>,
Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>,
Juan Quintela <quintela@redhat.com>,
libvir-list@redhat.com, qemu-devel@nongnu.org,
Ryan Harper <ryanh@us.ibm.com>, Amit Shah <amit.shah@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change
Date: Sun, 3 Apr 2011 19:06:17 +0100 [thread overview]
Message-ID: <BANLkTim8amWSQFisovA18YbDMoe8oyNVrg@mail.gmail.com> (raw)
In-Reply-To: <BANLkTi=SY7pbELSnkULR4fL-C3uOUehoWg@mail.gmail.com>
On Sun, Apr 3, 2011 at 2:12 PM, Blue Swirl <blauwirbel@gmail.com> wrote:
> On Sun, Apr 3, 2011 at 2:57 PM, Stefan Hajnoczi <stefanha@gmail.com> wrote:
>> On Tue, Mar 29, 2011 at 8:04 PM, Stefan Hajnoczi
>> <stefanha@linux.vnet.ibm.com> wrote:
>>> Piggy-back on the guest CD-ROM polling to poll on the host. Open and
>>> close the host CD-ROM file descriptor to ensure we read the new size and
>>> not a stale size.
>>>
>>> Two things are going on here:
>>>
>>> 1. If hald/udisks is not already polling CD-ROMs on the host then
>>> re-opening the CD-ROM causes the host to read the new medium's size.
>>>
>>> 2. There is a bug in Linux which means the CD-ROM file descriptor must
>>> be re-opened in order for lseek(2) to see the new size. The
>>> inode size gets out of sync with the underlying device (which you can
>>> confirm by checking that /sys/block/sr0/size and lseek(2) do not
>>> match after media change). I have raised this with the
>>> maintainers but we need a workaround for the foreseeable future.
>>>
>>> Note that these changes are all in a #ifdef __linux__ section.
>>>
>>> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
>>> ---
>>> block/raw-posix.c | 26 ++++++++++++++++++++++----
>>> 1 files changed, 22 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/block/raw-posix.c b/block/raw-posix.c
>>> index 6b72470..8b5205c 100644
>>> --- a/block/raw-posix.c
>>> +++ b/block/raw-posix.c
>>> @@ -1238,10 +1238,28 @@ static int cdrom_is_inserted(BlockDriverState *bs)
>>> BDRVRawState *s = bs->opaque;
>>> int ret;
>>>
>>> - ret = ioctl(s->fd, CDROM_DRIVE_STATUS, CDSL_CURRENT);
>>> - if (ret == CDS_DISC_OK)
>>> - return 1;
>>> - return 0;
>>> + /*
>>> + * Close the file descriptor if no medium is present and open it to poll
>>> + * again. This ensures the medium size is refreshed. If the file
>>> + * descriptor is kept open the size can become stale. This is essentially
>>> + * replicating CD-ROM polling but is driven by the guest. As the guest
>>> + * polls, we poll the host.
>>> + */
>>> +
>>> + if (s->fd == -1) {
>>> + s->fd = qemu_open(bs->filename, s->open_flags, 0644);
>>> + if (s->fd < 0) {
>>> + return 0;
>>> + }
>>> + }
>>> +
>>> + ret = (ioctl(s->fd, CDROM_DRIVE_STATUS, CDSL_CURRENT) == CDS_DISC_OK);
>>> +
>>> + if (!ret) {
>>> + close(s->fd);
>>> + s->fd = -1;
>>> + }
>>> + return ret;
>>> }
>>>
>>> static int cdrom_eject(BlockDriverState *bs, int eject_flag)
>>> --
>>> 1.7.4.1
>>>
>>>
>>>
>>
>> There is an issue with reopening host devices in QEMU when running
>> under libvirt. It appears that libvirt chowns image files (including
>> device nodes) so that the launched QEMU process can access them.
>>
>> Unfortunately after media change on host devices udev will reset the
>> ownership of the device node. This causes open(2) to fail with EACCES
>> since the QEMU process does not have the right uid/gid/groups and
>> libvirt is unaware that the file's ownership has changed.
>>
>> In order for media change to work with Linux host CD-ROM it is
>> necessary to reopen the file (otherwise the inode size will not
>> refresh, this is an issue with existing kernels).
>>
>> How can libvirt's security model be made to support this case? In
>> theory udev could be temporarily configured with libvirt permissions
>> for the CD-ROM device while passed through to the guest, but is that
>> feasible?
>
> How about something like this: Add an explicit reopen method to
> BlockDriver. Make a special block device for passed file descriptors.
> Pass descriptors in libvirt for CD-ROMs instead of the device paths.
> The reopen method for file descriptors should notify libvirt about
> need to pass a reopened descriptor and then block all accesses until a
> new descriptor is available. This should also solve your earlier
> problem.
I'm hoping libvirt's behavior can be made to just work rather than
adding new features to QEMU. But perhaps passing file descriptors is
useful for more than just reopening host devices. This would
basically be a privilege separation model where the QEMU process isn't
able to open files itself but can request libvirt to open them on its
behalf.
Stefan
next prev parent reply other threads:[~2011-04-03 18:06 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-29 19:04 [Qemu-devel] [PATCH v2 0/3] block: Correct size across CD-ROM media change Stefan Hajnoczi
2011-03-29 19:04 ` [Qemu-devel] [PATCH v2 1/3] trace: Trace bdrv_set_locked() Stefan Hajnoczi
2011-03-29 19:04 ` [Qemu-devel] [PATCH v2 2/3] block: Do not cache device size for removable media Stefan Hajnoczi
2011-03-29 19:04 ` [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change Stefan Hajnoczi
2011-03-31 10:05 ` [Qemu-devel] " Kevin Wolf
2011-04-01 14:09 ` Stefan Hajnoczi
2011-04-03 11:57 ` [Qemu-devel] " Stefan Hajnoczi
2011-04-03 13:12 ` Blue Swirl
2011-04-03 18:06 ` Stefan Hajnoczi [this message]
2011-04-04 10:47 ` [libvirt] " Daniel P. Berrange
2011-04-04 12:58 ` Stefan Hajnoczi
2011-04-04 13:02 ` Anthony Liguori
2011-04-04 13:16 ` Daniel P. Berrange
2011-04-04 14:19 ` Anthony Liguori
2011-04-04 14:26 ` Daniel P. Berrange
2011-04-04 14:43 ` Anthony Liguori
2011-04-04 16:38 ` Blue Swirl
2011-04-04 13:22 ` Avi Kivity
2011-04-04 13:38 ` Anthony Liguori
2011-04-04 13:49 ` Avi Kivity
2011-04-04 15:09 ` Stefan Hajnoczi
2011-04-04 15:11 ` Avi Kivity
2011-04-05 6:41 ` Amit Shah
2011-04-05 7:48 ` Avi Kivity
2011-04-05 8:09 ` Amit Shah
2011-04-05 9:00 ` Avi Kivity
2011-04-05 9:12 ` Amit Shah
2011-04-05 9:17 ` Avi Kivity
2011-04-05 9:26 ` Amit Shah
2011-04-06 8:07 ` Amit Shah
2011-04-05 8:40 ` Stefan Hajnoczi
2011-04-05 8:58 ` Amit Shah
2011-04-04 17:54 ` David Ahern
2011-04-05 5:33 ` Stefan Hajnoczi
2011-04-05 5:42 ` David Ahern
2011-04-05 12:41 ` Stefan Hajnoczi
2011-03-30 8:33 ` [Qemu-devel] [PATCH v2 0/3] block: Correct size across CD-ROM " Markus Armbruster
2011-03-30 10:06 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BANLkTim8amWSQFisovA18YbDMoe8oyNVrg@mail.gmail.com \
--to=stefanha@gmail.com \
--cc=aliguori@us.ibm.com \
--cc=amit.shah@redhat.com \
--cc=blauwirbel@gmail.com \
--cc=kwolf@redhat.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=ryanh@us.ibm.com \
--cc=stefanha@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).