From: George Dunlap <george.dunlap@eu.citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>, Wei Liu <wei.liu2@citrix.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>,
Jan Beulich <JBeulich@suse.com>,
Wen Congyang <wency@cn.fujitsu.com>,
xen devel <xen-devel@lists.xen.org>
Subject: Re: [RFC Patch v4 3/9] pass correct file to qemu if we use blktap2
Date: Mon, 15 Dec 2014 11:10:58 +0000 [thread overview]
Message-ID: <548EC1C2.5030900@eu.citrix.com> (raw)
In-Reply-To: <1418638732.16425.70.camel@citrix.com>
On 12/15/2014 10:18 AM, Ian Campbell wrote:
> On Sat, 2014-12-13 at 17:06 +0000, Wei Liu wrote:
>> On Thu, Dec 11, 2014 at 04:45:09PM +0000, George Dunlap wrote:
>>> On Mon, Sep 22, 2014 at 6:59 AM, Wen Congyang <wency@cn.fujitsu.com> wrote:
>>>> If we use blktap2, the correct file should be blktap device
>>>> not the pdev_path.
>>>>
>>>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>>>> Cc: Shriram Rajagopalan <rshriram@cs.ubc.ca>
>>>> Acked-by: Ian Campbell <ian.campbell@citrix.com>
>>>
>>> If I'm reading this correctly, this is actually a fairly serious bug
>>> in libxl -- it means that when using backend=tap with HVM domains,
>>> qemu will actually *bypass entirely* the tapdisk process and access
>>> the underlying file directly.
>>>
>>
>> Is it because qemu will corrupt the underlying file so it's very
>> serious?
>
> I think it ends up being reasonably safe due to the unplug stuff, in
> general only one of the two paths should be active at any given time and
> there is appropriate flushing/syncing on the unplug etc.
>
> In fact, I'm not 100% sure this wasn't a deliberate design decision at
> one point to avoid the overhead of doing both qdisk and tapdisk. (I'm
> not going to argue that this still makes sense though).
>
> If qemu is corrupting files then that's a different matter, which would
> indeed be serious, and which this change might paper over/avoid.
Yes, I think when I wrote that I had forgotten that even with just PV /
emulated there's usually a duplicate datapath that we need to sort out,
and that we already sort that out with the device unplug protocol.
Since half the point of tapdisk was to be able to do things like
snapshotting / other fancy tricks as colo does, not just implement
specific image formats, then if it was deliberate it was kind of dumb.
I'd rather just assume that it was overlooked. :-)
In any case, as it's already fixed in 4.5, I don't think the exact
degree of seriousness matters too much: it's above the threshold for
"should be backported" IMHO, and well below the threshold of "needs the
security response process". So it should just be backported to 4.4,
4.3, and 4.2 (or some subset thereof, if we're designating stable trees).
-George
next prev parent reply other threads:[~2014-12-15 11:10 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-22 5:59 [RFC Patch v4 0/9] Some bugfix patches Wen Congyang
2014-09-22 5:59 ` [RFC Patch v4 1/9] copy the correct page to memory Wen Congyang
2014-09-22 14:38 ` Ian Campbell
2014-09-22 5:59 ` [RFC Patch v4 2/9] csum the correct page Wen Congyang
2014-09-22 5:59 ` [RFC Patch v4 3/9] pass correct file to qemu if we use blktap2 Wen Congyang
2014-12-11 16:45 ` George Dunlap
2014-12-13 17:06 ` Wei Liu
2014-12-15 10:18 ` Ian Campbell
2014-12-15 11:10 ` George Dunlap [this message]
2014-09-22 5:59 ` [RFC Patch v4 4/9] read nictype from xenstore Wen Congyang
2014-09-22 5:59 ` [RFC Patch v4 5/9] check if mfn is supported by IOCTL_PRIVCMD_MMAPBATCH before calling ioctl() Wen Congyang
2014-09-22 14:26 ` Ian Campbell
2014-09-23 1:40 ` Wen Congyang
2014-09-23 10:08 ` Ian Campbell
2014-09-24 1:36 ` Wen Congyang
2014-09-22 5:59 ` [RFC Patch v4 6/9] don't zero out ioreq page and handle the pended I/O after resuming Wen Congyang
2014-09-22 11:22 ` Jan Beulich
2014-09-22 5:59 ` [RFC Patch v4 7/9] correct xc_domain_save()'s return value Wen Congyang
2014-09-22 7:30 ` Olaf Hering
2014-09-22 7:34 ` Wen Congyang
2014-09-22 7:46 ` Olaf Hering
2014-09-22 8:06 ` Wen Congyang
2014-09-22 8:13 ` Olaf Hering
2014-09-22 8:24 ` Wen Congyang
2014-09-22 8:41 ` Wen Congyang
2014-09-22 12:42 ` Ian Campbell
2014-09-22 13:03 ` Ian Jackson
2014-09-22 13:13 ` Ian Campbell
2014-09-22 13:57 ` [PATCH RFC 0/3] " Ian Jackson
2014-09-22 13:58 ` Ian Campbell
2014-09-22 14:00 ` Ian Campbell
2014-09-22 13:58 ` [PATCH 1/3] libxl: save helper: remove redundant declaration Ian Jackson
2014-09-22 13:58 ` [PATCH 2/3] libxl: save helper: transport errno with all callback return values Ian Jackson
2014-09-22 13:58 ` [PATCH 3/3] libxl: save/restore callbacks: enforce a useful errno value Ian Jackson
2014-09-22 14:07 ` Ian Campbell
2014-09-22 14:08 ` Ian Jackson
2014-09-22 14:06 ` [RFC Patch v4 7/9] correct xc_domain_save()'s return value Andrew Cooper
2014-09-23 2:14 ` Wen Congyang
2014-09-23 9:00 ` Andrew Cooper
2014-09-23 9:10 ` Wen Congyang
2014-09-23 9:25 ` Andrew Cooper
2014-09-23 9:29 ` Wen Congyang
2014-09-23 10:09 ` Ian Campbell
2014-09-23 9:52 ` Wen Congyang
2014-09-22 5:59 ` [RFC Patch v4 8/9] store correct format into tapdisk-params/params Wen Congyang
2014-09-22 14:37 ` Ian Campbell
2014-09-23 2:07 ` Wen Congyang
2014-09-23 10:11 ` Ian Campbell
2014-09-23 10:32 ` Wen Congyang
2014-09-22 5:59 ` [RFC Patch v4 9/9] update libxl__device_disk_from_xs_be() to support blktap device Wen Congyang
2014-09-22 15:08 ` Ian Campbell
2014-09-23 3:07 ` Wen Congyang
2014-09-23 10:12 ` Ian Campbell
2014-09-22 12:44 ` [RFC Patch v4 0/9] Some bugfix patches Ian Campbell
2014-09-22 12:56 ` Wen Congyang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=548EC1C2.5030900@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=wei.liu2@citrix.com \
--cc=wency@cn.fujitsu.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).