lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 9 Jul 2010 09:02:26 +0100
From:	Ian Campbell <Ian.Campbell@...citrix.com>
To:	<ddutile@...hat.com>
CC:	Stefano Stabellini <Stefano.Stabellini@...citrix.com>,
	<jeremy@...p.org>, <xen-devel@...ts.xensource.com>,
	<stefano@...bellini.net>, <linux-kernel@...r.kernel.org>,
	<sheng@...ux.intel.com>
Subject: Re: [Xen-devel] Re: [PATCH 12/13] Unplug emulated disks and nics

On Thu, 2010-07-08 at 22:59 +0100, Don Dutile wrote:
> Ian Campbell wrote:
> > On Thu, 2010-07-08 at 20:57 +0100, Don Dutile wrote:
> >> I guess what I'm wondering is why not set xen_emul_unplug to ignore by
> >> default (static int xen_emul_unplug=XEN_UNPLUG_IGNORE), which handles
> >> the case I mentioned (just take existing guest config file as is, no edits,
> >> pre-pv-hvm added to guest kernel),  and if person edits config file to 
> >> change boot device to xvda, they would then edit the config to add
> >> -x xen_emul_unplug=[all|ide-disks|...]  as well.
> > 
> > Can you guarantee that nobody is running an HVM guest today with a
> > configuration file that specifies xvda (I believe it would work)? In
> > other words can you be sure that defaulting to XEN_UNPLUG_IGNORE is
> > _always_ going to be safe? Not just on RHEL hosts and with
> > configurations generated by the RH tools or according to the RH docs but
> > on any host with any (possibly hand-crafted) configuration?
> > 
> No, you have a valid point.  We have pv-on-hvm support for rhel3->rhel5
> HVM guests, and they support xvda on boot devices (once initrd is rebuilt),
> so it's possible to have that config (spec'd) as well, and someone
> to copy & edit it for use on a more current disk image w/relatively current
> kernel.
> But I'm considering 2.6.32+ HVM guests that didn't have xvda spec'd in
> the boot path ever, and are upgraded to a post-2.6.32 kernel that has
> pv-on-hvm added to it.

An HVM guest could have any kernel version, even one prior to 2.6.32,
and be updated to a post-2.6.32 with PV-on-HVM, we cannot restrict
ourselves to just 2.6.32+ kernels (not that I think it makes a
difference anyhow).

> 
> > Any guest which uses xvda in its configuration file today will be using
> > emulated devices but I think that with Stefano's patch and your proposed
> > change in default on a Xen system without support for unplug will start
> > using PV devices without unplugging the emulated ones first.
> > 
> Well, Stefano requires the admin to add unplug switch to kernel cmd line,

In the case where the host platform does not support the unplug protocol
this is correct and requiring explicit admin action to allow the PV
frontends to activate is the only safe option WRT the users data.

However if the host platform does support the unplug protocol then this
is incorrect. In that case the default (in the absence of the command
line option) is to automatically unplug any device for which a PV driver
is available and so no command line option will be required in the
common case. (see xen_unplug_emulated_devices() under the comment "Set
the default value of xen_emul_unplug depending on...")

> so I don't see the harm in defaulting to unplug... 

As I described in my previous mail this is unsafe on host platforms
which do not support unplug. As I describe above it is unnecessary on
host platforms which do support unplug

> Either way, the user/admin has to add cmdline to unplug to be safe.

Not true, on a recent Xen system which supports the unplug protocol then
devices will be unplugged automatically without an additional command
line option.

Ian.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists