[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Re: To O_EXCL or not to O_EXCL open host_cdrom
From: |
Amit Shah |
Subject: |
[Qemu-devel] Re: To O_EXCL or not to O_EXCL open host_cdrom |
Date: |
Mon, 11 Apr 2011 10:37:32 +0530 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On (Fri) 08 Apr 2011 [12:33:27], Stefan Hajnoczi wrote:
> Amit and I were discussing the pros and cons of using O_EXCL to open
> host CD-ROM devices on IRC but this discussion could benefit from more
> input.
>
> Linux block devices (like /dev/sr0 CD-ROMs) can be opened with O_EXCL
> and only one userspace process will succeed at a time. This prevents
> programs from interfering with each other. The polling daemons, hald
> and udisks, use O_EXCL and mount does too.
>
> Today QEMU does not use O_EXCL and will therefore access host CD-ROMs
> while they are in use by other programs. This also means that
> programs can be started on the host while QEMU is already running that
> may interfere with the virtual machine's ability to access the CD-ROM
> (for example by ejecting it).
>
> Therefore, it sounds reasonable to switch to O_EXCL to prevent
> interfering with other programs and to prevent other programs
> interfering with QEMU.
>
> On the downside, it will no longer be possible to share a host CD-ROM
> between multiple virtual machines or to mount it on host while passing
> it through to a guest. These scenarios are not safe because on of the
> clients could eject the device, spoiling the party for everyone else.
> However, it is a handy feature for putting installation media into a
> machine and installing several guests at the same time.
I'm of the opinion that it's simply wrong to allow such concurrent
access. The feature isn't too compelling, and it's really a bug IMO.
We should open O_EXCL and document somewhere about this. Host CDROM
passthrough is such a niche concept that people should be able to
ensure to stop other services opening CDROMs in exclusive mode.
Also, since we're really cheating other programs that open the CDROM
device O_EXCL by bypassing that requirement, any actions the guest
takes is likely to hamper the host programs using CDROMs -- maybe even
causing guests to exploit security holes in other host programs.
> The other concern I have about using O_EXCL is that we expose
> ourselves to race conditions if there is ever a need to re-open the
> device. When QEMU closes its file descriptor another program may be
> scheduled to run and open the device with O_EXCL. Now QEMU will not
> be able to open the CD-ROM anymore.
The admins should really be the ones worrying about this, not QEMU.
Amit