[libvirt] [PATCH 00/17] Avoid races with udev

Bjoern Walk bwalk at linux.vnet.ibm.com
Thu Oct 27 11:07:57 UTC 2016 

Michal Privoznik <mprivozn at redhat.com> [2016-10-26, 02:52PM +0200]:
>I've came across interesting bug recently. The problem was that
>user tried to start a domain, but qemu was denied access to some
>device. Even though we relabelled it initially. By debugging I
>found the root cause: while we were starting qemu, udev came and
>restored original security labels. Sigh. We have two options
>here:
>
>a) write out series of udev rules so that whenever it tries to
>relabel something our rule will stop it from doing so
>
>b) write a small helper binary that will udev call in order to:
>  1) detect whether device is in use by libvirt
>  2) get seclabel that was set by libvirt
>
>These patches implement the latter approach. While these patches
>make life easier for us, there is still a race when udev might
>restore the device's seclabel before we had chance to flush
>internal database of seclabels for the helper binary. This is
>something I'm currently focusing on. But before I get there, here
>are patches that makes the problem much more bearable.
>
>In case you want to try these patches, here are some scratch builds:
>
>  https://mprivozn.fedorapeople.org/udev/
>
>Also, you can find them on my branch:
>
>  https://github.com/zippy2/libvirt/commits/udev_labels2
>
>
>This beast is turned off by default, to turn it on you'll need to add:
>
>  write_udev=1
>
>to qemu.conf.
>

Hello Michal,

will this work (or can be made working) for file-based disk images as
well? Currently, the user can provoke a race condition when defining two
domains using the same file-based disk image and not (wrongly)
specifying the <shareable/> element. What happens is that when the while
the first domain is running, the second domain start will relabel disk
image for its own usage, essentially cutting of the first running
domain. This caused a crash of the first QEMU process until
https://patchwork.ozlabs.org/patch/658163/, now the first domain still
reports I/O errors.

I have investigated this problem for a while now and have seen various
bug reports (https://bugzilla.redhat.com/show_bug.cgi?id=1191802,
https://bugzilla.redhat.com/show_bug.cgi?id=547546) and your attempt to
fix this
(https://www.redhat.com/archives/libvir-list/2015-October/msg00331.html)
but unfortunately this disruptive behaviour still exists.

Best regards,
        Bjoern

-- 
IBM Systems
Linux on z Systems & Virtualization Development
------------------------------------------------------------------------
IBM Deutschland
Schönaicher Str. 220
71032 Böblingen
Phone: +49 7031 16 1819
E-Mail: bwalk at de.ibm.com
------------------------------------------------------------------------
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 896 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161027/bdcb5569/attachment-0001.sig>

More information about the libvir-list mailing list