Re: [Xen-devel] [PATCH] libxl: create backend/ xenstore dir for driver domains - Marek Marczykowski-Górecki

From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: Ian Jackson <ian.jackson@citrix.com>
Cc: Anthony Perard <anthony.perard@citrix.com>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
	Wei Liu <wl@xen.org>
Subject: Re: [Xen-devel] [PATCH] libxl: create backend/ xenstore dir for driver domains
Date: Mon, 6 Jan 2020 15:38:36 +0100	[thread overview]
Message-ID: <20200106143836.GK1314@mail-itl> (raw)
In-Reply-To: <24083.16958.769634.476071@mariner.uk.xensource.com>

[-- Attachment #1.1: Type: text/plain, Size: 3067 bytes --]

On Mon, Jan 06, 2020 at 02:20:46PM +0000, Ian Jackson wrote:
> Marek Marczykowski-Górecki writes ("[PATCH] libxl: create backend/ xenstore dir for driver domains"):
> > Cleaning up backend xenstore entries is a responsibility of the backend.
> > When backend lives outside of dom0, the domain needs proper permissions
> > to do it. Normally it is given permission to remove the device dir
> > itself, but not the dir containing it (named after frontend ID). After a
> > whole those empty leftover directories accumulate to the point xenstore
> > returning E2BIG on listing them.
> > 
> > Fix this by giving backend domain write access also to backend/
> > directory itself when c_info->driver_domain option is set. The code
> > removing relevant dir is already there (just lacked permissions to do so).
> > 
> > Note this also allows the backend domain to create new entries,
> > pretending to host backend devices it don't have. But since libxl uses
> > /libxl/ xenstore dir for this information (still outside of backend
> > domain control), this shouldn't be an issue.
> 
> This seems quite hazardous to me.  The reasoning you use to show that
> this iws OK seems fragile, and in general it doesn't feel right to
> give the particular backend such wide scope.
> 
> Can we find another way to address this problem ?  I think the
> containing directory should be removed by the toolstack.  Why is this
> difficult ?  (I presume there is a reason or you would have done it
> that way...)

It was done this way previously and caused issues, see this commit:

commit 546678c6a60f64fb186640460dfa69a837c8fba5
Author: Roger Pau Monne <roger.pau@citrix.com>
Date:   Wed Sep 23 12:06:56 2015 +0200

    libxl: fix the cleanup of the backend path when using driver domains

    With the current libxl implementation the control domain will remove both
    the frontend and the backend xenstore paths of a device that's handled by a
    driver domain. This is incorrect, since the driver domain possibly needs to
    access the backend path in order to perform the disconnection and cleanup of
    the device.

    Fix this by making sure the control domain only cleans the frontend path,
    leaving the backend path to be cleaned by the driver domain. Note that if
    the device is not handled by a driver domain the control domain will perform
    the removal of both the frontend and the backend paths.

    Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
    Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
    Reported-by: Alex Velazquez <alex.j.velazquez@gmail.com>
    Cc: Alex Velazquez <alex.j.velazquez@gmail.com>
    Cc: Ian Jackson <ian.jackson@eu.citrix.com>
    Cc: Ian Campbell <ian.campbell@citrix.com>
    Cc: Wei Liu <wei.liu2@citrix.com>
    Acked-by: Ian Campbell <ian.campbell@citrix.com>

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[-- Attachment #2: Type: text/plain, Size: 157 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel