[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 06/12] libxl: set correct permissions for the full backend path

On 25/09/13 17:18, Ian Campbell wrote:
> On Wed, 2013-09-25 at 17:10 +0200, Roger Pau Monnà wrote:
>> On 25/09/13 17:00, Ian Campbell wrote:
>>> On Wed, 2013-09-25 at 16:02 +0200, Roger Pau Monnà wrote:
>>>> On 25/09/13 15:57, Ian Campbell wrote:
>>>>> On Mon, 2013-09-23 at 12:30 +0200, Roger Pau Monne wrote:
>>>>>> The backend path should be fully owned by the domain where it resides.
>>>>> I can see why /local/domain/<domid>backends/<type>/<id> would need to be
>>>>> owned by the backend dom, but why
>>>>> do /local/domain/<domid>backends/<type>/, /local/domain/<domid>backends/, 
>>>>> etc need to be?
>>>> The path /local/domain/<domid>backends/<type>/<guest_domid>/<id> is
>>>> already owned by the driver domain, the problem is that if the driver
>>>> domain has to perform the clean up of this path it should be able to
>>>> fully remove it, otherwise we are leaving empty directories around in
>>>> xenstore (backend/<type>/<guest_domid> and so).
>>>> And performing the clean up from the toolstack domain is not that easy,
>>>> we will have to add a way to signal the toolstack domain that the driver
>>>> domain has finished the disconnection and the directory can be cleaned.
>>> Don't we need that anyway so that the toolstack domain can synchronise
>>> the end of the asynchronous op which is the remove?
>> Not really IMHO, the toolstack waits for the device frontend to
>> disconnect and then it removes the frontend xenstore entries. Then (or
>> in parallel) the domain that's handling the backend should deal with the
>> disconnection of the backend and perform any necessary actions and clean
>> up the backend xenstore entries.
> So e.g. xl destroy can potentially return while the backend is still
> closing down? That would mean it might fail to reboot the guest, because
> the block device in the driver domain is still busy.

True, since we don't synchronize with the toolstack there's a small
window were a new domain could be created before the driver domain
hasn't finished unplugging. This is a problem already with current udev
implementation, but I think we can solve this by adding a watch in the
toolstack that waits for the backend path to be destroyed (when the
backend is on a driver domain, of course).

I will expand this patch to include the above mentioned check.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.