[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: xenstored: Interaction bettwen SET_PERMS and transaction
On 24.02.23 16:00, Julien Grall wrote: Hi Juergen, For some internal purpose, I need to write a script that would do the following: 1) Start a transaction 2) Call GET_PERMS 3) Call SET_PERMS with the permission just retrieved 4) Commit the transaction (Don't ask why :))This was executed from dom0 on every nodes. In some cases, we noticed that 4) would return -ENOSPC.When digging through the code, it looks like this is because transaction_fix_domains() (now called acc_fix_domains()) will check that the quota is correct.The domain is question were over its limit, but given this is called by dom0, I would have expected that it should not never return -ENOSPC (note that a SET_PERMS outside of a transaction would work, but this can't be used our case).Furthermore, the transaction is not changing any accounting. So I find a bit strange that we would prevent it even if this was run from an unprivileged domain.Do you know if this issues would be fixed by your current rework?If not, then I think we at least want to skip the quota check if the domain is privileged.For non-privileged domain, I am not entirely sure what to do. I was originally thinking to check if cd->nbentry is 0 and then skip the quota check. But this would allow a domain to remove a node and then replace by a new one (I think we still want to forbid that).What do you think? Patch sent. Could you please test it with your script? Juergen Attachment:
OpenPGP_0xB0DE9DD628BF132F.asc Attachment:
OpenPGP_signature
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |