Xen devel - Oct 2006 - Block device not presented read-only in HVM domain

I''m running Xen 3.0.3.  dom0 and the domains (PV and HVM) are running
64-bit SMP SLES 10.

I have a config file for an HVM domain with the following line for the
disks:

disk = [ ''phy:/dev/vbd-backend/hvm1,hda,w'',
''phy:/dev/vbd-backend/usr,hdb,r'',
''phy:/dev/vbd-disktest/dom1,hdd,w'' ]

/dev/vbd-backend/hvm1 is an LVM volume containing a disk image with a
partition for the root filesystem for the hvm1 domain.
/dev/vbd-backend/usr is an LVM volume containing a disk image with a
partition for /usr which is shared read-only across multiple HVM domains.
/dev/vbd-disktest/dom1 is an LVM volume that is used as a scratch disk.

The /etc/fstab in the HVM domain has the lines:

/dev/hda1            /                    ext3       acl,user_xattr
1 0
/dev/hdb1            /usr                 ext3       acl,user_xattr
1 0

In the domain I can write to /usr, even though it is supposed to be shared
read-only!

x3850-hvm1:~ # ls -l /usr/bob
/bin/ls: /usr/bob: No such file or directory
x3850-hvm1:~ # touch /usr/bob
x3850-hvm1:~ # ls -l /usr/bob
-rw-r--r-- 1 root root 0 Oct 25 14:29 /usr/bob
x3850-hvm1:~ #

Since I am sharing the /usr partition across multiple active HVM domains, I
am now naturally fearful of file system corruption since that partition is
writable from several domains at the same time.

I have a similar configuration for a paravirtuallized domain:

disk = [ ''phy:/dev/vbd-backend/dom1,hda,w'',
''phy:/dev/vbd-backend/usr,hdb,r'',
''phy:/dev/vbd-disktest/dom1,hdd,w'' ]

/dev/hda1            /                    ext3       acl,user_xattr
1 1
/dev/hdb1            /usr                 ext3       acl,user_xattr
1 2

In the paravirtualized domain I am not allowed to write to /usr:

x3850-dom1:~ # touch /usr/bob
touch: cannot touch `/usr/bob'': Read-only file system
x3850-dom1:~ #

(Note: the /dev/vbd-disktest/dom1 device is used as a scratch disk for
testing.  Since I am short on disk space, I use the same device for the HVM
and PV domains.  In my testing I never have an HVM domain and a PV domain
running at the same time, so I don''t have to worry about corruption on
/dev/vbd-disktest/dom1.)

Steve D.


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> /dev/vbd-backend/hvm1 is an LVM volume containing a disk image with a
> partition for the root filesystem for the hvm1 domain.
> /dev/vbd-backend/usr is an LVM volume containing a disk image with a
> partition for /usr which is shared read-only across multiple HVM
domains.
> /dev/vbd-disktest/dom1 is an LVM volume that is used as a scratch
disk.
> 
> The /etc/fstab in the HVM domain has the lines:
> 
> /dev/hda1            /                    ext3       acl,user_xattr
> 1 0
> /dev/hdb1            /usr                 ext3       acl,user_xattr
> 1 0
> 
> In the domain I can write to /usr, even though it is supposed to be
shared
> read-only!
> 
> x3850-hvm1:~ # ls -l /usr/bob
> /bin/ls: /usr/bob: No such file or directory
> x3850-hvm1:~ # touch /usr/bob
> x3850-hvm1:~ # ls -l /usr/bob
> -rw-r--r-- 1 root root 0 Oct 25 14:29 /usr/bob
> x3850-hvm1:~ #
You''ve not using PV drivers, right?
Someone needs to extend qemu-dm to accept and respect a ''read
only'' flag
associated with a device.

Ian




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

"Ian Pratt" <m+Ian.Pratt@cl.cam.ac.uk> wrote on 10/26/2006
11:39:45 AM:
> You''ve not using PV drivers, right?
Correct.  No PV drivers; just native SLES kernel and modules.
> Someone needs to extend qemu-dm to accept and respect a ''read
only'' flag
> associated with a device.
That was my suspicion.  The read-only mode for the device is in xenstore.
qemu-dm just needs to handle it.

Steve D.


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel