Stefan Berger
2008-Mar-10 21:59 UTC
[Xen-devel] [PATCH] [Xend] Grab common lock during domain restore op and security op
I am introducing a lock in the path of the domain restore operation. This lock is acquired when a domain is restored or migrated into a system. The lock is also acquired during policy operation, i.e., setting of a domain''s label, which prevents changes to the policy during restore operations. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2008-Mar-10 22:06 UTC
Re: [Xen-devel] [PATCH] [Xend] Grab common lock during domain restore op and security op
It seems odd to me that of all update operations that can be performed on a domain by xend, only label-setting needs explicit serialisation against domain restore. What''s the underlying problem that this is solving? -- Keir On 10/3/08 21:59, "Stefan Berger" <stefanb@us.ibm.com> wrote:> I am introducing a lock in the path of the domain restore operation. > This lock is acquired when a domain is restored or migrated into a > system. The lock is also acquired during policy operation, i.e., setting > of a domain''s label, which prevents changes to the policy during restore > operations. > > Signed-off-by: Stefan Berger <stefanb@us.ibm.com> > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Stefan Berger
2008-Mar-11 01:52 UTC
Re: [Xen-devel] [PATCH] [Xend] Grab common lock during domain restore op and security op
xen-devel-bounces@lists.xensource.com wrote on 03/10/2008 06:06:38 PM:> It seems odd to me that of all update operations that can be performedon a> domain by xend, only label-setting needs explicit serialisation against > domain restore. What''s the underlying problem that this is solving?If it''s not serialized, one could otherwise change the policy while a migration is happening. In the worst case this would lead to the new VM running on a system that it otherwise would not be allowed to run (due to the modified policy). I would have grabbed the domains_lock lock otherwise, but then I found this here in the XendCheckpoint.restore() method which is called with the domains_lock() held: # # We shouldn''t hold the domains_lock over a waitForDevices # As this function sometime gets called holding this lock, # we must release it and re-acquire it appropriately # from xen.xend import XendDomain lock = True; try: XendDomain.instance().domains_lock.release() except: lock = False; try: dominfo.waitForDevices() # Wait for backends to set up except Exception, exn: log.exception(exn) if lock: XendDomain.instance().domains_lock.acquire() To me it looks like introducing another lock is necessary. Stefan> > -- Keir > > On 10/3/08 21:59, "Stefan Berger" <stefanb@us.ibm.com> wrote: > > > I am introducing a lock in the path of the domain restore operation. > > This lock is acquired when a domain is restored or migrated into a > > system. The lock is also acquired during policy operation, i.e.,setting> > of a domain''s label, which prevents changes to the policy duringrestore> > operations. > > > > Signed-off-by: Stefan Berger <stefanb@us.ibm.com> > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xensource.com > > http://lists.xensource.com/xen-devel > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel