WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] Prevent vif-bridge from adding user-created taps

To: Jim Fehlig <jfehlig@xxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] Prevent vif-bridge from adding user-created taps to a bridge
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Wed, 26 Oct 2011 08:37:16 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 26 Oct 2011 00:39:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4EA740EB.7030804@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <4EA740EB.7030804@xxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Wed, 2011-10-26 at 00:06 +0100, Jim Fehlig wrote:
> I previously sent this from my @suse.com mail address without having
> subscribed it.  Sending again now that I have done so...
> 
> I received a report that vif-bridge adds any tap interface to a bridge,
> regardless if xen is running and who created the tap interface.  E.g.
> 
> # tunctl -p -t tap42
> 
> will cause vif-bridge to be executed as per the following rule in
> xen-backend.rules

Oh dear.

> SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add",
> RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
> 
> I'm not sure how to improve the rule to prevent execution of vif-setup
> in this case.  But it seems better to handle it in vif-bridge anyhow, by
> not connecting the interface to a bridge if there is no corresponding
> info in xenstore.  Something along the lines of the attached quick
> patch.  Comments?

I think overall your change is an improvement, some thoughts:

For a tap device XENBUS_PATH is set in vif-common.sh:
        elif [ "$type_if" = tap ]; then
            # Check presence of compulsory args.
            : ${INTERFACE:?}
        
            # Get xenbus_path from device name.
            # The name is built like that: "tap${domid}.${devid}".
            dev_=${dev#tap}
            domid=${dev_%.*}
            devid=${dev_#*.}
        
            XENBUS_PATH="/local/domain/0/backend/vif/$domid/$devid"
        fi

Could there be false positives from this? Perhaps we should be more
aggressively checking for the tapX.Y, where X and Y are integers, format
as well? (that's not foolproof either though).

Perhaps the toolstack could write something to xenstore containing the
literal tap device name which it asked qemu for? Then we can simply read
it back here, e.g. /libxl/tap/0/tapX.Y -> $XENBUS_PATH (0 being the
backend domain and the content being the xenbus path so we don't need to
magic it up).

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel