Bug 723023 - Dom0 is able to mapping all the LVM structure when a domU creates a new PV in a block device without a partition table
Summary: Dom0 is able to mapping all the LVM structure when a domU creates a new PV in...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen
Version: 5.6
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Xen Maintainance List
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-18 18:51 UTC by Raul Cheleguini
Modified: 2018-11-14 13:42 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-19 07:20:02 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Raul Cheleguini 2011-07-18 18:51:25 UTC 
Description of problem:

Dom0 is able to mapping all the LVM structure when a domU creates a new PV in a block device without a partition table.

Version-Release number of selected component (if applicable):

Tests performed in the following environment :

dom0 :

xen ~]# uname -a
Linux rchelegu-xen 2.6.18-238.12.1.el5xen #1 SMP Sat May 7 20:38:04 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
xen ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
xen ~]# rpm -q xen
xen-3.0.3-120.el5_6.2
xen ~]# rpm -q lvm2
lvm2-2.02.74-5.el5

How reproducible:

Always.

Steps to Reproduce:

1. Create a new domU ;
2. Associate a logical volume to this domU ;
3. In domU environment, create a new Physical Volume (pvcreate) without a partition table (fdisk).
  
Actual results:

dom0 is able to mapping the LVM structure, like the example below :

xen ~]# xm list
Name                                      ID Mem(MiB) VCPUs State   Time(s)
Domain-0                                   0     1480     4 r-----  23332.1
rhel5-paravirt                             9      511     2 -b----     56.7
xen ~]# vgs -o +uuid
  VG         #PV #LV #SN Attr   VSize    VFree   VG UUID                               
  VolGroup00   2   4   0 wz--n-   19.84G   2.03G UOiFFZ-ZgZw-UcVF-Sqck-46zS-0GH6-f8X53T
  domU-vg      1   1   0 wz--n- 1020.00M 764.00M tVd2YI-PI7P-teyT-oHyf-hZS5-Nqcz-iQXabm

xen ~]# xm console rhel5-paravirt

Red Hat Enterprise Linux Server release 5.5 (Tikanga)
Kernel 2.6.18-194.el5xen on an x86_64

localhost.localdomain login: root
Password: 
Last login: Mon Jul 18 13:40:53 on tty1
[root@localhost ~]# vgs -o +uuid
  VG         #PV #LV #SN Attr   VSize    VFree   VG UUID                               
  VolGroup00   1   2   0 wz--n-    2.81G      0  JfBYRf-luaU-zxft-DdW0-fBRH-mZLI-tdphRV
  domU-vg      1   1   0 wz--n- 1020.00M 764.00M tVd2YI-PI7P-teyT-oHyf-hZS5-Nqcz-iQXabm

xen ~]# cat /etc/xen/rhel5-paravirt 
name = "rhel5-paravirt"
uuid = "36efabdd-f7a8-8d8b-d755-f0c9e5287a75"
maxmem = 512
memory = 512
vcpus = 2
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ "type=vnc,vncunused=1,keymap=en-us" ]
disk = [ "phy:/dev/mapper/VolGroup00-rhel5--00,xvda,w", "phy:/dev/mapper/VolGroup00-rhel5--01,xvdb,w" ]
vif = [ "mac=00:16:36:5e:5b:61,bridge=virbr0,script=vif-bridge" ]

Expected results:

For security reasons, dom0 should not be able to view the domU meta data.
Note You need to log in before you can comment on or make changes to this bug.