From owner-freebsd-virtualization@FreeBSD.ORG Sat Feb 8 20:19:05 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AB2CE13C for ; Sat, 8 Feb 2014 20:19:05 +0000 (UTC) Received: from mail-pd0-x22e.google.com (mail-pd0-x22e.google.com [IPv6:2607:f8b0:400e:c02::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 757C11B52 for ; Sat, 8 Feb 2014 20:19:05 +0000 (UTC) Received: by mail-pd0-f174.google.com with SMTP id z10so4489884pdj.19 for ; Sat, 08 Feb 2014 12:19:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1mEEThoEdt37Ba2I49ckZUd5eV+1bykflg7UDxAfpn0=; b=HXehL0HR/IJVevWH8dnfaYPD5u0HiPF0xfI0J4zBH7Zc2liLeKpia37Y8wTVy1K8iP WL1Fs/PNE6pDiYwEP/vRDllVKQKJ9b9O2o1GDu18AAju2UCzD6Ibq4XDlGV+cE92aozP 5qqbe1IsVH+oxViWwsDBxJezrCbxuduo1Arljv/mnw8+52gzl9zvmpMRm0yOqMjzXOgC aAShJr6ykt71JFCvfhPFtCG3RXRFXxFIBrhYiagD3iE0ROmiW0R0Ugjh55io5jT84z0S wgEigZZgRp549fyKGoVP/4OHXK60aDDbWivQWdbH5kwk83jmtu7XCToR8CSAYZJ+QwEu 1Kfg== MIME-Version: 1.0 X-Received: by 10.66.192.74 with SMTP id he10mr15974952pac.126.1391890744898; Sat, 08 Feb 2014 12:19:04 -0800 (PST) Received: by 10.68.155.38 with HTTP; Sat, 8 Feb 2014 12:19:04 -0800 (PST) In-Reply-To: References: <52F5363D.8040102@freebsd.org> Date: Sat, 8 Feb 2014 15:19:04 -0500 Message-ID: Subject: Re: Report of my virtual network lab migrated from virtualbox to bhyve From: Aryeh Friedman To: Adam Vande More Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: FreeBSD virtualization X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2014 20:19:05 -0000 On Sat, Feb 8, 2014 at 3:14 PM, Aryeh Friedman wrote: > > > > On Sat, Feb 8, 2014 at 3:01 PM, Adam Vande More wrote: > >> >> On Sat, Feb 8, 2014 at 6:51 AM, Aryeh Friedman wrote: >>> >>> bhyve blindly read/writes into the middle of the file without consulting >>> the filesystem and thus bypassing any things like sparse fill in.... namely >>> all you gain is a few seconds of startup time (matter of fact I think >>> truncate might use sparse allocation [i.e. attempting to read into the >>> middle with guest OS control will result in potentially seeing host data]) >>> >> >> If this is true then there is a *critical* security issue. >> >> Using sparse files isn't to gain performance, it's to conserve disk >> space. Using md devices backed by sparse images would accomplish this. If >> the sparsify app works on FreeBSD, then there should be no problem using >> those type of volumes. >> >> > It sounds almost identical to the qcow2 security issue being discussed on > qemu-devel@qemu.org recently. This might be a *HUGE* win for bhyve then > in considering that it's default format is raw (should ahci-hdd be the > default?). devel/qemu (not sure about -dev) uses qcow2 as a default and > when playing with it on other OS's I found that it seemed to default to > that also. It is my understand that most of the open source cloud > platforms use qcow2 as their default also (I remember this from an attempt > to install openstack grizzly last summer... I have not checked havana > though... can any of the freebsd-openstack confirm this?). > Forgot to mention that the host OS's disk scheduling also gives a brief window of opportunity during the time after the inode is made and the old contents wiped due to the size of the file -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org