Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

[Mark Ruijter]

[-- Attachment #1: Type: text/plain, Size: 645 bytes --]


Hi all,

Unless I am mistaken the NVMe-oF target driver does currently not support to export a device read-only from the target system.
For exporting readonly snapshot devices I am currently using the attached patch.

Does this change, or a similar change, make sense for upstream?

    --
    With the patch and after setting the namespace to readonly:
    namespaces/1 # echo 1 > readonly
    namespaces/1 # echo 1 > enable
    
On the initiator system writes are now no longer permitted:
    root@r11i3:~# echo hello >/dev/nvme5n1 
    -bash: echo: write error: Operation not permitted
    --

Thanks,

Mark Ruijter



[-- Attachment #2: readonly.patch --]
[-- Type: application/octet-stream, Size: 1305 bytes --]

--- drivers/nvme/target/configfs.c-orig	2020-08-21 05:50:14.369462419 -0600
+++ drivers/nvme/target/configfs.c	2020-08-21 05:37:13.817449795 -0600
@@ -543,6 +543,34 @@
 
 CONFIGFS_ATTR(nvmet_ns_, buffered_io);
 
+static ssize_t nvmet_ns_readonly_show(struct config_item *item, char *page)
+{
+        return sprintf(page, "%d\n", to_nvmet_ns(item)->readonly);
+}
+
+static ssize_t nvmet_ns_readonly_store(struct config_item *item,
+                const char *page, size_t count)
+{
+        struct nvmet_ns *ns = to_nvmet_ns(item);
+        bool val;
+
+        if (strtobool(page, &val))
+                return -EINVAL;
+
+        mutex_lock(&ns->subsys->lock);
+        if (ns->enabled) {
+                pr_err("disable ns before setting readonly value.\n");
+                mutex_unlock(&ns->subsys->lock);
+                return -EINVAL;
+        }
+
+        ns->readonly = val;
+        mutex_unlock(&ns->subsys->lock);
+        return count;
+}
+
+CONFIGFS_ATTR(nvmet_ns_, readonly);
+
 static struct configfs_attribute *nvmet_ns_attrs[] = {
 	&nvmet_ns_attr_device_path,
 	&nvmet_ns_attr_device_nguid,
@@ -550,6 +578,7 @@
 	&nvmet_ns_attr_ana_grpid,
 	&nvmet_ns_attr_enable,
 	&nvmet_ns_attr_buffered_io,
+	&nvmet_ns_attr_readonly,
 #ifdef CONFIG_PCI_P2PDMA
 	&nvmet_ns_attr_p2pmem,
 #endif

[-- Attachment #3: Type: text/plain, Size: 158 bytes --]

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

[Chaitanya Kulkarni]

On 9/29/20 04:35, Mark Ruijter wrote:
> Unless I am mistaken the NVMe-oF target driver does currently not support to export a device read-only from the target system.
> For exporting readonly snapshot devices I am currently using the attached patch.

It does, have you tried using nvme cli with NVME_NS_WRITE_PROTECT feature ?

we have both host and core patched for read-only mode, if you find any bug

please let me know.


_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

[Mark Ruijter]

Hi Chaitanya,

Let me explain my use case. Since I think we having different things in mind.
You are suggesting to use nvme cli to set an nvme drive namespace to readonly and export it readonly using the NVMe target driver?
This will certainly work, I agree.

In my case let's assume I have a raid device /dev/mdX that I want to export readonly to an initiator. I am unable to run any command on the initiator.
The target should export the device in such a way that the initiator can never accidentally write to it.

I fail to understand how nvme cli NVME_NS_WRITE_PROTECT can help me in this use case?

Thanks,

--Mark


Op 30-09-20 02:29 heeft Chaitanya Kulkarni <Chaitanya.Kulkarni@wdc.com> geschreven:

    On 9/29/20 04:35, Mark Ruijter wrote:
    > Unless I am mistaken the NVMe-oF target driver does currently not support to export a device read-only from the target system.
    > For exporting readonly snapshot devices I am currently using the attached patch.
    
    It does, have you tried using nvme cli with NVME_NS_WRITE_PROTECT feature ?
    
    we have both host and core patched for read-only mode, if you find any bug
    
    please let me know.
    
    

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

[Chaitanya Kulkarni]

On 9/30/20 00:38, Mark Ruijter wrote:
> Hi Chaitanya,
>
> Let me explain my use case. Since I think we having different things in mind.
> You are suggesting to use nvme cli to set an nvme drive namespace to readonly and export it readonly using the NVMe target driver?
> This will certainly work, I agree.
>
> In my case let's assume I have a raid device /dev/mdX that I want to export readonly to an initiator. I am unable to run any command on the initiator.
> The target should export the device in such a way that the initiator can never accidentally write to it.

I see, your patch looks good, but it doesn't cover all the cases if we
want to export ro device.

Let me send a series on the top of your patch to make discussion easy.

> I fail to understand how nvme cli NVME_NS_WRITE_PROTECT can help me in this use case?
>
> Thanks,
>
> --Mark



_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

[Sagi Grimberg]

>> Unless I am mistaken the NVMe-oF target driver does currently not support to export a device read-only from the target system.
>> For exporting readonly snapshot devices I am currently using the attached patch.
> 
> It does, have you tried using nvme cli with NVME_NS_WRITE_PROTECT feature ?
> 
> we have both host and core patched for read-only mode, if you find any bug
> 
> please let me know.

Chaitnaya,

btw, I just noticed that 1293477f4f32 ("nvme: set gendisk read only 
based on nsattr") breaks BLKROSET ioctls.

If I now do:
blockdev --setro /dev/nvme0n1
and then I will write to it, it will override the disk ro as
invalidate kicks in when the write fails.

I think we need to start by reverting this patch, and then
add it back in a way that doesn't break BLKROSET...

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: Exporting NVMe-oF devices read-only enforced on export from the NVMe-oF target.

[Sagi Grimberg]

>> btw, I just noticed that 1293477f4f32 ("nvme: set gendisk read only
>> based on nsattr") breaks BLKROSET ioctls.
>>
>> If I now do:
>> blockdev --setro /dev/nvme0n1
>> and then I will write to it, it will override the disk ro as
>> invalidate kicks in when the write fails.
>>
>> I think we need to start by reverting this patch, and then
>> add it back in a way that doesn't break BLKROSET...
> 
> Thanks for reporting this, let me add this fix in the V3
> 
> [PATCH V2 0/4] nvmet: allow target to export readonly ns.

To be clear,

I'm talking about commit 1293477f4f32.

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme