ceph-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* split hard read-only vs read-only policy v3
@ 2020-12-08 16:28 Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 1/6] dm: use bdev_read_only to check if a device is read-only Christoph Hellwig
                   ` (5 more replies)
  0 siblings, 6 replies; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme

Hi Jens,

this series resurrects a patch from Martin to properly split the flag
indicating a disk has been set read-only by the hardware vs the userspace
policy set through the BLKROSET ioctl.

Note that the last patch only applies to for-next and not to
for-5.11/block.  I can hold it back for the first NVMe pull request after
Linus pulled the block tree.

A git tree is available here:

    git://git.infradead.org/users/hch/block.git block-hard-ro

Gitweb:

    http://git.infradead.org/users/hch/block.git/shortlog/refs/heads/block-hard-ro

Changes since v3:
 - rebased to the latest block tree
 - indent commit log lines starting with a "#" to make sure git commit
   doesn't eat them

Changes since v2:
 - fix a few typos
 - add a patch to propagate the read-only status from the whole device to
   partitions
 - add a patch to remove a pointless check from bdev_read_only

Changes since v1:
 - don't propagate the policy flag from the whole disk to partitions
 - rebased on top of the merge block_device and hd_struct series

^ permalink raw reply	[flat|nested] 13+ messages in thread

* [PATCH 1/6] dm: use bdev_read_only to check if a device is read-only
  2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
@ 2020-12-08 16:28 ` Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 2/6] block: remove the NULL bdev check in bdev_read_only Christoph Hellwig
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Ming Lei, Hannes Reinecke

dm-thin and dm-cache also work on partitions, so use the proper
interface to check if the device is read-only.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
 drivers/md/dm-cache-metadata.c | 2 +-
 drivers/md/dm-thin-metadata.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c
index af6d4f898e4c1d..89a73204dbf47f 100644
--- a/drivers/md/dm-cache-metadata.c
+++ b/drivers/md/dm-cache-metadata.c
@@ -449,7 +449,7 @@ static int __check_incompat_features(struct cache_disk_superblock *disk_super,
 	/*
 	 * Check for read-only metadata to skip the following RDWR checks.
 	 */
-	if (get_disk_ro(cmd->bdev->bd_disk))
+	if (bdev_read_only(cmd->bdev))
 		return 0;
 
 	features = le32_to_cpu(disk_super->compat_ro_flags) & ~DM_CACHE_FEATURE_COMPAT_RO_SUPP;
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
index 6ebb2127f3e2e0..e75b20480e460e 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -636,7 +636,7 @@ static int __check_incompat_features(struct thin_disk_superblock *disk_super,
 	/*
 	 * Check for read-only metadata to skip the following RDWR checks.
 	 */
-	if (get_disk_ro(pmd->bdev->bd_disk))
+	if (bdev_read_only(pmd->bdev))
 		return 0;
 
 	features = le32_to_cpu(disk_super->compat_ro_flags) & ~THIN_FEATURE_COMPAT_RO_SUPP;
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH 2/6] block: remove the NULL bdev check in bdev_read_only
  2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 1/6] dm: use bdev_read_only to check if a device is read-only Christoph Hellwig
@ 2020-12-08 16:28 ` Christoph Hellwig
  2020-12-08 16:45   ` Hannes Reinecke
  2020-12-08 16:28 ` [PATCH 3/6] block: add a hard-readonly flag to struct gendisk Christoph Hellwig
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Ming Lei

Only a single caller can end up in bdev_read_only, so move the check
there.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
---
 block/genhd.c | 3 ---
 fs/super.c    | 3 ++-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/block/genhd.c b/block/genhd.c
index b84b8671e6270a..8f2b89d1161813 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1652,11 +1652,8 @@ EXPORT_SYMBOL(set_disk_ro);
 
 int bdev_read_only(struct block_device *bdev)
 {
-	if (!bdev)
-		return 0;
 	return bdev->bd_read_only;
 }
-
 EXPORT_SYMBOL(bdev_read_only);
 
 /*
diff --git a/fs/super.c b/fs/super.c
index 2c6cdea2ab2d9e..5a1f384ffc74f6 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -865,7 +865,8 @@ int reconfigure_super(struct fs_context *fc)
 
 	if (fc->sb_flags_mask & SB_RDONLY) {
 #ifdef CONFIG_BLOCK
-		if (!(fc->sb_flags & SB_RDONLY) && bdev_read_only(sb->s_bdev))
+		if (!(fc->sb_flags & SB_RDONLY) && sb->s_bdev &&
+		    bdev_read_only(sb->s_bdev))
 			return -EACCES;
 #endif
 
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH 3/6] block: add a hard-readonly flag to struct gendisk
  2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 1/6] dm: use bdev_read_only to check if a device is read-only Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 2/6] block: remove the NULL bdev check in bdev_read_only Christoph Hellwig
@ 2020-12-08 16:28 ` Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions Christoph Hellwig
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Ming Lei, Hannes Reinecke

Commit 20bd1d026aac ("scsi: sd: Keep disk read-only when re-reading
partition") addressed a long-standing problem with user read-only
policy being overridden as a result of a device-initiated revalidate.
The commit has since been reverted due to a regression that left some
USB devices read-only indefinitely.

To fix the underlying problems with revalidate we need to keep track
of hardware state and user policy separately.

The gendisk has been updated to reflect the current hardware state set
by the device driver. This is done to allow returning the device to
the hardware state once the user clears the BLKROSET flag.

The resulting semantics are as follows:

 - If BLKROSET sets a given partition read-only, that partition will
   remain read-only even if the underlying storage stack initiates a
   revalidate. However, the BLKRRPART ioctl will cause the partition
   table to be dropped and any user policy on partitions will be lost.

 - If BLKROSET has not been set, both the whole disk device and any
   partitions will reflect the current write-protect state of the
   underlying device.

Based on a patch from Martin K. Petersen <martin.petersen@oracle.com>.

Reported-by: Oleksii Kurochko <olkuroch@cisco.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201221
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
 block/blk-core.c        |  4 +---
 block/genhd.c           | 33 +++++++++++++++++++--------------
 block/partitions/core.c |  3 +--
 include/linux/genhd.h   |  6 ++++--
 4 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/block/blk-core.c b/block/blk-core.c
index 96e5fcd7f071b6..9123c2c86414ae 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -693,9 +693,7 @@ static inline bool should_fail_request(struct block_device *part,
 
 static inline bool bio_check_ro(struct bio *bio, struct block_device *part)
 {
-	const int op = bio_op(bio);
-
-	if (part->bd_read_only && op_is_write(op)) {
+	if (op_is_write(bio_op(bio)) && bdev_read_only(part)) {
 		char b[BDEVNAME_SIZE];
 
 		if (op_is_flush(bio->bi_opf) && !bio_sectors(bio))
diff --git a/block/genhd.c b/block/genhd.c
index 8f2b89d1161813..d9f989c1514123 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1632,27 +1632,32 @@ static void set_disk_ro_uevent(struct gendisk *gd, int ro)
 	kobject_uevent_env(&disk_to_dev(gd)->kobj, KOBJ_CHANGE, envp);
 }
 
-void set_disk_ro(struct gendisk *disk, int flag)
+/**
+ * set_disk_ro - set a gendisk read-only
+ * @disk:	gendisk to operate on
+ * @ready_only:	%true to set the disk read-only, %false set the disk read/write
+ *
+ * This function is used to indicate whether a given disk device should have its
+ * read-only flag set. set_disk_ro() is typically used by device drivers to
+ * indicate whether the underlying physical device is write-protected.
+ */
+void set_disk_ro(struct gendisk *disk, bool read_only)
 {
-	struct disk_part_iter piter;
-	struct block_device *part;
-
-	if (disk->part0->bd_read_only != flag) {
-		set_disk_ro_uevent(disk, flag);
-		disk->part0->bd_read_only = flag;
+	if (read_only) {
+		if (test_and_set_bit(GD_READ_ONLY, &disk->state))
+			return;
+	} else {
+		if (!test_and_clear_bit(GD_READ_ONLY, &disk->state))
+			return;
 	}
-
-	disk_part_iter_init(&piter, disk, DISK_PITER_INCL_EMPTY);
-	while ((part = disk_part_iter_next(&piter)))
-		part->bd_read_only = flag;
-	disk_part_iter_exit(&piter);
+	set_disk_ro_uevent(disk, read_only);
 }
-
 EXPORT_SYMBOL(set_disk_ro);
 
 int bdev_read_only(struct block_device *bdev)
 {
-	return bdev->bd_read_only;
+	return bdev->bd_read_only ||
+		test_bit(GD_READ_ONLY, &bdev->bd_disk->state);
 }
 EXPORT_SYMBOL(bdev_read_only);
 
diff --git a/block/partitions/core.c b/block/partitions/core.c
index deca253583bd3f..5a9633183343c0 100644
--- a/block/partitions/core.c
+++ b/block/partitions/core.c
@@ -194,7 +194,7 @@ static ssize_t part_start_show(struct device *dev,
 static ssize_t part_ro_show(struct device *dev,
 			    struct device_attribute *attr, char *buf)
 {
-	return sprintf(buf, "%d\n", dev_to_bdev(dev)->bd_read_only);
+	return sprintf(buf, "%d\n", bdev_read_only(dev_to_bdev(dev)));
 }
 
 static ssize_t part_alignment_offset_show(struct device *dev,
@@ -360,7 +360,6 @@ static struct block_device *add_partition(struct gendisk *disk, int partno,
 
 	bdev->bd_start_sect = start;
 	bdev_set_nr_sectors(bdev, len);
-	bdev->bd_read_only = get_disk_ro(disk);
 
 	if (info) {
 		err = -ENOMEM;
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
index 809aaa32d53cba..a62ccbfac54b48 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -163,6 +163,7 @@ struct gendisk {
 	int flags;
 	unsigned long state;
 #define GD_NEED_PART_SCAN		0
+#define GD_READ_ONLY			1
 	struct kobject *slave_dir;
 
 	struct timer_rand_state *random;
@@ -249,11 +250,12 @@ static inline void add_disk_no_queue_reg(struct gendisk *disk)
 extern void del_gendisk(struct gendisk *gp);
 extern struct block_device *bdget_disk(struct gendisk *disk, int partno);
 
-extern void set_disk_ro(struct gendisk *disk, int flag);
+void set_disk_ro(struct gendisk *disk, bool read_only);
 
 static inline int get_disk_ro(struct gendisk *disk)
 {
-	return disk->part0->bd_read_only;
+	return disk->part0->bd_read_only ||
+		test_bit(GD_READ_ONLY, &disk->state);
 }
 
 extern void disk_block_events(struct gendisk *disk);
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions
  2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
                   ` (2 preceding siblings ...)
  2020-12-08 16:28 ` [PATCH 3/6] block: add a hard-readonly flag to struct gendisk Christoph Hellwig
@ 2020-12-08 16:28 ` Christoph Hellwig
  2020-12-08 16:47   ` Hannes Reinecke
  2020-12-09  2:51   ` Ming Lei
  2020-12-08 16:28 ` [PATCH 5/6] rbd: remove the ->set_read_only method Christoph Hellwig
  2020-12-08 16:28 ` [PATCH 6/6] nvme: allow revalidate to set a namespace read-only Christoph Hellwig
  5 siblings, 2 replies; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme

Change the policy so that a BLKROSET on the whole device also affects
partitions.  To quote Martin K. Petersen:

It's very common for database folks to twiddle the read-only state of
block devices and partitions. I know that our users will find it very
counter-intuitive that setting /dev/sda read-only won't prevent writes
to /dev/sda1.

The existing behavior is inconsistent in the sense that doing:

  # blockdev --setro /dev/sda
  # echo foo > /dev/sda1

permits writes. But:

  # blockdev --setro /dev/sda
  <something triggers revalidate>
  # echo foo > /dev/sda1

doesn't.

And a subsequent:

  # blockdev --setrw /dev/sda
  # echo foo > /dev/sda1

doesn't work either since sda1's read-only policy has been inherited
from the whole-disk device.

You need to do:

  # blockdev --rereadpt

after setting the whole-disk device rw to effectuate the same change on
the partitions, otherwise they are stuck being read-only indefinitely.

However, setting the read-only policy on a partition does *not* require
the revalidate step. As a matter of fact, doing the revalidate will blow
away the policy setting you just made.

So the user needs to take different actions depending on whether they
are trying to read-protect a whole-disk device or a partition. Despite
using the same ioctl. That is really confusing.

I have lost count how many times our customers have had data clobbered
because of ambiguity of the existing whole-disk device policy. The
current behavior violates the principle of least surprise by letting the
user think they write protected the whole disk when they actually
didn't.

Suggested-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
---
 block/genhd.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/block/genhd.c b/block/genhd.c
index d9f989c1514123..6e51ecb9280aca 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1656,8 +1656,7 @@ EXPORT_SYMBOL(set_disk_ro);
 
 int bdev_read_only(struct block_device *bdev)
 {
-	return bdev->bd_read_only ||
-		test_bit(GD_READ_ONLY, &bdev->bd_disk->state);
+	return bdev->bd_read_only || get_disk_ro(bdev->bd_disk);
 }
 EXPORT_SYMBOL(bdev_read_only);
 
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH 5/6] rbd: remove the ->set_read_only method
  2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
                   ` (3 preceding siblings ...)
  2020-12-08 16:28 ` [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions Christoph Hellwig
@ 2020-12-08 16:28 ` Christoph Hellwig
  2020-12-09  2:52   ` Ming Lei
  2020-12-08 16:28 ` [PATCH 6/6] nvme: allow revalidate to set a namespace read-only Christoph Hellwig
  5 siblings, 1 reply; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Hannes Reinecke

Now that the hardware read-only state can't be changed by the BLKROSET
ioctl, the code in this method is not required anymore.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Acked-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
---
 drivers/block/rbd.c | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 2ed79b09439a82..2c64ca15ca079f 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -692,29 +692,10 @@ static void rbd_release(struct gendisk *disk, fmode_t mode)
 	put_device(&rbd_dev->dev);
 }
 
-static int rbd_set_read_only(struct block_device *bdev, bool ro)
-{
-	struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
-
-	/*
-	 * Both images mapped read-only and snapshots can't be marked
-	 * read-write.
-	 */
-	if (!ro) {
-		if (rbd_is_ro(rbd_dev))
-			return -EROFS;
-
-		rbd_assert(!rbd_is_snap(rbd_dev));
-	}
-
-	return 0;
-}
-
 static const struct block_device_operations rbd_bd_ops = {
 	.owner			= THIS_MODULE,
 	.open			= rbd_open,
 	.release		= rbd_release,
-	.set_read_only		= rbd_set_read_only,
 };
 
 /*
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH 6/6] nvme: allow revalidate to set a namespace read-only
  2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
                   ` (4 preceding siblings ...)
  2020-12-08 16:28 ` [PATCH 5/6] rbd: remove the ->set_read_only method Christoph Hellwig
@ 2020-12-08 16:28 ` Christoph Hellwig
  2020-12-08 16:49   ` Hannes Reinecke
  2020-12-09  2:54   ` Ming Lei
  5 siblings, 2 replies; 13+ messages in thread
From: Christoph Hellwig @ 2020-12-08 16:28 UTC (permalink / raw)
  To: Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Keith Busch

Unconditionally call set_disk_ro now that it only updates the hardware
state.  This allows to properly set up the Linux devices read-only when
the controller turns a previously writable namespace read-only.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
---
 drivers/nvme/host/core.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index ce1b6151944131..3a0557ccc9fc5d 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -2114,9 +2114,8 @@ static void nvme_update_disk_info(struct gendisk *disk,
 	nvme_config_discard(disk, ns);
 	nvme_config_write_zeroes(disk, ns);
 
-	if ((id->nsattr & NVME_NS_ATTR_RO) ||
-	    test_bit(NVME_NS_FORCE_RO, &ns->flags))
-		set_disk_ro(disk, true);
+	set_disk_ro(disk, (id->nsattr & NVME_NS_ATTR_RO) ||
+		test_bit(NVME_NS_FORCE_RO, &ns->flags));
 }
 
 static inline bool nvme_first_scan(struct gendisk *disk)
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* Re: [PATCH 2/6] block: remove the NULL bdev check in bdev_read_only
  2020-12-08 16:28 ` [PATCH 2/6] block: remove the NULL bdev check in bdev_read_only Christoph Hellwig
@ 2020-12-08 16:45   ` Hannes Reinecke
  0 siblings, 0 replies; 13+ messages in thread
From: Hannes Reinecke @ 2020-12-08 16:45 UTC (permalink / raw)
  To: Christoph Hellwig, Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Ming Lei

On 12/8/20 5:28 PM, Christoph Hellwig wrote:
> Only a single caller can end up in bdev_read_only, so move the check
> there.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Ming Lei <ming.lei@redhat.com>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> ---
>   block/genhd.c | 3 ---
>   fs/super.c    | 3 ++-
>   2 files changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/block/genhd.c b/block/genhd.c
> index b84b8671e6270a..8f2b89d1161813 100644
> --- a/block/genhd.c
> +++ b/block/genhd.c
> @@ -1652,11 +1652,8 @@ EXPORT_SYMBOL(set_disk_ro);
>   
>   int bdev_read_only(struct block_device *bdev)
>   {
> -	if (!bdev)
> -		return 0;
>   	return bdev->bd_read_only;
>   }
> -
>   EXPORT_SYMBOL(bdev_read_only);
>   
>   /*
> diff --git a/fs/super.c b/fs/super.c
> index 2c6cdea2ab2d9e..5a1f384ffc74f6 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -865,7 +865,8 @@ int reconfigure_super(struct fs_context *fc)
>   
>   	if (fc->sb_flags_mask & SB_RDONLY) {
>   #ifdef CONFIG_BLOCK
> -		if (!(fc->sb_flags & SB_RDONLY) && bdev_read_only(sb->s_bdev))
> +		if (!(fc->sb_flags & SB_RDONLY) && sb->s_bdev &&
> +		    bdev_read_only(sb->s_bdev))
>   			return -EACCES;
>   #endif
>   
> 
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions
  2020-12-08 16:28 ` [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions Christoph Hellwig
@ 2020-12-08 16:47   ` Hannes Reinecke
  2020-12-09  2:51   ` Ming Lei
  1 sibling, 0 replies; 13+ messages in thread
From: Hannes Reinecke @ 2020-12-08 16:47 UTC (permalink / raw)
  To: Christoph Hellwig, Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme

On 12/8/20 5:28 PM, Christoph Hellwig wrote:
> Change the policy so that a BLKROSET on the whole device also affects
> partitions.  To quote Martin K. Petersen:
> 
> It's very common for database folks to twiddle the read-only state of
> block devices and partitions. I know that our users will find it very
> counter-intuitive that setting /dev/sda read-only won't prevent writes
> to /dev/sda1.
> 
> The existing behavior is inconsistent in the sense that doing:
> 
>    # blockdev --setro /dev/sda
>    # echo foo > /dev/sda1
> 
> permits writes. But:
> 
>    # blockdev --setro /dev/sda
>    <something triggers revalidate>
>    # echo foo > /dev/sda1
> 
> doesn't.
> 
> And a subsequent:
> 
>    # blockdev --setrw /dev/sda
>    # echo foo > /dev/sda1
> 
> doesn't work either since sda1's read-only policy has been inherited
> from the whole-disk device.
> 
> You need to do:
> 
>    # blockdev --rereadpt
> 
> after setting the whole-disk device rw to effectuate the same change on
> the partitions, otherwise they are stuck being read-only indefinitely.
> 
> However, setting the read-only policy on a partition does *not* require
> the revalidate step. As a matter of fact, doing the revalidate will blow
> away the policy setting you just made.
> 
> So the user needs to take different actions depending on whether they
> are trying to read-protect a whole-disk device or a partition. Despite
> using the same ioctl. That is really confusing.
> 
> I have lost count how many times our customers have had data clobbered
> because of ambiguity of the existing whole-disk device policy. The
> current behavior violates the principle of least surprise by letting the
> user think they write protected the whole disk when they actually
> didn't.
> 
> Suggested-by: Martin K. Petersen <martin.petersen@oracle.com>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> ---
>   block/genhd.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/block/genhd.c b/block/genhd.c
> index d9f989c1514123..6e51ecb9280aca 100644
> --- a/block/genhd.c
> +++ b/block/genhd.c
> @@ -1656,8 +1656,7 @@ EXPORT_SYMBOL(set_disk_ro);
>   
>   int bdev_read_only(struct block_device *bdev)
>   {
> -	return bdev->bd_read_only ||
> -		test_bit(GD_READ_ONLY, &bdev->bd_disk->state);
> +	return bdev->bd_read_only || get_disk_ro(bdev->bd_disk);
>   }
>   EXPORT_SYMBOL(bdev_read_only);
>   
> 
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [PATCH 6/6] nvme: allow revalidate to set a namespace read-only
  2020-12-08 16:28 ` [PATCH 6/6] nvme: allow revalidate to set a namespace read-only Christoph Hellwig
@ 2020-12-08 16:49   ` Hannes Reinecke
  2020-12-09  2:54   ` Ming Lei
  1 sibling, 0 replies; 13+ messages in thread
From: Hannes Reinecke @ 2020-12-08 16:49 UTC (permalink / raw)
  To: Christoph Hellwig, Jens Axboe
  Cc: Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Keith Busch

On 12/8/20 5:28 PM, Christoph Hellwig wrote:
> Unconditionally call set_disk_ro now that it only updates the hardware
> state.  This allows to properly set up the Linux devices read-only when
> the controller turns a previously writable namespace read-only.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Keith Busch <kbusch@kernel.org>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> ---
>   drivers/nvme/host/core.c | 5 ++---
>   1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index ce1b6151944131..3a0557ccc9fc5d 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -2114,9 +2114,8 @@ static void nvme_update_disk_info(struct gendisk *disk,
>   	nvme_config_discard(disk, ns);
>   	nvme_config_write_zeroes(disk, ns);
>   
> -	if ((id->nsattr & NVME_NS_ATTR_RO) ||
> -	    test_bit(NVME_NS_FORCE_RO, &ns->flags))
> -		set_disk_ro(disk, true);
> +	set_disk_ro(disk, (id->nsattr & NVME_NS_ATTR_RO) ||
> +		test_bit(NVME_NS_FORCE_RO, &ns->flags));
>   }
>   
>   static inline bool nvme_first_scan(struct gendisk *disk)
> 
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions
  2020-12-08 16:28 ` [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions Christoph Hellwig
  2020-12-08 16:47   ` Hannes Reinecke
@ 2020-12-09  2:51   ` Ming Lei
  1 sibling, 0 replies; 13+ messages in thread
From: Ming Lei @ 2020-12-09  2:51 UTC (permalink / raw)
  To: Christoph Hellwig
  Cc: Jens Axboe, Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme

On Tue, Dec 08, 2020 at 05:28:27PM +0100, Christoph Hellwig wrote:
> Change the policy so that a BLKROSET on the whole device also affects
> partitions.  To quote Martin K. Petersen:
> 
> It's very common for database folks to twiddle the read-only state of
> block devices and partitions. I know that our users will find it very
> counter-intuitive that setting /dev/sda read-only won't prevent writes
> to /dev/sda1.
> 
> The existing behavior is inconsistent in the sense that doing:
> 
>   # blockdev --setro /dev/sda
>   # echo foo > /dev/sda1
> 
> permits writes. But:
> 
>   # blockdev --setro /dev/sda
>   <something triggers revalidate>
>   # echo foo > /dev/sda1
> 
> doesn't.
> 
> And a subsequent:
> 
>   # blockdev --setrw /dev/sda
>   # echo foo > /dev/sda1
> 
> doesn't work either since sda1's read-only policy has been inherited
> from the whole-disk device.
> 
> You need to do:
> 
>   # blockdev --rereadpt
> 
> after setting the whole-disk device rw to effectuate the same change on
> the partitions, otherwise they are stuck being read-only indefinitely.
> 
> However, setting the read-only policy on a partition does *not* require
> the revalidate step. As a matter of fact, doing the revalidate will blow
> away the policy setting you just made.
> 
> So the user needs to take different actions depending on whether they
> are trying to read-protect a whole-disk device or a partition. Despite
> using the same ioctl. That is really confusing.
> 
> I have lost count how many times our customers have had data clobbered
> because of ambiguity of the existing whole-disk device policy. The
> current behavior violates the principle of least surprise by letting the
> user think they write protected the whole disk when they actually
> didn't.
> 
> Suggested-by: Martin K. Petersen <martin.petersen@oracle.com>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> ---
>  block/genhd.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/block/genhd.c b/block/genhd.c
> index d9f989c1514123..6e51ecb9280aca 100644
> --- a/block/genhd.c
> +++ b/block/genhd.c
> @@ -1656,8 +1656,7 @@ EXPORT_SYMBOL(set_disk_ro);
>  
>  int bdev_read_only(struct block_device *bdev)
>  {
> -	return bdev->bd_read_only ||
> -		test_bit(GD_READ_ONLY, &bdev->bd_disk->state);
> +	return bdev->bd_read_only || get_disk_ro(bdev->bd_disk);
>  }
>  EXPORT_SYMBOL(bdev_read_only);
>  
> -- 
> 2.29.2
> 

Reviewed-by: Ming Lei <ming.lei@redhat.com>

-- 
Ming


^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [PATCH 5/6] rbd: remove the ->set_read_only method
  2020-12-08 16:28 ` [PATCH 5/6] rbd: remove the ->set_read_only method Christoph Hellwig
@ 2020-12-09  2:52   ` Ming Lei
  0 siblings, 0 replies; 13+ messages in thread
From: Ming Lei @ 2020-12-09  2:52 UTC (permalink / raw)
  To: Christoph Hellwig
  Cc: Jens Axboe, Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Hannes Reinecke

On Tue, Dec 08, 2020 at 05:28:28PM +0100, Christoph Hellwig wrote:
> Now that the hardware read-only state can't be changed by the BLKROSET
> ioctl, the code in this method is not required anymore.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Hannes Reinecke <hare@suse.de>
> Acked-by: Ilya Dryomov <idryomov@gmail.com>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> ---
>  drivers/block/rbd.c | 19 -------------------
>  1 file changed, 19 deletions(-)
> 
> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
> index 2ed79b09439a82..2c64ca15ca079f 100644
> --- a/drivers/block/rbd.c
> +++ b/drivers/block/rbd.c
> @@ -692,29 +692,10 @@ static void rbd_release(struct gendisk *disk, fmode_t mode)
>  	put_device(&rbd_dev->dev);
>  }
>  
> -static int rbd_set_read_only(struct block_device *bdev, bool ro)
> -{
> -	struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
> -
> -	/*
> -	 * Both images mapped read-only and snapshots can't be marked
> -	 * read-write.
> -	 */
> -	if (!ro) {
> -		if (rbd_is_ro(rbd_dev))
> -			return -EROFS;
> -
> -		rbd_assert(!rbd_is_snap(rbd_dev));
> -	}
> -
> -	return 0;
> -}
> -
>  static const struct block_device_operations rbd_bd_ops = {
>  	.owner			= THIS_MODULE,
>  	.open			= rbd_open,
>  	.release		= rbd_release,
> -	.set_read_only		= rbd_set_read_only,
>  };
>  
>  /*
> -- 
> 2.29.2
> 

Reviewed-by: Ming Lei <ming.lei@redhat.com>

-- 
Ming


^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [PATCH 6/6] nvme: allow revalidate to set a namespace read-only
  2020-12-08 16:28 ` [PATCH 6/6] nvme: allow revalidate to set a namespace read-only Christoph Hellwig
  2020-12-08 16:49   ` Hannes Reinecke
@ 2020-12-09  2:54   ` Ming Lei
  1 sibling, 0 replies; 13+ messages in thread
From: Ming Lei @ 2020-12-09  2:54 UTC (permalink / raw)
  To: Christoph Hellwig
  Cc: Jens Axboe, Martin K . Petersen, Oleksii Kurochko, Sagi Grimberg,
	Mike Snitzer, Ilya Dryomov, Dongsheng Yang, ceph-devel, dm-devel,
	linux-block, linux-nvme, Keith Busch

On Tue, Dec 08, 2020 at 05:28:29PM +0100, Christoph Hellwig wrote:
> Unconditionally call set_disk_ro now that it only updates the hardware
> state.  This allows to properly set up the Linux devices read-only when
> the controller turns a previously writable namespace read-only.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Keith Busch <kbusch@kernel.org>
> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
> ---
>  drivers/nvme/host/core.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index ce1b6151944131..3a0557ccc9fc5d 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -2114,9 +2114,8 @@ static void nvme_update_disk_info(struct gendisk *disk,
>  	nvme_config_discard(disk, ns);
>  	nvme_config_write_zeroes(disk, ns);
>  
> -	if ((id->nsattr & NVME_NS_ATTR_RO) ||
> -	    test_bit(NVME_NS_FORCE_RO, &ns->flags))
> -		set_disk_ro(disk, true);
> +	set_disk_ro(disk, (id->nsattr & NVME_NS_ATTR_RO) ||
> +		test_bit(NVME_NS_FORCE_RO, &ns->flags));
>  }
>  
>  static inline bool nvme_first_scan(struct gendisk *disk)
> -- 
> 2.29.2
> 

Reviewed-by: Ming Lei <ming.lei@redhat.com>

-- 
Ming


^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2020-12-09  2:56 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-08 16:28 split hard read-only vs read-only policy v3 Christoph Hellwig
2020-12-08 16:28 ` [PATCH 1/6] dm: use bdev_read_only to check if a device is read-only Christoph Hellwig
2020-12-08 16:28 ` [PATCH 2/6] block: remove the NULL bdev check in bdev_read_only Christoph Hellwig
2020-12-08 16:45   ` Hannes Reinecke
2020-12-08 16:28 ` [PATCH 3/6] block: add a hard-readonly flag to struct gendisk Christoph Hellwig
2020-12-08 16:28 ` [PATCH 4/6] block: propagate BLKROSET on the whole device to all partitions Christoph Hellwig
2020-12-08 16:47   ` Hannes Reinecke
2020-12-09  2:51   ` Ming Lei
2020-12-08 16:28 ` [PATCH 5/6] rbd: remove the ->set_read_only method Christoph Hellwig
2020-12-09  2:52   ` Ming Lei
2020-12-08 16:28 ` [PATCH 6/6] nvme: allow revalidate to set a namespace read-only Christoph Hellwig
2020-12-08 16:49   ` Hannes Reinecke
2020-12-09  2:54   ` Ming Lei

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).