ceph-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Martin K. Petersen" <martin.petersen@oracle.com>
To: Christoph Hellwig <hch@lst.de>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
	Jens Axboe <axboe@kernel.dk>,
	Oleksii Kurochko <olkuroch@cisco.com>,
	Sagi Grimberg <sagi@grimberg.me>,
	Mike Snitzer <snitzer@redhat.com>,
	Ilya Dryomov <idryomov@gmail.com>,
	Dongsheng Yang <dongsheng.yang@easystack.cn>,
	ceph-devel@vger.kernel.org, dm-devel@redhat.com,
	linux-block@vger.kernel.org, linux-nvme@lists.infradead.org
Subject: Re: [PATCH 1/4] block: add a hard-readonly flag to struct gendisk
Date: Thu, 03 Dec 2020 09:01:39 -0500	[thread overview]
Message-ID: <yq1zh2v826s.fsf@ca-mkp.ca.oracle.com> (raw)
In-Reply-To: <20201203085339.GA17110@lst.de> (Christoph Hellwig's message of "Thu, 3 Dec 2020 09:53:39 +0100")


Christoph,

>> It's very common for database folks to twiddle the read-only state of
>> block devices and partitions. I know that our users will find it very
>> counter-intuitive that setting /dev/sda read-only won't prevent
>> writes to /dev/sda1.
>
> What I'm worried about it is that this would be a huge change from the
> historic behavior.

But that's what my users complained about and what the patch tried to
address.

Also, the existing behavior is inconsistent in the sense that doing:

# blockdev --setro /dev/sda
# echo foo > /dev/sda1

permits writes. But:

# blockdev --setro /dev/sda
<something triggers revalidate>
# echo foo > /dev/sda1

doesn't.

And a subsequent:

# blockdev --setrw /dev/sda
# echo foo > /dev/sda1

doesn't work either since sda1's read-only policy has been inherited
from the whole-disk device.

You need to do:

# blockdev --rereadpt

after setting the whole-disk device rw to effectuate the same change on
the partitions, otherwise they are stuck being read-only indefinitely.

However, setting the read-only policy on a partition does *not* require
the revalidate step. As a matter of fact, doing the revalidate will blow
away the policy setting you just made.

So the user needs to take different actions depending on whether they
are trying to read-protect a whole-disk device or a partition. Despite
using the same ioctl. That is really confusing.

The intent of my patch was to ensure that:

 - Hardware-initiated read-only state changes would not alter the user's
   whole-disk or partition policy settings.

 - Setting a policy on the whole-disk device would prevent writes to the
   whole device as the user clearly intended.

I have lost count how many times our customers have had data clobbered
because of ambiguity of the existing whole-disk device policy. The
current behavior violates the principle of least surprise by letting the
user think they write protected the whole disk when they actually
didn't.

-- 
Martin K. Petersen	Oracle Linux Engineering

  reply	other threads:[~2020-12-03 14:02 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-29 18:19 split hard read-only vs read-only policy v2 Christoph Hellwig
2020-11-29 18:19 ` [PATCH 1/4] block: add a hard-readonly flag to struct gendisk Christoph Hellwig
2020-11-30  1:23   ` Alex Elder
2020-11-30  7:55   ` Hannes Reinecke
2020-12-03  4:04   ` Martin K. Petersen
2020-12-03  8:53     ` Christoph Hellwig
2020-12-03 14:01       ` Martin K. Petersen [this message]
2020-11-29 18:19 ` [PATCH 2/4] rbd: remove the ->set_read_only method Christoph Hellwig
2020-11-30  7:56   ` Hannes Reinecke
2020-11-29 18:19 ` [PATCH 3/4] nvme: allow revalidate to set a namespace read-only Christoph Hellwig
2020-11-29 21:13   ` Chaitanya Kulkarni
2020-11-30  7:57   ` Hannes Reinecke
2020-11-29 18:19 ` [PATCH 4/4] dm: use bdev_read_only to check if a device is read-only Christoph Hellwig
2020-11-30  7:58   ` Hannes Reinecke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=yq1zh2v826s.fsf@ca-mkp.ca.oracle.com \
    --to=martin.petersen@oracle.com \
    --cc=axboe@kernel.dk \
    --cc=ceph-devel@vger.kernel.org \
    --cc=dm-devel@redhat.com \
    --cc=dongsheng.yang@easystack.cn \
    --cc=hch@lst.de \
    --cc=idryomov@gmail.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=olkuroch@cisco.com \
    --cc=sagi@grimberg.me \
    --cc=snitzer@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).