linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ming Lei <ming.lei@redhat.com>
To: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
	nbd@other.debian.org, josef@toxicpanda.com, axboe@kernel.dk,
	idryomov@redhat.com, xiubli@redhat.com,
	Matteo Croce <mcroce@linux.microsoft.com>
Subject: Re: [PATCH] nbd: provide a way for userspace processes to identify device backends
Date: Tue, 18 May 2021 08:29:40 +0800	[thread overview]
Message-ID: <YKMKdHPFCNhR1SXx@T590> (raw)
In-Reply-To: <20210429102828.31248-1-prasanna.kalever@redhat.com>

Hello Prasanna,

On Thu, Apr 29, 2021 at 03:58:28PM +0530, Prasanna Kumar Kalever wrote:
> Problem:
> On reconfigure of device, there is no way to defend if the backend
> storage is matching with the initial backend storage.
> 
> Say, if an initial connect request for backend "pool1/image1" got
> mapped to /dev/nbd0 and the userspace process is terminated. A next
> reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
> use /dev/nbd0 for a different backend "pool1/image2"
> 
> For example, an operation like below could be dangerous:

Can you explain a bit why it is dangerous?

> 
> $ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
> /dev/nbd0
> $ sudo blkid /dev/nbd0
> /dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
> $ sudo pkill -9 rbd-nbd
> $ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
> /dev/nbd0
> $ sudo blkid /dev/nbd0
> /dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
> 
> Solution:
> Provide a way for userspace processes to keep some metadata to identify
> between the device and the backend, so that when a reconfigure request is
> made, we can compare and avoid such dangerous operations.
> 
> With this solution, as part of the initial connect request, backend
> path can be stored in the sysfs per device config, so that on a reconfigure
> request it's easy to check if the backend path matches with the initial
> connect backend path.
> 
> Please note, ioctl interface to nbd will not have these changes, as there
> won't be any reconfigure.

BTW, loop has similar issue, and patch of 'block: add a sequence number to disks'
is added for addressing this issue, what do you think of that generic
approach wrt. this nbd's issue? such as used the exposed sysfs sequence number
for addressing this issue?

https://lore.kernel.org/linux-block/YH81n34d2G3C4Re+@gardel-login/#r

Thanks,
Ming


  parent reply	other threads:[~2021-05-18  0:30 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-29 10:28 Prasanna Kumar Kalever
2021-04-30  2:14 ` Xiubo Li
2021-05-17 14:42   ` Prasanna Kalever
2021-05-18  0:29 ` Ming Lei [this message]
2021-05-18  7:52   ` Prasanna Kalever
2021-05-18  9:24     ` Ming Lei
2021-05-18  9:49       ` Prasanna Kalever
2021-05-19  7:54         ` Ming Lei
2021-05-19 14:17           ` Prasanna Kalever
2021-05-19 14:33     ` Matteo Croce
2021-05-26 14:13       ` Matteo Croce
2021-05-27  5:22         ` Prasanna Kalever
2021-06-16  8:42 ` Prasanna Kalever
2021-06-16 12:59 ` Jens Axboe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YKMKdHPFCNhR1SXx@T590 \
    --to=ming.lei@redhat.com \
    --cc=axboe@kernel.dk \
    --cc=idryomov@redhat.com \
    --cc=josef@toxicpanda.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mcroce@linux.microsoft.com \
    --cc=nbd@other.debian.org \
    --cc=prasanna.kalever@redhat.com \
    --cc=xiubli@redhat.com \
    --subject='Re: [PATCH] nbd: provide a way for userspace processes to identify device backends' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).