| Message ID | 20201207131918.2252553-5-hch@lst.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/6] dm: use bdev_read_only to check if a device is read-only | expand |
Christoph, > The existing behavior is inconsistent in the sense that doing: > > permits writes. But: > > <something triggers revalidate> > > doesn't. > > And a subsequent: Looks like the command line pieces got zapped from the commit description. In any case this fixes the issue for me. My read-only blktests succeed with this change in place. Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
On Tue, Dec 08, 2020 at 12:27:41AM -0500, Martin K. Petersen wrote: > > Christoph, > > > The existing behavior is inconsistent in the sense that doing: > > > > permits writes. But: > > > > <something triggers revalidate> > > > > doesn't. > > > > And a subsequent: > > Looks like the command line pieces got zapped from the commit > description. Yeah. It seems like git commit just removed them after I pasted them, weird.
On Mon, Dec 07, 2020 at 02:19:16PM +0100, Christoph Hellwig wrote: > Change the policy so that a BLKROSET on the whole device also affects > partitions. To quote Martin K. Petersen: > > It's very common for database folks to twiddle the read-only state of > block devices and partitions. I know that our users will find it very > counter-intuitive that setting /dev/sda read-only won't prevent writes > to /dev/sda1. > > The existing behavior is inconsistent in the sense that doing: > > permits writes. But: > > <something triggers revalidate> > > doesn't. > > And a subsequent: > > doesn't work either since sda1's read-only policy has been inherited > from the whole-disk device. > > You need to do: > > after setting the whole-disk device rw to effectuate the same change on > the partitions, otherwise they are stuck being read-only indefinitely. > > However, setting the read-only policy on a partition does *not* require > the revalidate step. As a matter of fact, doing the revalidate will blow > away the policy setting you just made. > > So the user needs to take different actions depending on whether they > are trying to read-protect a whole-disk device or a partition. Despite > using the same ioctl. That is really confusing. > > I have lost count how many times our customers have had data clobbered > because of ambiguity of the existing whole-disk device policy. The > current behavior violates the principle of least surprise by letting the > user think they write protected the whole disk when they actually > didn't. > > Suggested-by: Martin K. Petersen <martin.petersen@oracle.com> > Signed-off-by: Christoph Hellwig <hch@lst.de> > --- > block/genhd.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/block/genhd.c b/block/genhd.c > index 878f94727aaa96..c214fcd25a05c9 100644 > --- a/block/genhd.c > +++ b/block/genhd.c > @@ -1449,8 +1449,7 @@ EXPORT_SYMBOL(set_disk_ro); > > int bdev_read_only(struct block_device *bdev) > { > - return bdev->bd_read_only || > - test_bit(GD_READ_ONLY, &bdev->bd_disk->state); > + return bdev->bd_read_only || get_disk_ro(bdev->bd_disk); > } > EXPORT_SYMBOL(bdev_read_only); I think this patch should be folded into previous one, otherwise bdev_read_only(part) may return false even though ioctl(BLKROSET) has been done on the whole disk.
On Tue, Dec 08, 2020 at 06:29:23PM +0800, Ming Lei wrote: > > - test_bit(GD_READ_ONLY, &bdev->bd_disk->state); > > + return bdev->bd_read_only || get_disk_ro(bdev->bd_disk); > > } > > EXPORT_SYMBOL(bdev_read_only); > > I think this patch should be folded into previous one, otherwise > bdev_read_only(part) may return false even though ioctl(BLKROSET) > has been done on the whole disk. The above is the existing behavior going back back very far, and I feel much more comfortable having a small self-contained patch that changes this behavior.
On 08/12/2020 10:28, Christoph Hellwig wrote: > On Tue, Dec 08, 2020 at 12:27:41AM -0500, Martin K. Petersen wrote: >> >> Christoph, >> >>> The existing behavior is inconsistent in the sense that doing: >>> >>> permits writes. But: >>> >>> <something triggers revalidate> >>> >>> doesn't. >>> >>> And a subsequent: >> >> Looks like the command line pieces got zapped from the commit >> description. > > Yeah. It seems like git commit just removed them after I pasted them, > weird. > Might be because of a leading #, happened to me as well in the past. Just add a single space on the start of the line and git commit is happy.
On Tue, Dec 08, 2020 at 11:59:27AM +0100, Christoph Hellwig wrote: > On Tue, Dec 08, 2020 at 06:29:23PM +0800, Ming Lei wrote: > > > - test_bit(GD_READ_ONLY, &bdev->bd_disk->state); > > > + return bdev->bd_read_only || get_disk_ro(bdev->bd_disk); > > > } > > > EXPORT_SYMBOL(bdev_read_only); > > > > I think this patch should be folded into previous one, otherwise > > bdev_read_only(part) may return false even though ioctl(BLKROSET) > > has been done on the whole disk. > > The above is the existing behavior going back back very far, and I feel > much more comfortable having a small self-contained patch that changes > this behavior. > OK, then looks fine: Reviewed-by: Ming Lei <ming.lei@redhat.com>
diff --git a/block/genhd.c b/block/genhd.c index 878f94727aaa96..c214fcd25a05c9 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -1449,8 +1449,7 @@ EXPORT_SYMBOL(set_disk_ro); int bdev_read_only(struct block_device *bdev) { - return bdev->bd_read_only || - test_bit(GD_READ_ONLY, &bdev->bd_disk->state); + return bdev->bd_read_only || get_disk_ro(bdev->bd_disk); } EXPORT_SYMBOL(bdev_read_only);
Change the policy so that a BLKROSET on the whole device also affects partitions. To quote Martin K. Petersen: It's very common for database folks to twiddle the read-only state of block devices and partitions. I know that our users will find it very counter-intuitive that setting /dev/sda read-only won't prevent writes to /dev/sda1. The existing behavior is inconsistent in the sense that doing: permits writes. But: <something triggers revalidate> doesn't. And a subsequent: doesn't work either since sda1's read-only policy has been inherited from the whole-disk device. You need to do: after setting the whole-disk device rw to effectuate the same change on the partitions, otherwise they are stuck being read-only indefinitely. However, setting the read-only policy on a partition does *not* require the revalidate step. As a matter of fact, doing the revalidate will blow away the policy setting you just made. So the user needs to take different actions depending on whether they are trying to read-protect a whole-disk device or a partition. Despite using the same ioctl. That is really confusing. I have lost count how many times our customers have had data clobbered because of ambiguity of the existing whole-disk device policy. The current behavior violates the principle of least surprise by letting the user think they write protected the whole disk when they actually didn't. Suggested-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Christoph Hellwig <hch@lst.de> --- block/genhd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)