From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=40345 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P8vCA-0004Lv-Cj
	for qemu-devel@nongnu.org; Thu, 21 Oct 2010 09:28:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1P8vBG-0006Oy-6Z
	for qemu-devel@nongnu.org; Thu, 21 Oct 2010 09:27:43 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51880)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1P8vBF-0006Oj-T1
	for qemu-devel@nongnu.org; Thu, 21 Oct 2010 09:27:42 -0400
Date: Thu, 21 Oct 2010 14:27:38 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 2/2] v2 Fix Block Hotplug race with
	drive_unplug()
Message-ID: <20101021132738.GM27578@redhat.com>
References: <1287498749-10400-1-git-send-email-ryanh@us.ibm.com>
	<1287498749-10400-3-git-send-email-ryanh@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1287498749-10400-3-git-send-email-ryanh@us.ibm.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ryan Harper <ryanh@us.ibm.com>
Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>, Anthony Liguori <aliguori@linux.vnet.ibm.com>, qemu-devel@nongnu.org, Kevin Wolf <kwolf@redhat.com>

On Tue, Oct 19, 2010 at 09:32:29AM -0500, Ryan Harper wrote:
> Block hot unplug is racy since the guest is required to acknowlege the ACPI
> unplug event; this may not happen synchronously with the device removal command
> 
> This series aims to close a gap where by mgmt applications that assume the
> block resource has been removed without confirming that the guest has
> acknowledged the removal may re-assign the underlying device to a second guest
> leading to data leakage.
> 
> This series introduces a new montor command to decouple asynchornous device
> removal from restricting guest access to a block device.  We do this by creating
> a new monitor command drive_unplug which maps to a bdrv_unplug() command which
> does a qemu_aio_flush; bdrv_flush() and bdrv_close().  Once complete, subsequent
> IO is rejected from the device and the guest will get IO errors but continue to
> function.
> 
> A subsequent device removal command can be issued to remove the device, to which
> the guest may or maynot respond, but as long as the unplugged bit is set, no IO
> will be sumbitted.

The name 'drive_unplug' suggests to me that the drive object is
not being deleted/free()d ? Is that correct understanding, and if
so, what is responsible for finally free()ing the drive backend ?

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|