Re: [Qemu-devel] [PATCH v13 02/20] block: Drop consistent read perm if opened unsafe

[Kevin Wolf <kwolf@redhat.com>]

Am 20.04.2017 um 09:52 hat Fam Zheng geschrieben:
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
>  block.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 1fbbb8d..f5182d8 100644
> --- a/block.c
> +++ b/block.c
> @@ -1722,9 +1722,15 @@ void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
>          }
>  
>          /* bs->file always needs to be consistent because of the metadata. We
> -         * can never allow other users to resize or write to it. */
> -        perm |= BLK_PERM_CONSISTENT_READ;
> -        shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
> +         * cannot allow other users to resize or write to it unless the caller
> +         * explicitly expects unsafe readings. */
> +        if (!(bdrv_get_flags(bs) & BDRV_O_UNSAFE_READ)) {

We have already spent considerable time to get rid of flags and instead
convert them into options passed in the QDict, so that they become
configurable with things like blockdev-add. Adding new flags potentially
moves in the opposite direction, so we have to be careful there.

I would be okay with patch 1, because in this case it's basically just a
shortcut for callers of blk_new_open(), which is fine. As soon as we
start querying the flag later and even rely on it being inherited, like
in this patch, I think it becomes a problem.

So if we need the flag in all nodes, can we make it an option that is
parsed in bdrv_open_common() into a bool bs->unsafe_read and inherited
explicitly in bdrv_inherited_options() and bdrv_backing_options()?

> +            perm |= BLK_PERM_CONSISTENT_READ;
> +            shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
> +        } else {
> +            perm &= ~BLK_PERM_CONSISTENT_READ;
> +            shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
> +        }

I'm not completely sure why we would be interested in CONSISTENT_READ
anyway, isn't allowing shared writes what we really need? (Which you
already do here in addition to dropping CONSISTENT_READ, without it
being mentioned in the commit message.)

Also, another thought: Being only at the start of the series, I'm not
sure what this will be used for, but can we make sure that unsafe_read
is only set if the image is opened read-only? If this is for the
libguestfs use case, this restriction should be fine.

Kevin