From: Kevin Wolf <kwolf@redhat.com>
To: Jamie Lokier <jamie@shareable.org>
Cc: "Richard W.M. Jones" <rjones@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH VERSION 3] Disk image exclusive and shared locks.
Date: Wed, 16 Dec 2009 11:37:42 +0100 [thread overview]
Message-ID: <4B28B876.6000905@redhat.com> (raw)
In-Reply-To: <20091215183345.GA21298@shareable.org>
Am 15.12.2009 19:33, schrieb Jamie Lokier:
> Shared backing disks aren't safe after "commit" anyway. Other VMs may
> not be running at the time "commit" renders their image corrupt, so
> locks don't offer adequate protection against the backing disk being changed.
>
> One strategy that would offer a bit more protection would be: backing
> disks opened read-only, re-opened as writable at the time of "commit",
> and (where the format supports it) have a generation number stored in
> them which is incremented prior to the first write after writable
> open. The generation number would be stored in the referring delta
> image, which would complain if it found the backing file did not have
> a matching generation. This would at least alert the user to
> inconsistencies, and the exclusive lock arising from re-opening as
> writable would block "commit" if there were actively running VMs.
>
> A different strategy would be to simply have a user-settable flag in
> backing VM images meaning "shared therefore commit not allowed".
Probably both suggestions are doable in qcow2 with an extended header.
However, raw backing file are not uncommon and you'll have a hard time
adding something there.
Also I'm not sure if they are really helpful. Who would really set the
user-settable flag after all? The generation number works automatically,
but it only can recognize the damage afterwards when the image is
already corrupted.
> You might think the user could do that by setting the permissions to
> read-only, but root ignores file permissions. (That's why we need a
> "ro" option too).
We do have readonly=on|off.
Kevin
next prev parent reply other threads:[~2009-12-16 10:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-15 16:42 [Qemu-devel] [PATCH VERSION 3] Disk image exclusive and shared locks Richard W.M. Jones
2009-12-15 18:02 ` Anthony Liguori
2009-12-15 18:09 ` Richard W.M. Jones
2009-12-15 18:45 ` Anthony Liguori
2009-12-15 18:33 ` Jamie Lokier
2009-12-15 23:26 ` Jamie Lokier
2009-12-16 10:37 ` Kevin Wolf [this message]
2009-12-17 13:26 ` Jamie Lokier
2009-12-17 10:53 ` Christoph Hellwig
2009-12-17 11:06 ` Richard W.M. Jones
2009-12-17 15:38 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B28B876.6000905@redhat.com \
--to=kwolf@redhat.com \
--cc=jamie@shareable.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.