From: Jamie Lokier <jamie@shareable.org>
To: "Richard W.M. Jones" <rjones@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH VERSION 3] Disk image exclusive and shared locks.
Date: Tue, 15 Dec 2009 18:33:45 +0000 [thread overview]
Message-ID: <20091215183345.GA21298@shareable.org> (raw)
In-Reply-To: <20091215164238.GA24410@amd.home.annexia.org>
Richard W.M. Jones wrote:
> This is v3 of the lock patch, previously discussed here:
>
> http://lists.gnu.org/archive/html/qemu-devel/2009-12/threads.html#00461
>
> In this version I've reverted back to the simpler interface. There is
> now only one "lock" option, which can be lock=exclusive|shared|none.
>
> At Kevin Wolf's suggestion,
> lock=exclusive|shared => all backing disks are locked shared
> lock=none => no locks are acquired on any front or back disks
What do you recommend when backing disks are shared?
> To keep the implementation very simple, the "commit" doesn't try to
> acquire any extra locks. The "commit" command should probably never
> be used when a backing file could be shared.
Shared backing disks aren't safe after "commit" anyway. Other VMs may
not be running at the time "commit" renders their image corrupt, so
locks don't offer adequate protection against the backing disk being changed.
One strategy that would offer a bit more protection would be: backing
disks opened read-only, re-opened as writable at the time of "commit",
and (where the format supports it) have a generation number stored in
them which is incremented prior to the first write after writable
open. The generation number would be stored in the referring delta
image, which would complain if it found the backing file did not have
a matching generation. This would at least alert the user to
inconsistencies, and the exclusive lock arising from re-opening as
writable would block "commit" if there were actively running VMs.
A different strategy would be to simply have a user-settable flag in
backing VM images meaning "shared therefore commit not allowed".
You might think the user could do that by setting the permissions to
read-only, but root ignores file permissions. (That's why we need a
"ro" option too).
-- Jamie
next prev parent reply other threads:[~2009-12-15 18:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-15 16:42 [Qemu-devel] [PATCH VERSION 3] Disk image exclusive and shared locks Richard W.M. Jones
2009-12-15 18:02 ` Anthony Liguori
2009-12-15 18:09 ` Richard W.M. Jones
2009-12-15 18:45 ` Anthony Liguori
2009-12-15 18:33 ` Jamie Lokier [this message]
2009-12-15 23:26 ` Jamie Lokier
2009-12-16 10:37 ` Kevin Wolf
2009-12-17 13:26 ` Jamie Lokier
2009-12-17 10:53 ` Christoph Hellwig
2009-12-17 11:06 ` Richard W.M. Jones
2009-12-17 15:38 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091215183345.GA21298@shareable.org \
--to=jamie@shareable.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).