From: Kevin Wolf <kwolf@redhat.com>
To: "Richard W.M. Jones" <rjones@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
Fam Zheng <famz@redhat.com>,
qemu-block@nongnu.org, Jeff Cody <jcody@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
qemu-devel@nongnu.org, stefanha@redhat.com, pbonzini@redhat.com,
den@openvz.org, Max Reitz <mreitz@redhat.com>,
John Snow <jsnow@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v4 00/27] block: Lock images when opening
Date: Tue, 10 May 2016 13:08:49 +0200 [thread overview]
Message-ID: <20160510110849.GK4921@noname.str.redhat.com> (raw)
In-Reply-To: <20160510101612.GY1683@redhat.com>
Am 10.05.2016 um 12:16 hat Richard W.M. Jones geschrieben:
> On Tue, May 10, 2016 at 12:07:06PM +0200, Kevin Wolf wrote:
> > I'm surprised how low the standards seem to be when we're talking about
> > data integrity. If occasionally losing data is okay, the qemu block
> > layer could be quite a bit simpler.
>
> I welcome this patch because it fixes a real data integrity issue
> which we've seen in the field: people using guestfish (in write mode)
> on live VMs.
Yes, people writing to live disks is a very real issue. They don't only
use guestfish for it, but also qemu-img (e.g. taking snapshots), and
these are the cases that become visible on the qemu mailing list.
But if you imply that the read-only case isn't real, I have to disagree.
Sometimes people also try to copy data out from a live VM with qemu-img
convert, and while this seems to succeed, they may actually have
produced a corrupt copy. This is why I want to protect the read-only
case as well.
> We try our very best to prevent this happening -- for example if you
> use guestfish via libvirt, it will check if the VM is live and refuse
> access. Though this is not and cannot be bulletproof (since someone
> can start a VM up after we have opened it). We also have prominent
> warnings in the manual and in the FAQ about this.
>
> However _reading_ disks doesn't corrupt live VMs. The worst that
> happens is guestfish will error out or you'll see some inconsistent
> stats from virt-df.
Are you saying that libguestfs only allows operations like df on live
images, but not e.g. copying files out of the VM?
Because if copying data out was allowed, I'd suspect that people would
use it on live VMs and would be surprised if they didn't get what they
expected (which they often only notice when it's too late).
I guess you're right that we can tolerate some df command not being 100%
sure to return the right numbers, but it's a very special case and I
think it's not demanding too much if you need to pass a lock-override
flag when you do something like this, when this can protect people
against accidentally creating corrupted copies.
> None of this has anything to do with data integrity in the qemu block
> layer, and no one is arguing that it should be weakened.
We're talking about real data corruption in both cases.
Kevin
next prev parent reply other threads:[~2016-05-10 11:09 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-10 2:50 [Qemu-devel] [PATCH v4 00/27] block: Lock images when opening Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 01/27] block: Add BDRV_O_NO_LOCK Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 02/27] qapi: Add lock-image in blockdev-add options Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 03/27] blockdev: Add and parse "lock-image" option for block devices Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 04/27] block: Introduce image file locking Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 05/27] block: Add bdrv_image_locked Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 06/27] block: Make bdrv_reopen_{commit, abort} private functions Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 07/27] block: Handle image locking during reopen Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 08/27] osdep: Add qemu_lock_fd and qemu_unlock_fd Fam Zheng
2016-05-10 7:54 ` Richard W.M. Jones
2016-05-10 8:57 ` Daniel P. Berrange
2016-05-10 9:06 ` Richard W.M. Jones
2016-05-10 9:20 ` Daniel P. Berrange
2016-05-11 0:48 ` Fam Zheng
2016-05-11 1:05 ` Fam Zheng
2016-05-11 9:01 ` Daniel P. Berrange
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 09/27] osdep: Introduce qemu_dup Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 10/27] raw-posix: Use qemu_dup Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 11/27] raw-posix: Implement .bdrv_lockf Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 12/27] gluster: " Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 13/27] qemu-io: Add "-L" option for BDRV_O_NO_LOCK Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 14/27] qemu-img: Add "-L" option to sub commands Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 15/27] qemu-img: Update documentation of "-L" option Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 16/27] qemu-nbd: Add "--no-lock/-L" option Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 17/27] block: Don't lock drive-backup target image in none mode Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 18/27] mirror: Disable image locking on target backing chain Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 19/27] qemu-iotests: 140: Disable image lock for qemu-io access Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 20/27] qemu-iotests: 046: Move version detection out from verify_io Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 21/27] qemu-iotests: Wait for QEMU processes before checking image in 091 Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 22/27] qemu-iotests: 030: Disable image lock when checking test image Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 23/27] iotests: 087: Disable image lock in cases where file is shared Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 24/27] iotests: Disable image locking in 085 Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 25/27] tests: Use null-co:// instead of /dev/null Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 26/27] block: Turn on image locking by default Fam Zheng
2016-05-10 2:50 ` [Qemu-devel] [PATCH v4 27/27] qemu-iotests: Add test case 153 for image locking Fam Zheng
2016-05-10 8:14 ` [Qemu-devel] [PATCH v4 00/27] block: Lock images when opening Richard W.M. Jones
2016-05-10 8:43 ` Richard W.M. Jones
2016-05-10 8:50 ` Daniel P. Berrange
2016-05-10 9:14 ` Kevin Wolf
2016-05-10 9:23 ` Daniel P. Berrange
2016-05-10 9:35 ` Kevin Wolf
2016-05-10 9:43 ` Daniel P. Berrange
2016-05-10 10:07 ` Kevin Wolf
2016-05-10 10:16 ` Richard W.M. Jones
2016-05-10 11:08 ` Kevin Wolf [this message]
2016-05-10 11:46 ` Richard W.M. Jones
2016-05-10 12:01 ` Kevin Wolf
2016-05-10 12:11 ` Richard W.M. Jones
2016-05-10 12:22 ` Daniel P. Berrange
2016-05-10 12:45 ` Kevin Wolf
2016-05-11 8:04 ` Markus Armbruster
2016-05-11 8:52 ` Daniel P. Berrange
2016-05-11 8:04 ` Fam Zheng
2016-05-11 9:28 ` Richard W.M. Jones
2016-05-11 10:03 ` Kevin Wolf
2016-05-10 10:29 ` Daniel P. Berrange
2016-05-10 11:14 ` Kevin Wolf
2016-05-10 10:02 ` Richard W.M. Jones
2016-05-11 11:48 ` Richard W.M. Jones
2016-05-11 11:56 ` Kevin Wolf
2016-05-12 1:07 ` Fam Zheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160510110849.GK4921@noname.str.redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=den@openvz.org \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=jsnow@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).