From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IPqcC-00083q-4H
	for qemu-devel@nongnu.org; Mon, 27 Aug 2007 22:15:36 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IPqcA-00083e-Lk
	for qemu-devel@nongnu.org; Mon, 27 Aug 2007 22:15:34 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IPqcA-00083b-GW
	for qemu-devel@nongnu.org; Mon, 27 Aug 2007 22:15:34 -0400
Received: from il.qumranet.com ([82.166.9.18])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <avi@qumranet.com>) id 1IPqc9-0000Ep-Q8
	for qemu-devel@nongnu.org; Mon, 27 Aug 2007 22:15:34 -0400
Message-ID: <46D384AE.9080509@qumranet.com>
Date: Tue, 28 Aug 2007 05:13:02 +0300
From: Avi Kivity <avi@qumranet.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: [et-mgmt-tools] Image Corruption Possible	with
	qemu and qemu-kvm
References: <46D2EC13.8020005@bppiac.hu>	
	<1188232650.25884.100.camel@localhost.localdomain>	
	<OFCAE928CF.4933C4AF-ONC1257344.006B3E8C-C1257344.006BB8A7@de.ibm.com>	
	<OF4980E1C4.B4D3E393-ONC1257344.006E4CB5-C1257344.006F7D77@de.ibm.com>	
	<20070827202748.GK9043@redhat.com>
	<1188248558.21696.1.camel@squirrel>
In-Reply-To: <1188248558.21696.1.camel@squirrel>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org, Fedora/Linux Management Tools <et-mgmt-tools@redhat.com>

Anthony Liguori wrote:
>> In the scenario you mention, libvirt should probably do a sanity check for
>> this before letting you start the guest. libvirt already supports the idea
>> of 'shared' disk images where two or more guests can be optionally configured 
>> to have write access - basically assumes the admin requesting sharing knows
>> what they're doing.
>>     
>
> I think this is the right level myself.  Advisory locks work okay but
> not all filesystems support them.  It's particularly nasty when you have
> a clustered filesystem in the host.  I think it would do more harm than
> good to have a feature like that was supposed to provide a safe-guard
> but then frequently didn't work.
>   

There's still the unmanaged use case to worry about.  I think qemu can 
default to advisory locking, and management tools can do their own 
locking and always override qemu.

It's too easy to kill an image by starting up another instance right now.

-- 
Any sufficiently difficult bug is indistinguishable from a feature.