From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=41635 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OHHa9-0000KY-05
	for qemu-devel@nongnu.org; Wed, 26 May 2010 10:27:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <kwolf@redhat.com>) id 1OHHZB-0007mJ-LD
	for qemu-devel@nongnu.org; Wed, 26 May 2010 10:26:42 -0400
Received: from mx1.redhat.com ([209.132.183.28]:28502)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <kwolf@redhat.com>) id 1OHHZB-0007m9-CC
	for qemu-devel@nongnu.org; Wed, 26 May 2010 10:26:41 -0400
Message-ID: <4BFD2F78.9060506@redhat.com>
Date: Wed, 26 May 2010 16:26:00 +0200
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: [PATCH] Add cache=volatile parameter to -drive
References: <1274091292-4812-1-git-send-email-agraf@suse.de>	<4BF14CE9.5040907@suse.de>
	<4BF15DC8.8080104@codemonkey.ws>	<201005171723.15675.paul@codesourcery.com>	<4BF16E22.6090400@codemonkey.ws>
	<4BFC0FF6.1080005@suse.de>	<20100525210113.GE1402@hall.aurel32.net>	<4BFC79E8.1070700@codemonkey.ws>
	<4BFCDF4D.5020703@redhat.com> <4BFD2542.9090003@codemonkey.ws>
	<4BFD2A1D.9050903@redhat.com> <4BFD2B58.6000503@codemonkey.ws>
In-Reply-To: <4BFD2B58.6000503@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Alexander Graf <agraf@suse.de>, hch@lst.de, qemu-devel@nongnu.org, Aurelien Jarno <aurelien@aurel32.net>, Paul Brook <paul@codesourcery.com>

Am 26.05.2010 16:08, schrieb Anthony Liguori:
> On 05/26/2010 09:03 AM, Kevin Wolf wrote:
>> Am 26.05.2010 15:42, schrieb Anthony Liguori:
>>    
>>> On 05/26/2010 03:43 AM, Kevin Wolf wrote:
>>>      
>>>> Am 26.05.2010 03:31, schrieb Anthony Liguori:
>>>>
>>>>        
>>>>> On 05/25/2010 04:01 PM, Aurelien Jarno wrote:
>>>>>
>>>>>          
>>>>>> I really think this patch can be useful, in my own case when testing
>>>>>> debian-installer (I already cache=writeback). In short all that is about
>>>>>> developing and testing, as opposed to run a VM in production, can
>>>>>> benefit about that. This was one of the original use case of QEMU before
>>>>>> KVM arrived.
>>>>>>
>>>>>> Unless someone can convince me not to do it, I seriously considering
>>>>>> applying this patch.
>>>>>>
>>>>>>
>>>>>>            
>>>>> There really needs to be an indication in the --help output of what the
>>>>> ramifications of this option are, in the very least.  It should also be
>>>>> removable via a ./configure option because no sane distribution should
>>>>> enable this for end users.
>>>>>
>>>>>          
>>>> We know better what you stupid user want?
>>>>        
>>> What percentage of qemu users do you think have actually read qemu-doc.texi?
>>>      
>> As I said, put the warning in the option name like cache=unsafe or
>> something even more scary and I'm all for it.
>>
>>    
>>> It's not a stretch for someone to have heard that cache options can
>>> improve performance, and then see cache=volatile in the help output, try
>>> it, and then start using it because they observe a performance improvement.
>>>
>>> That's not being stupid.  I think it's a reasonable expectation for a
>>> user to have that their data is safe.
>>>      
>> You seem to think that the user is too stupid to allow him to use this
>> option even if he's perfectly aware what it's doing. It's a useful
>> option if it's used right.
>>    
> 
> No, that's not what I said.  I'm saying we need to try hard to make a 
> user aware of what they're doing.
> 
> If it spit out a warning on stdio, I wouldn't think a compile option is 
> needed.  Even with help output text, I'm concerned that someone is going 
> to find a bad example on the internet.
> 
> cache=unsafe addresses the problem although I think it's a bit hokey.

Then let's do it this way. I'm not opposed to a stdio message either,
even though I don't think it's really necessary with a name like
cache=unsafe. I just say that disabling the option is not a solution
because it prevents valid use.

>> We need to make clear that it's dangerous when it's used in the wrong
>> cases (for example by naming), but just disabling is not a solution for
>> that. You don't suggest that "no sane distribution" should ship rm,
>> because it's dangerous if you use it wrong, do you?
>>    
> 
> You realize that quite a lot of distributions carry a patch to rm that 
> prevents a user from doing rm -rf /?

Most rm invocations that I regretted later were not rm -rf /. Actually,
I think rm -rf / is not among them at all. ;-)

And I seem to remember that even these rm patches still allow the
protection to be overridden by some force flag. But I've never tried it out.

Kevin