From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=33664 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P8E05-00009o-TP
	for qemu-devel@nongnu.org; Tue, 19 Oct 2010 11:21:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1P8E03-0001Xw-60
	for qemu-devel@nongnu.org; Tue, 19 Oct 2010 11:21:17 -0400
Received: from mail-px0-f173.google.com ([209.85.212.173]:56219)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1P8E03-0001XG-0k
	for qemu-devel@nongnu.org; Tue, 19 Oct 2010 11:21:15 -0400
Received: by pxi3 with SMTP id 3so590046pxi.4
	for <qemu-devel@nongnu.org>; Tue, 19 Oct 2010 08:21:14 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1287498749-10400-3-git-send-email-ryanh@us.ibm.com>
References: <1287498749-10400-1-git-send-email-ryanh@us.ibm.com>
	<1287498749-10400-3-git-send-email-ryanh@us.ibm.com>
Date: Tue, 19 Oct 2010 16:21:13 +0100
Message-ID: <AANLkTimLjFw31abURRZFRet3F+JTbBSG2upF_QznO+rq@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH 2/2] v2 Fix Block Hotplug race with
	drive_unplug()
From: Stefan Hajnoczi <stefanha@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ryan Harper <ryanh@us.ibm.com>
Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>, Anthony Liguori <aliguori@linux.vnet.ibm.com>, qemu-devel@nongnu.org, Kevin Wolf <kwolf@redhat.com>

On Tue, Oct 19, 2010 at 3:32 PM, Ryan Harper <ryanh@us.ibm.com> wrote:
> Block hot unplug is racy since the guest is required to acknowlege the AC=
PI
> unplug event; this may not happen synchronously with the device removal c=
ommand
>
> This series aims to close a gap where by mgmt applications that assume th=
e
> block resource has been removed without confirming that the guest has
> acknowledged the removal may re-assign the underlying device to a second =
guest
> leading to data leakage.
>
> This series introduces a new montor command to decouple asynchornous devi=
ce
> removal from restricting guest access to a block device. =A0We do this by=
 creating
> a new monitor command drive_unplug which maps to a bdrv_unplug() command =
which
> does a qemu_aio_flush; bdrv_flush() and bdrv_close(). =A0Once complete, s=
ubsequent
> IO is rejected from the device and the guest will get IO errors but conti=
nue to
> function.
>
> A subsequent device removal command can be issued to remove the device, t=
o which
> the guest may or maynot respond, but as long as the unplugged bit is set,=
 no IO
> will be sumbitted.
>
> Changes since v1:
> - Added qemu_aio_flush() before bdrv_flush() to wait on pending io
>
> Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
> ---
> =A0block.c =A0 =A0 =A0 =A0 | =A0 =A07 +++++++
> =A0block.h =A0 =A0 =A0 =A0 | =A0 =A01 +
> =A0blockdev.c =A0 =A0 =A0| =A0 26 ++++++++++++++++++++++++++
> =A0blockdev.h =A0 =A0 =A0| =A0 =A01 +
> =A0hmp-commands.hx | =A0 15 +++++++++++++++
> =A05 files changed, 50 insertions(+), 0 deletions(-)

Looks good to me.

Stefan