[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v4 11/11] nbd-server: Allow node name for nbd-se
Re: [Qemu-block] [PATCH v4 11/11] nbd-server: Allow node name for nbd-server-add
Fri, 15 Jul 2016 17:22:32 +0200
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
On 15.07.2016 17:18, Eric Blake wrote:
> On 07/15/2016 07:36 AM, Max Reitz wrote:
>> On 14.07.2016 23:36, Eric Blake wrote:
>>> On 07/14/2016 07:28 AM, Kevin Wolf wrote:
>>>> There is no reason why an NBD server couldn't be started for any node,
>>>> even if it's not on the top level. This converts nbd-server-add to
>>>> accept a node-name.
>>> Do we want to do any sanity checking that writing should only be
>>> permitted on a root, and that when using a node name that is not a root
>>> that writable must be false so as not to negatively change the BDS out
>>> of under the feet of the other root? Do op-blockers already cover that?
>> Well, one could argue that it's possible to create an NBD server on a
>> non-root node today anyway, since creating BBs is not restricted to root
>> blockdev-add(id=foo, other arguments...)
>> blockdev-add(id=bar, backing=foo, other arguments...)
>> And then you can create an NBD server on bar. I agree that this is not
>> how it should be, though. However, I think that the fact that you need
>> to specify a BB name for now deters people from doing stuff like that.
>> If you can specify a node name, people will think it's completely fine
>> to do so.
> Creating a server on bar doesn't change the contents of foo, so I see
> that as safe (foo can still be in use by other chains, and the server on
> bar won't invalidate those chains).
Errr, I meant foo instead of bar. Curse me for using placeholder names.
>> Also note that only allowing NBD servers to be created on a root node
>> doesn't really help you:
>> blockdev-add(node-name=foo, ...)
>> blockdev-add(id=bar, backing=foo, ...)
> But THAT is indeed unsafe, if the server allows writes, because now the
> contents of bar are at risk of being silently changed by any edits made
> to foo.
> So the real restriction we want is that if foo is owned by a read-write
> BB (the NBD server in this case), then creating another BDS bar that
> uses foo as a backing is undesirable.
Well, it's exactly what the new op blockers should be for.
>> So, yeah, I think we just need the new op-blockers for this, I don't
>> think the current op blockers cover this.
> I'm not sure either, which is why we're discussing it on list to make
> sure we think about the restrictions and their implications.
Considering that Kevin is on PTO as of today, I think the best course of
action would be put the last two patches of this series off until after
2.7 is released.
Description: OpenPGP digital signature
- Re: [Qemu-block] [PATCH v4 08/11] block: Accept node-name for drive-backup, (continued)