Christoph, >> It's very common for database folks to twiddle the read-only state of >> block devices and partitions. I know that our users will find it very >> counter-intuitive that setting /dev/sda read-only won't prevent >> writes to /dev/sda1. > > What I'm worried about it is that this would be a huge change from the > historic behavior. But that's what my users complained about and what the patch tried to address. Also, the existing behavior is inconsistent in the sense that doing: # blockdev --setro /dev/sda # echo foo > /dev/sda1 permits writes. But: # blockdev --setro /dev/sda <something triggers revalidate> # echo foo > /dev/sda1 doesn't. And a subsequent: # blockdev --setrw /dev/sda # echo foo > /dev/sda1 doesn't work either since sda1's read-only policy has been inherited from the whole-disk device. You need to do: # blockdev --rereadpt after setting the whole-disk device rw to effectuate the same change on the partitions, otherwise they are stuck being read-only indefinitely. However, setting the read-only policy on a partition does *not* require the revalidate step. As a matter of fact, doing the revalidate will blow away the policy setting you just made. So the user needs to take different actions depending on whether they are trying to read-protect a whole-disk device or a partition. Despite using the same ioctl. That is really confusing. The intent of my patch was to ensure that: - Hardware-initiated read-only state changes would not alter the user's whole-disk or partition policy settings. - Setting a policy on the whole-disk device would prevent writes to the whole device as the user clearly intended. I have lost count how many times our customers have had data clobbered because of ambiguity of the existing whole-disk device policy. The current behavior violates the principle of least surprise by letting the user think they write protected the whole disk when they actually didn't. -- Martin K. Petersen Oracle Linux Engineering
