On Wed, Apr 12, 2023 at 12:43:40PM +0200, Sergei Shtepa wrote: > We can consider a block device as a resource that two actor want to take over. > There are two possible behavioral strategies: > 1. If one owner occupies a resource, then for other actors, the ownership > request will end with a refusal. The owner will not lose his resource. > 2. Any actor can take away a resource from the owner and inform him about its > loss using a callback. > > I think the first strategy is safer. When calling ioctl BLKFILTER_ATTACH, the > kernel informs the actor that the resource is busy. > Of course, there is still an option to grab someone else's occupied resource. > To do this, he will have to call ioctl BLKFILTER_DETACH, specifying the name > of the filter that needs to be detached. It is assumed that such detached > should be performed by the same actor that attached it there. Yes. > If we replace the owner at each ioctl BLKFILTER_ATTACH, then we can get a > situation of competition between two actors. At the same time, they won't > even get a message that something is going wrong. > With the second strategy, both tools will unload each other's filters. In the > best case, this will lead to disruption of their work. At a minimum, blksnap, > when detached, will reset the change tracker and each backup will perform a > full read of the block device. As a result, the user will receive distorted > data, the system will not work as planned, although there will be no error > message. Exactly. Silent replacement is a bad idea. Maybe we can stupport multiple filters, but I'm not entirely sold on that either. But silently replacing an existing one is a bad idea.
