On Tue, 10 Apr 2012 09:14:58 -0400 Phillip Susi <psusi@xxxxxxxxxx> wrote: > On 4/9/2012 7:43 PM, NeilBrown wrote: > > It will reject writes from user-space, and it will reject attempts to mount a > > filesystem unless the filesystem is mounted "read-only". > > But if a read-only mounted filesystem decides to write anyway (XFS, ext3, > > ext4...) then the block layer doesn't stop it. > > How does that work? How does the block layer know or care what mount > flags are used? My understanding is that setting the block layer > read-only flag with blockdev --setro actually causes the write bios to > be rejected, thus preventing ext[34] from playing back the journal. > Ubuntu has been using this to prevent accidental damage by read-only > mounts since this abhorrent behavior was discovered. I would think that > md should work the same way. > It's actually a long time since I looked at this in detail, so I've had another hunt around the code to see what the current state really is. I've only looked at ext3, not other filesystems, but it should be fairly representative. ext3 does appear to take care not to write anything if the device is marked readonly - so maybe I've been doing it a dis-service there. However there have been bugs. The most recent was fixed about 18 months ago: commit 31d710a7bd42f0d89e30d53bdaad427c5f191d0d Author: Maciej 305273enczykowski <zenczykowski@xxxxxxxxx> Date: Sun Sep 26 12:38:28 2010 +0000 ext3: don't update sb journal_devnum when RO dev An ext3 filesystem on a read-only device, with an external journal which is at a different device number then recorded in the superblock will fail to honor the read-only setting of the device and trigger a superblock update (write). For example: - ext3 on a software raid which is in read-only mode - external journal on a read-write device which has changed device num - attempt to mount with -o journal_dev=<new_number> - hits BUG_ON(mddev->ro = 1) in md.c Cc: Theodore Ts'o <tytso@xxxxxxx> Signed-off-by: Maciej 305273enczykowski <zenczykowski@xxxxxxxxx> Signed-off-by: Jan Kara <jack@xxxxxxx> This fix was in 2.6.38. I don't know if was backported at all. The read-only flag does not cause the block-layer to do, or not do, anything. It is merely information that is made available to the filesystem (or the "block_dev" pseudo-filesystem that presents /dev/sda or whatever and maps read/write requests directly to bios which get sent down). It is up the the filesystem to honour the read-only setting. Maybe this is poor design: I haven't thought about it much. But that is the way it is. When ext3 sees that it needs to replay the journal it will check if the device is read-only. If it is, it will failed with EROFS. So you cannot mount an inconsistent filesystem from a read-only device. md does set the same flag that "blockdev --setro" sets. If some filesystem writes anyway, then it is definitely a bug and should be fixed. So it looks like everybody is doing the "right" thing (allowing for occasional bugs here and there), and your real problem is just that Ubuntu didn't package mdmon. NeilBrown
Attachment:
signature.asc
Description: PGP signature