Re: floppy regression from "[PATCH] fix floppy.c to store correct ..."

From: Jon Masters
Date: Wed Nov 23 2005 - 13:02:17 EST


On 11/23/05, Bodo Eggert <harvested.in.lkml@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Jon Masters <jonmasters@xxxxxxxxx> wrote:
> > On 11/22/05, Andrew Morton <akpm@xxxxxxxx> wrote:
>
> >> In the meanwhile I think we should revert back to the 2.6.14 version of
> >> floppy.c - the present problem is probably worse than the one which it
> >> kinda-fixes.
> >
> > Ok, as you please. It's probably going to take something much more
> > ugly to make this work with things as they stand - I'll get something
> > out at the weekend.
>
> I think it should be a general solution to flipped CP switches on floppies
> and USB sticks as well as network block devices on a fs that got remounted
> ro or hdparm -W.

Yes. We talked about this before and I even started proposing ideas,
but nobody was interested in more disruptive changes to the block
layer - I'm quite happy to do it.

> The device needs a WP status that gets updated on open or mount (must
> complete before open()/mount() completes),

Yes. In fact I thought about the floppy case some more yesterday and
realised that we can have it do the expensive check only in the case
that we want to open to write, read paths are then still cheap but we
check the media in the write case - this isn't as generic as I want.
It seems to me that this is a whole class of problem that needs a
higher solution and I did propose a callback approach so we can tell
Linux that the media WP state changed.

> on failed write()s iff the write failed because of write protection error and whenever
> checking is cheap.

Which is basically what I said before. But then, I also sent a patch
to rename policy sanely and would like to introduce wrapper macros for
all of this too.

> If the check can't be done sanely on open() calls (as in the case of NBD),
> asume it to be RW enabled unless we know otherwise (e.g. the user told us).

No. That's dangerous and gets us back into the same position. We want
to do the checks according to what kind of open we are trying to do,
in the worse case. Still, we need to handle non-blocking open but
that's the user's problem - they asked for it.

> (re)mounts should allways enforce the check as long as it's possible.
> The filesystems will need to get updated to use this status as well and
> remount themselves ro (or do a panic/reboot, if desired).

As viro said, just randomly changing the media status isn't easy. But
in the case that we changed the media to RO then the higher layers
aren't going to be able to write anyway so we /should/ do an remount
ro anyway. The whole problem comes because Linux blindly relies on the
read/write state of the block device and not of the underlying media.

> This will still misbehave, but I think it will misbehave in a sane way. You
> may get a rw mount on ro devices in corner cases, but you can't keep it.

Yes, but right not it still fails "silently" and possibly results in
data loss. The way to fix this is to have a nice shiney way to inform
Linux of this.

Ok. I'm too busy to spend much time during the week on this right now
but I will set aside some time over the weekend to split out what I
proposed before and send a few patches which implement what we've been
talking about.

Cheers,

Jon.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/