On Fri, 09/25 16:31, Alberto Garcia wrote: > On Fri 25 Sep 2015 04:22:26 PM CEST, Eric Blake wrote: > > >> Disabling I/O limits from a BDS also drains all pending throttled > >> requests, so it should be done at the beginning of bdrv_close() with > >> the rest of the bdrv_drain() calls before the BlockDriver is closed. > > > > Can this be abused? If I have a guest running in a cloud where the > > cloud provider has put severe throttling limits on me, but lets me > > hotplug to my heart's content, couldn't I just repeatedly plug/unplug > > the disk to get around the throttling (every time I unplug, all writes > > flush at full speed, then I immediately replug to start batching up a > > new set of writes). In other words, shouldn't the draining still be > > throttled, to prevent my abuse? > > I didn't think about this case, and I don't know how practical this is, > but note that bdrv_drain() (which is already at the beginning of > bdrv_close()) flushes the I/O queue explicitly bypassing the limits, so > other cases where a user can trigger a bdrv_drain() would also be > vulnerable to this. >
Yes, the issue is pre-existing. This patch only reordered things inside bdrv_close() so it's no worse. But indeed there is this vulnerability, maybe we should throttle the queue in all cases? Fam
