[PROPOSAL] GEOM probing/tasting firewall

Pawel Jakub Dawidek pjd at FreeBSD.org
Fri Aug 2 19:04:05 UTC 2013 

On Wed, Jul 31, 2013 at 07:31:08AM -0700, Peter Grehan wrote:
> >    For first time this idea was formulated in Jabber talk with friend of
> >   mine, who uses FreeBSD for massive iSCSI hosting on ZVOLs. He has problems
> >   with tasting these ZVOLs, which contain different types of data (Windows
> >   disks, Linux disks, FreeBSD disks, etc). Here are label conflicts, strange
> >   messages about corrupted GPTs, etc. So, it looks like to have configurable
> >   way to prevent some GEOM tasting is good idea.
> 
>   I'm all for this. bhyve has the exact same problem with unnecessary 
> tasting of zvols and raw volumes being used by guest o/s's.

Firewall idea is overkill for my taste. I'd much prefer to have a flag
which would tell GEOM not to present GEOM provider I'm creating for
tasting. This also means it would not be available via /dev/.

We would still need a way to selectively make those providers available
via /dev/ or just presented for tasting, but ZVOL snapshots seems to be
good candidates for such a flag.

For regular ZFS file systems there is 'canmount' property which controls
if the given file system should be mounted automatically or not. Maybe
we need similar property for ZVOL snapshots that would enable/disable
GEOM tasting.

Another idea is to implement lazy device creation in /dev/ - when
provider is created with this don't-taste flag its corresponding /dev/
entry is not created, because the DEV GEOM class didn't taste it.
But DEV class could respond to devfs lookups by trying to find provider
by name (there is function for that already) and when found, create
/dev/ entry for it. This would make providers that don't like to be
tasted still available through /dev/.

-- 
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://mobter.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130802/a4815234/attachment.sig>

More information about the freebsd-arch mailing list