On Fri 25 Sep 2015 04:22:26 PM CEST, Eric Blake wrote: >> Disabling I/O limits from a BDS also drains all pending throttled >> requests, so it should be done at the beginning of bdrv_close() with >> the rest of the bdrv_drain() calls before the BlockDriver is closed. > > Can this be abused? If I have a guest running in a cloud where the > cloud provider has put severe throttling limits on me, but lets me > hotplug to my heart's content, couldn't I just repeatedly plug/unplug > the disk to get around the throttling (every time I unplug, all writes > flush at full speed, then I immediately replug to start batching up a > new set of writes). In other words, shouldn't the draining still be > throttled, to prevent my abuse?
I didn't think about this case, and I don't know how practical this is, but note that bdrv_drain() (which is already at the beginning of bdrv_close()) flushes the I/O queue explicitly bypassing the limits, so other cases where a user can trigger a bdrv_drain() would also be vulnerable to this. Berto
