Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete

From:	Manos Pitsidianakis
Subject:	Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete
Date:	Fri, 28 Jul 2017 11:49:53 +0300
User-agent:	NeoMutt/20170609-57-1e93be (1.8.3)

On Thu, Jul 27, 2017 at 06:09:04PM -0400, John Snow wrote:

On 07/26/2017 02:23 PM, Manos Pitsidianakis wrote:
On Wed, Jul 26, 2017 at 04:12:21PM +0100, Stefan Hajnoczi wrote:
On Wed, Jul 26, 2017 at 05:19:24PM +0300, Manos Pitsidianakis wrote:
This proposal follows a discussion we had with Kevin and Stefanon filter
node management.
With block filter drivers arises a need to configure filternodes on runtimewith QMP on live graphs. A problem with doing live graphmodifications isthat some block jobs modify the graph when they are done anddon't operateunder any synchronisation, resulting in a race condition if wetry to insert
a filter node in the place of an existing edge.
But maybe you are thinking about higher level race conditions between
QMP commands.  Can you give an example of the race?
Exactly, synchronisation between the QMP/user actions. Here's anexample, correct me if I'm wrong:
User issues a block-commit to this tree to commit A onto B:
   BB -> A -> B
This inserts the dummy mirror node at the top since this is a mirrorjob (active commit)
   BB -> dummy -> A -> B

User wants to add a filter node F below the BB. First we create the node:
   BB -> dummy -> A -> B
      F /
Commit finishes before we do block-insert-node, dummy and A isremoved from the BB's chain, mirror_exit calls bdrv_replace_node()
   BB ------------> B
               F -> /

Now inserting F under BB will error since dummy does not exist any more.
Exactly how much of a problem is this? You, the user, have instructedQEMU to do two conflicting things:
(1) Squash A down into B, and
(2) Insert a filter above A
Shame on you for deleting the node you were trying to reference, no?And as an added bonus, QEMU will even error out on your commandinstead of trying to do something and getting it wrong.
Is this a problem?

The proposal doesn't guard against the following:
User issues a block-commit to this tree to commit B onto C:
   BB -> A -> B -> C

The dummy node (commit's top bs is A):
   BB -> A -> dummy -> B -> C

blockdev-add of a filter we wish to eventually be between A and C:
   BB -> A -> dummy -> B -> C
            F/

if commit finishes before we issue block-insert-node (commit_complete()
calls bdrv_set_backing_hd() which only touches A)
   BB -> A --------------> C
          F -> dummy -> B /
   resulting in error when issuing block-insert-node,

Because "B" and "dummy" have already actually been deleted, I assume.(The diagram is confusing.)

because we have an edge (A, C) and C is not a child of F, so we cannotinsert it as a child to A. (I rotated the usual ascii art by 90 deg tosave me from handling whitespace, but I might have done it worse)

else if we set the job to manual-delete and insert F:
   BB -> A -> F -> dummy -> B -> C
deleting the job will result in F being lost since the job's top bswasn't updated.
Seems like a fairly good reason not to pursue this avenue then, yes?

I think this is just a different problem, not a race but of broadcastinggraph operations to affected parties (block jobs).

I think I agree with Stefan's concerns that this is more of atemporary workaround for the benefit of jobs, but that there may wellbe other reasons (especially in the future) where graph manipulationsmay occur invisibly to the user.
Do you have any use cases for failure here that don't involve the userthemselves asking for two conflicting things? That is, QEMU doing somegraph reorganization without the user's knowledge coupled with theuser asking for a new filter node?
Are there any failures that result in anything more dangerous or badthan a "404: node not found" style error where we simply reject thepremise of what the user was attempting to accomplish?

I couldn't come up with a case that caused catastrophic failure, no(though I lack familiarity with block jobs). If this isn't a problemafter all, good news.

block-insert-node needs to work with no dangerous conflicts to othergraph operations, basically. Is there a case where there's not just anerror and we can't recover?

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [RFC] block-insert-node and block-job-delete, Manos Pitsidianakis, 2017/07/26
- Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete, Stefan Hajnoczi, 2017/07/26
  - Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete, Manos Pitsidianakis, 2017/07/26
    - Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete, Stefan Hajnoczi, 2017/07/27
    - Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete, John Snow, 2017/07/27
    - Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete, Manos Pitsidianakis <=
    - Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete, Kevin Wolf, 2017/07/28

Prev by Date: Re: [Qemu-devel] [Qemu-arm] [PATCH for-2.10 3/5] target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
Next by Date: Re: [Qemu-devel] [Qemu-arm] [PATCH for-2.10 2/5] target/arm: Don't allow guest to make System space executable for M profile
Previous by thread: Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete
Next by thread: Re: [Qemu-devel] [RFC] block-insert-node and block-job-delete
Index(es):
- Date
- Thread