Re: ublk: Graceful Upgrade of ublk server application

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ming Lei <ming.lei@redhat.com>
To: Yoav Cohen <yoav@nvidia.com>
Cc: Uday Shankar <ushankar@purestorage.com>,
	"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
	"axboe@kernel.dk" <axboe@kernel.dk>
Subject: Re: ublk: Graceful Upgrade of ublk server application
Date: Wed, 16 Apr 2025 17:12:36 +0800	[thread overview]
Message-ID: <Z_90hHRXe7R3fQuk@fedora> (raw)
In-Reply-To: <DM4PR12MB632890760804D06B3CBC357AA9BD2@DM4PR12MB6328.namprd12.prod.outlook.com>

On Wed, Apr 16, 2025 at 08:16:44AM +0000, Yoav Cohen wrote:
> Hi,
> 
> The use case is as you say to replace the binary (update) without making the bdev to disappear.
> Currently I don't even use the user_copy(to avoid the 1 more system call) so the io buffer is also part of the sqe which is prevent me from free it from userspace perspective.
> So yes, even ABORT_URING_CMD by given tag can be enough.
> What do you think?

I think the requirement is reasonable, which could be one QUIESCE_DEV command:

- only usable for UBLK_F_USER_RECOVERY

- need ublk server cooperation for handling inflight IO command

- fallback to normal cancel code path in case that io_uring is exiting

The implementation shouldn't be hard:

- mark ubq->canceling as ture 
	- freeze request queue
	- mark ubq->canceling as true
	- unfreeze request queue

- canceling all uring_cmd with UBLK_IO_RES_ABORT (*)
	- now there can't be new ublk IO request coming, and ublk server won't
	send new uring_cmd too, 

	- the gatekeeper code of __ublk_ch_uring_cmd() should be reliable to prevent
	any new uring_cmd from malicious application, maybe need audit & refactoring
	a bit

	- need ublk server to handle UBLK_IO_RES_ABORT correctly: release all
	  kinds resource, close ublk char device...

- wait until ublk char device is released by checking UB_STATE_OPEN

- now ublk state becomes UBLK_S_DEV_QUIESCED or UBLK_S_DEV_FAIL_IO,
and userspace can replace the binary and recover device with new
application via UBLK_CMD_START_USER_RECOVERY & UBLK_CMD_END_USER_RECOVERY

Please let us know if the above works for your requirement.

Thanks,
Ming

next prev parent reply	other threads:[~2025-04-16  9:12 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-15  8:15 ublk: Graceful Upgrade of ublk server application Yoav Cohen
2025-04-15 11:06 ` Ming Lei
2025-04-15 19:46   ` Yoav Cohen
2025-04-16  0:51     ` Uday Shankar
2025-04-16  1:39       ` Ming Lei
2025-04-16  8:16         ` Yoav Cohen
2025-04-16  9:12           ` Ming Lei [this message]
2025-04-20  8:57             ` Yoav Cohen
2025-04-21  2:43               ` Ming Lei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z_90hHRXe7R3fQuk@fedora \
    --to=ming.lei@redhat.com \
    --cc=axboe@kernel.dk \
    --cc=linux-block@vger.kernel.org \
    --cc=ushankar@purestorage.com \
    --cc=yoav@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.