From: Ming Lei <ming.lei@redhat.com>
To: Yoav Cohen <yoav@nvidia.com>
Cc: Uday Shankar <ushankar@purestorage.com>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"axboe@kernel.dk" <axboe@kernel.dk>
Subject: Re: ublk: Graceful Upgrade of ublk server application
Date: Wed, 16 Apr 2025 17:12:36 +0800 [thread overview]
Message-ID: <Z_90hHRXe7R3fQuk@fedora> (raw)
In-Reply-To: <DM4PR12MB632890760804D06B3CBC357AA9BD2@DM4PR12MB6328.namprd12.prod.outlook.com>
On Wed, Apr 16, 2025 at 08:16:44AM +0000, Yoav Cohen wrote:
> Hi,
>
> The use case is as you say to replace the binary (update) without making the bdev to disappear.
> Currently I don't even use the user_copy(to avoid the 1 more system call) so the io buffer is also part of the sqe which is prevent me from free it from userspace perspective.
> So yes, even ABORT_URING_CMD by given tag can be enough.
> What do you think?
I think the requirement is reasonable, which could be one QUIESCE_DEV command:
- only usable for UBLK_F_USER_RECOVERY
- need ublk server cooperation for handling inflight IO command
- fallback to normal cancel code path in case that io_uring is exiting
The implementation shouldn't be hard:
- mark ubq->canceling as ture
- freeze request queue
- mark ubq->canceling as true
- unfreeze request queue
- canceling all uring_cmd with UBLK_IO_RES_ABORT (*)
- now there can't be new ublk IO request coming, and ublk server won't
send new uring_cmd too,
- the gatekeeper code of __ublk_ch_uring_cmd() should be reliable to prevent
any new uring_cmd from malicious application, maybe need audit & refactoring
a bit
- need ublk server to handle UBLK_IO_RES_ABORT correctly: release all
kinds resource, close ublk char device...
- wait until ublk char device is released by checking UB_STATE_OPEN
- now ublk state becomes UBLK_S_DEV_QUIESCED or UBLK_S_DEV_FAIL_IO,
and userspace can replace the binary and recover device with new
application via UBLK_CMD_START_USER_RECOVERY & UBLK_CMD_END_USER_RECOVERY
Please let us know if the above works for your requirement.
Thanks,
Ming
next prev parent reply other threads:[~2025-04-16 9:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-15 8:15 ublk: Graceful Upgrade of ublk server application Yoav Cohen
2025-04-15 11:06 ` Ming Lei
2025-04-15 19:46 ` Yoav Cohen
2025-04-16 0:51 ` Uday Shankar
2025-04-16 1:39 ` Ming Lei
2025-04-16 8:16 ` Yoav Cohen
2025-04-16 9:12 ` Ming Lei [this message]
2025-04-20 8:57 ` Yoav Cohen
2025-04-21 2:43 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_90hHRXe7R3fQuk@fedora \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=linux-block@vger.kernel.org \
--cc=ushankar@purestorage.com \
--cc=yoav@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).