From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54507)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benoit.canet@irqsave.net>) id 1Vo4so-0003zh-P0
	for qemu-devel@nongnu.org; Wed, 04 Dec 2013 00:20:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <benoit.canet@irqsave.net>) id 1Vo4si-0004mV-KC
	for qemu-devel@nongnu.org; Wed, 04 Dec 2013 00:20:22 -0500
Received: from nodalink.pck.nerim.net ([62.212.105.220]:43629
	helo=paradis.irqsave.net) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benoit.canet@irqsave.net>) id 1Vo4si-0004mN-2o
	for qemu-devel@nongnu.org; Wed, 04 Dec 2013 00:20:16 -0500
Date: Wed, 4 Dec 2013 06:20:06 +0100
From: =?iso-8859-1?Q?Beno=EEt?= Canet <benoit.canet@irqsave.net>
Message-ID: <20131204052006.GB2781@irqsave.net>
References: <1386077165-19577-1-git-send-email-benoit@irqsave.net>
	<1386077165-19577-7-git-send-email-benoit@irqsave.net>
	<529EA5CA.6050608@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <529EA5CA.6050608@redhat.com>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [RFC V3 6/7] block: Create authorizations
 mechanism for external snapshots.
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Fam Zheng <famz@redhat.com>
Cc: kwolf@redhat.com, jcody@redhat.com, qemu-devel@nongnu.org, armbru@redhat.com, stefanha@redhat.com

Le Wednesday 04 Dec 2013 =C3=A0 11:47:22 (+0800), Fam Zheng a =C3=A9crit =
:
> On 2013=E5=B9=B412=E6=9C=8803=E6=97=A5 21:26, Beno=C3=AEt Canet wrote:
> >---
> >  block.c                   | 64 +++++++++++++++++++++++++++++++++++++=
++++------
> >  block/blkverify.c         |  2 +-
> >  include/block/block.h     | 16 +++++++++---
> >  include/block/block_int.h |  9 ++++---
> >  4 files changed, 75 insertions(+), 16 deletions(-)
> >
> >diff --git a/block.c b/block.c
> >index 8016ff2..0569cb2 100644
> >--- a/block.c
> >+++ b/block.c
> >@@ -4945,21 +4945,69 @@ int bdrv_amend_options(BlockDriverState *bs, Q=
EMUOptionParameter *options)
> >      return bs->drv->bdrv_amend_options(bs, options);
> >  }
> >
> >-ExtSnapshotPerm bdrv_check_ext_snapshot(BlockDriverState *bs)
> >+/* will be used to recurse on single child block filter until first f=
ormat
> >+ * (single child block filter will store their child in bs->file)
> >+ */
> >+ExtSnapshotPerm bdrv_generic_check_ext_snapshot(BlockDriverState *bs,
> >+                                                BlockDriverState *can=
didate)
> >  {
> >-    if (bs->drv->bdrv_check_ext_snapshot) {
> >-        return bs->drv->bdrv_check_ext_snapshot(bs);
> >+    if (!bs->drv) {
> >+        return EXT_SNAPSHOT_FORBIDDEN;
> >      }
> >
> >-    if (bs->file && bs->file->drv && bs->file->drv->bdrv_check_ext_sn=
apshot) {
> >-        return bs->file->drv->bdrv_check_ext_snapshot(bs);
> >+    if (!bs->drv->authorizations[BS_CANT_SNAPSHOT]) {
>=20
> This double negative feels hard to read for me.
>=20
> >+        if (bs =3D=3D candidate) {
> >+             return EXT_SNAPSHOT_ALLOWED;
> >+        } else {
> >+             return EXT_SNAPSHOT_FORBIDDEN;
> >+        }
> >      }
> >
> >-    /* external snapshots are allowed by default */
> >-    return EXT_SNAPSHOT_ALLOWED;
> >+    if (!bs->drv->authorizations[BS_FILTER_PASS_DOWN]) {
> >+        return EXT_SNAPSHOT_FORBIDDEN;
> >+    }
> >+
> >+    if (!bs->file) {
> >+        return EXT_SNAPSHOT_FORBIDDEN;
> >+    }
> >+
> >+    return bdrv_recurse_check_ext_snapshot(bs->file, candidate);
> >  }
> >
> >-ExtSnapshotPerm bdrv_check_ext_snapshot_forbidden(BlockDriverState *b=
s)
> >+ExtSnapshotPerm bdrv_recurse_check_ext_snapshot(BlockDriverState *bs,
> >+                                                BlockDriverState *can=
didate)
> >  {
> >+    if (bs->drv && bs->drv->bdrv_check_ext_snapshot) {
> >+        return bs->drv->bdrv_check_ext_snapshot(bs, candidate);
> >+    }
>=20
> Maybe I'm missing something, but if a driver always returns positive
> permit, despite of what candidate is (or even it's relevant to bs),
> then doesn't it also affect other devices? because...
>=20
> >+
> >+    return bdrv_generic_check_ext_snapshot(bs, candidate);
> >+}
> >+
> >+/* This function check if the candidate bs has snapshots authorized b=
y going
> >+ * down the forest of bs, skipping filters and stopping on the the fi=
rst bses
> >+ * authorizing snapshots
> >+ */
> >+ExtSnapshotPerm bdrv_check_ext_snapshot(BlockDriverState *candidate)
> >+{
> >+    BlockDriverState *bs;
> >+
> >+    /* walk down the bs forest recursively */
> >+    QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
>=20
> this iterates through all the known graph trees (device_list),
> instead of limiting to only the device that candidate belongs to.

The recursion termination success is candidate =3D=3D bs.
This make sure that the scan of the other tree of the forest will not ret=
urn any
spurious success.

>=20
> Why not just check candidate's permission bitmap and go down from
> it? If an ancestor need to disable its descendants, it could simply
> set permission bits of its children and recurse down.

Yes I initially though about updating permission bit of each bs.
The problem is that the graph will evolve (taking a snapshot, adding thro=
ttling
filter) and it would be a mess to constansly update the permission bits.

Best regards

Beno=C3=AEt

>=20
> Fam