From: Kevin Wolf <kwolf@redhat.com>
To: "Denis V. Lunev" <den@openvz.org>
Cc: Stefan Hajnoczi <stefanha@redhat.com>,
qemu-devel@nongnu.org,
Raushaniya Maksudova <rmaksudova@virtuozzo.com>
Subject: Re: [Qemu-devel] [PATCH 4/5] disk_deadlines: add control of requests time expiration
Date: Tue, 8 Sep 2015 15:05:56 +0200 [thread overview]
Message-ID: <20150908130556.GF4230@noname.redhat.com> (raw)
In-Reply-To: <55EEC61F.9050301@openvz.org>
Am 08.09.2015 um 13:27 hat Denis V. Lunev geschrieben:
> interesting point. Yes, it flushes all requests and most likely
> hangs inside waiting requests to complete. But fortunately
> this happens after the switch to paused state thus
> the guest becomes paused. That's why I have missed this
> fact.
>
> This (could) be considered as a problem but I have no (good)
> solution at the moment. Should think a bit on.
Let me suggest a radically different design. Note that I don't say this
is necessarily how things should be done, I'm just trying to introduce
some new ideas and broaden the discussion, so that we have a larger set
of ideas from which we can pick the right solution(s).
The core of my idea would be a new filter block driver 'timeout' that
can be added on top of each BDS that could potentially fail, like a
raw-posix BDS pointing to a file on NFS. This way most pieces of the
solution are nicely modularised and don't touch the block layer core.
During normal operation the driver would just be passing through
requests to the lower layer. When it detects a timeout, however, it
completes the request it received with -ETIMEDOUT. It also completes any
new request it receives with -ETIMEDOUT without passing the request on
until the request that originally timed out returns. This is our safety
measure against anyone seeing whether or how the timed out request
modified data.
We need to make sure that bdrv_drain() doesn't wait for this request.
Possibly we need to introduce a .bdrv_drain callback that replaces the
default handling, because bdrv_requests_pending() in the default
handling considers bs->file, which would still have the timed out
request. We don't want to see this; bdrv_drain_all() should complete
even though that request is still pending internally (externally, we
returned -ETIMEDOUT, so we can consider it completed). This way the
monitor stays responsive and background jobs can go on if they don't use
the failing block device.
And then we essentially reuse the rerror/werror mechanism that we
already have to stop the VM. The device models would be extended to
always stop the VM on -ETIMEDOUT, regardless of the error policy. In
this state, the VM would even be migratable if you make sure that the
pending request can't modify the image on the destination host any more.
Do you think this could work, or did I miss something important?
Kevin
next prev parent reply other threads:[~2015-09-08 13:06 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-08 8:00 [Qemu-devel] [PATCH RFC 0/5] disk deadlines Denis V. Lunev
2015-09-08 8:00 ` [Qemu-devel] [PATCH 1/5] add QEMU style defines for __sync_add_and_fetch Denis V. Lunev
2015-09-10 8:19 ` Stefan Hajnoczi
2015-09-08 8:00 ` [Qemu-devel] [PATCH 2/5] disk_deadlines: add request to resume Virtual Machine Denis V. Lunev
2015-09-10 8:51 ` Stefan Hajnoczi
2015-09-10 19:18 ` Denis V. Lunev
2015-09-14 16:46 ` Stefan Hajnoczi
2015-09-08 8:00 ` [Qemu-devel] [PATCH 3/5] disk_deadlines: add disk-deadlines option per drive Denis V. Lunev
2015-09-10 9:05 ` Stefan Hajnoczi
2015-09-08 8:00 ` [Qemu-devel] [PATCH 4/5] disk_deadlines: add control of requests time expiration Denis V. Lunev
2015-09-08 9:35 ` Fam Zheng
2015-09-08 9:42 ` Denis V. Lunev
2015-09-08 11:06 ` Kevin Wolf
2015-09-08 11:27 ` Denis V. Lunev
2015-09-08 13:05 ` Kevin Wolf [this message]
2015-09-08 14:23 ` Denis V. Lunev
2015-09-08 14:48 ` Kevin Wolf
2015-09-10 10:27 ` Stefan Hajnoczi
2015-09-10 11:39 ` Kevin Wolf
2015-09-14 16:53 ` Stefan Hajnoczi
2015-09-25 12:34 ` Dr. David Alan Gilbert
2015-09-28 12:42 ` Stefan Hajnoczi
2015-09-28 13:55 ` Dr. David Alan Gilbert
2015-09-08 8:00 ` [Qemu-devel] [PATCH 5/5] disk_deadlines: add info disk-deadlines option Denis V. Lunev
2015-09-08 16:20 ` Eric Blake
2015-09-08 16:26 ` Eric Blake
2015-09-10 18:53 ` Denis V. Lunev
2015-09-10 19:13 ` Denis V. Lunev
2015-09-08 8:58 ` [Qemu-devel] [PATCH RFC 0/5] disk deadlines Vasiliy Tolstov
2015-09-08 9:20 ` Fam Zheng
2015-09-08 10:11 ` Kevin Wolf
2015-09-08 10:13 ` Denis V. Lunev
2015-09-08 10:20 ` Fam Zheng
2015-09-08 10:46 ` Denis V. Lunev
2015-09-08 10:49 ` Kevin Wolf
2015-09-08 13:20 ` Fam Zheng
2015-09-08 9:33 ` Paolo Bonzini
2015-09-08 9:41 ` Denis V. Lunev
2015-09-08 9:43 ` Paolo Bonzini
2015-09-08 10:37 ` Andrey Korolyov
2015-09-08 10:50 ` Denis V. Lunev
2015-09-08 10:07 ` Kevin Wolf
2015-09-08 10:08 ` Denis V. Lunev
2015-09-08 10:22 ` Stefan Hajnoczi
2015-09-08 10:26 ` Paolo Bonzini
2015-09-08 10:36 ` Denis V. Lunev
2015-09-08 19:11 ` John Snow
2015-09-10 19:29 ` [Qemu-devel] Summary: " Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150908130556.GF4230@noname.redhat.com \
--to=kwolf@redhat.com \
--cc=den@openvz.org \
--cc=qemu-devel@nongnu.org \
--cc=rmaksudova@virtuozzo.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).