From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=45318 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P4sPz-0000lO-BC
	for qemu-devel@nongnu.org; Sun, 10 Oct 2010 05:42:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1P4rvI-0006nj-EP
	for qemu-devel@nongnu.org; Sun, 10 Oct 2010 05:10:29 -0400
Received: from mx1.redhat.com ([209.132.183.28]:9461)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1P4rvI-0006nH-7u
	for qemu-devel@nongnu.org; Sun, 10 Oct 2010 05:10:28 -0400
Message-ID: <4CB182F7.8090100@redhat.com>
Date: Sun, 10 Oct 2010 11:10:15 +0200
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
References: <1286552914-27014-1-git-send-email-stefanha@linux.vnet.ibm.com>
	<1286552914-27014-7-git-send-email-stefanha@linux.vnet.ibm.com>
In-Reply-To: <1286552914-27014-7-git-send-email-stefanha@linux.vnet.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH v2 6/7] qed: Read/write support
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Anthony Liguori <aliguori@us.ibm.com>, qemu-devel@nongnu.org, Christoph Hellwig <hch@lst.de>

  On 10/08/2010 05:48 PM, Stefan Hajnoczi wrote:
> This patch implements the read/write state machine.  Operations are
> fully asynchronous and multiple operations may be active at any time.
>
> Allocating writes lock tables to ensure metadata updates do not
> interfere with each other.  If two allocating writes need to update the
> same L2 table they will run sequentially.  If two allocating writes need
> to update different L2 tables they will run in parallel.
>

Shouldn't there be a flush between an allocating write and an L2 
update?  Otherwise a reuse of a cluster can move logical sectors from 
one place to another, causing a data disclosure.

Can be skipped if the new cluster is beyond the physical image size.

> +
> +/*
> + * Table locking works as follows:
> + *
> + * Reads and non-allocating writes do not acquire locks because they do not
> + * modify tables and only see committed L2 cache entries.

What about a non-allocating write that follows an allocating write?

1 Guest writes to sector 0
2 Host reads backing image (or supplies zeros), sectors 1-127
3 Host writes sectors 0-127
4 Guest writes sector 1
5 Host writes sector 1

There needs to be a barrier that prevents the host and the disk from 
reordering operations 3 and 5, or guest operation 4 is lost.  As far as 
the guest is concerned no overlapping writes were issued, so it isn't 
required to provide any barriers.

(based on the comment only, haven't read the code)

-- 
error compiling committee.c: too many arguments to function