From: John Snow <jsnow@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
qemu block <qemu-block@nongnu.org>,
qemu-devel <qemu-devel@nongnu.org>, Kevin Wolf <kwolf@redhat.com>,
Max Reitz <mreitz@redhat.com>
Subject: Re: [Qemu-devel] backup bug or question
Date: Fri, 9 Aug 2019 16:13:11 -0400 [thread overview]
Message-ID: <b032aeef-07f4-2922-6ee8-3047a8c622b8@redhat.com> (raw)
In-Reply-To: <6826e3c2-bc6e-b2a2-1bf1-3ed31079f0ee@virtuozzo.com>
On 8/9/19 9:18 AM, Vladimir Sementsov-Ogievskiy wrote:
> Hi!
>
> Hmm, hacking around backup I have a question:
>
> What prevents guest write request after job_start but before setting
> write notifier?
>
> code path:
>
> qmp_drive_backup or transaction with backup
>
> job_start
> aio_co_enter(job_co_entry) /* may only schedule execution, isn't it ? */
>
> ....
>
> job_co_entry
> job_pause_point() /* it definitely yields, isn't it bad? */
> job->driver->run() /* backup_run */
>
> ----
>
> backup_run()
> bdrv_add_before_write_notifier()
>
> ...
>
I think you're right... :(
We create jobs like this:
job->paused = true;
job->pause_count = 1;
And then job_start does this:
job->co = qemu_coroutine_create(job_co_entry, job);
job->pause_count--;
job->busy = true;
job->paused = false;
Which means that job_co_entry is being called before we lift the pause:
assert(job && job->driver && job->driver->run);
job_pause_point(job);
job->ret = job->driver->run(job, &job->err);
...Which means that we are definitely yielding in job_pause_point.
Yeah, that's a race condition waiting to happen.
> And what guarantees we give to the user? Is it guaranteed that write notifier is
> set when qmp command returns?
>
> And I guess, if we start several backups in a transaction it should be guaranteed
> that the set of backups is consistent and correspond to one point in time...
>
I would have hoped that maybe the drain_all coupled with the individual
jobs taking drain_start and drain_end would save us, but I guess we
simply don't have a guarantee that all backup jobs WILL have installed
their handler by the time the transaction ends.
Or, if there is that guarantee, I don't know what provides it, so I
think we shouldn't count on it accidentally working anymore.
I think we should do two things:
1. Move the handler installation to creation time.
2. Modify backup_before_write_notify to return without invoking
backup_do_cow if the job isn't started yet.
I'll send a patch in just a moment ...
--js
next prev parent reply other threads:[~2019-08-09 20:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-09 13:18 [Qemu-devel] backup bug or question Vladimir Sementsov-Ogievskiy
2019-08-09 20:13 ` John Snow [this message]
2019-08-10 11:17 ` Vladimir Sementsov-Ogievskiy
2019-08-12 17:46 ` John Snow
2019-08-12 17:59 ` Vladimir Sementsov-Ogievskiy
2019-08-12 13:23 ` Kevin Wolf
2019-08-12 16:09 ` Vladimir Sementsov-Ogievskiy
2019-08-12 16:49 ` Kevin Wolf
2019-08-12 17:02 ` Vladimir Sementsov-Ogievskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b032aeef-07f4-2922-6ee8-3047a8c622b8@redhat.com \
--to=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).