From: Max Reitz <mreitz@redhat.com>
To: Fam Zheng <famforupstream@gmail.com>
Cc: "Fam Zheng" <fam@euphon.net>, "Kevin Wolf" <kwolf@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org
Subject: Re: [PATCH] block: Introduce zero-co:// and zero-aio://
Date: Thu, 11 Mar 2021 13:11:23 +0100 [thread overview]
Message-ID: <e69b5979-6ab0-f823-b27a-8592595e2b4f@redhat.com> (raw)
In-Reply-To: <CAGNx5+3HSEFxEhzGicF5n5g53KnZJ=5GxKN_QAhL7cMhj+oKAA@mail.gmail.com>
On 10.03.21 17:35, Fam Zheng wrote:
>
>
> On Wed, 10 Mar 2021 at 15:02, Max Reitz <mreitz@redhat.com
> <mailto:mreitz@redhat.com>> wrote:
>
> On 10.03.21 15:17, fam@euphon.net <mailto:fam@euphon.net> wrote:
> > From: Fam Zheng <famzheng@amazon.com <mailto:famzheng@amazon.com>>
> >
> > null-co:// has a read-zeroes=off default, when used to in security
> > analysis, this can cause false positives because the driver doesn't
> > write to the read buffer.
> >
> > null-co:// has the highest possible performance as a block driver, so
> > let's keep it that way. This patch introduces zero-co:// and
> > zero-aio://, largely similar with null-*://, but have
> read-zeroes=on by
> > default, so it's more suitable in cases than null-co://.
> >
> > Signed-off-by: Fam Zheng <fam@euphon.net <mailto:fam@euphon.net>>
> > ---
> > block/null.c | 91
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 91 insertions(+)
>
> You’ll also need to make all tests that currently use null-{co,aio} use
> zero-{co,aio}, because none of those are performance tests (as far as
> I’m aware), so they all want a block driver that memset()s.
>
> (And that’s basically my problem with this approach; nearly everyone
> who
> uses null-* right now probably wants read-zeroes=on, so keeping null-*
> as it is means all of those users should be changed. Sure, they were
> all wrong to not specify read-zeroes=on, but that’s how it is. So
> while
> technically this patch is a compatible change, in contrast to the one
> making read-zeroes=on the default, in practice it absolutely isn’t.)
>
> Another problem arising from that is I can imagine that some
> distributions might have whitelisted null-co because many iotests
> implicitly depend on it, so the iotests will fail if they aren’t
> whitelisted. Now they’d need to whitelist zero-co, too. Not
> impossible, sure, but it’s work that would need to be done.
>
>
> My problem is this: We have a not-really problem, namely “valgrind and
> other tools complain”. Philippe (and I guess me on IRC) proposed a
> simple solution whose only drawbacks (AFAIU) are:
>
> (1) When writing performance tests, you’ll then need to explicitly
> specify read-zeroes=off. Existing performance tests using null-co will
> probably wrongly show degredation. (Are there such tests, though?)
>
> (2) null will not quite conform to its name, strictly speaking.
> Frankly, I don’t know who’d care other than people who write those
> performance tests mentioned in (1). I know I don’t care.
>
> (Technically: (3) We should look into all qemu tests that use
> null-co to
> see whether they test performance. In practice, they don’t, so we
> don’t
> need to.)
>
> So AFAIU change the read-zeroes default would affect very few
> people, if
> any. I see you care about (2), and you’re the maintainer, so I can’t
> say that there is no problem. But it isn’t a practical one.
>
> So on the practical front, we get a small benefit (tools won’t
> complain)
> for a small drawback (having to remember read-zeroes=off for
> performance
> tests).
>
>
> Now you propose a change that has the following drawbacks, as I see it:
>
> (1) All non-performance tests using null-* should be changed to zero-*.
> And those are quite a few tests, so this is some work.
>
> (2) Distributions that have whitelisted null-co now should whitelist
> zero-co, too.
>
> Not impossible, but I consider these much bigger practical drawbacks
> than making read-zeroes=on the default. It’s actual work that must be
> done. To me personally, these drawbacks far outweigh the benefit of
> having valgrind and other tools not complain.
>
>
> I can’t stop you from updating this patch to do (1), but it doesn’t
> make
> sense to me from a practical perspective. It just doesn’t seem
> worth it
> to me.
>
>
> But using null-co:// in tests is not wrong, the problem is the caller
> failed to initialize its buffer.
Then I don’t see why we’d need zero-co://.
Max
next prev parent reply other threads:[~2021-03-11 12:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-10 14:17 [PATCH] block: Introduce zero-co:// and zero-aio:// fam
2021-03-10 14:22 ` Philippe Mathieu-Daudé
2021-03-10 14:28 ` Fam Zheng
2021-03-10 14:49 ` Philippe Mathieu-Daudé
2021-03-10 14:59 ` Fam Zheng
2021-03-10 14:40 ` Vladimir Sementsov-Ogievskiy
2021-03-10 14:59 ` Fam Zheng
2021-03-10 14:59 ` Max Reitz
2021-03-10 16:35 ` Fam Zheng
2021-03-11 12:11 ` Max Reitz [this message]
2021-03-10 17:37 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e69b5979-6ab0-f823-b27a-8592595e2b4f@redhat.com \
--to=mreitz@redhat.com \
--cc=fam@euphon.net \
--cc=famforupstream@gmail.com \
--cc=kwolf@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).