From: Max Reitz <mreitz@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>,
qemu-block@nongnu.org
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-devel@nongnu.org,
armbru@redhat.com, den@openvz.org
Subject: Re: [PATCH v8 2/7] copy-on-read: add filter append/drop functions
Date: Thu, 24 Sep 2020 17:00:23 +0200 [thread overview]
Message-ID: <f06a1ce5-4ae1-2af3-ab19-61061b8091ec@redhat.com> (raw)
In-Reply-To: <b0481dc9-ff26-25ca-ecb0-ea5c0fb4dc06@virtuozzo.com>
[-- Attachment #1.1: Type: text/plain, Size: 4129 bytes --]
On 24.09.20 16:51, Vladimir Sementsov-Ogievskiy wrote:
> 24.09.2020 16:25, Max Reitz wrote:
>> On 23.09.20 16:38, Vladimir Sementsov-Ogievskiy wrote:
>>> 17.09.2020 19:09, Andrey Shinkevich wrote:
>>>> On 04.09.2020 14:22, Max Reitz wrote:
>>>>> On 28.08.20 18:52, Andrey Shinkevich wrote:
>>>>>> Provide API for the COR-filter insertion/removal.
>>>> ...
>>>>>> Also, drop the filter child permissions for an inactive state when
>>>>>> the
>>>>>> filter node is being removed.
>>>>> Do we need .active for that? Shouldn’t it be sufficient to just not
>>>>> require BLK_PERM_WRITE_UNCHANGED when no permissions are taken on the
>>>>> node (i.e. perm == 0 in cor_child_perm())?
>>>>>
>>>>> Of course, using an .active field works, too. But Vladimir wanted a
>>>>> similar field in the preallocate filter, and there already is in
>>>>> backup-top. I feel like there shouldn’t be a need for this.
>>>>>
>>>>> .bdrv_child_perm() should generally be able to decide what permissions
>>>>> it needs based on the information it gets. If every driver needs to
>>>>> keep track of whether it has any parents and feed that information
>>>>> into
>>>>> .bdrv_child_perm() as external state, then something feels wrong.
>>>>>
>>>>> If perm == 0 is not sufficient to rule out any parents, we should just
>>>>> explicitly add a boolean that tells .bdrv_child_perm() whether
>>>>> there are
>>>>> any parents or not – shouldn’t be too difficult.
>>>>
>>>>
>>>> The issue is that we fail in the bdrv_check_update_perm() with
>>>> ""Conflicts with use by..." if the *nperm = 0 and the *nshared =
>>>> BLK_PERM_ALL are not set before the call to the bdrv_replace_node().
>>>> The filter is still in the backing chain by that moment and has a
>>>> parent with child->perm != 0.
>>>>
>>>> The implementation of the .bdrv_child_perm()in the given patch is
>>>> similar to one in the block/mirror.c.
>>>>
>>>> How could we resolve the issue at the generic layer?
>>>>
>>>>
>>>
>>> The problem is that when we update permissions in bdrv_replace_node, we
>>> consider new placement for "to" node, but old placement for "from" node.
>>> So, during update, we may consider stricter permission requirements for
>>> "from" than needed and they conflict with new "to" permissions.
>>>
>>> We should consider all graph changes for permission update
>>> simultaneously, in same transaction. For this, we need refactor
>>> permission update system to work on queue of nodes instead of simple DFS
>>> recursion. And in the queue all the nodes to update should be
>>> toplogically sorted. In this way, when we update node N, all its parents
>>> are already updated. And of course, we should make no-perm graph update
>>> before permission update, and rollback no-perm movement if permission
>>> update failed.
>>
>> OK, you’ve convinced me, .active is good enough for now. O:)
>>
>>> And we need topological sort anyway. Consider the following example:
>>>
>>> A -
>>> | \
>>> | v
>>> | B
>>> | |
>>> v /
>>> C<-
>>>
>>> A is parent for B and C, B is parent for C.
>>>
>>> Obviously, to update permissions, we should go in order A B C, so, when
>>> we update C, all it's parents permission already updated. But with
>>> current approach (simple recursion) we can update in sequence A C B C (C
>>> is updated twice). On first update of C, we consider old B permissions,
>>> so doing wrong thing. If it succeed, all is OK, on second C update we
>>> will finish with correct graph. But if the wrong thing failed, we break
>>> the whole process for no reason (it's possible that updated B permission
>>> will be less strict, but we will never check it).
>>
>> True.
>>
>>> I'll work on a patch for it.
>>
>> Sounds great, though I fear for the complexity. I’ll just wait and see
>> for now.
>>
>
> If you are OK with .active for now, then I think, Andrey can resend with
> .active and I'll dig into permissions in parallel. If Andrey's series
> go first, I'll just drop .active later if my idea works.
Sure, that works for me.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2020-09-24 15:05 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-28 16:52 [PATCH v8 0/7] Apply COR-filter to the block-stream permanently Andrey Shinkevich via
2020-08-28 16:52 ` [PATCH v8 1/7] copy-on-read: Support preadv/pwritev_part functions Andrey Shinkevich via
2020-08-28 16:52 ` [PATCH v8 2/7] copy-on-read: add filter append/drop functions Andrey Shinkevich via
2020-09-04 11:22 ` Max Reitz
2020-09-17 16:09 ` Andrey Shinkevich
2020-09-23 14:38 ` Vladimir Sementsov-Ogievskiy
2020-09-24 13:25 ` Max Reitz
2020-09-24 14:51 ` Vladimir Sementsov-Ogievskiy
2020-09-24 15:00 ` Max Reitz [this message]
2020-09-24 17:29 ` Andrey Shinkevich
2020-09-24 17:40 ` Andrey Shinkevich
2020-09-24 17:49 ` Vladimir Sementsov-Ogievskiy
2020-08-28 16:52 ` [PATCH v8 3/7] qapi: add filter-node-name to block-stream Andrey Shinkevich via
2020-08-28 16:52 ` [PATCH v8 4/7] copy-on-read: pass base file name to COR driver Andrey Shinkevich via
2020-09-04 12:17 ` Max Reitz
2020-09-04 12:26 ` Vladimir Sementsov-Ogievskiy
2020-08-28 16:52 ` [PATCH v8 5/7] copy-on-read: limit guest writes to base in " Andrey Shinkevich via
2020-09-04 12:50 ` Max Reitz
2020-09-04 13:59 ` Vladimir Sementsov-Ogievskiy
2020-09-22 13:13 ` Andrey Shinkevich
2020-09-24 11:18 ` Max Reitz
2020-08-28 16:52 ` [PATCH v8 6/7] block-stream: freeze link to base node during stream job Andrey Shinkevich via
2020-09-04 13:21 ` Max Reitz
2020-09-04 13:48 ` Vladimir Sementsov-Ogievskiy
2020-09-07 11:44 ` Max Reitz
2020-09-07 12:17 ` Vladimir Sementsov-Ogievskiy
2020-09-24 12:46 ` Max Reitz
2020-08-28 16:52 ` [PATCH v8 7/7] block: apply COR-filter to block-stream jobs Andrey Shinkevich via
2020-09-04 13:41 ` Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f06a1ce5-4ae1-2af3-ab19-61061b8091ec@redhat.com \
--to=mreitz@redhat.com \
--cc=andrey.shinkevich@virtuozzo.com \
--cc=armbru@redhat.com \
--cc=den@openvz.org \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).