On 20.12.21 13:20, Emanuele Giuseppe Esposito wrote:
On 17/12/2021 17:38, Emanuele Giuseppe Esposito wrote:
On 17/12/2021 12:04, Hanna Reitz wrote:
On 24.11.21 07:44, Emanuele Giuseppe Esposito wrote:
bdrv_co_invalidate_cache is special: it is an I/O function,
I still don’t believe it is, but well.
(Yes, it is called by a test in an iothread, but I believe we’ve
seen that the tests simply sometimes test things that shouldn’t be
allowed.)
but uses the block layer permission API, which is GS.
Because of this, we can assert that either the function is
being called with BQL held, and thus can use the permission API,
or make sure that the permission API is not used, by ensuring that
bs (and parents) .open_flags does not contain BDRV_O_INACTIVE.
Signed-off-by: Emanuele Giuseppe Esposito <eespo...@redhat.com>
---
block.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/block.c b/block.c
index a0309f827d..805974676b 100644
--- a/block.c
+++ b/block.c
@@ -6574,6 +6574,26 @@ void bdrv_init_with_whitelist(void)
bdrv_init();
}
+static bool bdrv_is_active(BlockDriverState *bs)
+{
+ BdrvChild *parent;
+
+ if (bs->open_flags & BDRV_O_INACTIVE) {
+ return false;
+ }
+
+ QLIST_FOREACH(parent, &bs->parents, next_parent) {
+ if (parent->klass->parent_is_bds) {
+ BlockDriverState *parent_bs = parent->opaque;
This looks like a really bad hack to me. We purposefully have made
the parent link opaque so that a BDS cannot easily reach its
parents. All accesses should go through BdrvChildClass methods.
I also don’t understand why we need to query parents at all. The
only fact that determines whether the current BDS will have its
permissions changed is whether the BDS itself is active or
inactive. Sure, we’ll invoke bdrv_co_invalidate_cache() on the
parents, too, but then we could simply let the assertion fail there.
+ if (!bdrv_is_active(parent_bs)) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
int coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs,
Error **errp)
{
BdrvChild *child, *parent;
@@ -6585,6 +6605,12 @@ int coroutine_fn
bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp)
return -ENOMEDIUM;
}
+ /*
+ * No need to muck with permissions if bs is active.
+ * TODO: should activation be a separate function?
+ */
+ assert(qemu_in_main_thread() || bdrv_is_active(bs));
+
I don’t understand this, really. It looks to me like “if you don’t
call this in the main thread, this better be a no-op”, i.e., you
must never call this function in an I/O thread if you really want to
use it. I.e. what I’d classify as a GS function.
It sounds like this is just a special case for said test, and
special-casing code for tests sounds like a bad idea.
Ok, but trying to leave just the qemu_in_main_thread() assertion
makes test 307 (./check 307) fail.
I am actually not sure on why it fails, but I am sure it is because
of the assertion, since without it it passes.
I tried with gdb (./check -gdb 307 on one terminal and
gdb -iex "target remote localhost:12345"
in another) but it points me to this below, which I think is the ndb
server getting the socket closed (because on the other side it
crashed), and not the actual error.
Thread 1 "qemu-system-x86" received signal SIGPIPE, Broken pipe.
0x00007ffff68af54d in sendmsg () from target:/lib64/libc.so.6
(gdb) bt
#0 0x00007ffff68af54d in sendmsg () from target:/lib64/libc.so.6
#1 0x0000555555c13cc9 in qio_channel_socket_writev (ioc=<optimized
out>, iov=0x5555569a4870, niov=1, fds=0x0, nfds=<optimized out>,
errp=0x0)
at ../io/channel-socket.c:561
#2 0x0000555555c19b18 in qio_channel_writev_full_all
(ioc=0x55555763b800, iov=iov@entry=0x7fffe8dffd80, niov=niov@entry=1,
fds=fds@entry=0x0,
nfds=nfds@entry=0, errp=errp@entry=0x0) at ../io/channel.c:240
#3 0x0000555555c19bd2 in qio_channel_writev_all (errp=0x0, niov=1,
iov=0x7fffe8dffd80, ioc=<optimized out>) at ../io/channel.c:220
#4 qio_channel_write_all (ioc=<optimized out>,
buf=buf@entry=0x7fffe8dffdd0 "", buflen=buflen@entry=20,
errp=errp@entry=0x0) at ../io/channel.c:330
#5 0x0000555555c27e75 in nbd_write (errp=0x0, size=20,
buffer=0x7fffe8dffdd0, ioc=<optimized out>) at ../nbd/nbd-internal.h:71
#6 nbd_negotiate_send_rep_len (client=client@entry=0x555556f60930,
type=type@entry=1, len=len@entry=0, errp=errp@entry=0x0) at
../nbd/server.c:203
#7 0x0000555555c29db1 in nbd_negotiate_send_rep (errp=0x0, type=1,
client=0x555556f60930) at ../nbd/server.c:211
--Type <RET> for more, q to quit, c to continue without paging--
#8 nbd_negotiate_options (errp=0x7fffe8dffe88, client=<optimized
out>) at ../nbd/server.c:1224
#9 nbd_negotiate (errp=0x7fffe8dffe88, client=<optimized out>) at
../nbd/server.c:1340
#10 nbd_co_client_start (opaque=<optimized out>) at ../nbd/server.c:2715
#11 0x0000555555d70423 in coroutine_trampoline (i0=<optimized out>,
i1=<optimized out>) at ../util/coroutine-ucontext.c:173
#12 0x00007ffff67f3820 in ?? () from target:/lib64/libc.so.6
#13 0x00007fffffffca80 in ?? ()
Ok the reason for this is line 89 of tests/qemu-iotests/307:
# Should ignore the iothread conflict, but then fail because of the
# permission conflict (and not crash)
vm.qmp_log('block-export-add', id='export1', type='nbd',
node_name='null',
iothread='iothread1', fixed_iothread=False, writable=True)
This calls qmp_block_export_add() and then blk_exp_add(), that calls
bdrv_invalidate_cache().
Both functions are running in the main thread, but then
bdrv_invalidate_cache invokes bdrv_co_invalidate_cache() as a
coroutine in the AioContext of the given bs, so not the main loop.
So Hanna, what should we do here? This seems very similar to the
discussion in patch 22, ie run blockdev-create (in this case
block-export-add, which seems similar?) involving nodes in I/O threads.
Honestly, I’m still thinking about this and haven’t come to a
conclusion. It doesn’t seem invalid to run bdrv_co_invalidate_cache()
in the context of the BDS here, but then the assertion that the BDS is
already active seems kind of just lucky to work.
I plan to look into whether I can reproduce some case where the
assertion doesn’t hold (thinking of migration with a block device in an
iothread), and then see what I learn from this. :/
Hanna
