Hi all! Here is a proposal of updating graph changing procedures.
The thing brought me here is a question about "activating" filters after insertion, which is done in mirror_top and backup_top. The problem is that we can't simply avoid permission conflict when inserting the filter: during insertion old permissions of relations to be removed conflicting with new permissions of new created relations. And current solution is supporting additional "inactive" mode for the filter when it doesn't require any permissions. I suggest to change the order of operations: let's first do all graph relations modifications and then refresh permissions. Of course we'll need a way to restore old graph if refresh fails. Another problem with permission update is that we update permissions in order of DFS which is not always correct. Better is update node when all its parents already updated and require correct permissions. This needs a topological sort of nodes prior to permission update, see more in patches later. Key patches here: 01,02 - add failing tests to illustrate conceptual problems of current permission update system. [Here is side suggestion: we usually add tests after fix, so careful reviewer has to change order of patches to check that test fails before fix. I add tests in the way the may be simply executed but not yet take part in make check. It seems more native: first show the problem, then fix it. And when fixed, make tests available for make check] 08 - toplogical sort implemented for permission update, one of new tests now pass 13 - improve bdrv_replace_node. second new test now pass 21 - drop .active field and activation procedure for backup-top! Series marked as RFC as they are non-complete. Some things like bdrv_replace_node() and bdrv_append() are moved into new paradigm (update graph first) some not (like bdrv_reopen_multiple()). Because of it we have to still support old interfaces (like ignore_children). Still, I'd be very grateful for some feedback before investigating more time to this thing. Note, that this series does nothing with another graph-update problem discussed under "[PATCH RFC 0/5] Fix accidental crash in iotest 30". The series based on block-next Max's branch and can be found here: git: https://src.openvz.org/scm/~vsementsov/qemu.git tag: up-block-topologic-perm-v1 Vladimir Sementsov-Ogievskiy (21): tests/test-bdrv-graph-mod: add test_parallel_exclusive_write tests/test-bdrv-graph-mod: add test_parallel_perm_update util: add transactions.c block: bdrv_refresh_perms: check parents compliance block: refactor bdrv_child* permission functions block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms() block: inline bdrv_child_*() permission functions calls block: use topological sort for permission update block: add bdrv_drv_set_perm transaction action block: add bdrv_list_* permission update functions block: add bdrv_replace_child_safe() transaction action block: return value from bdrv_replace_node() block: fix bdrv_replace_node_common block: add bdrv_attach_child_noperm() transaction action block: split out bdrv_replace_node_noperm() block: bdrv_append(): don't consume reference block: bdrv_append(): return status block: adapt bdrv_append() for inserting filters block: add bdrv_remove_backing transaction action block: introduce bdrv_drop_filter() block/backup-top: drop .active include/block/block.h | 9 +- include/qemu/transactions.h | 46 +++ block.c | 789 ++++++++++++++++++++++++++++-------- block/backup-top.c | 39 +- block/commit.c | 7 +- block/mirror.c | 9 +- blockdev.c | 10 +- tests/test-bdrv-drain.c | 2 +- tests/test-bdrv-graph-mod.c | 122 +++++- util/transactions.c | 81 ++++ tests/qemu-iotests/283.out | 2 +- util/meson.build | 1 + 12 files changed, 872 insertions(+), 245 deletions(-) create mode 100644 include/qemu/transactions.h create mode 100644 util/transactions.c -- 2.21.3