You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
299 lines
11 KiB
299 lines
11 KiB
From 150ef3356cc6732fede7ca059168fc0565ed0b76 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Wolf <kwolf@redhat.com>
|
|
Date: Fri, 18 Nov 2022 18:41:09 +0100
|
|
Subject: [PATCH 27/31] block: Don't poll in bdrv_replace_child_noperm()
|
|
|
|
RH-Author: Stefano Garzarella <sgarzare@redhat.com>
|
|
RH-MergeRequest: 135: block: Simplify drain to prevent QEMU from crashing during snapshot
|
|
RH-Bugzilla: 2155112
|
|
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
|
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
|
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
|
RH-Commit: [15/16] 5fc7d6b703a2d6c1118d875056f0afbd6ba5cca9 (sgarzarella/qemu-kvm-c-9-s)
|
|
|
|
In order to make sure that bdrv_replace_child_noperm() doesn't have to
|
|
poll any more, get rid of the bdrv_parent_drained_begin_single() call.
|
|
|
|
This is possible now because we can require that the parent is already
|
|
drained through the child in question when the function is called and we
|
|
don't call the parent drain callbacks more than once.
|
|
|
|
The additional drain calls needed in callers cause the test case to run
|
|
its code in the drain handler too early (bdrv_attach_child() drains
|
|
now), so modify it to only enable the code after the test setup has
|
|
completed.
|
|
|
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Message-Id: <20221118174110.55183-15-kwolf@redhat.com>
|
|
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
|
|
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
|
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
(cherry picked from commit 23987471285a26397e3152a9244b652445fd36c4)
|
|
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
|
|
---
|
|
block.c | 103 ++++++++++++++++++++++++++++++-----
|
|
block/io.c | 2 +-
|
|
include/block/block-io.h | 8 +++
|
|
tests/unit/test-bdrv-drain.c | 10 ++++
|
|
4 files changed, 108 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/block.c b/block.c
|
|
index af31a94863..65588d313a 100644
|
|
--- a/block.c
|
|
+++ b/block.c
|
|
@@ -2407,6 +2407,20 @@ static void bdrv_replace_child_abort(void *opaque)
|
|
|
|
GLOBAL_STATE_CODE();
|
|
/* old_bs reference is transparently moved from @s to @s->child */
|
|
+ if (!s->child->bs) {
|
|
+ /*
|
|
+ * The parents were undrained when removing old_bs from the child. New
|
|
+ * requests can't have been made, though, because the child was empty.
|
|
+ *
|
|
+ * TODO Make bdrv_replace_child_noperm() transactionable to avoid
|
|
+ * undraining the parent in the first place. Once this is done, having
|
|
+ * new_bs drained when calling bdrv_replace_child_tran() is not a
|
|
+ * requirement any more.
|
|
+ */
|
|
+ bdrv_parent_drained_begin_single(s->child, false);
|
|
+ assert(!bdrv_parent_drained_poll_single(s->child));
|
|
+ }
|
|
+ assert(s->child->quiesced_parent);
|
|
bdrv_replace_child_noperm(s->child, s->old_bs);
|
|
bdrv_unref(new_bs);
|
|
}
|
|
@@ -2422,12 +2436,19 @@ static TransactionActionDrv bdrv_replace_child_drv = {
|
|
*
|
|
* Note: real unref of old_bs is done only on commit.
|
|
*
|
|
+ * Both @child->bs and @new_bs (if non-NULL) must be drained. @new_bs must be
|
|
+ * kept drained until the transaction is completed.
|
|
+ *
|
|
* The function doesn't update permissions, caller is responsible for this.
|
|
*/
|
|
static void bdrv_replace_child_tran(BdrvChild *child, BlockDriverState *new_bs,
|
|
Transaction *tran)
|
|
{
|
|
BdrvReplaceChildState *s = g_new(BdrvReplaceChildState, 1);
|
|
+
|
|
+ assert(child->quiesced_parent);
|
|
+ assert(!new_bs || new_bs->quiesce_counter);
|
|
+
|
|
*s = (BdrvReplaceChildState) {
|
|
.child = child,
|
|
.old_bs = child->bs,
|
|
@@ -2819,6 +2840,14 @@ uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm)
|
|
return permissions[qapi_perm];
|
|
}
|
|
|
|
+/*
|
|
+ * Replaces the node that a BdrvChild points to without updating permissions.
|
|
+ *
|
|
+ * If @new_bs is non-NULL, the parent of @child must already be drained through
|
|
+ * @child.
|
|
+ *
|
|
+ * This function does not poll.
|
|
+ */
|
|
static void bdrv_replace_child_noperm(BdrvChild *child,
|
|
BlockDriverState *new_bs)
|
|
{
|
|
@@ -2826,6 +2855,28 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
|
|
int new_bs_quiesce_counter;
|
|
|
|
assert(!child->frozen);
|
|
+
|
|
+ /*
|
|
+ * If we want to change the BdrvChild to point to a drained node as its new
|
|
+ * child->bs, we need to make sure that its new parent is drained, too. In
|
|
+ * other words, either child->quiesce_parent must already be true or we must
|
|
+ * be able to set it and keep the parent's quiesce_counter consistent with
|
|
+ * that, but without polling or starting new requests (this function
|
|
+ * guarantees that it doesn't poll, and starting new requests would be
|
|
+ * against the invariants of drain sections).
|
|
+ *
|
|
+ * To keep things simple, we pick the first option (child->quiesce_parent
|
|
+ * must already be true). We also generalise the rule a bit to make it
|
|
+ * easier to verify in callers and more likely to be covered in test cases:
|
|
+ * The parent must be quiesced through this child even if new_bs isn't
|
|
+ * currently drained.
|
|
+ *
|
|
+ * The only exception is for callers that always pass new_bs == NULL. In
|
|
+ * this case, we obviously never need to consider the case of a drained
|
|
+ * new_bs, so we can keep the callers simpler by allowing them not to drain
|
|
+ * the parent.
|
|
+ */
|
|
+ assert(!new_bs || child->quiesced_parent);
|
|
assert(old_bs != new_bs);
|
|
GLOBAL_STATE_CODE();
|
|
|
|
@@ -2833,15 +2884,6 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
|
|
assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs));
|
|
}
|
|
|
|
- /*
|
|
- * If the new child node is drained but the old one was not, flush
|
|
- * all outstanding requests to the old child node.
|
|
- */
|
|
- new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
|
|
- if (new_bs_quiesce_counter && !child->quiesced_parent) {
|
|
- bdrv_parent_drained_begin_single(child, true);
|
|
- }
|
|
-
|
|
if (old_bs) {
|
|
if (child->klass->detach) {
|
|
child->klass->detach(child);
|
|
@@ -2861,11 +2903,9 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
|
|
}
|
|
|
|
/*
|
|
- * If the old child node was drained but the new one is not, allow
|
|
- * requests to come in only after the new node has been attached.
|
|
- *
|
|
- * Update new_bs_quiesce_counter because bdrv_parent_drained_begin_single()
|
|
- * polls, which could have changed the value.
|
|
+ * If the parent was drained through this BdrvChild previously, but new_bs
|
|
+ * is not drained, allow requests to come in only after the new node has
|
|
+ * been attached.
|
|
*/
|
|
new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
|
|
if (!new_bs_quiesce_counter && child->quiesced_parent) {
|
|
@@ -3002,6 +3042,24 @@ static BdrvChild *bdrv_attach_child_common(BlockDriverState *child_bs,
|
|
}
|
|
|
|
bdrv_ref(child_bs);
|
|
+ /*
|
|
+ * Let every new BdrvChild start with a drained parent. Inserting the child
|
|
+ * in the graph with bdrv_replace_child_noperm() will undrain it if
|
|
+ * @child_bs is not drained.
|
|
+ *
|
|
+ * The child was only just created and is not yet visible in global state
|
|
+ * until bdrv_replace_child_noperm() inserts it into the graph, so nobody
|
|
+ * could have sent requests and polling is not necessary.
|
|
+ *
|
|
+ * Note that this means that the parent isn't fully drained yet, we only
|
|
+ * stop new requests from coming in. This is fine, we don't care about the
|
|
+ * old requests here, they are not for this child. If another place enters a
|
|
+ * drain section for the same parent, but wants it to be fully quiesced, it
|
|
+ * will not run most of the the code in .drained_begin() again (which is not
|
|
+ * a problem, we already did this), but it will still poll until the parent
|
|
+ * is fully quiesced, so it will not be negatively affected either.
|
|
+ */
|
|
+ bdrv_parent_drained_begin_single(new_child, false);
|
|
bdrv_replace_child_noperm(new_child, child_bs);
|
|
|
|
BdrvAttachChildCommonState *s = g_new(BdrvAttachChildCommonState, 1);
|
|
@@ -5059,12 +5117,24 @@ static void bdrv_remove_child(BdrvChild *child, Transaction *tran)
|
|
}
|
|
|
|
if (child->bs) {
|
|
+ BlockDriverState *bs = child->bs;
|
|
+ bdrv_drained_begin(bs);
|
|
bdrv_replace_child_tran(child, NULL, tran);
|
|
+ bdrv_drained_end(bs);
|
|
}
|
|
|
|
tran_add(tran, &bdrv_remove_child_drv, child);
|
|
}
|
|
|
|
+static void undrain_on_clean_cb(void *opaque)
|
|
+{
|
|
+ bdrv_drained_end(opaque);
|
|
+}
|
|
+
|
|
+static TransactionActionDrv undrain_on_clean = {
|
|
+ .clean = undrain_on_clean_cb,
|
|
+};
|
|
+
|
|
static int bdrv_replace_node_noperm(BlockDriverState *from,
|
|
BlockDriverState *to,
|
|
bool auto_skip, Transaction *tran,
|
|
@@ -5074,6 +5144,11 @@ static int bdrv_replace_node_noperm(BlockDriverState *from,
|
|
|
|
GLOBAL_STATE_CODE();
|
|
|
|
+ bdrv_drained_begin(from);
|
|
+ bdrv_drained_begin(to);
|
|
+ tran_add(tran, &undrain_on_clean, from);
|
|
+ tran_add(tran, &undrain_on_clean, to);
|
|
+
|
|
QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
|
|
assert(c->bs == from);
|
|
if (!should_update_child(c, to)) {
|
|
diff --git a/block/io.c b/block/io.c
|
|
index 5e9150d92c..ae64830eac 100644
|
|
--- a/block/io.c
|
|
+++ b/block/io.c
|
|
@@ -81,7 +81,7 @@ static void bdrv_parent_drained_end(BlockDriverState *bs, BdrvChild *ignore)
|
|
}
|
|
}
|
|
|
|
-static bool bdrv_parent_drained_poll_single(BdrvChild *c)
|
|
+bool bdrv_parent_drained_poll_single(BdrvChild *c)
|
|
{
|
|
if (c->klass->drained_poll) {
|
|
return c->klass->drained_poll(c);
|
|
diff --git a/include/block/block-io.h b/include/block/block-io.h
|
|
index 8f5e75756a..65e6d2569b 100644
|
|
--- a/include/block/block-io.h
|
|
+++ b/include/block/block-io.h
|
|
@@ -292,6 +292,14 @@ bdrv_writev_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos);
|
|
*/
|
|
void bdrv_parent_drained_begin_single(BdrvChild *c, bool poll);
|
|
|
|
+/**
|
|
+ * bdrv_parent_drained_poll_single:
|
|
+ *
|
|
+ * Returns true if there is any pending activity to cease before @c can be
|
|
+ * called quiesced, false otherwise.
|
|
+ */
|
|
+bool bdrv_parent_drained_poll_single(BdrvChild *c);
|
|
+
|
|
/**
|
|
* bdrv_parent_drained_end_single:
|
|
*
|
|
diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c
|
|
index 172bc6debc..2686a8acee 100644
|
|
--- a/tests/unit/test-bdrv-drain.c
|
|
+++ b/tests/unit/test-bdrv-drain.c
|
|
@@ -1654,6 +1654,7 @@ static void test_drop_intermediate_poll(void)
|
|
|
|
|
|
typedef struct BDRVReplaceTestState {
|
|
+ bool setup_completed;
|
|
bool was_drained;
|
|
bool was_undrained;
|
|
bool has_read;
|
|
@@ -1738,6 +1739,10 @@ static void bdrv_replace_test_drain_begin(BlockDriverState *bs)
|
|
{
|
|
BDRVReplaceTestState *s = bs->opaque;
|
|
|
|
+ if (!s->setup_completed) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
if (!s->drain_count) {
|
|
s->drain_co = qemu_coroutine_create(bdrv_replace_test_drain_co, bs);
|
|
bdrv_inc_in_flight(bs);
|
|
@@ -1769,6 +1774,10 @@ static void bdrv_replace_test_drain_end(BlockDriverState *bs)
|
|
{
|
|
BDRVReplaceTestState *s = bs->opaque;
|
|
|
|
+ if (!s->setup_completed) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
g_assert(s->drain_count > 0);
|
|
if (!--s->drain_count) {
|
|
s->was_undrained = true;
|
|
@@ -1867,6 +1876,7 @@ static void do_test_replace_child_mid_drain(int old_drain_count,
|
|
bdrv_ref(old_child_bs);
|
|
bdrv_attach_child(parent_bs, old_child_bs, "child", &child_of_bds,
|
|
BDRV_CHILD_COW, &error_abort);
|
|
+ parent_s->setup_completed = true;
|
|
|
|
for (i = 0; i < old_drain_count; i++) {
|
|
bdrv_drained_begin(old_child_bs);
|
|
--
|
|
2.31.1
|
|
|