From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>, John Snow <jsnow@redhat.com>
Subject: Re: [PATCH v4 6/6] block-copy: atomic .cancelled and .finished fields in BlockCopyCallState
Date: Mon, 21 Jun 2021 11:30:42 +0200 [thread overview]
Message-ID: <215f6356-1b9a-3f3b-c35d-bf0b176ebd0f@redhat.com> (raw)
In-Reply-To: <fcb8849c-bedf-aacc-3831-0239d89af2d6@virtuozzo.com>
On 19/06/2021 22:06, Vladimir Sementsov-Ogievskiy wrote:
> 14.06.2021 10:33, Emanuele Giuseppe Esposito wrote:
>> By adding acquire/release pairs, we ensure that .ret and .error_is_read
>> fields are written by block_copy_dirty_clusters before .finished is true.
>
> And that they are read by API user after .finished is true.
>
>>
>> The atomic here are necessary because the fields are concurrently
>> modified
>> also outside coroutines.
>
> To be honest, finished is modified only in coroutine. And read outside.
>
>>
>> Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
>> ---
>> block/block-copy.c | 33 ++++++++++++++++++---------------
>> 1 file changed, 18 insertions(+), 15 deletions(-)
>>
>> diff --git a/block/block-copy.c b/block/block-copy.c
>> index 6416929abd..5348e1f61b 100644
>> --- a/block/block-copy.c
>> +++ b/block/block-copy.c
>> @@ -53,14 +53,14 @@ typedef struct BlockCopyCallState {
>> Coroutine *co;
>> /* State */
>> - bool finished;
>> + bool finished; /* atomic */
>
> So, logic around finished:
>
> Thread of block_copy does:
> 0. finished is false
> 1. tasks set ret and error_is_read
> 2. qatomic_store_release finished -> true
> 3. after that point ret and error_is_read are not modified
>
> Other threads can:
>
> - qatomic_read finished, just to check are we finished or not
>
> - if finished, can read ret and error_is_read safely. If you not sure
> that block-copy finished, use qatomic_load_acquire() of finished first,
> to be sure that you read ret and error_is_read AFTER finished read and
> checked to be true.
>
>> QemuCoSleep sleep; /* TODO: protect API with a lock */
>> /* To reference all call states from BlockCopyState */
>> QLIST_ENTRY(BlockCopyCallState) list;
>> /* OUT parameters */
>> - bool cancelled;
>> + bool cancelled; /* atomic */
>
> Logic around cancelled is simpler:
>
> - false at start
>
> - qatomic_read is allowed from any thread
>
> - qatomic_write to true is allowed from any thread
>
> - never write to false
>
> Note that cancelling and finishing are racy. User can cancel block-copy
> that's already finished. We probably may improve change it, but I'm not
> sure that it worth doing. Still, maybe leave some comment in API
> documentation.
>
>> /* Fields protected by lock in BlockCopyState */
>> bool error_is_read;
>> int ret;
>> @@ -650,7 +650,8 @@ block_copy_dirty_clusters(BlockCopyCallState
>> *call_state)
>> assert(QEMU_IS_ALIGNED(offset, s->cluster_size));
>> assert(QEMU_IS_ALIGNED(bytes, s->cluster_size));
>> - while (bytes && aio_task_pool_status(aio) == 0 &&
>> !call_state->cancelled) {
>> + while (bytes && aio_task_pool_status(aio) == 0 &&
>> + !qatomic_read(&call_state->cancelled)) {
>> BlockCopyTask *task;
>> int64_t status_bytes;
>> @@ -761,7 +762,7 @@ static int coroutine_fn
>> block_copy_common(BlockCopyCallState *call_state)
>> do {
>> ret = block_copy_dirty_clusters(call_state);
>> - if (ret == 0 && !call_state->cancelled) {
>> + if (ret == 0 && !qatomic_read(&call_state->cancelled)) {
>> WITH_QEMU_LOCK_GUARD(&s->lock) {
>> /*
>> * Check that there is no task we still need to
>> @@ -792,9 +793,9 @@ static int coroutine_fn
>> block_copy_common(BlockCopyCallState *call_state)
>> * 2. We have waited for some intersecting block-copy request
>> * It may have failed and produced new dirty bits.
>> */
>> - } while (ret > 0 && !call_state->cancelled);
>> + } while (ret > 0 && !qatomic_read(&call_state->cancelled));
>> - call_state->finished = true;
>> + qatomic_store_release(&call_state->finished, true);
>
> so, all writes to ret and error_is_read are finished to this point.
>
>> if (call_state->cb) {
>> call_state->cb(call_state->cb_opaque);
>> @@ -857,35 +858,37 @@ void block_copy_call_free(BlockCopyCallState
>> *call_state)
>> return;
>> }
>> - assert(call_state->finished);
>> + assert(qatomic_load_acquire(&call_state->finished));
>
> Here we don't need load_aquire, as we don't read other fields.
> qatomic_read is enough.
So what you say makes sense, the only thing that I wonder is: wouldn't
it be better to have the acquire without assertion (or assert
afterwards), just to be sure that we delete when finished is true?
[...]
>
>> }
>> bool block_copy_call_cancelled(BlockCopyCallState *call_state)
>> {
>> - return call_state->cancelled;
>> + return qatomic_read(&call_state->cancelled);
>> }
>> int block_copy_call_status(BlockCopyCallState *call_state, bool
>> *error_is_read)
>> {
>> - assert(call_state->finished);
>> + assert(qatomic_load_acquire(&call_state->finished));
>
> Hmm. Here qatomic_load_acquire protects nothing (assertion will crash if
> not yet finished anyway). So, caller is double sure that block-copy is
> finished.
>
> Also it's misleading: if we think that it do some protection, we are
> doing wrong thing: assertions may be simply compiled out, we can't rely
> on statements inside assert() to be executed.
>
> So, let's use simple qatomic_read here too.
Same applies here.
>
>> if (error_is_read) {
>> *error_is_read = call_state->error_is_read;
>> }
>> @@ -894,7 +897,7 @@ int block_copy_call_status(BlockCopyCallState
>> *call_state, bool *error_is_read)
>> void block_copy_call_cancel(BlockCopyCallState *call_state)
>> {
>> - call_state->cancelled = true;
>> + qatomic_set(&call_state->cancelled, true);
>> block_copy_kick(call_state);
>> }
>>
>
> Uhh :)
>
> Ok, that looks close too. Or in other words, I feel that I have good
> enough understanding of all the thread-safe logic that you have
> implemented :)
Good! :)
Emanuele
next prev parent reply other threads:[~2021-06-21 9:32 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 7:33 [PATCH v4 0/6] block-copy: protect block-copy internal structures Emanuele Giuseppe Esposito
2021-06-14 7:33 ` [PATCH v4 1/6] block-copy: small refactor in block_copy_task_entry and block_copy_common Emanuele Giuseppe Esposito
2021-06-19 14:33 ` Vladimir Sementsov-Ogievskiy
2021-06-14 7:33 ` [PATCH v4 2/6] block-copy: streamline choice of copy_range vs. read/write Emanuele Giuseppe Esposito
2021-06-19 15:05 ` Vladimir Sementsov-Ogievskiy
2021-06-19 18:23 ` Vladimir Sementsov-Ogievskiy
2021-06-14 7:33 ` [PATCH v4 3/6] block-copy: improve comments of BlockCopyTask and BlockCopyState types and functions Emanuele Giuseppe Esposito
2021-06-19 15:23 ` Vladimir Sementsov-Ogievskiy
2021-06-19 18:31 ` Vladimir Sementsov-Ogievskiy
2021-06-21 8:13 ` Emanuele Giuseppe Esposito
2021-06-22 9:20 ` Vladimir Sementsov-Ogievskiy
2021-06-21 7:59 ` Emanuele Giuseppe Esposito
2021-06-22 9:16 ` Vladimir Sementsov-Ogievskiy
2021-06-19 17:27 ` Vladimir Sementsov-Ogievskiy
2021-06-21 8:21 ` Emanuele Giuseppe Esposito
2021-06-19 18:53 ` Vladimir Sementsov-Ogievskiy
2021-06-21 8:28 ` Emanuele Giuseppe Esposito
2021-06-14 7:33 ` [PATCH v4 4/6] block-copy: move progress_set_remaining in block_copy_task_end Emanuele Giuseppe Esposito
2021-06-14 7:33 ` [PATCH v4 5/6] block-copy: add a CoMutex Emanuele Giuseppe Esposito
2021-06-19 19:34 ` Vladimir Sementsov-Ogievskiy
2021-06-14 7:33 ` [PATCH v4 6/6] block-copy: atomic .cancelled and .finished fields in BlockCopyCallState Emanuele Giuseppe Esposito
2021-06-19 20:06 ` Vladimir Sementsov-Ogievskiy
2021-06-21 9:30 ` Emanuele Giuseppe Esposito [this message]
2021-06-22 9:56 ` Vladimir Sementsov-Ogievskiy
2021-06-22 8:15 ` Paolo Bonzini
2021-06-22 9:36 ` Vladimir Sementsov-Ogievskiy
2021-06-22 10:20 ` Paolo Bonzini
2021-06-22 10:39 ` Vladimir Sementsov-Ogievskiy
2021-06-22 20:57 ` Emanuele Giuseppe Esposito
2021-06-23 10:06 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=215f6356-1b9a-3f3b-c35d-bf0b176ebd0f@redhat.com \
--to=eesposit@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).