On 21.08.20 17:50, Kevin Wolf wrote: > Am 25.06.2020 um 17:22 hat Max Reitz geschrieben: >> We have to perform an active commit whenever the top node has a parent >> that has taken the WRITE permission on it. >> >> Signed-off-by: Max Reitz >> Reviewed-by: Vladimir Sementsov-Ogievskiy >> --- >> blockdev.c | 24 +++++++++++++++++++++--- >> 1 file changed, 21 insertions(+), 3 deletions(-) >> >> diff --git a/blockdev.c b/blockdev.c >> index 402f1d1df1..237fffbe53 100644 >> --- a/blockdev.c >> +++ b/blockdev.c >> @@ -2589,6 +2589,7 @@ void qmp_block_commit(bool has_job_id, const char *job_id, const char *device, >> AioContext *aio_context; >> Error *local_err = NULL; >> int job_flags = JOB_DEFAULT; >> + uint64_t top_perm, top_shared; >> >> if (!has_speed) { >> speed = 0; >> @@ -2704,14 +2705,31 @@ void qmp_block_commit(bool has_job_id, const char *job_id, const char *device, >> goto out; >> } >> >> - if (top_bs == bs) { >> + /* >> + * Active commit is required if and only if someone has taken a >> + * WRITE permission on the top node. > > ...or if someone wants to take a WRITE permission while the job is > running. > > Future intentions of the user is something that we can't know, so maybe > this should become an option in the future (not in this series, of > course). > >> Historically, we have always >> + * used active commit for top nodes, so continue that practice. >> + * (Active commit is never really wrong.) >> + */ > > Changing the practice would break compatibility with clients that start > an active commit job and then attach it to a read-write device, so we > must continue the practice. I think the comment should be clearer about > this, it sounds more like "no reason, but why not". I think that’s what I meant by “historically”. Is “legacily” a word? But sure, I can make it more explicit. > This is even more problematic because the commit job doesn't unshare > BLK_PERM_WRITE yet, so it would lead to silent corruption rather than an > error. > >> + bdrv_get_cumulative_perm(top_bs, &top_perm, &top_shared); >> + if (top_perm & BLK_PERM_WRITE || >> + bdrv_skip_filters(top_bs) == bdrv_skip_filters(bs)) >> + { >> if (has_backing_file) { >> error_setg(errp, "'backing-file' specified," >> " but 'top' is the active layer"); > > Hm, this error message isn't accurate any more. > > In fact, the implementation isn't consistent with the QAPI documentation > any more, because backing-file is only an error for the top level. Hm. I wanted to agree, and then I wanted to come up with a QAPI documentation that fits the new behavior (because I think it makes more sense to change the QAPI documentation along with the behavior change, rather than to force us to allow backing-file for anything that isn’t on the top layer). But in the process of coming up with a better description, I noticed that this doesn’t say “is a root node”, it says “is the active layer”. I would say a node in the active layer is a node that has some parent that has taken a WRITE permission on it. So actually I think that the documentation is right, and this code only now fits. Though I do think this wants for some clarification. Perhaps “If 'top' is the active layer (i.e., is a node that may be written to), specifying a backing [...]”? There’s more wrong with the specification, namely the whole part under @backing-file past the “(Since 2.1)”, starting with “If top == base”. I think all of that should go to the top level. (And “If top == active” should be changed to “If top is active (i.e., may be written to)”.) Max