qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 00/36] block: update graph permissions update
@ 2021-03-17 14:34 Vladimir Sementsov-Ogievskiy
  2021-03-17 14:34 ` [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write Vladimir Sementsov-Ogievskiy
                   ` (38 more replies)
  0 siblings, 39 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Hi all!

Finally, I finished v3. Phew.

Missed a soft-freeze. Should we consider it a bugfix? There are bugfixes
here but they are mostly theoretical. So, up to Kevin, should it go to
current release or to the next..

The main point of the series is fixing some permission update problems
(see patches 01-03 as examples), that in turn makes possible more clean
inserting and removing of filters (see patch 26 where .active field is
dropped finally from backup-top filter, we don't need a workaround
anymore).

The series brings util/transactions.c (patch 10) and use of it in
block.c, which allows clean block graph change transactions, with
possibility of reverting all modifications (movement and removement of
children, changing aio context, changing permissions) in reverse order
on failure path.

The series also helps Alberto's "Allow changing bs->file on reopen"
which we want to merge prior dropping x- prefix from blockdev-reopen
command.

v3:
git: https://src.openvz.org/scm/~vsementsov/qemu.git
tag: up-block-topologic-perm-v3

01: move bdrv_ref(), add comment, add missed bdrv_unref(), update copyright msg
02: move bdrv_ref(), add comments, add assertions and missed bdrv_unref()
03: new
04: drop questionable comment, rebased
07: add r-bs
08: improve wording, add more comments
    refactor to use explicit Transaction structure type and typed list
    add note in MAINTAINERS
09: renamed, was "[PATCH v2 11/36] block: bdrv_refresh_perms: check parents compliance"
    function renamed to bdrv_parent_perms_conflict() (and return value is the opposite)
12: add Alberto's r-b
13: check outer condition in outer loop, add comments
17: rebased, fixup of another patch is moved out
18: avoid forward declaration
    keep old logic for error path in bdrv_attach_child_common()
20: rebased, now EINVAL should be first error in new bdrv_replace_node_noperm()
21: rebased, add comments, add missed call to bdrv_refresh_limits()
    new test append-greedy-filter(patch 03) becomes enabled here
22: was "[PATCH v2 24/36] block: add bdrv_remove_backing transaction action"
    Rewrite to support filter child
23: improve comment, add assertion, support removing file-child-based filters
24: rebased. It now effectively reverts 705dde27c6c53b73.
26: new
27: new
28: rewrite with more clean transaction actions (no nested transaction!) and closer to original logic
29: new, instead of worse "[PATCH v2 29/36] blockdev: qmp_x_blockdev_reopen: acquire all contexts"
30: remove unused fields (perm, shared_perm)
    keep "ret = -1" at top, set it to 0 before "goto cleanup"
    add comments
36: update error message, update comment

Vladimir Sementsov-Ogievskiy (36):
  tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
  tests/test-bdrv-graph-mod: add test_parallel_perm_update
  tests/test-bdrv-graph-mod: add test_append_greedy_filter
  block: bdrv_append(): don't consume reference
  block: BdrvChildClass: add .get_parent_aio_context handler
  block: drop ctx argument from bdrv_root_attach_child
  block: make bdrv_reopen_{prepare,commit,abort} private
  util: add transactions.c
  block: bdrv_refresh_perms: check for parents permissions conflict
  block: refactor bdrv_child* permission functions
  block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms()
  block: inline bdrv_child_*() permission functions calls
  block: use topological sort for permission update
  block: add bdrv_drv_set_perm transaction action
  block: add bdrv_list_* permission update functions
  block: add bdrv_replace_child_safe() transaction action
  block: fix bdrv_replace_node_common
  block: add bdrv_attach_child_common() transaction action
  block: add bdrv_attach_child_noperm() transaction action
  block: split out bdrv_replace_node_noperm()
  block: adapt bdrv_append() for inserting filters
  block: add bdrv_remove_filter_or_cow transaction action
  block: introduce bdrv_drop_filter()
  block/backup-top: drop .active
  block: drop ignore_children for permission update functions
  block: make bdrv_unset_inherits_from to be a transaction action
  block: make bdrv_refresh_limits() to be a transaction action
  block: add bdrv_set_backing_noperm() transaction action
  block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare
  block: bdrv_reopen_multiple: refresh permissions on updated graph
  block: drop unused permission update functions
  block: inline bdrv_check_perm_common()
  block: inline bdrv_replace_child()
  block: refactor bdrv_child_set_perm_safe() transaction action
  block: rename bdrv_replace_child_safe() to bdrv_replace_child()
  block: refactor bdrv_node_check_perm()

 include/block/block.h            |   13 +-
 include/block/block_int.h        |    8 +-
 include/qemu/transactions.h      |   63 ++
 block.c                          | 1322 ++++++++++++++++++------------
 block/backup-top.c               |   48 +-
 block/block-backend.c            |   13 +-
 block/commit.c                   |    1 +
 block/file-posix.c               |   91 +-
 block/io.c                       |   31 +-
 block/mirror.c                   |    3 -
 blockdev.c                       |    4 -
 blockjob.c                       |   11 +-
 tests/unit/test-bdrv-drain.c     |    2 +-
 tests/unit/test-bdrv-graph-mod.c |  208 ++++-
 util/transactions.c              |   96 +++
 MAINTAINERS                      |    6 +
 tests/qemu-iotests/245           |    2 +-
 tests/qemu-iotests/283.out       |    2 +-
 util/meson.build                 |    1 +
 19 files changed, 1252 insertions(+), 673 deletions(-)
 create mode 100644 include/qemu/transactions.h
 create mode 100644 util/transactions.c

-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:34 ` Vladimir Sementsov-Ogievskiy
  2021-04-23 12:25   ` Kevin Wolf
  2021-03-17 14:34 ` [PATCH v3 02/36] tests/test-bdrv-graph-mod: add test_parallel_perm_update Vladimir Sementsov-Ogievskiy
                   ` (37 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Add the test that shows that concept of ignore_children is incomplete.
Actually, when we want to update something, ignoring permission of some
existing BdrvChild, we should ignore also the propagated effect of this
child to the other children. But that's not done. Better approach
(update permissions on already updated graph) will be implemented
later.

Now the test fails, so it's added with -d argument to not break make
check.

Test fails with

 "Conflicts with use by fl1 as 'backing', which does not allow 'write' on base"

because when updating permissions we can ignore original top->fl1
BdrvChild. But we don't ignore exclusive write permission in fl1->base
BdrvChild, which is propagated. Correct thing to do is make graph
change first and then do permission update from the top node.

To run test do

  ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/parallel-exclusive-write

from <build-directory>/tests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 tests/unit/test-bdrv-graph-mod.c | 70 +++++++++++++++++++++++++++++++-
 1 file changed, 69 insertions(+), 1 deletion(-)

diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index c4f7d16039..4e4e83674a 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -1,7 +1,7 @@
 /*
  * Block node graph modifications tests
  *
- * Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
+ * Copyright (c) 2019-2021 Virtuozzo International GmbH. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -44,6 +44,21 @@ static BlockDriver bdrv_no_perm = {
     .bdrv_child_perm = no_perm_default_perms,
 };
 
+static void exclusive_write_perms(BlockDriverState *bs, BdrvChild *c,
+                                  BdrvChildRole role,
+                                  BlockReopenQueue *reopen_queue,
+                                  uint64_t perm, uint64_t shared,
+                                  uint64_t *nperm, uint64_t *nshared)
+{
+    *nperm = BLK_PERM_WRITE;
+    *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE;
+}
+
+static BlockDriver bdrv_exclusive_writer = {
+    .format_name = "exclusive-writer",
+    .bdrv_child_perm = exclusive_write_perms,
+};
+
 static BlockDriverState *no_perm_node(const char *name)
 {
     return bdrv_new_open_driver(&bdrv_no_perm, name, BDRV_O_RDWR, &error_abort);
@@ -55,6 +70,12 @@ static BlockDriverState *pass_through_node(const char *name)
                                 BDRV_O_RDWR, &error_abort);
 }
 
+static BlockDriverState *exclusive_writer_node(const char *name)
+{
+    return bdrv_new_open_driver(&bdrv_exclusive_writer, name,
+                                BDRV_O_RDWR, &error_abort);
+}
+
 /*
  * test_update_perm_tree
  *
@@ -185,8 +206,50 @@ static void test_should_update_child(void)
     blk_unref(root);
 }
 
+/*
+ * test_parallel_exclusive_write
+ *
+ * Check that when we replace node, old permissions of the node being removed
+ * doesn't break the replacement.
+ */
+static void test_parallel_exclusive_write(void)
+{
+    BlockDriverState *top = exclusive_writer_node("top");
+    BlockDriverState *base = no_perm_node("base");
+    BlockDriverState *fl1 = pass_through_node("fl1");
+    BlockDriverState *fl2 = pass_through_node("fl2");
+
+    /*
+     * bdrv_attach_child() eats child bs reference, so we need two @base
+     * references for two filters:
+     */
+    bdrv_ref(base);
+
+    bdrv_attach_child(top, fl1, "backing", &child_of_bds, BDRV_CHILD_DATA,
+                      &error_abort);
+    bdrv_attach_child(fl1, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
+                      &error_abort);
+    bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
+                      &error_abort);
+
+    bdrv_replace_node(fl1, fl2, &error_abort);
+
+    bdrv_unref(fl2); /* second reference was created by bdrv_replace_node() */
+    bdrv_unref(top);
+}
+
 int main(int argc, char *argv[])
 {
+    int i;
+    bool debug = false;
+
+    for (i = 1; i < argc; i++) {
+        if (!strcmp(argv[i], "-d")) {
+            debug = true;
+            break;
+        }
+    }
+
     bdrv_init();
     qemu_init_main_loop(&error_abort);
 
@@ -196,5 +259,10 @@ int main(int argc, char *argv[])
     g_test_add_func("/bdrv-graph-mod/should-update-child",
                     test_should_update_child);
 
+    if (debug) {
+        g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write",
+                        test_parallel_exclusive_write);
+    }
+
     return g_test_run();
 }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 02/36] tests/test-bdrv-graph-mod: add test_parallel_perm_update
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
  2021-03-17 14:34 ` [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:34 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:34 ` [PATCH v3 03/36] tests/test-bdrv-graph-mod: add test_append_greedy_filter Vladimir Sementsov-Ogievskiy
                   ` (36 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Add test to show that simple DFS recursion order is not correct for
permission update. Correct order is topological-sort order, which will
be introduced later.

Consider the block driver which has two filter children: one active
with exclusive write access and one inactive with no specific
permissions.

And, these two children has a common base child, like this:

┌─────┐     ┌──────┐
│ fl2 │ ◀── │ top  │
└─────┘     └──────┘
  │           │
  │           │ w
  │           ▼
  │         ┌──────┐
  │         │ fl1  │
  │         └──────┘
  │           │
  │           │ w
  │           ▼
  │         ┌──────┐
  └───────▶ │ base │
            └──────┘

So, exclusive write is propagated.

Assume, we want to make fl2 active instead of fl1.
So, we set some option for top driver and do permission update.

If permission update (remember, it's DFS) goes first through
top->fl1->base branch it will succeed: it firstly drop exclusive write
permissions and than apply them for another BdrvChildren.
But if permission update goes first through top->fl2->base branch it
will fail, as when we try to update fl2->base child, old not yet
updated fl1->base child will be in conflict.

Now test fails, so it runs only with -d flag. To run do

  ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/parallel-perm-update

from <build-directory>/tests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 tests/unit/test-bdrv-graph-mod.c | 116 +++++++++++++++++++++++++++++++
 1 file changed, 116 insertions(+)

diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index 4e4e83674a..3b3bba1ee3 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -238,6 +238,120 @@ static void test_parallel_exclusive_write(void)
     bdrv_unref(top);
 }
 
+static void write_to_file_perms(BlockDriverState *bs, BdrvChild *c,
+                                     BdrvChildRole role,
+                                     BlockReopenQueue *reopen_queue,
+                                     uint64_t perm, uint64_t shared,
+                                     uint64_t *nperm, uint64_t *nshared)
+{
+    if (bs->file && c == bs->file) {
+        *nperm = BLK_PERM_WRITE;
+        *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE;
+    } else {
+        *nperm = 0;
+        *nshared = BLK_PERM_ALL;
+    }
+}
+
+static BlockDriver bdrv_write_to_file = {
+    .format_name = "tricky-perm",
+    .bdrv_child_perm = write_to_file_perms,
+};
+
+
+/*
+ * The following test shows that topological-sort order is required for
+ * permission update, simple DFS is not enough.
+ *
+ * Consider the block driver which has two filter children: one active
+ * with exclusive write access and one inactive with no specific
+ * permissions.
+ *
+ * And, these two children has a common base child, like this:
+ *
+ * ┌─────┐     ┌──────┐
+ * │ fl2 │ ◀── │ top  │
+ * └─────┘     └──────┘
+ *   │           │
+ *   │           │ w
+ *   │           ▼
+ *   │         ┌──────┐
+ *   │         │ fl1  │
+ *   │         └──────┘
+ *   │           │
+ *   │           │ w
+ *   │           ▼
+ *   │         ┌──────┐
+ *   └───────▶ │ base │
+ *             └──────┘
+ *
+ * So, exclusive write is propagated.
+ *
+ * Assume, we want to make fl2 active instead of fl1.
+ * So, we set some option for top driver and do permission update.
+ *
+ * With simple DFS, if permission update goes first through
+ * top->fl1->base branch it will succeed: it firstly drop exclusive write
+ * permissions and than apply them for another BdrvChildren.
+ * But if permission update goes first through top->fl2->base branch it
+ * will fail, as when we try to update fl2->base child, old not yet
+ * updated fl1->base child will be in conflict.
+ *
+ * With topological-sort order we always update parents before children, so fl1
+ * and fl2 are both updated when we update base and there is no conflict.
+ */
+static void test_parallel_perm_update(void)
+{
+    BlockDriverState *top = no_perm_node("top");
+    BlockDriverState *tricky =
+            bdrv_new_open_driver(&bdrv_write_to_file, "tricky", BDRV_O_RDWR,
+                                 &error_abort);
+    BlockDriverState *base = no_perm_node("base");
+    BlockDriverState *fl1 = pass_through_node("fl1");
+    BlockDriverState *fl2 = pass_through_node("fl2");
+    BdrvChild *c_fl1, *c_fl2;
+
+    /*
+     * bdrv_attach_child() eats child bs reference, so we need two @base
+     * references for two filters:
+     */
+    bdrv_ref(base);
+
+    bdrv_attach_child(top, tricky, "file", &child_of_bds, BDRV_CHILD_DATA,
+                      &error_abort);
+    c_fl1 = bdrv_attach_child(tricky, fl1, "first", &child_of_bds,
+                              BDRV_CHILD_FILTERED, &error_abort);
+    c_fl2 = bdrv_attach_child(tricky, fl2, "second", &child_of_bds,
+                              BDRV_CHILD_FILTERED, &error_abort);
+    bdrv_attach_child(fl1, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
+                      &error_abort);
+    bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
+                      &error_abort);
+
+    /* Select fl1 as first child to be active */
+    tricky->file = c_fl1;
+    bdrv_child_refresh_perms(top, top->children.lh_first, &error_abort);
+
+    assert(c_fl1->perm & BLK_PERM_WRITE);
+    assert(!(c_fl2->perm & BLK_PERM_WRITE));
+
+    /* Now, try to switch active child and update permissions */
+    tricky->file = c_fl2;
+    bdrv_child_refresh_perms(top, top->children.lh_first, &error_abort);
+
+    assert(c_fl2->perm & BLK_PERM_WRITE);
+    assert(!(c_fl1->perm & BLK_PERM_WRITE));
+
+    /* Switch once more, to not care about real child order in the list */
+    tricky->file = c_fl1;
+    bdrv_child_refresh_perms(top, top->children.lh_first, &error_abort);
+
+    assert(c_fl1->perm & BLK_PERM_WRITE);
+    assert(!(c_fl2->perm & BLK_PERM_WRITE));
+
+    bdrv_unref(top);
+}
+
 int main(int argc, char *argv[])
 {
     int i;
@@ -262,6 +376,8 @@ int main(int argc, char *argv[])
     if (debug) {
         g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write",
                         test_parallel_exclusive_write);
+        g_test_add_func("/bdrv-graph-mod/parallel-perm-update",
+                        test_parallel_perm_update);
     }
 
     return g_test_run();
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 03/36] tests/test-bdrv-graph-mod: add test_append_greedy_filter
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
  2021-03-17 14:34 ` [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write Vladimir Sementsov-Ogievskiy
  2021-03-17 14:34 ` [PATCH v3 02/36] tests/test-bdrv-graph-mod: add test_parallel_perm_update Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:34 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:34 ` [PATCH v3 04/36] block: bdrv_append(): don't consume reference Vladimir Sementsov-Ogievskiy
                   ` (35 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

bdrv_append() is not quite good for inserting filters: it does extra
permission update in intermediate state, where filter get it filtered
child but is not yet replace it in a backing chain.

Some filters (for example backup-top) may want permissions even when
have no parents. And described intermediate state becomes invalid.

That's (half a) reason, why we need "inactive" state for backup-top
filter.

bdrv_append() will be improved later, now let's add a unit test.

Now test fails, so it runs only with -d flag. To run do

  ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/append-greedy-filter

from <build-directory>/tests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 tests/unit/test-bdrv-graph-mod.c | 33 ++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index 3b3bba1ee3..65c69b23f7 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -352,6 +352,37 @@ static void test_parallel_perm_update(void)
     bdrv_unref(top);
 }
 
+/*
+ * It's possible that filter required permissions allows to insert it to backing
+ * chain, like:
+ *
+ *  1.  [top] -> [filter] -> [base]
+ *
+ * but doesn't allow to add it as a branch:
+ *
+ *  2.  [filter] --\
+ *                 v
+ *      [top] -> [base]
+ *
+ * So, inserting such filter should do all graph modifications and only then
+ * update permissions. If we try to go through intermediate state [2] and update
+ * permissions on it we'll fail.
+ *
+ * Let's check that bdrv_append() can append such a filter.
+ */
+static void test_append_greedy_filter(void)
+{
+    BlockDriverState *top = exclusive_writer_node("top");
+    BlockDriverState *base = no_perm_node("base");
+    BlockDriverState *fl = exclusive_writer_node("fl1");
+
+    bdrv_attach_child(top, base, "backing", &child_of_bds, BDRV_CHILD_COW,
+                      &error_abort);
+
+    bdrv_append(fl, base, &error_abort);
+    bdrv_unref(top);
+}
+
 int main(int argc, char *argv[])
 {
     int i;
@@ -378,6 +409,8 @@ int main(int argc, char *argv[])
                         test_parallel_exclusive_write);
         g_test_add_func("/bdrv-graph-mod/parallel-perm-update",
                         test_parallel_perm_update);
+        g_test_add_func("/bdrv-graph-mod/append-greedy-filter",
+                        test_append_greedy_filter);
     }
 
     return g_test_run();
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 04/36] block: bdrv_append(): don't consume reference
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (2 preceding siblings ...)
  2021-03-17 14:34 ` [PATCH v3 03/36] tests/test-bdrv-graph-mod: add test_append_greedy_filter Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:34 ` Vladimir Sementsov-Ogievskiy
  2021-04-07 17:46   ` Alberto Garcia
  2021-04-23 14:11   ` Kevin Wolf
  2021-03-17 14:34 ` [PATCH v3 05/36] block: BdrvChildClass: add .get_parent_aio_context handler Vladimir Sementsov-Ogievskiy
                   ` (34 subsequent siblings)
  38 siblings, 2 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

We have too much comments for this feature. It seems better just don't
do it. Most of real users (tests don't count) have to create additional
reference.

Drop also comment in external_snapshot_prepare:
 - bdrv_append doesn't "remove" old bs in common sense, it sounds
   strange
 - the fact that bdrv_append can fail is obvious from the context
 - the fact that we must rollback all changes in transaction abort is
   known (it's the direct role of abort)

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c                          | 25 +++----------------------
 block/backup-top.c               |  1 -
 block/commit.c                   |  1 +
 block/mirror.c                   |  3 ---
 blockdev.c                       |  4 ----
 tests/unit/test-bdrv-drain.c     |  2 +-
 tests/unit/test-bdrv-graph-mod.c |  2 ++
 7 files changed, 7 insertions(+), 31 deletions(-)

diff --git a/block.c b/block.c
index f377158c42..297a4f7018 100644
--- a/block.c
+++ b/block.c
@@ -3179,11 +3179,6 @@ static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
         goto out;
     }
 
-    /* bdrv_append() consumes a strong reference to bs_snapshot
-     * (i.e. it will call bdrv_unref() on it) even on error, so in
-     * order to be able to return one, we have to increase
-     * bs_snapshot's refcount here */
-    bdrv_ref(bs_snapshot);
     ret = bdrv_append(bs_snapshot, bs, errp);
     if (ret < 0) {
         bs_snapshot = NULL;
@@ -4645,36 +4640,22 @@ int bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
  * bs_new must not be attached to a BlockBackend.
  *
  * This function does not create any image files.
- *
- * bdrv_append() takes ownership of a bs_new reference and unrefs it because
- * that's what the callers commonly need. bs_new will be referenced by the old
- * parents of bs_top after bdrv_append() returns. If the caller needs to keep a
- * reference of its own, it must call bdrv_ref().
  */
 int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
                 Error **errp)
 {
     int ret = bdrv_set_backing_hd(bs_new, bs_top, errp);
     if (ret < 0) {
-        goto out;
+        return ret;
     }
 
     ret = bdrv_replace_node(bs_top, bs_new, errp);
     if (ret < 0) {
         bdrv_set_backing_hd(bs_new, NULL, &error_abort);
-        goto out;
+        return ret;
     }
 
-    ret = 0;
-
-out:
-    /*
-     * bs_new is now referenced by its new parents, we don't need the
-     * additional reference any more.
-     */
-    bdrv_unref(bs_new);
-
-    return ret;
+    return 0;
 }
 
 static void bdrv_delete(BlockDriverState *bs)
diff --git a/block/backup-top.c b/block/backup-top.c
index 589e8b651d..62d09f213e 100644
--- a/block/backup-top.c
+++ b/block/backup-top.c
@@ -234,7 +234,6 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
 
     bdrv_drained_begin(source);
 
-    bdrv_ref(top);
     ret = bdrv_append(top, source, errp);
     if (ret < 0) {
         error_prepend(errp, "Cannot append backup-top filter: ");
diff --git a/block/commit.c b/block/commit.c
index dd9ba87349..b89bb20b75 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -312,6 +312,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
     commit_top_bs->total_sectors = top->total_sectors;
 
     ret = bdrv_append(commit_top_bs, top, errp);
+    bdrv_unref(commit_top_bs); /* referenced by new parents or failed */
     if (ret < 0) {
         commit_top_bs = NULL;
         goto fail;
diff --git a/block/mirror.c b/block/mirror.c
index 6af02a57c4..a2a33267e5 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1613,9 +1613,6 @@ static BlockJob *mirror_start_job(
     bs_opaque = g_new0(MirrorBDSOpaque, 1);
     mirror_top_bs->opaque = bs_opaque;
 
-    /* bdrv_append takes ownership of the mirror_top_bs reference, need to keep
-     * it alive until block_job_create() succeeds even if bs has no parent. */
-    bdrv_ref(mirror_top_bs);
     bdrv_drained_begin(bs);
     ret = bdrv_append(mirror_top_bs, bs, errp);
     bdrv_drained_end(bs);
diff --git a/blockdev.c b/blockdev.c
index 5cc7c7effe..825d40aa11 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1587,10 +1587,6 @@ static void external_snapshot_prepare(BlkActionState *common,
         goto out;
     }
 
-    /* This removes our old bs and adds the new bs. This is an operation that
-     * can fail, so we need to do it in .prepare; undoing it for abort is
-     * always possible. */
-    bdrv_ref(state->new_bs);
     ret = bdrv_append(state->new_bs, state->old_bs, errp);
     if (ret < 0) {
         goto out;
diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c
index 8a29e33e00..892f7f47d8 100644
--- a/tests/unit/test-bdrv-drain.c
+++ b/tests/unit/test-bdrv-drain.c
@@ -1478,7 +1478,6 @@ static void test_append_to_drained(void)
     g_assert_cmpint(base_s->drain_count, ==, 1);
     g_assert_cmpint(base->in_flight, ==, 0);
 
-    /* Takes ownership of overlay, so we don't have to unref it later */
     bdrv_append(overlay, base, &error_abort);
     g_assert_cmpint(base->in_flight, ==, 0);
     g_assert_cmpint(overlay->in_flight, ==, 0);
@@ -1495,6 +1494,7 @@ static void test_append_to_drained(void)
     g_assert_cmpint(overlay->quiesce_counter, ==, 0);
     g_assert_cmpint(overlay_s->drain_count, ==, 0);
 
+    bdrv_unref(overlay);
     bdrv_unref(base);
     blk_unref(blk);
 }
diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index 65c69b23f7..8188ddd84c 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -138,6 +138,7 @@ static void test_update_perm_tree(void)
     ret = bdrv_append(filter, bs, NULL);
     g_assert_cmpint(ret, <, 0);
 
+    bdrv_unref(filter);
     blk_unref(root);
 }
 
@@ -202,6 +203,7 @@ static void test_should_update_child(void)
     bdrv_append(filter, bs, &error_abort);
     g_assert(target->backing->bs == bs);
 
+    bdrv_unref(filter);
     bdrv_unref(bs);
     blk_unref(root);
 }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 05/36] block: BdrvChildClass: add .get_parent_aio_context handler
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (3 preceding siblings ...)
  2021-03-17 14:34 ` [PATCH v3 04/36] block: bdrv_append(): don't consume reference Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:34 ` Vladimir Sementsov-Ogievskiy
  2021-04-12 15:06   ` Alberto Garcia
  2021-03-17 14:34 ` [PATCH v3 06/36] block: drop ctx argument from bdrv_root_attach_child Vladimir Sementsov-Ogievskiy
                   ` (33 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Add new handler to get aio context and implement it in all child
classes. Add corresponding public interface to be used soon.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/block/block.h     |  2 ++
 include/block/block_int.h |  2 ++
 block.c                   | 13 +++++++++++++
 block/block-backend.c     |  9 +++++++++
 blockjob.c                |  8 ++++++++
 5 files changed, 34 insertions(+)

diff --git a/include/block/block.h b/include/block/block.h
index b3f6e509d4..54279baa95 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -702,6 +702,8 @@ bool bdrv_child_can_set_aio_context(BdrvChild *c, AioContext *ctx,
                                     GSList **ignore, Error **errp);
 bool bdrv_can_set_aio_context(BlockDriverState *bs, AioContext *ctx,
                               GSList **ignore, Error **errp);
+AioContext *bdrv_child_get_parent_aio_context(BdrvChild *c);
+
 int bdrv_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz);
 int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo);
 
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 88e4111939..737ec632c4 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -789,6 +789,8 @@ struct BdrvChildClass {
     bool (*can_set_aio_ctx)(BdrvChild *child, AioContext *ctx,
                             GSList **ignore, Error **errp);
     void (*set_aio_ctx)(BdrvChild *child, AioContext *ctx, GSList **ignore);
+
+    AioContext *(*get_parent_aio_context)(BdrvChild *child);
 };
 
 extern const BdrvChildClass child_of_bds;
diff --git a/block.c b/block.c
index 297a4f7018..2c80fc1639 100644
--- a/block.c
+++ b/block.c
@@ -1360,6 +1360,13 @@ static int bdrv_child_cb_update_filename(BdrvChild *c, BlockDriverState *base,
     return 0;
 }
 
+static AioContext *bdrv_child_cb_get_parent_aio_context(BdrvChild *c)
+{
+    BlockDriverState *bs = c->opaque;
+
+    return bdrv_get_aio_context(bs);
+}
+
 const BdrvChildClass child_of_bds = {
     .parent_is_bds   = true,
     .get_parent_desc = bdrv_child_get_parent_desc,
@@ -1373,8 +1380,14 @@ const BdrvChildClass child_of_bds = {
     .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
     .set_aio_ctx     = bdrv_child_cb_set_aio_ctx,
     .update_filename = bdrv_child_cb_update_filename,
+    .get_parent_aio_context = bdrv_child_cb_get_parent_aio_context,
 };
 
+AioContext *bdrv_child_get_parent_aio_context(BdrvChild *c)
+{
+    return c->klass->get_parent_aio_context(c);
+}
+
 static int bdrv_open_flags(BlockDriverState *bs, int flags)
 {
     int open_flags = flags;
diff --git a/block/block-backend.c b/block/block-backend.c
index 413af51f3b..3f656ef361 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -298,6 +298,13 @@ static void blk_root_detach(BdrvChild *child)
     }
 }
 
+static AioContext *blk_root_get_parent_aio_context(BdrvChild *c)
+{
+    BlockBackend *blk = c->opaque;
+
+    return blk_get_aio_context(blk);
+}
+
 static const BdrvChildClass child_root = {
     .inherit_options    = blk_root_inherit_options,
 
@@ -318,6 +325,8 @@ static const BdrvChildClass child_root = {
 
     .can_set_aio_ctx    = blk_root_can_set_aio_ctx,
     .set_aio_ctx        = blk_root_set_aio_ctx,
+
+    .get_parent_aio_context = blk_root_get_parent_aio_context,
 };
 
 /*
diff --git a/blockjob.c b/blockjob.c
index 207e8c7fd9..160bf38b19 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -163,6 +163,13 @@ static void child_job_set_aio_ctx(BdrvChild *c, AioContext *ctx,
     job->job.aio_context = ctx;
 }
 
+static AioContext *child_job_get_parent_aio_context(BdrvChild *c)
+{
+    BlockJob *job = c->opaque;
+
+    return job->job.aio_context;
+}
+
 static const BdrvChildClass child_job = {
     .get_parent_desc    = child_job_get_parent_desc,
     .drained_begin      = child_job_drained_begin,
@@ -171,6 +178,7 @@ static const BdrvChildClass child_job = {
     .can_set_aio_ctx    = child_job_can_set_aio_ctx,
     .set_aio_ctx        = child_job_set_aio_ctx,
     .stay_at_node       = true,
+    .get_parent_aio_context = child_job_get_parent_aio_context,
 };
 
 void block_job_remove_all_bdrv(BlockJob *job)
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 06/36] block: drop ctx argument from bdrv_root_attach_child
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (4 preceding siblings ...)
  2021-03-17 14:34 ` [PATCH v3 05/36] block: BdrvChildClass: add .get_parent_aio_context handler Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:34 ` Vladimir Sementsov-Ogievskiy
  2021-04-12 14:23   ` Alberto Garcia
  2021-03-17 14:35 ` [PATCH v3 07/36] block: make bdrv_reopen_{prepare, commit, abort} private Vladimir Sementsov-Ogievskiy via
                   ` (32 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:34 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Passing parent aio context is redundant, as child_class and parent
opaque pointer are enough to retrieve it. Drop the argument and use new
bdrv_child_get_parent_aio_context() interface.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/block/block_int.h | 1 -
 block.c                   | 8 +++++---
 block/block-backend.c     | 4 ++--
 blockjob.c                | 3 +--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/block/block_int.h b/include/block/block_int.h
index 737ec632c4..dd2de6bd1d 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -1308,7 +1308,6 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
                                   const char *child_name,
                                   const BdrvChildClass *child_class,
                                   BdrvChildRole child_role,
-                                  AioContext *ctx,
                                   uint64_t perm, uint64_t shared_perm,
                                   void *opaque, Error **errp);
 void bdrv_root_unref_child(BdrvChild *child);
diff --git a/block.c b/block.c
index 2c80fc1639..61703027ec 100644
--- a/block.c
+++ b/block.c
@@ -2666,13 +2666,13 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
                                   const char *child_name,
                                   const BdrvChildClass *child_class,
                                   BdrvChildRole child_role,
-                                  AioContext *ctx,
                                   uint64_t perm, uint64_t shared_perm,
                                   void *opaque, Error **errp)
 {
     BdrvChild *child;
     Error *local_err = NULL;
     int ret;
+    AioContext *ctx;
 
     ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
     if (ret < 0) {
@@ -2692,6 +2692,8 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
         .opaque         = opaque,
     };
 
+    ctx = bdrv_child_get_parent_aio_context(child);
+
     /* If the AioContexts don't match, first try to move the subtree of
      * child_bs into the AioContext of the new parent. If this doesn't work,
      * try moving the parent into the AioContext of child_bs instead. */
@@ -2752,8 +2754,8 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
                     perm, shared_perm, &perm, &shared_perm);
 
     child = bdrv_root_attach_child(child_bs, child_name, child_class,
-                                   child_role, bdrv_get_aio_context(parent_bs),
-                                   perm, shared_perm, parent_bs, errp);
+                                   child_role, perm, shared_perm, parent_bs,
+                                   errp);
     if (child == NULL) {
         return NULL;
     }
diff --git a/block/block-backend.c b/block/block-backend.c
index 3f656ef361..e4892fd6a5 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -435,7 +435,7 @@ BlockBackend *blk_new_open(const char *filename, const char *reference,
 
     blk->root = bdrv_root_attach_child(bs, "root", &child_root,
                                        BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
-                                       blk->ctx, perm, BLK_PERM_ALL, blk, errp);
+                                       perm, BLK_PERM_ALL, blk, errp);
     if (!blk->root) {
         blk_unref(blk);
         return NULL;
@@ -849,7 +849,7 @@ int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp)
     bdrv_ref(bs);
     blk->root = bdrv_root_attach_child(bs, "root", &child_root,
                                        BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
-                                       blk->ctx, blk->perm, blk->shared_perm,
+                                       blk->perm, blk->shared_perm,
                                        blk, errp);
     if (blk->root == NULL) {
         return -EPERM;
diff --git a/blockjob.c b/blockjob.c
index 160bf38b19..2fe1d788ba 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -229,8 +229,7 @@ int block_job_add_bdrv(BlockJob *job, const char *name, BlockDriverState *bs,
     if (need_context_ops && job->job.aio_context != qemu_get_aio_context()) {
         aio_context_release(job->job.aio_context);
     }
-    c = bdrv_root_attach_child(bs, name, &child_job, 0,
-                               job->job.aio_context, perm, shared_perm, job,
+    c = bdrv_root_attach_child(bs, name, &child_job, 0, perm, shared_perm, job,
                                errp);
     if (need_context_ops && job->job.aio_context != qemu_get_aio_context()) {
         aio_context_acquire(job->job.aio_context);
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 07/36] block: make bdrv_reopen_{prepare, commit, abort} private
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (5 preceding siblings ...)
  2021-03-17 14:34 ` [PATCH v3 06/36] block: drop ctx argument from bdrv_root_attach_child Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy via
  2021-03-17 14:35 ` [PATCH v3 08/36] util: add transactions.c Vladimir Sementsov-Ogievskiy
                   ` (31 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy via @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz,
	kwolf, Alberto Garcia

These functions are called only from bdrv_reopen_multiple() in block.c.
No reason to publish them.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
---
 include/block/block.h |  4 ----
 block.c               | 13 +++++++++----
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index 54279baa95..16e496a5c4 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -387,10 +387,6 @@ BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp);
 int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
                               Error **errp);
-int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
-                        BlockReopenQueue *queue, Error **errp);
-void bdrv_reopen_commit(BDRVReopenState *reopen_state);
-void bdrv_reopen_abort(BDRVReopenState *reopen_state);
 int bdrv_pwrite_zeroes(BdrvChild *child, int64_t offset,
                        int64_t bytes, BdrvRequestFlags flags);
 int bdrv_make_zero(BdrvChild *child, BdrvRequestFlags flags);
diff --git a/block.c b/block.c
index 61703027ec..b951ecb5db 100644
--- a/block.c
+++ b/block.c
@@ -82,6 +82,11 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
                                            BdrvChildRole child_role,
                                            Error **errp);
 
+static int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue
+                               *queue, Error **errp);
+static void bdrv_reopen_commit(BDRVReopenState *reopen_state);
+static void bdrv_reopen_abort(BDRVReopenState *reopen_state);
+
 /* If non-zero, use only whitelisted block drivers */
 static int use_bdrv_whitelist;
 
@@ -4119,8 +4124,8 @@ static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
  * commit() for any other BDS that have been left in a prepare() state
  *
  */
-int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
-                        Error **errp)
+static int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
+                               BlockReopenQueue *queue, Error **errp)
 {
     int ret = -1;
     int old_flags;
@@ -4335,7 +4340,7 @@ error:
  * makes them final by swapping the staging BlockDriverState contents into
  * the active BlockDriverState contents.
  */
-void bdrv_reopen_commit(BDRVReopenState *reopen_state)
+static void bdrv_reopen_commit(BDRVReopenState *reopen_state)
 {
     BlockDriver *drv;
     BlockDriverState *bs;
@@ -4395,7 +4400,7 @@ void bdrv_reopen_commit(BDRVReopenState *reopen_state)
  * Abort the reopen, and delete and free the staged changes in
  * reopen_state
  */
-void bdrv_reopen_abort(BDRVReopenState *reopen_state)
+static void bdrv_reopen_abort(BDRVReopenState *reopen_state)
 {
     BlockDriver *drv;
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 08/36] util: add transactions.c
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (6 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 07/36] block: make bdrv_reopen_{prepare, commit, abort} private Vladimir Sementsov-Ogievskiy via
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-04-23 14:43   ` Kevin Wolf
  2021-03-17 14:35 ` [PATCH v3 09/36] block: bdrv_refresh_perms: check for parents permissions conflict Vladimir Sementsov-Ogievskiy
                   ` (30 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Add simple transaction API to use in further update of block graph
operations.

Supposed usage is:

- "prepare" is main function of the action and it should make the main
  effect of the action to be visible for the following actions, keeping
  possibility of roll-back, saving necessary things in action state,
  which is prepended to the action list (to do that, prepare func
  should call tran_add()). So, driver struct doesn't include "prepare"
  field, as it is supposed to be called directly.

- commit/rollback is supposed to be called for the list of action
  states, to commit/rollback all the actions in reverse order

- When possible "commit" should not make visible effect for other
  actions, which make possible transparent logical interaction between
  actions.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/qemu/transactions.h | 63 ++++++++++++++++++++++++
 util/transactions.c         | 96 +++++++++++++++++++++++++++++++++++++
 MAINTAINERS                 |  6 +++
 util/meson.build            |  1 +
 4 files changed, 166 insertions(+)
 create mode 100644 include/qemu/transactions.h
 create mode 100644 util/transactions.c

diff --git a/include/qemu/transactions.h b/include/qemu/transactions.h
new file mode 100644
index 0000000000..e7add9637f
--- /dev/null
+++ b/include/qemu/transactions.h
@@ -0,0 +1,63 @@
+/*
+ * Simple transactions API
+ *
+ * Copyright (c) 2021 Virtuozzo International GmbH.
+ *
+ * Author:
+ *  Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * = Generic transaction API =
+ *
+ * The intended usage is the following: you create "prepare" functions, which
+ * represents the actions. They will usually have Transaction* argument, and
+ * call tran_add() to register finalization callbacks. For finalization
+ * callbacks, prepare corresponding TransactionActionDrv structures.
+ *
+ * Than, when you need to make a transaction, create an empty Transaction by
+ * tran_create(), call your "prepare" functions on it, and finally call
+ * tran_abort() or tran_commit() to finalize the transaction by corresponding
+ * finalization actions in reverse order.
+ */
+
+#ifndef QEMU_TRANSACTIONS_H
+#define QEMU_TRANSACTIONS_H
+
+#include <gmodule.h>
+
+typedef struct TransactionActionDrv {
+    void (*abort)(void *opaque);
+    void (*commit)(void *opaque);
+    void (*clean)(void *opaque);
+} TransactionActionDrv;
+
+typedef struct Transaction Transaction;
+
+Transaction *tran_new(void);
+void tran_add(Transaction *tran, TransactionActionDrv *drv, void *opaque);
+void tran_abort(Transaction *tran);
+void tran_commit(Transaction *tran);
+
+static inline void tran_finalize(Transaction *tran, int ret)
+{
+    if (ret < 0) {
+        tran_abort(tran);
+    } else {
+        tran_commit(tran);
+    }
+}
+
+#endif /* QEMU_TRANSACTIONS_H */
diff --git a/util/transactions.c b/util/transactions.c
new file mode 100644
index 0000000000..d0bc9a3e73
--- /dev/null
+++ b/util/transactions.c
@@ -0,0 +1,96 @@
+/*
+ * Simple transactions API
+ *
+ * Copyright (c) 2021 Virtuozzo International GmbH.
+ *
+ * Author:
+ *  Sementsov-Ogievskiy Vladimir <vsementsov@virtuozzo.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+
+#include "qemu/transactions.h"
+#include "qemu/queue.h"
+
+typedef struct TransactionAction {
+    TransactionActionDrv *drv;
+    void *opaque;
+    QSLIST_ENTRY(TransactionAction) entry;
+} TransactionAction;
+
+struct Transaction {
+    QSLIST_HEAD(, TransactionAction) actions;
+};
+
+Transaction *tran_new(void)
+{
+    Transaction *tran = g_new(Transaction, 1);
+
+    QSLIST_INIT(&tran->actions);
+
+    return tran;
+}
+
+void tran_add(Transaction *tran, TransactionActionDrv *drv, void *opaque)
+{
+    TransactionAction *act;
+
+    act = g_new(TransactionAction, 1);
+    *act = (TransactionAction) {
+        .drv = drv,
+        .opaque = opaque
+    };
+
+    QSLIST_INSERT_HEAD(&tran->actions, act, entry);
+}
+
+void tran_abort(Transaction *tran)
+{
+    TransactionAction *act, *next;
+
+    QSLIST_FOREACH_SAFE(act, &tran->actions, entry, next) {
+        if (act->drv->abort) {
+            act->drv->abort(act->opaque);
+        }
+
+        if (act->drv->clean) {
+            act->drv->clean(act->opaque);
+        }
+
+        g_free(act);
+    }
+
+    g_free(tran);
+}
+
+void tran_commit(Transaction *tran)
+{
+    TransactionAction *act, *next;
+
+    QSLIST_FOREACH_SAFE(act, &tran->actions, entry, next) {
+        if (act->drv->commit) {
+            act->drv->commit(act->opaque);
+        }
+
+        if (act->drv->clean) {
+            act->drv->clean(act->opaque);
+        }
+
+        g_free(act);
+    }
+
+    g_free(tran);
+}
diff --git a/MAINTAINERS b/MAINTAINERS
index 5ca3c9f851..d5e6ff2224 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2514,6 +2514,12 @@ M: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
 S: Maintained
 F: scripts/simplebench/
 
+Transactions helper
+M: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+S: Maintained
+F: include/qemu/transactions.h
+F: util/transactions.c
+
 QAPI
 M: Markus Armbruster <armbru@redhat.com>
 M: Michael Roth <michael.roth@amd.com>
diff --git a/util/meson.build b/util/meson.build
index 984fba965f..3c39631bfe 100644
--- a/util/meson.build
+++ b/util/meson.build
@@ -41,6 +41,7 @@ util_ss.add(files('qsp.c'))
 util_ss.add(files('range.c'))
 util_ss.add(files('stats64.c'))
 util_ss.add(files('systemd.c'))
+util_ss.add(files('transactions.c'))
 util_ss.add(when: 'CONFIG_POSIX', if_true: files('drm.c'))
 util_ss.add(files('guest-random.c'))
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 09/36] block: bdrv_refresh_perms: check for parents permissions conflict
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (7 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 08/36] util: add transactions.c Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-04-12 15:57   ` Alberto Garcia
  2021-03-17 14:35 ` [PATCH v3 10/36] block: refactor bdrv_child* permission functions Vladimir Sementsov-Ogievskiy
                   ` (29 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Add additional check that node parents do not interfere with each
other. This should not hurt existing callers and allows in further
patch use bdrv_refresh_perms() to update a subtree of changed
BdrvChild (check that change is correct).

New check will substitute bdrv_check_update_perm() in following
permissions refactoring, so keep error messages the same to avoid
unit test result changes.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 54 insertions(+), 9 deletions(-)

diff --git a/block.c b/block.c
index b951ecb5db..69db01c2ec 100644
--- a/block.c
+++ b/block.c
@@ -1992,6 +1992,57 @@ bool bdrv_is_writable(BlockDriverState *bs)
     return bdrv_is_writable_after_reopen(bs, NULL);
 }
 
+static char *bdrv_child_user_desc(BdrvChild *c)
+{
+    if (c->klass->get_parent_desc) {
+        return c->klass->get_parent_desc(c);
+    }
+
+    return g_strdup("another user");
+}
+
+static bool bdrv_a_allow_b(BdrvChild *a, BdrvChild *b, Error **errp)
+{
+    g_autofree char *user = NULL;
+    g_autofree char *perm_names = NULL;
+
+    if ((b->perm & a->shared_perm) == b->perm) {
+        return true;
+    }
+
+    perm_names = bdrv_perm_names(b->perm & ~a->shared_perm);
+    user = bdrv_child_user_desc(a);
+    error_setg(errp, "Conflicts with use by %s as '%s', which does not "
+               "allow '%s' on %s",
+               user, a->name, perm_names, bdrv_get_node_name(b->bs));
+
+    return false;
+}
+
+static bool bdrv_parent_perms_conflict(BlockDriverState *bs, Error **errp)
+{
+    BdrvChild *a, *b;
+
+    /*
+     * During the loop we'll look at each pair twice. That's correct because
+     * bdrv_a_allow_b() is asymmetric and we should check each pair in both
+     * directions.
+     */
+    QLIST_FOREACH(a, &bs->parents, next_parent) {
+        QLIST_FOREACH(b, &bs->parents, next_parent) {
+            if (a == b) {
+                continue;
+            }
+
+            if (!bdrv_a_allow_b(a, b, errp)) {
+                return true;
+            }
+        }
+    }
+
+    return false;
+}
+
 static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
                             BdrvChild *c, BdrvChildRole role,
                             BlockReopenQueue *reopen_queue,
@@ -2169,15 +2220,6 @@ void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
     *shared_perm = cumulative_shared_perms;
 }
 
-static char *bdrv_child_user_desc(BdrvChild *c)
-{
-    if (c->klass->get_parent_desc) {
-        return c->klass->get_parent_desc(c);
-    }
-
-    return g_strdup("another user");
-}
-
 char *bdrv_perm_names(uint64_t perm)
 {
     struct perm_name {
@@ -2321,6 +2363,9 @@ static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
     int ret;
     uint64_t perm, shared_perm;
 
+    if (bdrv_parent_perms_conflict(bs, errp)) {
+        return -EPERM;
+    }
     bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
     ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, errp);
     if (ret < 0) {
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 10/36] block: refactor bdrv_child* permission functions
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (8 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 09/36] block: bdrv_refresh_perms: check for parents permissions conflict Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 11/36] block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms() Vladimir Sementsov-Ogievskiy
                   ` (28 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Split out non-recursive parts, and refactor as block graph transaction
action.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 79 ++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 59 insertions(+), 20 deletions(-)

diff --git a/block.c b/block.c
index 69db01c2ec..2d64c498fc 100644
--- a/block.c
+++ b/block.c
@@ -49,6 +49,7 @@
 #include "qemu/timer.h"
 #include "qemu/cutils.h"
 #include "qemu/id.h"
+#include "qemu/transactions.h"
 #include "block/coroutines.h"
 
 #ifdef CONFIG_BSD
@@ -2059,6 +2060,61 @@ static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
     }
 }
 
+static void bdrv_child_set_perm_commit(void *opaque)
+{
+    BdrvChild *c = opaque;
+
+    c->has_backup_perm = false;
+}
+
+static void bdrv_child_set_perm_abort(void *opaque)
+{
+    BdrvChild *c = opaque;
+    /*
+     * We may have child->has_backup_perm unset at this point, as in case of
+     * _check_ stage of permission update failure we may _check_ not the whole
+     * subtree.  Still, _abort_ is called on the whole subtree anyway.
+     */
+    if (c->has_backup_perm) {
+        c->perm = c->backup_perm;
+        c->shared_perm = c->backup_shared_perm;
+        c->has_backup_perm = false;
+    }
+}
+
+static TransactionActionDrv bdrv_child_set_pem_drv = {
+    .abort = bdrv_child_set_perm_abort,
+    .commit = bdrv_child_set_perm_commit,
+};
+
+/*
+ * With tran=NULL needs to be followed by direct call to either
+ * bdrv_child_set_perm_commit() or bdrv_child_set_perm_abort().
+ *
+ * With non-NULL tran needs to be followed by tran_abort() or tran_commit()
+ * instead.
+ */
+static void bdrv_child_set_perm_safe(BdrvChild *c, uint64_t perm,
+                                     uint64_t shared, Transaction *tran)
+{
+    if (!c->has_backup_perm) {
+        c->has_backup_perm = true;
+        c->backup_perm = c->perm;
+        c->backup_shared_perm = c->shared_perm;
+    }
+    /*
+     * Note: it's OK if c->has_backup_perm was already set, as we can find the
+     * same c twice during check_perm procedure
+     */
+
+    c->perm = perm;
+    c->shared_perm = shared;
+
+    if (tran) {
+        tran_add(tran, &bdrv_child_set_pem_drv, c);
+    }
+}
+
 /*
  * Check whether permissions on this node can be changed in a way that
  * @cumulative_perms and @cumulative_shared_perms are the new cumulative
@@ -2324,37 +2380,20 @@ static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
         return ret;
     }
 
-    if (!c->has_backup_perm) {
-        c->has_backup_perm = true;
-        c->backup_perm = c->perm;
-        c->backup_shared_perm = c->shared_perm;
-    }
-    /*
-     * Note: it's OK if c->has_backup_perm was already set, as we can find the
-     * same child twice during check_perm procedure
-     */
-
-    c->perm = perm;
-    c->shared_perm = shared;
+    bdrv_child_set_perm_safe(c, perm, shared, NULL);
 
     return 0;
 }
 
 static void bdrv_child_set_perm(BdrvChild *c)
 {
-    c->has_backup_perm = false;
-
+    bdrv_child_set_perm_commit(c);
     bdrv_set_perm(c->bs);
 }
 
 static void bdrv_child_abort_perm_update(BdrvChild *c)
 {
-    if (c->has_backup_perm) {
-        c->perm = c->backup_perm;
-        c->shared_perm = c->backup_shared_perm;
-        c->has_backup_perm = false;
-    }
-
+    bdrv_child_set_perm_abort(c);
     bdrv_abort_perm_update(c->bs);
 }
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 11/36] block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (9 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 10/36] block: refactor bdrv_child* permission functions Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 12/36] block: inline bdrv_child_*() permission functions calls Vladimir Sementsov-Ogievskiy
                   ` (27 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

We are going to drop recursive bdrv_child_* functions, so stop use them
in bdrv_child_try_set_perm() as a first step.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/block.c b/block.c
index 2d64c498fc..1f10ce1861 100644
--- a/block.c
+++ b/block.c
@@ -2420,11 +2420,16 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
                             Error **errp)
 {
     Error *local_err = NULL;
+    Transaction *tran = tran_new();
     int ret;
 
-    ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, &local_err);
+    bdrv_child_set_perm_safe(c, perm, shared, tran);
+
+    ret = bdrv_refresh_perms(c->bs, &local_err);
+
+    tran_finalize(tran, ret);
+
     if (ret < 0) {
-        bdrv_child_abort_perm_update(c);
         if ((perm & ~c->perm) || (c->shared_perm & ~shared)) {
             /* tighten permissions */
             error_propagate(errp, local_err);
@@ -2438,12 +2443,9 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
             error_free(local_err);
             ret = 0;
         }
-        return ret;
     }
 
-    bdrv_child_set_perm(c);
-
-    return 0;
+    return ret;
 }
 
 int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **errp)
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 12/36] block: inline bdrv_child_*() permission functions calls
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (10 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 11/36] block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 13/36] block: use topological sort for permission update Vladimir Sementsov-Ogievskiy
                   ` (26 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz,
	kwolf, Alberto Garcia

Each of them has only one caller. Open-coding simplifies further
pemission-update system changes.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
---
 block.c | 59 +++++++++++++++++----------------------------------------
 1 file changed, 17 insertions(+), 42 deletions(-)

diff --git a/block.c b/block.c
index 1f10ce1861..29fec1ffc0 100644
--- a/block.c
+++ b/block.c
@@ -1940,11 +1940,11 @@ static int bdrv_fill_options(QDict **options, const char *filename,
     return 0;
 }
 
-static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
-                                 uint64_t perm, uint64_t shared,
-                                 GSList *ignore_children, Error **errp);
-static void bdrv_child_abort_perm_update(BdrvChild *c);
-static void bdrv_child_set_perm(BdrvChild *c);
+static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
+                                  uint64_t new_used_perm,
+                                  uint64_t new_shared_perm,
+                                  GSList *ignore_children,
+                                  Error **errp);
 
 typedef struct BlockReopenQueueEntry {
      bool prepared;
@@ -2192,15 +2192,21 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
     /* Check all children */
     QLIST_FOREACH(c, &bs->children, next) {
         uint64_t cur_perm, cur_shared;
+        GSList *cur_ignore_children;
 
         bdrv_child_perm(bs, c->bs, c, c->role, q,
                         cumulative_perms, cumulative_shared_perms,
                         &cur_perm, &cur_shared);
-        ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children,
-                                    errp);
+
+        cur_ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
+        ret = bdrv_check_update_perm(c->bs, q, cur_perm, cur_shared,
+                                     cur_ignore_children, errp);
+        g_slist_free(cur_ignore_children);
         if (ret < 0) {
             return ret;
         }
+
+        bdrv_child_set_perm_safe(c, cur_perm, cur_shared, NULL);
     }
 
     return 0;
@@ -2227,7 +2233,8 @@ static void bdrv_abort_perm_update(BlockDriverState *bs)
     }
 
     QLIST_FOREACH(c, &bs->children, next) {
-        bdrv_child_abort_perm_update(c);
+        bdrv_child_set_perm_abort(c);
+        bdrv_abort_perm_update(c->bs);
     }
 }
 
@@ -2256,7 +2263,8 @@ static void bdrv_set_perm(BlockDriverState *bs)
 
     /* Update all children */
     QLIST_FOREACH(c, &bs->children, next) {
-        bdrv_child_set_perm(c);
+        bdrv_child_set_perm_commit(c);
+        bdrv_set_perm(c->bs);
     }
 }
 
@@ -2364,39 +2372,6 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
                            ignore_children, errp);
 }
 
-/* Needs to be followed by a call to either bdrv_child_set_perm() or
- * bdrv_child_abort_perm_update(). */
-static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
-                                 uint64_t perm, uint64_t shared,
-                                 GSList *ignore_children, Error **errp)
-{
-    int ret;
-
-    ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
-    ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, errp);
-    g_slist_free(ignore_children);
-
-    if (ret < 0) {
-        return ret;
-    }
-
-    bdrv_child_set_perm_safe(c, perm, shared, NULL);
-
-    return 0;
-}
-
-static void bdrv_child_set_perm(BdrvChild *c)
-{
-    bdrv_child_set_perm_commit(c);
-    bdrv_set_perm(c->bs);
-}
-
-static void bdrv_child_abort_perm_update(BdrvChild *c)
-{
-    bdrv_child_set_perm_abort(c);
-    bdrv_abort_perm_update(c->bs);
-}
-
 static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
 {
     int ret;
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 13/36] block: use topological sort for permission update
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (11 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 12/36] block: inline bdrv_child_*() permission functions calls Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 16:50   ` Alberto Garcia
  2021-03-17 14:35 ` [PATCH v3 14/36] block: add bdrv_drv_set_perm transaction action Vladimir Sementsov-Ogievskiy
                   ` (25 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Rewrite bdrv_check_perm(), bdrv_abort_perm_update() and bdrv_set_perm()
to update nodes in topological sort order instead of simple DFS. With
topologically sorted nodes, we update a node only when all its parents
already updated. With DFS it's not so.

Consider the following example:

    A -+
    |  |
    |  v
    |  B
    |  |
    v  |
    C<-+

A is parent for B and C, B is parent for C.

Obviously, to update permissions, we should go in order A B C, so, when
we update C, all parent permissions already updated. But with current
approach (simple recursion) we can update in sequence A C B C (C is
updated twice). On first update of C, we consider old B permissions, so
doing wrong thing. If it succeed, all is OK, on second C update we will
finish with correct graph. But if the wrong thing failed, we break the
whole process for no reason (it's possible that updated B permission
will be less strict, but we will never check it).

Also new approach gives a way to simultaneously and correctly update
several nodes, we just need to run bdrv_topological_dfs() several times
to add all nodes and their subtrees into one topologically sorted list
(next patch will update bdrv_replace_node() in this manner).

Test test_parallel_perm_update() is now passing, so move it out of
debugging "if".

We also need to support ignore_children in
bdrv_parent_perms_conflict()

For test 283 order of conflicting parents check is changed.

Note also that in bdrv_check_perm() we don't check for parents conflict
at root bs, as we may be in the middle of permission update in
bdrv_reopen_multiple(). bdrv_reopen_multiple() will be updated soon.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c                          | 116 +++++++++++++++++++++++++------
 tests/unit/test-bdrv-graph-mod.c |   4 +-
 tests/qemu-iotests/283.out       |   2 +-
 3 files changed, 99 insertions(+), 23 deletions(-)

diff --git a/block.c b/block.c
index 29fec1ffc0..14363dc550 100644
--- a/block.c
+++ b/block.c
@@ -2020,7 +2020,9 @@ static bool bdrv_a_allow_b(BdrvChild *a, BdrvChild *b, Error **errp)
     return false;
 }
 
-static bool bdrv_parent_perms_conflict(BlockDriverState *bs, Error **errp)
+static bool bdrv_parent_perms_conflict(BlockDriverState *bs,
+                                       GSList *ignore_children,
+                                       Error **errp)
 {
     BdrvChild *a, *b;
 
@@ -2030,8 +2032,12 @@ static bool bdrv_parent_perms_conflict(BlockDriverState *bs, Error **errp)
      * directions.
      */
     QLIST_FOREACH(a, &bs->parents, next_parent) {
+        if (g_slist_find(ignore_children, a)) {
+            continue;
+        }
+
         QLIST_FOREACH(b, &bs->parents, next_parent) {
-            if (a == b) {
+            if (a == b || g_slist_find(ignore_children, b)) {
                 continue;
             }
 
@@ -2060,6 +2066,40 @@ static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
     }
 }
 
+/*
+ * Adds the whole subtree of @bs (including @bs itself) to the @list (except for
+ * nodes that are already in the @list, of course) so that final list is
+ * topologically sorted. Return the result (GSList @list object is updated, so
+ * don't use old reference after function call).
+ *
+ * On function start @list must be already topologically sorted and for any node
+ * in the @list the whole subtree of the node must be in the @list as well. The
+ * simplest way to satisfy this criteria: use only result of
+ * bdrv_topological_dfs() or NULL as @list parameter.
+ */
+static GSList *bdrv_topological_dfs(GSList *list, GHashTable *found,
+                                    BlockDriverState *bs)
+{
+    BdrvChild *child;
+    g_autoptr(GHashTable) local_found = NULL;
+
+    if (!found) {
+        assert(!list);
+        found = local_found = g_hash_table_new(NULL, NULL);
+    }
+
+    if (g_hash_table_contains(found, bs)) {
+        return list;
+    }
+    g_hash_table_add(found, bs);
+
+    QLIST_FOREACH(child, &bs->children, next) {
+        list = bdrv_topological_dfs(list, found, child->bs);
+    }
+
+    return g_slist_prepend(list, bs);
+}
+
 static void bdrv_child_set_perm_commit(void *opaque)
 {
     BdrvChild *c = opaque;
@@ -2124,10 +2164,10 @@ static void bdrv_child_set_perm_safe(BdrvChild *c, uint64_t perm,
  * A call to this function must always be followed by a call to bdrv_set_perm()
  * or bdrv_abort_perm_update().
  */
-static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
-                           uint64_t cumulative_perms,
-                           uint64_t cumulative_shared_perms,
-                           GSList *ignore_children, Error **errp)
+static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
+                                uint64_t cumulative_perms,
+                                uint64_t cumulative_shared_perms,
+                                GSList *ignore_children, Error **errp)
 {
     BlockDriver *drv = bs->drv;
     BdrvChild *c;
@@ -2192,21 +2232,43 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
     /* Check all children */
     QLIST_FOREACH(c, &bs->children, next) {
         uint64_t cur_perm, cur_shared;
-        GSList *cur_ignore_children;
 
         bdrv_child_perm(bs, c->bs, c, c->role, q,
                         cumulative_perms, cumulative_shared_perms,
                         &cur_perm, &cur_shared);
+        bdrv_child_set_perm_safe(c, cur_perm, cur_shared, NULL);
+    }
+
+    return 0;
+}
+
+static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
+                           uint64_t cumulative_perms,
+                           uint64_t cumulative_shared_perms,
+                           GSList *ignore_children, Error **errp)
+{
+    int ret;
+    BlockDriverState *root = bs;
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, root);
 
-        cur_ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
-        ret = bdrv_check_update_perm(c->bs, q, cur_perm, cur_shared,
-                                     cur_ignore_children, errp);
-        g_slist_free(cur_ignore_children);
+    for ( ; list; list = list->next) {
+        bs = list->data;
+
+        if (bs != root) {
+            if (bdrv_parent_perms_conflict(bs, ignore_children, errp)) {
+                return -EINVAL;
+            }
+
+            bdrv_get_cumulative_perm(bs, &cumulative_perms,
+                                     &cumulative_shared_perms);
+        }
+
+        ret = bdrv_node_check_perm(bs, q, cumulative_perms,
+                                   cumulative_shared_perms,
+                                   ignore_children, errp);
         if (ret < 0) {
             return ret;
         }
-
-        bdrv_child_set_perm_safe(c, cur_perm, cur_shared, NULL);
     }
 
     return 0;
@@ -2216,10 +2278,8 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
  * Notifies drivers that after a previous bdrv_check_perm() call, the
  * permission update is not performed and any preparations made for it (e.g.
  * taken file locks) need to be undone.
- *
- * This function recursively notifies all child nodes.
  */
-static void bdrv_abort_perm_update(BlockDriverState *bs)
+static void bdrv_node_abort_perm_update(BlockDriverState *bs)
 {
     BlockDriver *drv = bs->drv;
     BdrvChild *c;
@@ -2234,11 +2294,19 @@ static void bdrv_abort_perm_update(BlockDriverState *bs)
 
     QLIST_FOREACH(c, &bs->children, next) {
         bdrv_child_set_perm_abort(c);
-        bdrv_abort_perm_update(c->bs);
     }
 }
 
-static void bdrv_set_perm(BlockDriverState *bs)
+static void bdrv_abort_perm_update(BlockDriverState *bs)
+{
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
+
+    for ( ; list; list = list->next) {
+        bdrv_node_abort_perm_update((BlockDriverState *)list->data);
+    }
+}
+
+static void bdrv_node_set_perm(BlockDriverState *bs)
 {
     uint64_t cumulative_perms, cumulative_shared_perms;
     BlockDriver *drv = bs->drv;
@@ -2264,7 +2332,15 @@ static void bdrv_set_perm(BlockDriverState *bs)
     /* Update all children */
     QLIST_FOREACH(c, &bs->children, next) {
         bdrv_child_set_perm_commit(c);
-        bdrv_set_perm(c->bs);
+    }
+}
+
+static void bdrv_set_perm(BlockDriverState *bs)
+{
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
+
+    for ( ; list; list = list->next) {
+        bdrv_node_set_perm((BlockDriverState *)list->data);
     }
 }
 
@@ -2377,7 +2453,7 @@ static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
     int ret;
     uint64_t perm, shared_perm;
 
-    if (bdrv_parent_perms_conflict(bs, errp)) {
+    if (bdrv_parent_perms_conflict(bs, NULL, errp)) {
         return -EPERM;
     }
     bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index 8188ddd84c..a98100ddfd 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -405,12 +405,12 @@ int main(int argc, char *argv[])
     g_test_add_func("/bdrv-graph-mod/update-perm-tree", test_update_perm_tree);
     g_test_add_func("/bdrv-graph-mod/should-update-child",
                     test_should_update_child);
+    g_test_add_func("/bdrv-graph-mod/parallel-perm-update",
+                    test_parallel_perm_update);
 
     if (debug) {
         g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write",
                         test_parallel_exclusive_write);
-        g_test_add_func("/bdrv-graph-mod/parallel-perm-update",
-                        test_parallel_perm_update);
         g_test_add_func("/bdrv-graph-mod/append-greedy-filter",
                         test_append_greedy_filter);
     }
diff --git a/tests/qemu-iotests/283.out b/tests/qemu-iotests/283.out
index 37c35058ae..73eb75102f 100644
--- a/tests/qemu-iotests/283.out
+++ b/tests/qemu-iotests/283.out
@@ -5,7 +5,7 @@
 {"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": "base", "node-name": "other", "take-child-perms": ["write"]}}
 {"return": {}}
 {"execute": "blockdev-backup", "arguments": {"device": "source", "sync": "full", "target": "target"}}
-{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by other as 'image', which uses 'write' on base"}}
+{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by source as 'image', which does not allow 'write' on base"}}
 
 === backup-top should be gone after job-finalize ===
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 14/36] block: add bdrv_drv_set_perm transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (12 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 13/36] block: use topological sort for permission update Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 15/36] block: add bdrv_list_* permission update functions Vladimir Sementsov-Ogievskiy
                   ` (24 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Refactor calling driver callbacks to a separate transaction action to
be used later.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 70 ++++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 54 insertions(+), 16 deletions(-)

diff --git a/block.c b/block.c
index 14363dc550..337b515034 100644
--- a/block.c
+++ b/block.c
@@ -2155,6 +2155,54 @@ static void bdrv_child_set_perm_safe(BdrvChild *c, uint64_t perm,
     }
 }
 
+static void bdrv_drv_set_perm_commit(void *opaque)
+{
+    BlockDriverState *bs = opaque;
+    uint64_t cumulative_perms, cumulative_shared_perms;
+
+    if (bs->drv->bdrv_set_perm) {
+        bdrv_get_cumulative_perm(bs, &cumulative_perms,
+                                 &cumulative_shared_perms);
+        bs->drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
+    }
+}
+
+static void bdrv_drv_set_perm_abort(void *opaque)
+{
+    BlockDriverState *bs = opaque;
+
+    if (bs->drv->bdrv_abort_perm_update) {
+        bs->drv->bdrv_abort_perm_update(bs);
+    }
+}
+
+TransactionActionDrv bdrv_drv_set_perm_drv = {
+    .abort = bdrv_drv_set_perm_abort,
+    .commit = bdrv_drv_set_perm_commit,
+};
+
+static int bdrv_drv_set_perm(BlockDriverState *bs, uint64_t perm,
+                             uint64_t shared_perm, Transaction *tran,
+                             Error **errp)
+{
+    if (!bs->drv) {
+        return 0;
+    }
+
+    if (bs->drv->bdrv_check_perm) {
+        int ret = bs->drv->bdrv_check_perm(bs, perm, shared_perm, errp);
+        if (ret < 0) {
+            return ret;
+        }
+    }
+
+    if (tran) {
+        tran_add(tran, &bdrv_drv_set_perm_drv, bs);
+    }
+
+    return 0;
+}
+
 /*
  * Check whether permissions on this node can be changed in a way that
  * @cumulative_perms and @cumulative_shared_perms are the new cumulative
@@ -2215,12 +2263,10 @@ static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
         return 0;
     }
 
-    if (drv->bdrv_check_perm) {
-        ret = drv->bdrv_check_perm(bs, cumulative_perms,
-                                   cumulative_shared_perms, errp);
-        if (ret < 0) {
-            return ret;
-        }
+    ret = bdrv_drv_set_perm(bs, cumulative_perms, cumulative_shared_perms, NULL,
+                            errp);
+    if (ret < 0) {
+        return ret;
     }
 
     /* Drivers that never have children can omit .bdrv_child_perm() */
@@ -2288,9 +2334,7 @@ static void bdrv_node_abort_perm_update(BlockDriverState *bs)
         return;
     }
 
-    if (drv->bdrv_abort_perm_update) {
-        drv->bdrv_abort_perm_update(bs);
-    }
+    bdrv_drv_set_perm_abort(bs);
 
     QLIST_FOREACH(c, &bs->children, next) {
         bdrv_child_set_perm_abort(c);
@@ -2308,7 +2352,6 @@ static void bdrv_abort_perm_update(BlockDriverState *bs)
 
 static void bdrv_node_set_perm(BlockDriverState *bs)
 {
-    uint64_t cumulative_perms, cumulative_shared_perms;
     BlockDriver *drv = bs->drv;
     BdrvChild *c;
 
@@ -2316,12 +2359,7 @@ static void bdrv_node_set_perm(BlockDriverState *bs)
         return;
     }
 
-    bdrv_get_cumulative_perm(bs, &cumulative_perms, &cumulative_shared_perms);
-
-    /* Update this node */
-    if (drv->bdrv_set_perm) {
-        drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
-    }
+    bdrv_drv_set_perm_commit(bs);
 
     /* Drivers that never have children can omit .bdrv_child_perm() */
     if (!drv->bdrv_child_perm) {
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 15/36] block: add bdrv_list_* permission update functions
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (13 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 14/36] block: add bdrv_drv_set_perm transaction action Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 16/36] block: add bdrv_replace_child_safe() transaction action Vladimir Sementsov-Ogievskiy
                   ` (23 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Add new interface, allowing use of existing node list. It will be used
to fix bdrv_replace_node() in the further commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 106 +++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 71 insertions(+), 35 deletions(-)

diff --git a/block.c b/block.c
index 337b515034..31a4e4fa5c 100644
--- a/block.c
+++ b/block.c
@@ -2215,7 +2215,8 @@ static int bdrv_drv_set_perm(BlockDriverState *bs, uint64_t perm,
 static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
                                 uint64_t cumulative_perms,
                                 uint64_t cumulative_shared_perms,
-                                GSList *ignore_children, Error **errp)
+                                GSList *ignore_children,
+                                Transaction *tran, Error **errp)
 {
     BlockDriver *drv = bs->drv;
     BdrvChild *c;
@@ -2263,7 +2264,7 @@ static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
         return 0;
     }
 
-    ret = bdrv_drv_set_perm(bs, cumulative_perms, cumulative_shared_perms, NULL,
+    ret = bdrv_drv_set_perm(bs, cumulative_perms, cumulative_shared_perms, tran,
                             errp);
     if (ret < 0) {
         return ret;
@@ -2282,36 +2283,53 @@ static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
         bdrv_child_perm(bs, c->bs, c, c->role, q,
                         cumulative_perms, cumulative_shared_perms,
                         &cur_perm, &cur_shared);
-        bdrv_child_set_perm_safe(c, cur_perm, cur_shared, NULL);
+        bdrv_child_set_perm_safe(c, cur_perm, cur_shared, tran);
     }
 
     return 0;
 }
 
-static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
-                           uint64_t cumulative_perms,
-                           uint64_t cumulative_shared_perms,
-                           GSList *ignore_children, Error **errp)
+/*
+ * If use_cumulative_perms is true, use cumulative_perms and
+ * cumulative_shared_perms for first element of the list. Otherwise just refresh
+ * all permissions.
+ */
+static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
+                                  bool use_cumulative_perms,
+                                  uint64_t cumulative_perms,
+                                  uint64_t cumulative_shared_perms,
+                                  GSList *ignore_children,
+                                  Transaction *tran, Error **errp)
 {
     int ret;
-    BlockDriverState *root = bs;
-    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, root);
+    BlockDriverState *bs;
 
-    for ( ; list; list = list->next) {
+    if (use_cumulative_perms) {
         bs = list->data;
 
-        if (bs != root) {
-            if (bdrv_parent_perms_conflict(bs, ignore_children, errp)) {
-                return -EINVAL;
-            }
+        ret = bdrv_node_check_perm(bs, q, cumulative_perms,
+                                   cumulative_shared_perms,
+                                   ignore_children, tran, errp);
+        if (ret < 0) {
+            return ret;
+        }
 
-            bdrv_get_cumulative_perm(bs, &cumulative_perms,
-                                     &cumulative_shared_perms);
+        list = list->next;
+    }
+
+    for ( ; list; list = list->next) {
+        bs = list->data;
+
+        if (bdrv_parent_perms_conflict(bs, ignore_children, errp)) {
+            return -EINVAL;
         }
 
+        bdrv_get_cumulative_perm(bs, &cumulative_perms,
+                                 &cumulative_shared_perms);
+
         ret = bdrv_node_check_perm(bs, q, cumulative_perms,
                                    cumulative_shared_perms,
-                                   ignore_children, errp);
+                                   ignore_children, tran, errp);
         if (ret < 0) {
             return ret;
         }
@@ -2320,6 +2338,23 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
     return 0;
 }
 
+static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
+                           uint64_t cumulative_perms,
+                           uint64_t cumulative_shared_perms,
+                           GSList *ignore_children, Error **errp)
+{
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
+    return bdrv_check_perm_common(list, q, true, cumulative_perms,
+                                  cumulative_shared_perms, ignore_children,
+                                  NULL, errp);
+}
+
+static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
+                                   Transaction *tran, Error **errp)
+{
+    return bdrv_check_perm_common(list, q, false, 0, 0, NULL, tran, errp);
+}
+
 /*
  * Notifies drivers that after a previous bdrv_check_perm() call, the
  * permission update is not performed and any preparations made for it (e.g.
@@ -2341,15 +2376,19 @@ static void bdrv_node_abort_perm_update(BlockDriverState *bs)
     }
 }
 
-static void bdrv_abort_perm_update(BlockDriverState *bs)
+static void bdrv_list_abort_perm_update(GSList *list)
 {
-    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
-
     for ( ; list; list = list->next) {
         bdrv_node_abort_perm_update((BlockDriverState *)list->data);
     }
 }
 
+static void bdrv_abort_perm_update(BlockDriverState *bs)
+{
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
+    return bdrv_list_abort_perm_update(list);
+}
+
 static void bdrv_node_set_perm(BlockDriverState *bs)
 {
     BlockDriver *drv = bs->drv;
@@ -2373,15 +2412,19 @@ static void bdrv_node_set_perm(BlockDriverState *bs)
     }
 }
 
-static void bdrv_set_perm(BlockDriverState *bs)
+static void bdrv_list_set_perm(GSList *list)
 {
-    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
-
     for ( ; list; list = list->next) {
         bdrv_node_set_perm((BlockDriverState *)list->data);
     }
 }
 
+static void bdrv_set_perm(BlockDriverState *bs)
+{
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
+    return bdrv_list_set_perm(list);
+}
+
 void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
                               uint64_t *shared_perm)
 {
@@ -2489,20 +2532,13 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
 static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
 {
     int ret;
-    uint64_t perm, shared_perm;
+    Transaction *tran = tran_new();
+    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
 
-    if (bdrv_parent_perms_conflict(bs, NULL, errp)) {
-        return -EPERM;
-    }
-    bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
-    ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, errp);
-    if (ret < 0) {
-        bdrv_abort_perm_update(bs);
-        return ret;
-    }
-    bdrv_set_perm(bs);
+    ret = bdrv_list_refresh_perms(list, NULL, tran, errp);
+    tran_finalize(tran, ret);
 
-    return 0;
+    return ret;
 }
 
 int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 16/36] block: add bdrv_replace_child_safe() transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (14 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 15/36] block: add bdrv_list_* permission update functions Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 17/36] block: fix bdrv_replace_node_common Vladimir Sementsov-Ogievskiy
                   ` (22 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

To be used in the following commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/block.c b/block.c
index 31a4e4fa5c..4f9d67a6a2 100644
--- a/block.c
+++ b/block.c
@@ -83,6 +83,9 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
                                            BdrvChildRole child_role,
                                            Error **errp);
 
+static void bdrv_replace_child_noperm(BdrvChild *child,
+                                      BlockDriverState *new_bs);
+
 static int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue
                                *queue, Error **errp);
 static void bdrv_reopen_commit(BDRVReopenState *reopen_state);
@@ -2203,6 +2206,57 @@ static int bdrv_drv_set_perm(BlockDriverState *bs, uint64_t perm,
     return 0;
 }
 
+typedef struct BdrvReplaceChildState {
+    BdrvChild *child;
+    BlockDriverState *old_bs;
+} BdrvReplaceChildState;
+
+static void bdrv_replace_child_commit(void *opaque)
+{
+    BdrvReplaceChildState *s = opaque;
+
+    bdrv_unref(s->old_bs);
+}
+
+static void bdrv_replace_child_abort(void *opaque)
+{
+    BdrvReplaceChildState *s = opaque;
+    BlockDriverState *new_bs = s->child->bs;
+
+    /* old_bs reference is transparently moved from @s to @s->child */
+    bdrv_replace_child_noperm(s->child, s->old_bs);
+    bdrv_unref(new_bs);
+}
+
+static TransactionActionDrv bdrv_replace_child_drv = {
+    .commit = bdrv_replace_child_commit,
+    .abort = bdrv_replace_child_abort,
+    .clean = g_free,
+};
+
+/*
+ * bdrv_replace_child_safe
+ *
+ * Note: real unref of old_bs is done only on commit.
+ */
+__attribute__((unused))
+static void bdrv_replace_child_safe(BdrvChild *child, BlockDriverState *new_bs,
+                                    Transaction *tran)
+{
+    BdrvReplaceChildState *s = g_new(BdrvReplaceChildState, 1);
+    *s = (BdrvReplaceChildState) {
+        .child = child,
+        .old_bs = child->bs,
+    };
+    tran_add(tran, &bdrv_replace_child_drv, s);
+
+    if (new_bs) {
+        bdrv_ref(new_bs);
+    }
+    bdrv_replace_child_noperm(child, new_bs);
+    /* old_bs reference is transparently moved from @child to @s */
+}
+
 /*
  * Check whether permissions on this node can be changed in a way that
  * @cumulative_perms and @cumulative_shared_perms are the new cumulative
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 17/36] block: fix bdrv_replace_node_common
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (15 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 16/36] block: add bdrv_replace_child_safe() transaction action Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action Vladimir Sementsov-Ogievskiy
                   ` (21 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

inore_children thing doesn't help to track all propagated permissions
of children we want to ignore. The simplest way to correctly update
permissions is update graph first and then do permission update. In
this case we just referesh permissions for the whole subgraph (in
topological-sort defined order) and everything is correctly calculated
automatically without any ignore_children.

So, refactor bdrv_replace_node_common to first do graph update and then
refresh the permissions.

Test test_parallel_exclusive_write() now pass, so move it out of
debugging "if".

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c                          | 43 +++++++++++++-------------------
 tests/unit/test-bdrv-graph-mod.c |  4 +--
 2 files changed, 20 insertions(+), 27 deletions(-)

diff --git a/block.c b/block.c
index 4f9d67a6a2..98ff44dbf7 100644
--- a/block.c
+++ b/block.c
@@ -2239,7 +2239,6 @@ static TransactionActionDrv bdrv_replace_child_drv = {
  *
  * Note: real unref of old_bs is done only on commit.
  */
-__attribute__((unused))
 static void bdrv_replace_child_safe(BdrvChild *child, BlockDriverState *new_bs,
                                     Transaction *tran)
 {
@@ -4843,8 +4842,9 @@ static int bdrv_replace_node_common(BlockDriverState *from,
                                     bool auto_skip, Error **errp)
 {
     BdrvChild *c, *next;
-    GSList *list = NULL, *p;
-    uint64_t perm = 0, shared = BLK_PERM_ALL;
+    Transaction *tran = tran_new();
+    g_autoptr(GHashTable) found = NULL;
+    g_autoptr(GSList) refresh_list = NULL;
     int ret;
 
     /* Make sure that @from doesn't go away until we have successfully attached
@@ -4855,7 +4855,12 @@ static int bdrv_replace_node_common(BlockDriverState *from,
     assert(bdrv_get_aio_context(from) == bdrv_get_aio_context(to));
     bdrv_drained_begin(from);
 
-    /* Put all parents into @list and calculate their cumulative permissions */
+    /*
+     * Do the replacement without permission update.
+     * Replacement may influence the permissions, we should calculate new
+     * permissions based on new graph. If we fail, we'll roll-back the
+     * replacement.
+     */
     QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
         assert(c->bs == from);
         if (!should_update_child(c, to)) {
@@ -4873,36 +4878,24 @@ static int bdrv_replace_node_common(BlockDriverState *from,
                        c->name, from->node_name);
             goto out;
         }
-        list = g_slist_prepend(list, c);
-        perm |= c->perm;
-        shared &= c->shared_perm;
+        bdrv_replace_child_safe(c, to, tran);
     }
 
-    /* Check whether the required permissions can be granted on @to, ignoring
-     * all BdrvChild in @list so that they can't block themselves. */
-    ret = bdrv_check_update_perm(to, NULL, perm, shared, list, errp);
-    if (ret < 0) {
-        bdrv_abort_perm_update(to);
-        goto out;
-    }
+    found = g_hash_table_new(NULL, NULL);
 
-    /* Now actually perform the change. We performed the permission check for
-     * all elements of @list at once, so set the permissions all at once at the
-     * very end. */
-    for (p = list; p != NULL; p = p->next) {
-        c = p->data;
+    refresh_list = bdrv_topological_dfs(refresh_list, found, to);
+    refresh_list = bdrv_topological_dfs(refresh_list, found, from);
 
-        bdrv_ref(to);
-        bdrv_replace_child_noperm(c, to);
-        bdrv_unref(from);
+    ret = bdrv_list_refresh_perms(refresh_list, NULL, tran, errp);
+    if (ret < 0) {
+        goto out;
     }
 
-    bdrv_set_perm(to);
-
     ret = 0;
 
 out:
-    g_slist_free(list);
+    tran_finalize(tran, ret);
+
     bdrv_drained_end(from);
     bdrv_unref(from);
 
diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index a98100ddfd..b81787487a 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -407,10 +407,10 @@ int main(int argc, char *argv[])
                     test_should_update_child);
     g_test_add_func("/bdrv-graph-mod/parallel-perm-update",
                     test_parallel_perm_update);
+    g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write",
+                    test_parallel_exclusive_write);
 
     if (debug) {
-        g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write",
-                        test_parallel_exclusive_write);
         g_test_add_func("/bdrv-graph-mod/append-greedy-filter",
                         test_append_greedy_filter);
     }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (16 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 17/36] block: fix bdrv_replace_node_common Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-04-26 16:14   ` Kevin Wolf
  2021-03-17 14:35 ` [PATCH v3 19/36] block: add bdrv_attach_child_noperm() " Vladimir Sementsov-Ogievskiy
                   ` (20 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Split out no-perm part of bdrv_root_attach_child() into separate
transaction action. bdrv_root_attach_child() now moves to new
permission update paradigm: first update graph relations then update
permissions.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 189 ++++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 135 insertions(+), 54 deletions(-)

diff --git a/block.c b/block.c
index 98ff44dbf7..b6bdc534d2 100644
--- a/block.c
+++ b/block.c
@@ -2921,37 +2921,73 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
     }
 }
 
-/*
- * This function steals the reference to child_bs from the caller.
- * That reference is later dropped by bdrv_root_unref_child().
- *
- * On failure NULL is returned, errp is set and the reference to
- * child_bs is also dropped.
- *
- * The caller must hold the AioContext lock @child_bs, but not that of @ctx
- * (unless @child_bs is already in @ctx).
- */
-BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
-                                  const char *child_name,
-                                  const BdrvChildClass *child_class,
-                                  BdrvChildRole child_role,
-                                  uint64_t perm, uint64_t shared_perm,
-                                  void *opaque, Error **errp)
+static void bdrv_remove_empty_child(BdrvChild *child)
 {
-    BdrvChild *child;
-    Error *local_err = NULL;
-    int ret;
-    AioContext *ctx;
+    assert(!child->bs);
+    QLIST_SAFE_REMOVE(child, next);
+    g_free(child->name);
+    g_free(child);
+}
 
-    ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
-    if (ret < 0) {
-        bdrv_abort_perm_update(child_bs);
-        bdrv_unref(child_bs);
-        return NULL;
+typedef struct BdrvAttachChildCommonState {
+    BdrvChild **child;
+    AioContext *old_parent_ctx;
+    AioContext *old_child_ctx;
+} BdrvAttachChildCommonState;
+
+static void bdrv_attach_child_common_abort(void *opaque)
+{
+    BdrvAttachChildCommonState *s = opaque;
+    BdrvChild *child = *s->child;
+    BlockDriverState *bs = child->bs;
+
+    bdrv_replace_child_noperm(child, NULL);
+
+    if (bdrv_get_aio_context(bs) != s->old_child_ctx) {
+        bdrv_try_set_aio_context(bs, s->old_child_ctx, &error_abort);
     }
 
-    child = g_new(BdrvChild, 1);
-    *child = (BdrvChild) {
+    if (bdrv_child_get_parent_aio_context(child) != s->old_parent_ctx) {
+        GSList *ignore = g_slist_prepend(NULL, child);
+
+        child->klass->can_set_aio_ctx(child, s->old_parent_ctx, &ignore,
+                                      &error_abort);
+        g_slist_free(ignore);
+        ignore = g_slist_prepend(NULL, child);
+        child->klass->set_aio_ctx(child, s->old_parent_ctx, &ignore);
+
+        g_slist_free(ignore);
+    }
+
+    bdrv_unref(bs);
+    bdrv_remove_empty_child(child);
+    *s->child = NULL;
+}
+
+static TransactionActionDrv bdrv_attach_child_common_drv = {
+    .abort = bdrv_attach_child_common_abort,
+};
+
+/*
+ * Common part of attoching bdrv child to bs or to blk or to job
+ */
+static int bdrv_attach_child_common(BlockDriverState *child_bs,
+                                    const char *child_name,
+                                    const BdrvChildClass *child_class,
+                                    BdrvChildRole child_role,
+                                    uint64_t perm, uint64_t shared_perm,
+                                    void *opaque, BdrvChild **child,
+                                    Transaction *tran, Error **errp)
+{
+    BdrvChild *new_child;
+    AioContext *parent_ctx;
+    AioContext *child_ctx = bdrv_get_aio_context(child_bs);
+
+    assert(child);
+    assert(*child == NULL);
+
+    new_child = g_new(BdrvChild, 1);
+    *new_child = (BdrvChild) {
         .bs             = NULL,
         .name           = g_strdup(child_name),
         .klass          = child_class,
@@ -2961,37 +2997,92 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
         .opaque         = opaque,
     };
 
-    ctx = bdrv_child_get_parent_aio_context(child);
-
-    /* If the AioContexts don't match, first try to move the subtree of
+    /*
+     * If the AioContexts don't match, first try to move the subtree of
      * child_bs into the AioContext of the new parent. If this doesn't work,
-     * try moving the parent into the AioContext of child_bs instead. */
-    if (bdrv_get_aio_context(child_bs) != ctx) {
-        ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
+     * try moving the parent into the AioContext of child_bs instead.
+     */
+    parent_ctx = bdrv_child_get_parent_aio_context(new_child);
+    if (child_ctx != parent_ctx) {
+        Error *local_err = NULL;
+        int ret = bdrv_try_set_aio_context(child_bs, parent_ctx, &local_err);
+
         if (ret < 0 && child_class->can_set_aio_ctx) {
-            GSList *ignore = g_slist_prepend(NULL, child);
-            ctx = bdrv_get_aio_context(child_bs);
-            if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
+            GSList *ignore = g_slist_prepend(NULL, new_child);
+            if (child_class->can_set_aio_ctx(new_child, child_ctx, &ignore,
+                                             NULL))
+            {
                 error_free(local_err);
                 ret = 0;
                 g_slist_free(ignore);
-                ignore = g_slist_prepend(NULL, child);
-                child_class->set_aio_ctx(child, ctx, &ignore);
+                ignore = g_slist_prepend(NULL, new_child);
+                child_class->set_aio_ctx(new_child, child_ctx, &ignore);
             }
             g_slist_free(ignore);
         }
+
         if (ret < 0) {
             error_propagate(errp, local_err);
-            g_free(child);
-            bdrv_abort_perm_update(child_bs);
-            bdrv_unref(child_bs);
-            return NULL;
+            bdrv_remove_empty_child(new_child);
+            return ret;
         }
     }
 
-    /* This performs the matching bdrv_set_perm() for the above check. */
-    bdrv_replace_child(child, child_bs);
+    bdrv_ref(child_bs);
+    bdrv_replace_child_noperm(new_child, child_bs);
+
+    *child = new_child;
 
+    BdrvAttachChildCommonState *s = g_new(BdrvAttachChildCommonState, 1);
+    *s = (BdrvAttachChildCommonState) {
+        .child = child,
+        .old_parent_ctx = parent_ctx,
+        .old_child_ctx = child_ctx,
+    };
+    tran_add(tran, &bdrv_attach_child_common_drv, s);
+
+    return 0;
+}
+
+static void bdrv_detach_child(BdrvChild *child)
+{
+    bdrv_replace_child(child, NULL);
+    bdrv_remove_empty_child(child);
+}
+
+/*
+ * This function steals the reference to child_bs from the caller.
+ * That reference is later dropped by bdrv_root_unref_child().
+ *
+ * On failure NULL is returned, errp is set and the reference to
+ * child_bs is also dropped.
+ *
+ * The caller must hold the AioContext lock @child_bs, but not that of @ctx
+ * (unless @child_bs is already in @ctx).
+ */
+BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
+                                  const char *child_name,
+                                  const BdrvChildClass *child_class,
+                                  BdrvChildRole child_role,
+                                  uint64_t perm, uint64_t shared_perm,
+                                  void *opaque, Error **errp)
+{
+    int ret;
+    BdrvChild *child = NULL;
+    Transaction *tran = tran_new();
+
+    ret = bdrv_attach_child_common(child_bs, child_name, child_class,
+                                   child_role, perm, shared_perm, opaque,
+                                   &child, tran, errp);
+    if (ret < 0) {
+        bdrv_unref(child_bs);
+        return NULL;
+    }
+
+    ret = bdrv_refresh_perms(child_bs, errp);
+    tran_finalize(tran, ret);
+
+    bdrv_unref(child_bs);
     return child;
 }
 
@@ -3033,16 +3124,6 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
     return child;
 }
 
-static void bdrv_detach_child(BdrvChild *child)
-{
-    QLIST_SAFE_REMOVE(child, next);
-
-    bdrv_replace_child(child, NULL);
-
-    g_free(child->name);
-    g_free(child);
-}
-
 /* Callers must ensure that child->frozen is false. */
 void bdrv_root_unref_child(BdrvChild *child)
 {
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 19/36] block: add bdrv_attach_child_noperm() transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (17 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 20/36] block: split out bdrv_replace_node_noperm() Vladimir Sementsov-Ogievskiy
                   ` (19 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Split no-perm part of bdrv_attach_child as separate transaction action.
It will be used in later commits.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 58 insertions(+), 13 deletions(-)

diff --git a/block.c b/block.c
index b6bdc534d2..d810915684 100644
--- a/block.c
+++ b/block.c
@@ -85,6 +85,14 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
 
 static void bdrv_replace_child_noperm(BdrvChild *child,
                                       BlockDriverState *new_bs);
+static int bdrv_attach_child_noperm(BlockDriverState *parent_bs,
+                                    BlockDriverState *child_bs,
+                                    const char *child_name,
+                                    const BdrvChildClass *child_class,
+                                    BdrvChildRole child_role,
+                                    BdrvChild **child,
+                                    Transaction *tran,
+                                    Error **errp);
 
 static int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue
                                *queue, Error **errp);
@@ -3044,6 +3052,40 @@ static int bdrv_attach_child_common(BlockDriverState *child_bs,
     return 0;
 }
 
+static int bdrv_attach_child_noperm(BlockDriverState *parent_bs,
+                                    BlockDriverState *child_bs,
+                                    const char *child_name,
+                                    const BdrvChildClass *child_class,
+                                    BdrvChildRole child_role,
+                                    BdrvChild **child,
+                                    Transaction *tran,
+                                    Error **errp)
+{
+    int ret;
+    uint64_t perm, shared_perm;
+
+    assert(parent_bs->drv);
+
+    bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
+    bdrv_child_perm(parent_bs, child_bs, NULL, child_role, NULL,
+                    perm, shared_perm, &perm, &shared_perm);
+
+    ret = bdrv_attach_child_common(child_bs, child_name, child_class,
+                                   child_role, perm, shared_perm, parent_bs,
+                                   child, tran, errp);
+    if (ret < 0) {
+        return ret;
+    }
+
+    QLIST_INSERT_HEAD(&parent_bs->children, *child, next);
+    /*
+     * child is removed in bdrv_attach_child_common_abort(), so don't care to
+     * abort this change separately.
+     */
+
+    return 0;
+}
+
 static void bdrv_detach_child(BdrvChild *child)
 {
     bdrv_replace_child(child, NULL);
@@ -3104,23 +3146,26 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
                              BdrvChildRole child_role,
                              Error **errp)
 {
-    BdrvChild *child;
-    uint64_t perm, shared_perm;
-
-    bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
+    int ret;
+    BdrvChild *child = NULL;
+    Transaction *tran = tran_new();
 
-    assert(parent_bs->drv);
-    bdrv_child_perm(parent_bs, child_bs, NULL, child_role, NULL,
-                    perm, shared_perm, &perm, &shared_perm);
+    ret = bdrv_attach_child_noperm(parent_bs, child_bs, child_name, child_class,
+                                   child_role, &child, tran, errp);
+    if (ret < 0) {
+        goto out;
+    }
 
-    child = bdrv_root_attach_child(child_bs, child_name, child_class,
-                                   child_role, perm, shared_perm, parent_bs,
-                                   errp);
-    if (child == NULL) {
-        return NULL;
+    ret = bdrv_refresh_perms(parent_bs, errp);
+    if (ret < 0) {
+        goto out;
     }
 
-    QLIST_INSERT_HEAD(&parent_bs->children, child, next);
+out:
+    tran_finalize(tran, ret);
+
+    bdrv_unref(child_bs);
+
     return child;
 }
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 20/36] block: split out bdrv_replace_node_noperm()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (18 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 19/36] block: add bdrv_attach_child_noperm() " Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 21/36] block: adapt bdrv_append() for inserting filters Vladimir Sementsov-Ogievskiy
                   ` (18 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Split part of bdrv_replace_node_common() to be used separately.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 50 +++++++++++++++++++++++++++++++-------------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/block.c b/block.c
index d810915684..433cae1181 100644
--- a/block.c
+++ b/block.c
@@ -4956,6 +4956,34 @@ static bool should_update_child(BdrvChild *c, BlockDriverState *to)
     return ret;
 }
 
+static int bdrv_replace_node_noperm(BlockDriverState *from,
+                                    BlockDriverState *to,
+                                    bool auto_skip, Transaction *tran,
+                                    Error **errp)
+{
+    BdrvChild *c, *next;
+
+    QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
+        assert(c->bs == from);
+        if (!should_update_child(c, to)) {
+            if (auto_skip) {
+                continue;
+            }
+            error_setg(errp, "Should not change '%s' link to '%s'",
+                       c->name, from->node_name);
+            return -EINVAL;
+        }
+        if (c->frozen) {
+            error_setg(errp, "Cannot change '%s' link to '%s'",
+                       c->name, from->node_name);
+            return -EPERM;
+        }
+        bdrv_replace_child_safe(c, to, tran);
+    }
+
+    return 0;
+}
+
 /*
  * With auto_skip=true bdrv_replace_node_common skips updating from parents
  * if it creates a parent-child relation loop or if parent is block-job.
@@ -4967,7 +4995,6 @@ static int bdrv_replace_node_common(BlockDriverState *from,
                                     BlockDriverState *to,
                                     bool auto_skip, Error **errp)
 {
-    BdrvChild *c, *next;
     Transaction *tran = tran_new();
     g_autoptr(GHashTable) found = NULL;
     g_autoptr(GSList) refresh_list = NULL;
@@ -4987,24 +5014,9 @@ static int bdrv_replace_node_common(BlockDriverState *from,
      * permissions based on new graph. If we fail, we'll roll-back the
      * replacement.
      */
-    QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
-        assert(c->bs == from);
-        if (!should_update_child(c, to)) {
-            if (auto_skip) {
-                continue;
-            }
-            ret = -EINVAL;
-            error_setg(errp, "Should not change '%s' link to '%s'",
-                       c->name, from->node_name);
-            goto out;
-        }
-        if (c->frozen) {
-            ret = -EPERM;
-            error_setg(errp, "Cannot change '%s' link to '%s'",
-                       c->name, from->node_name);
-            goto out;
-        }
-        bdrv_replace_child_safe(c, to, tran);
+    ret = bdrv_replace_node_noperm(from, to, auto_skip, tran, errp);
+    if (ret < 0) {
+        goto out;
     }
 
     found = g_hash_table_new(NULL, NULL);
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 21/36] block: adapt bdrv_append() for inserting filters
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (19 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 20/36] block: split out bdrv_replace_node_noperm() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action Vladimir Sementsov-Ogievskiy
                   ` (17 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

bdrv_append is not very good for inserting filters: it does extra
permission update as part of bdrv_set_backing_hd(). During this update
filter may conflict with other parents of top_bs.

Instead, let's first do all graph modifications and after it update
permissions.

append-greedy-filter test-case in test-bdrv-graph-mod is now works, so
move it out of debug option.

Note: bdrv_append() is still only works for backing-child based
filters. It's something to improve later.

Note2: we use the fact that bdrv_append() is used to append new nodes,
without backing child, so we don't need frozen check and inherits_from
logic from bdrv_set_backing_hd().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c                          | 27 ++++++++++++++++++++-------
 tests/unit/test-bdrv-graph-mod.c | 17 ++---------------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/block.c b/block.c
index 433cae1181..11f7ad0818 100644
--- a/block.c
+++ b/block.c
@@ -5053,25 +5053,38 @@ int bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
  * This will modify the BlockDriverState fields, and swap contents
  * between bs_new and bs_top. Both bs_new and bs_top are modified.
  *
- * bs_new must not be attached to a BlockBackend.
+ * bs_new must not be attached to a BlockBackend and must not have backing
+ * child.
  *
  * This function does not create any image files.
  */
 int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
                 Error **errp)
 {
-    int ret = bdrv_set_backing_hd(bs_new, bs_top, errp);
+    int ret;
+    Transaction *tran = tran_new();
+
+    assert(!bs_new->backing);
+
+    ret = bdrv_attach_child_noperm(bs_new, bs_top, "backing",
+                                   &child_of_bds, bdrv_backing_role(bs_new),
+                                   &bs_new->backing, tran, errp);
     if (ret < 0) {
-        return ret;
+        goto out;
     }
 
-    ret = bdrv_replace_node(bs_top, bs_new, errp);
+    ret = bdrv_replace_node_noperm(bs_top, bs_new, true, tran, errp);
     if (ret < 0) {
-        bdrv_set_backing_hd(bs_new, NULL, &error_abort);
-        return ret;
+        goto out;
     }
 
-    return 0;
+    ret = bdrv_refresh_perms(bs_new, errp);
+out:
+    tran_finalize(tran, ret);
+
+    bdrv_refresh_limits(bs_top, NULL);
+
+    return ret;
 }
 
 static void bdrv_delete(BlockDriverState *bs)
diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
index b81787487a..f6077a6525 100644
--- a/tests/unit/test-bdrv-graph-mod.c
+++ b/tests/unit/test-bdrv-graph-mod.c
@@ -387,16 +387,6 @@ static void test_append_greedy_filter(void)
 
 int main(int argc, char *argv[])
 {
-    int i;
-    bool debug = false;
-
-    for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-d")) {
-            debug = true;
-            break;
-        }
-    }
-
     bdrv_init();
     qemu_init_main_loop(&error_abort);
 
@@ -409,11 +399,8 @@ int main(int argc, char *argv[])
                     test_parallel_perm_update);
     g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write",
                     test_parallel_exclusive_write);
-
-    if (debug) {
-        g_test_add_func("/bdrv-graph-mod/append-greedy-filter",
-                        test_append_greedy_filter);
-    }
+    g_test_add_func("/bdrv-graph-mod/append-greedy-filter",
+                    test_append_greedy_filter);
 
     return g_test_run();
 }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (20 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 21/36] block: adapt bdrv_append() for inserting filters Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-04-26 16:26   ` Kevin Wolf
  2021-03-17 14:35 ` [PATCH v3 23/36] block: introduce bdrv_drop_filter() Vladimir Sementsov-Ogievskiy
                   ` (16 subsequent siblings)
  38 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 76 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index 11f7ad0818..2fca1f2ad5 100644
--- a/block.c
+++ b/block.c
@@ -2929,12 +2929,19 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
     }
 }
 
+static void bdrv_child_free(void *opaque)
+{
+    BdrvChild *c = opaque;
+
+    g_free(c->name);
+    g_free(c);
+}
+
 static void bdrv_remove_empty_child(BdrvChild *child)
 {
     assert(!child->bs);
     QLIST_SAFE_REMOVE(child, next);
-    g_free(child->name);
-    g_free(child);
+    bdrv_child_free(child);
 }
 
 typedef struct BdrvAttachChildCommonState {
@@ -4956,6 +4963,73 @@ static bool should_update_child(BdrvChild *c, BlockDriverState *to)
     return ret;
 }
 
+typedef struct BdrvRemoveFilterOrCowChild {
+    BdrvChild *child;
+    bool is_backing;
+} BdrvRemoveFilterOrCowChild;
+
+/* this doesn't restore original child bs, only the child itself */
+static void bdrv_remove_filter_or_cow_child_abort(void *opaque)
+{
+    BdrvRemoveFilterOrCowChild *s = opaque;
+    BlockDriverState *parent_bs = s->child->opaque;
+
+    QLIST_INSERT_HEAD(&parent_bs->children, s->child, next);
+    if (s->is_backing) {
+        parent_bs->backing = s->child;
+    } else {
+        parent_bs->file = s->child;
+    }
+}
+
+static void bdrv_remove_filter_or_cow_child_commit(void *opaque)
+{
+    BdrvRemoveFilterOrCowChild *s = opaque;
+
+    bdrv_child_free(s->child);
+}
+
+static TransactionActionDrv bdrv_remove_filter_or_cow_child_drv = {
+    .abort = bdrv_remove_filter_or_cow_child_abort,
+    .commit = bdrv_remove_filter_or_cow_child_commit,
+    .clean = g_free,
+};
+
+/*
+ * A function to remove backing-chain child of @bs if exists: cow child for
+ * format nodes (always .backing) and filter child for filters (may be .file or
+ * .backing)
+ */
+__attribute__((unused))
+static void bdrv_remove_filter_or_cow_child(BlockDriverState *bs,
+                                            Transaction *tran)
+{
+    BdrvRemoveFilterOrCowChild *s;
+    BdrvChild *child = bdrv_filter_or_cow_child(bs);
+
+    if (!child) {
+        return;
+    }
+
+    if (child->bs) {
+        bdrv_replace_child_safe(child, NULL, tran);
+    }
+
+    s = g_new(BdrvRemoveFilterOrCowChild, 1);
+    *s = (BdrvRemoveFilterOrCowChild) {
+        .child = child,
+        .is_backing = (child == bs->backing),
+    };
+    tran_add(tran, &bdrv_remove_filter_or_cow_child_drv, s);
+
+    QLIST_SAFE_REMOVE(child, next);
+    if (s->is_backing) {
+        bs->backing = NULL;
+    } else {
+        bs->file = NULL;
+    }
+}
+
 static int bdrv_replace_node_noperm(BlockDriverState *from,
                                     BlockDriverState *to,
                                     bool auto_skip, Transaction *tran,
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 23/36] block: introduce bdrv_drop_filter()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (21 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 24/36] block/backup-top: drop .active Vladimir Sementsov-Ogievskiy
                   ` (15 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Using bdrv_replace_node() for removing filter is not good enough: it
keeps child reference of the filter, which may conflict with original
top node during permission update.

Instead let's create new interface, which will do all graph
modifications first and then update permissions.

Let's modify bdrv_replace_node_common(), allowing it additionally drop
backing chain child link pointing to new node. This is quite
appropriate for bdrv_drop_intermediate() and makes possible to add
new bdrv_drop_filter() as a simple wrapper.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/block/block.h |  1 +
 block.c               | 43 +++++++++++++++++++++++++++++++++++++++----
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index 16e496a5c4..85481a05c6 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -362,6 +362,7 @@ int bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
                       Error **errp);
 BlockDriverState *bdrv_insert_node(BlockDriverState *bs, QDict *node_options,
                                    int flags, Error **errp);
+int bdrv_drop_filter(BlockDriverState *bs, Error **errp);
 
 int bdrv_parse_aio(const char *mode, int *flags);
 int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough);
diff --git a/block.c b/block.c
index 2fca1f2ad5..bf60f1ea2c 100644
--- a/block.c
+++ b/block.c
@@ -5000,7 +5000,6 @@ static TransactionActionDrv bdrv_remove_filter_or_cow_child_drv = {
  * format nodes (always .backing) and filter child for filters (may be .file or
  * .backing)
  */
-__attribute__((unused))
 static void bdrv_remove_filter_or_cow_child(BlockDriverState *bs,
                                             Transaction *tran)
 {
@@ -5064,16 +5063,32 @@ static int bdrv_replace_node_noperm(BlockDriverState *from,
  *
  * With auto_skip=false the error is returned if from has a parent which should
  * not be updated.
+ *
+ * With @detach_subchain=true @to must be in a backing chain of @from. In this
+ * case backing link of the cow-parent of @to is removed.
  */
 static int bdrv_replace_node_common(BlockDriverState *from,
                                     BlockDriverState *to,
-                                    bool auto_skip, Error **errp)
+                                    bool auto_skip, bool detach_subchain,
+                                    Error **errp)
 {
     Transaction *tran = tran_new();
     g_autoptr(GHashTable) found = NULL;
     g_autoptr(GSList) refresh_list = NULL;
+    BlockDriverState *to_cow_parent;
     int ret;
 
+    if (detach_subchain) {
+        assert(bdrv_chain_contains(from, to));
+        assert(from != to);
+        for (to_cow_parent = from;
+             bdrv_filter_or_cow_bs(to_cow_parent) != to;
+             to_cow_parent = bdrv_filter_or_cow_bs(to_cow_parent))
+        {
+            ;
+        }
+    }
+
     /* Make sure that @from doesn't go away until we have successfully attached
      * all of its parents to @to. */
     bdrv_ref(from);
@@ -5093,6 +5108,10 @@ static int bdrv_replace_node_common(BlockDriverState *from,
         goto out;
     }
 
+    if (detach_subchain) {
+        bdrv_remove_filter_or_cow_child(to_cow_parent, tran);
+    }
+
     found = g_hash_table_new(NULL, NULL);
 
     refresh_list = bdrv_topological_dfs(refresh_list, found, to);
@@ -5117,7 +5136,13 @@ out:
 int bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
                       Error **errp)
 {
-    return bdrv_replace_node_common(from, to, true, errp);
+    return bdrv_replace_node_common(from, to, true, false, errp);
+}
+
+int bdrv_drop_filter(BlockDriverState *bs, Error **errp)
+{
+    return bdrv_replace_node_common(bs, bdrv_filter_or_cow_bs(bs), true, true,
+                                    errp);
 }
 
 /*
@@ -5452,7 +5477,17 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
         updated_children = g_slist_prepend(updated_children, c);
     }
 
-    bdrv_replace_node_common(top, base, false, &local_err);
+    /*
+     * It seems correct to pass detach_subchain=true here, but it triggers
+     * one more yet not fixed bug, when due to nested aio_poll loop we switch to
+     * another drained section, which modify the graph (for example, removing
+     * the child, which we keep in updated_children list). So, it's a TODO.
+     *
+     * Note, bug triggered if pass detach_subchain=true here and run
+     * test-bdrv-drain. test_drop_intermediate_poll() test-case will crash.
+     * That's a FIXME.
+     */
+    bdrv_replace_node_common(top, base, false, false, &local_err);
     if (local_err) {
         error_report_err(local_err);
         goto exit;
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 24/36] block/backup-top: drop .active
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (22 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 23/36] block: introduce bdrv_drop_filter() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 25/36] block: drop ignore_children for permission update functions Vladimir Sementsov-Ogievskiy
                   ` (14 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

We don't need this workaround anymore: bdrv_append is already smart
enough and we can use new bdrv_drop_filter().

This commit efficiently reverts also recent 705dde27c6c53b73, which
checked .active on io path. Still it said that the problem should be
theoretical. And the logic of filter removement is changed anyway.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block/backup-top.c         | 47 +-------------------------------------
 tests/qemu-iotests/283.out |  2 +-
 2 files changed, 2 insertions(+), 47 deletions(-)

diff --git a/block/backup-top.c b/block/backup-top.c
index 62d09f213e..425e3778be 100644
--- a/block/backup-top.c
+++ b/block/backup-top.c
@@ -37,7 +37,6 @@
 typedef struct BDRVBackupTopState {
     BlockCopyState *bcs;
     BdrvChild *target;
-    bool active;
     int64_t cluster_size;
 } BDRVBackupTopState;
 
@@ -45,12 +44,6 @@ static coroutine_fn int backup_top_co_preadv(
         BlockDriverState *bs, uint64_t offset, uint64_t bytes,
         QEMUIOVector *qiov, int flags)
 {
-    BDRVBackupTopState *s = bs->opaque;
-
-    if (!s->active) {
-        return -EIO;
-    }
-
     return bdrv_co_preadv(bs->backing, offset, bytes, qiov, flags);
 }
 
@@ -60,10 +53,6 @@ static coroutine_fn int backup_top_cbw(BlockDriverState *bs, uint64_t offset,
     BDRVBackupTopState *s = bs->opaque;
     uint64_t off, end;
 
-    if (!s->active) {
-        return -EIO;
-    }
-
     if (flags & BDRV_REQ_WRITE_UNCHANGED) {
         return 0;
     }
@@ -137,21 +126,6 @@ static void backup_top_child_perm(BlockDriverState *bs, BdrvChild *c,
                                   uint64_t perm, uint64_t shared,
                                   uint64_t *nperm, uint64_t *nshared)
 {
-    BDRVBackupTopState *s = bs->opaque;
-
-    if (!s->active) {
-        /*
-         * The filter node may be in process of bdrv_append(), which firstly do
-         * bdrv_set_backing_hd() and then bdrv_replace_node(). This means that
-         * we can't unshare BLK_PERM_WRITE during bdrv_append() operation. So,
-         * let's require nothing during bdrv_append() and refresh permissions
-         * after it (see bdrv_backup_top_append()).
-         */
-        *nperm = 0;
-        *nshared = BLK_PERM_ALL;
-        return;
-    }
-
     if (!(role & BDRV_CHILD_FILTERED)) {
         /*
          * Target child
@@ -241,17 +215,6 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
     }
     appended = true;
 
-    /*
-     * bdrv_append() finished successfully, now we can require permissions
-     * we want.
-     */
-    state->active = true;
-    ret = bdrv_child_refresh_perms(top, top->backing, errp);
-    if (ret < 0) {
-        error_prepend(errp, "Cannot set permissions for backup-top filter: ");
-        goto fail;
-    }
-
     state->cluster_size = cluster_size;
     state->bcs = block_copy_state_new(top->backing, state->target,
                                       cluster_size, perf->use_copy_range,
@@ -268,7 +231,6 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
 
 fail:
     if (appended) {
-        state->active = false;
         bdrv_backup_top_drop(top);
     } else {
         bdrv_unref(top);
@@ -283,16 +245,9 @@ void bdrv_backup_top_drop(BlockDriverState *bs)
 {
     BDRVBackupTopState *s = bs->opaque;
 
-    bdrv_drained_begin(bs);
+    bdrv_drop_filter(bs, &error_abort);
 
     block_copy_state_free(s->bcs);
 
-    s->active = false;
-    bdrv_child_refresh_perms(bs, bs->backing, &error_abort);
-    bdrv_replace_node(bs, bs->backing->bs, &error_abort);
-    bdrv_set_backing_hd(bs, NULL, &error_abort);
-
-    bdrv_drained_end(bs);
-
     bdrv_unref(bs);
 }
diff --git a/tests/qemu-iotests/283.out b/tests/qemu-iotests/283.out
index 73eb75102f..97e62a4c94 100644
--- a/tests/qemu-iotests/283.out
+++ b/tests/qemu-iotests/283.out
@@ -5,7 +5,7 @@
 {"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": "base", "node-name": "other", "take-child-perms": ["write"]}}
 {"return": {}}
 {"execute": "blockdev-backup", "arguments": {"device": "source", "sync": "full", "target": "target"}}
-{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by source as 'image', which does not allow 'write' on base"}}
+{"error": {"class": "GenericError", "desc": "Cannot append backup-top filter: Conflicts with use by source as 'image', which does not allow 'write' on base"}}
 
 === backup-top should be gone after job-finalize ===
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 25/36] block: drop ignore_children for permission update functions
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (23 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 24/36] block/backup-top: drop .active Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 26/36] block: make bdrv_unset_inherits_from to be a transaction action Vladimir Sementsov-Ogievskiy
                   ` (13 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

This argument is always NULL. Drop it.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 38 +++++++++++---------------------------
 1 file changed, 11 insertions(+), 27 deletions(-)

diff --git a/block.c b/block.c
index bf60f1ea2c..922df82952 100644
--- a/block.c
+++ b/block.c
@@ -1954,7 +1954,6 @@ static int bdrv_fill_options(QDict **options, const char *filename,
 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
                                   uint64_t new_used_perm,
                                   uint64_t new_shared_perm,
-                                  GSList *ignore_children,
                                   Error **errp);
 
 typedef struct BlockReopenQueueEntry {
@@ -2031,9 +2030,7 @@ static bool bdrv_a_allow_b(BdrvChild *a, BdrvChild *b, Error **errp)
     return false;
 }
 
-static bool bdrv_parent_perms_conflict(BlockDriverState *bs,
-                                       GSList *ignore_children,
-                                       Error **errp)
+static bool bdrv_parent_perms_conflict(BlockDriverState *bs, Error **errp)
 {
     BdrvChild *a, *b;
 
@@ -2043,12 +2040,8 @@ static bool bdrv_parent_perms_conflict(BlockDriverState *bs,
      * directions.
      */
     QLIST_FOREACH(a, &bs->parents, next_parent) {
-        if (g_slist_find(ignore_children, a)) {
-            continue;
-        }
-
         QLIST_FOREACH(b, &bs->parents, next_parent) {
-            if (a == b || g_slist_find(ignore_children, b)) {
+            if (a == b) {
                 continue;
             }
 
@@ -2276,7 +2269,6 @@ static void bdrv_replace_child_safe(BdrvChild *child, BlockDriverState *new_bs,
 static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
                                 uint64_t cumulative_perms,
                                 uint64_t cumulative_shared_perms,
-                                GSList *ignore_children,
                                 Transaction *tran, Error **errp)
 {
     BlockDriver *drv = bs->drv;
@@ -2359,7 +2351,6 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
                                   bool use_cumulative_perms,
                                   uint64_t cumulative_perms,
                                   uint64_t cumulative_shared_perms,
-                                  GSList *ignore_children,
                                   Transaction *tran, Error **errp)
 {
     int ret;
@@ -2370,7 +2361,7 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
 
         ret = bdrv_node_check_perm(bs, q, cumulative_perms,
                                    cumulative_shared_perms,
-                                   ignore_children, tran, errp);
+                                   tran, errp);
         if (ret < 0) {
             return ret;
         }
@@ -2381,7 +2372,7 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
     for ( ; list; list = list->next) {
         bs = list->data;
 
-        if (bdrv_parent_perms_conflict(bs, ignore_children, errp)) {
+        if (bdrv_parent_perms_conflict(bs, errp)) {
             return -EINVAL;
         }
 
@@ -2390,7 +2381,7 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
 
         ret = bdrv_node_check_perm(bs, q, cumulative_perms,
                                    cumulative_shared_perms,
-                                   ignore_children, tran, errp);
+                                   tran, errp);
         if (ret < 0) {
             return ret;
         }
@@ -2401,19 +2392,17 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
 
 static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
                            uint64_t cumulative_perms,
-                           uint64_t cumulative_shared_perms,
-                           GSList *ignore_children, Error **errp)
+                           uint64_t cumulative_shared_perms, Error **errp)
 {
     g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
     return bdrv_check_perm_common(list, q, true, cumulative_perms,
-                                  cumulative_shared_perms, ignore_children,
-                                  NULL, errp);
+                                  cumulative_shared_perms, NULL, errp);
 }
 
 static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
                                    Transaction *tran, Error **errp)
 {
-    return bdrv_check_perm_common(list, q, false, 0, 0, NULL, tran, errp);
+    return bdrv_check_perm_common(list, q, false, 0, 0, tran, errp);
 }
 
 /*
@@ -2542,7 +2531,6 @@ char *bdrv_perm_names(uint64_t perm)
 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
                                   uint64_t new_used_perm,
                                   uint64_t new_shared_perm,
-                                  GSList *ignore_children,
                                   Error **errp)
 {
     BdrvChild *c;
@@ -2554,10 +2542,6 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
     assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
 
     QLIST_FOREACH(c, &bs->parents, next_parent) {
-        if (g_slist_find(ignore_children, c)) {
-            continue;
-        }
-
         if ((new_used_perm & c->shared_perm) != new_used_perm) {
             char *user = bdrv_child_user_desc(c);
             char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
@@ -2587,7 +2571,7 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
     }
 
     return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
-                           ignore_children, errp);
+                           errp);
 }
 
 static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
@@ -4209,7 +4193,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
     QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
         BDRVReopenState *state = &bs_entry->state;
         ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
-                              state->shared_perm, NULL, errp);
+                              state->shared_perm, errp);
         if (ret < 0) {
             goto cleanup_perm;
         }
@@ -4221,7 +4205,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
                             bs_queue, state->perm, state->shared_perm,
                             &nperm, &nshared);
             ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
-                                         nperm, nshared, NULL, errp);
+                                         nperm, nshared, errp);
             if (ret < 0) {
                 goto cleanup_perm;
             }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 26/36] block: make bdrv_unset_inherits_from to be a transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (24 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 25/36] block: drop ignore_children for permission update functions Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 27/36] block: make bdrv_refresh_limits() " Vladimir Sementsov-Ogievskiy
                   ` (12 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

To be used in the further commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 46 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 42 insertions(+), 4 deletions(-)

diff --git a/block.c b/block.c
index 922df82952..3b9681a738 100644
--- a/block.c
+++ b/block.c
@@ -3170,11 +3170,49 @@ void bdrv_root_unref_child(BdrvChild *child)
     bdrv_unref(child_bs);
 }
 
+typedef struct BdrvSetInheritsFrom {
+    BlockDriverState *bs;
+    BlockDriverState *old_inherits_from;
+} BdrvSetInheritsFrom;
+
+static void bdrv_set_inherits_from_abort(void *opaque)
+{
+    BdrvSetInheritsFrom *s = opaque;
+
+    s->bs->inherits_from = s->old_inherits_from;
+}
+
+static TransactionActionDrv bdrv_set_inherits_from_drv = {
+    .abort = bdrv_set_inherits_from_abort,
+    .clean = g_free,
+};
+
+/* @tran is allowed to be NULL. In this case no rollback is possible */
+static void bdrv_set_inherits_from(BlockDriverState *bs,
+                                   BlockDriverState *new_inherits_from,
+                                   Transaction *tran)
+{
+    if (tran) {
+        BdrvSetInheritsFrom *s = g_new(BdrvSetInheritsFrom, 1);
+
+        *s = (BdrvSetInheritsFrom) {
+            .bs = bs,
+            .old_inherits_from = bs->inherits_from,
+        };
+
+        tran_add(tran, &bdrv_set_inherits_from_drv, s);
+    }
+
+    bs->inherits_from = new_inherits_from;
+}
+
 /**
  * Clear all inherits_from pointers from children and grandchildren of
  * @root that point to @root, where necessary.
+ * @tran is allowed to be NULL. In this case no rollback is possible
  */
-static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child)
+static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child,
+                                     Transaction *tran)
 {
     BdrvChild *c;
 
@@ -3189,12 +3227,12 @@ static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child)
             }
         }
         if (c == NULL) {
-            child->bs->inherits_from = NULL;
+            bdrv_set_inherits_from(child->bs, NULL, tran);
         }
     }
 
     QLIST_FOREACH(c, &child->bs->children, next) {
-        bdrv_unset_inherits_from(root, c);
+        bdrv_unset_inherits_from(root, c, tran);
     }
 }
 
@@ -3205,7 +3243,7 @@ void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
         return;
     }
 
-    bdrv_unset_inherits_from(parent, child);
+    bdrv_unset_inherits_from(parent, child, NULL);
     bdrv_root_unref_child(child);
 }
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 27/36] block: make bdrv_refresh_limits() to be a transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (25 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 26/36] block: make bdrv_unset_inherits_from to be a transaction action Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 28/36] block: add bdrv_set_backing_noperm() " Vladimir Sementsov-Ogievskiy
                   ` (11 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

To be used in further commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/block/block.h |  3 ++-
 block.c               |  9 ++++-----
 block/io.c            | 31 +++++++++++++++++++++++++++++--
 3 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index 85481a05c6..ad38259c91 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -9,6 +9,7 @@
 #include "block/dirty-bitmap.h"
 #include "block/blockjob.h"
 #include "qemu/hbitmap.h"
+#include "qemu/transactions.h"
 
 /*
  * generated_co_wrapper
@@ -421,7 +422,7 @@ int64_t bdrv_get_allocated_file_size(BlockDriverState *bs);
 BlockMeasureInfo *bdrv_measure(BlockDriver *drv, QemuOpts *opts,
                                BlockDriverState *in_bs, Error **errp);
 void bdrv_get_geometry(BlockDriverState *bs, uint64_t *nb_sectors_ptr);
-void bdrv_refresh_limits(BlockDriverState *bs, Error **errp);
+void bdrv_refresh_limits(BlockDriverState *bs, Transaction *tran, Error **errp);
 int bdrv_commit(BlockDriverState *bs);
 int bdrv_make_empty(BdrvChild *c, Error **errp);
 int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file,
diff --git a/block.c b/block.c
index 3b9681a738..03a1f02e5b 100644
--- a/block.c
+++ b/block.c
@@ -49,7 +49,6 @@
 #include "qemu/timer.h"
 #include "qemu/cutils.h"
 #include "qemu/id.h"
-#include "qemu/transactions.h"
 #include "block/coroutines.h"
 
 #ifdef CONFIG_BSD
@@ -1543,7 +1542,7 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
         return ret;
     }
 
-    bdrv_refresh_limits(bs, &local_err);
+    bdrv_refresh_limits(bs, NULL, &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
         return -EINVAL;
@@ -3328,7 +3327,7 @@ int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
     }
 
 out:
-    bdrv_refresh_limits(bs, NULL);
+    bdrv_refresh_limits(bs, NULL, NULL);
 
     return ret;
 }
@@ -4812,7 +4811,7 @@ static void bdrv_reopen_commit(BDRVReopenState *reopen_state)
         bdrv_set_backing_hd(bs, reopen_state->new_backing_bs, &error_abort);
     }
 
-    bdrv_refresh_limits(bs, NULL);
+    bdrv_refresh_limits(bs, NULL, NULL);
 }
 
 /*
@@ -5203,7 +5202,7 @@ int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
 out:
     tran_finalize(tran, ret);
 
-    bdrv_refresh_limits(bs_top, NULL);
+    bdrv_refresh_limits(bs_top, NULL, NULL);
 
     return ret;
 }
diff --git a/block/io.c b/block/io.c
index ca2dca3007..35b6c56efc 100644
--- a/block/io.c
+++ b/block/io.c
@@ -133,13 +133,40 @@ static void bdrv_merge_limits(BlockLimits *dst, const BlockLimits *src)
     dst->max_iov = MIN_NON_ZERO(dst->max_iov, src->max_iov);
 }
 
-void bdrv_refresh_limits(BlockDriverState *bs, Error **errp)
+typedef struct BdrvRefreshLimitsState {
+    BlockDriverState *bs;
+    BlockLimits old_bl;
+} BdrvRefreshLimitsState;
+
+static void bdrv_refresh_limits_abort(void *opaque)
+{
+    BdrvRefreshLimitsState *s = opaque;
+
+    s->bs->bl = s->old_bl;
+}
+
+static TransactionActionDrv bdrv_refresh_limits_drv = {
+    .abort = bdrv_refresh_limits_abort,
+    .clean = g_free,
+};
+
+/* @tran is allowed to be NULL, in this case no rollback is possible. */
+void bdrv_refresh_limits(BlockDriverState *bs, Transaction *tran, Error **errp)
 {
     ERRP_GUARD();
     BlockDriver *drv = bs->drv;
     BdrvChild *c;
     bool have_limits;
 
+    if (tran) {
+        BdrvRefreshLimitsState *s = g_new(BdrvRefreshLimitsState, 1);
+        *s = (BdrvRefreshLimitsState) {
+            .bs = bs,
+            .old_bl = bs->bl,
+        };
+        tran_add(tran, &bdrv_refresh_limits_drv, s);
+    }
+
     memset(&bs->bl, 0, sizeof(bs->bl));
 
     if (!drv) {
@@ -156,7 +183,7 @@ void bdrv_refresh_limits(BlockDriverState *bs, Error **errp)
     QLIST_FOREACH(c, &bs->children, next) {
         if (c->role & (BDRV_CHILD_DATA | BDRV_CHILD_FILTERED | BDRV_CHILD_COW))
         {
-            bdrv_refresh_limits(c->bs, errp);
+            bdrv_refresh_limits(c->bs, tran, errp);
             if (*errp) {
                 return;
             }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 28/36] block: add bdrv_set_backing_noperm() transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (26 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 27/36] block: make bdrv_refresh_limits() " Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 29/36] block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare Vladimir Sementsov-Ogievskiy
                   ` (10 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Split out no-perm part of bdrv_set_backing_hd() as a separate
transaction action. Note the in case of existing BdrvChild we reuse it,
not recreate, just to do less actions.

We don't need to create extra reference to backing_hd as we don't lose
it in bdrv_attach_child().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 54 +++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 37 insertions(+), 17 deletions(-)

diff --git a/block.c b/block.c
index 03a1f02e5b..b58c8d3e10 100644
--- a/block.c
+++ b/block.c
@@ -92,6 +92,8 @@ static int bdrv_attach_child_noperm(BlockDriverState *parent_bs,
                                     BdrvChild **child,
                                     Transaction *tran,
                                     Error **errp);
+static void bdrv_remove_filter_or_cow_child(BlockDriverState *bs,
+                                            Transaction *tran);
 
 static int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue
                                *queue, Error **errp);
@@ -3287,8 +3289,9 @@ static BdrvChildRole bdrv_backing_role(BlockDriverState *bs)
  * Sets the bs->backing link of a BDS. A new reference is created; callers
  * which don't need their own reference any more must call bdrv_unref().
  */
-int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
-                        Error **errp)
+static int bdrv_set_backing_noperm(BlockDriverState *bs,
+                                   BlockDriverState *backing_hd,
+                                   Transaction *tran, Error **errp)
 {
     int ret = 0;
     bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) &&
@@ -3298,36 +3301,53 @@ int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
         return -EPERM;
     }
 
-    if (backing_hd) {
-        bdrv_ref(backing_hd);
-    }
-
     if (bs->backing) {
         /* Cannot be frozen, we checked that above */
-        bdrv_unref_child(bs, bs->backing);
-        bs->backing = NULL;
+        bdrv_unset_inherits_from(bs, bs->backing, tran);
+        bdrv_remove_filter_or_cow_child(bs, tran);
     }
 
     if (!backing_hd) {
         goto out;
     }
 
-    bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_of_bds,
-                                    bdrv_backing_role(bs), errp);
-    if (!bs->backing) {
-        ret = -EPERM;
-        goto out;
+    ret = bdrv_attach_child_noperm(bs, backing_hd, "backing",
+                                   &child_of_bds, bdrv_backing_role(bs),
+                                   &bs->backing, tran, errp);
+    if (ret < 0) {
+        return ret;
     }
 
-    /* If backing_hd was already part of bs's backing chain, and
+
+    /*
+     * If backing_hd was already part of bs's backing chain, and
      * inherits_from pointed recursively to bs then let's update it to
-     * point directly to bs (else it will become NULL). */
+     * point directly to bs (else it will become NULL).
+     */
     if (update_inherits_from) {
-        backing_hd->inherits_from = bs;
+        bdrv_set_inherits_from(backing_hd, bs, tran);
     }
 
 out:
-    bdrv_refresh_limits(bs, NULL, NULL);
+    bdrv_refresh_limits(bs, tran, NULL);
+
+    return 0;
+}
+
+int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
+                        Error **errp)
+{
+    int ret;
+    Transaction *tran = tran_new();
+
+    ret = bdrv_set_backing_noperm(bs, backing_hd, tran, errp);
+    if (ret < 0) {
+        goto out;
+    }
+
+    ret = bdrv_refresh_perms(bs, errp);
+out:
+    tran_finalize(tran, ret);
 
     return ret;
 }
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 29/36] block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (27 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 28/36] block: add bdrv_set_backing_noperm() " Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 30/36] block: bdrv_reopen_multiple: refresh permissions on updated graph Vladimir Sementsov-Ogievskiy
                   ` (9 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

During reopen we may add backing bs from other aio context, which may
lead to changing original context of top bs.

We are going to move graph modification to prepare stage. So, it will
be possible that bdrv_flush() in bdrv_reopen_prepare called on bs in
non-original aio context, which we didn't aquire which leads to crash.

To avoid this problem move bdrv_flush() to be a separate reopen stage
before bdrv_reopen_prepare().

This doesn't seem correct to acquire only one aio context and not all
contexts participating in reopen. But it's not obvious how to do it
correctly, keeping in mind:

 1. rules of bdrv_set_aio_context_ignore() that requires new_context
    lock not being held

 2. possible deadlocks because of holding all (or several?) AioContext
    locks

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/block.c b/block.c
index b58c8d3e10..fde4bb219d 100644
--- a/block.c
+++ b/block.c
@@ -4239,6 +4239,14 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
 
     assert(bs_queue != NULL);
 
+    QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
+        ret = bdrv_flush(bs_entry->state.bs);
+        if (ret < 0) {
+            error_setg_errno(errp, -ret, "Error flushing drive");
+            goto cleanup;
+        }
+    }
+
     QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
         assert(bs_entry->state.bs->quiesce_counter > 0);
         if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
@@ -4634,12 +4642,6 @@ static int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
     bdrv_reopen_perm(queue, reopen_state->bs,
                      &reopen_state->perm, &reopen_state->shared_perm);
 
-    ret = bdrv_flush(reopen_state->bs);
-    if (ret) {
-        error_setg_errno(errp, -ret, "Error flushing drive");
-        goto error;
-    }
-
     if (drv->bdrv_reopen_prepare) {
         /*
          * If a driver-specific option is missing, it means that we
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 30/36] block: bdrv_reopen_multiple: refresh permissions on updated graph
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (28 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 29/36] block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 31/36] block: drop unused permission update functions Vladimir Sementsov-Ogievskiy
                   ` (8 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Move bdrv_reopen_multiple to new paradigm of permission update:
first update graph relations, then do refresh the permissions.

We have to modify reopen process in file-posix driver: with new scheme
we don't have prepared permissions in raw_reopen_prepare(), so we
should reconfigure fd in raw_check_perm(). Still this seems more native
and simple anyway.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/block/block.h |   3 +-
 block.c               | 187 ++++++++++++------------------------------
 block/file-posix.c    |  91 +++++++-------------
 3 files changed, 84 insertions(+), 197 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index ad38259c91..8d5b3ecebd 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -208,8 +208,7 @@ typedef struct BDRVReopenState {
     BlockdevDetectZeroesOptions detect_zeroes;
     bool backing_missing;
     bool replace_backing_bs;  /* new_backing_bs is ignored if this is false */
-    BlockDriverState *new_backing_bs; /* If NULL then detach the current bs */
-    uint64_t perm, shared_perm;
+    BlockDriverState *old_backing_bs; /* keep pointer for permissions update */
     QDict *options;
     QDict *explicit_options;
     void *opaque;
diff --git a/block.c b/block.c
index fde4bb219d..53a8af301a 100644
--- a/block.c
+++ b/block.c
@@ -95,8 +95,9 @@ static int bdrv_attach_child_noperm(BlockDriverState *parent_bs,
 static void bdrv_remove_filter_or_cow_child(BlockDriverState *bs,
                                             Transaction *tran);
 
-static int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue
-                               *queue, Error **errp);
+static int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
+                               BlockReopenQueue *queue,
+                               Transaction *set_backings_tran, Error **errp);
 static void bdrv_reopen_commit(BDRVReopenState *reopen_state);
 static void bdrv_reopen_abort(BDRVReopenState *reopen_state);
 
@@ -2434,6 +2435,7 @@ static void bdrv_list_abort_perm_update(GSList *list)
     }
 }
 
+__attribute__((unused))
 static void bdrv_abort_perm_update(BlockDriverState *bs)
 {
     g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
@@ -2529,6 +2531,7 @@ char *bdrv_perm_names(uint64_t perm)
  *
  * Needs to be followed by a call to either bdrv_set_perm() or
  * bdrv_abort_perm_update(). */
+__attribute__((unused))
 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
                                   uint64_t new_used_perm,
                                   uint64_t new_shared_perm,
@@ -4148,10 +4151,6 @@ static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,
     bs_entry->state.explicit_options = explicit_options;
     bs_entry->state.flags = flags;
 
-    /* This needs to be overwritten in bdrv_reopen_prepare() */
-    bs_entry->state.perm = UINT64_MAX;
-    bs_entry->state.shared_perm = 0;
-
     /*
      * If keep_old_opts is false then it means that unspecified
      * options must be reset to their original value. We don't allow
@@ -4236,6 +4235,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
 {
     int ret = -1;
     BlockReopenQueueEntry *bs_entry, *next;
+    Transaction *tran = tran_new();
+    g_autoptr(GHashTable) found = NULL;
+    g_autoptr(GSList) refresh_list = NULL;
 
     assert(bs_queue != NULL);
 
@@ -4249,33 +4251,33 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
 
     QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
         assert(bs_entry->state.bs->quiesce_counter > 0);
-        if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
-            goto cleanup;
+        ret = bdrv_reopen_prepare(&bs_entry->state, bs_queue, tran, errp);
+        if (ret < 0) {
+            goto abort;
         }
         bs_entry->prepared = true;
     }
 
+    found = g_hash_table_new(NULL, NULL);
     QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
         BDRVReopenState *state = &bs_entry->state;
-        ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
-                              state->shared_perm, errp);
-        if (ret < 0) {
-            goto cleanup_perm;
-        }
-        /* Check if new_backing_bs would accept the new permissions */
-        if (state->replace_backing_bs && state->new_backing_bs) {
-            uint64_t nperm, nshared;
-            bdrv_child_perm(state->bs, state->new_backing_bs,
-                            NULL, bdrv_backing_role(state->bs),
-                            bs_queue, state->perm, state->shared_perm,
-                            &nperm, &nshared);
-            ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
-                                         nperm, nshared, errp);
-            if (ret < 0) {
-                goto cleanup_perm;
-            }
+
+        refresh_list = bdrv_topological_dfs(refresh_list, found, state->bs);
+        if (state->old_backing_bs) {
+            refresh_list = bdrv_topological_dfs(refresh_list, found,
+                                                state->old_backing_bs);
         }
-        bs_entry->perms_checked = true;
+    }
+
+    /*
+     * Note that file-posix driver rely on permission update done during reopen
+     * (even if no permission changed), because it wants "new" permissions for
+     * reconfiguring the fd and that's why it does it in raw_check_perm(), not
+     * in raw_reopen_prepare() which is called with "old" permissions.
+     */
+    ret = bdrv_list_refresh_perms(refresh_list, bs_queue, tran, errp);
+    if (ret < 0) {
+        goto abort;
     }
 
     /*
@@ -4291,51 +4293,31 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
         bdrv_reopen_commit(&bs_entry->state);
     }
 
-    ret = 0;
-cleanup_perm:
-    QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
-        BDRVReopenState *state = &bs_entry->state;
-
-        if (!bs_entry->perms_checked) {
-            continue;
-        }
-
-        if (ret == 0) {
-            uint64_t perm, shared;
+    tran_commit(tran);
 
-            bdrv_get_cumulative_perm(state->bs, &perm, &shared);
-            assert(perm == state->perm);
-            assert(shared == state->shared_perm);
+    QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
+        BlockDriverState *bs = bs_entry->state.bs;
 
-            bdrv_set_perm(state->bs);
-        } else {
-            bdrv_abort_perm_update(state->bs);
-            if (state->replace_backing_bs && state->new_backing_bs) {
-                bdrv_abort_perm_update(state->new_backing_bs);
-            }
+        if (bs->drv->bdrv_reopen_commit_post) {
+            bs->drv->bdrv_reopen_commit_post(&bs_entry->state);
         }
     }
 
-    if (ret == 0) {
-        QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
-            BlockDriverState *bs = bs_entry->state.bs;
+    ret = 0;
+    goto cleanup;
 
-            if (bs->drv->bdrv_reopen_commit_post)
-                bs->drv->bdrv_reopen_commit_post(&bs_entry->state);
+abort:
+    tran_abort(tran);
+    QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
+        if (bs_entry->prepared) {
+            bdrv_reopen_abort(&bs_entry->state);
         }
+        qobject_unref(bs_entry->state.explicit_options);
+        qobject_unref(bs_entry->state.options);
     }
+
 cleanup:
     QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
-        if (ret) {
-            if (bs_entry->prepared) {
-                bdrv_reopen_abort(&bs_entry->state);
-            }
-            qobject_unref(bs_entry->state.explicit_options);
-            qobject_unref(bs_entry->state.options);
-        }
-        if (bs_entry->state.new_backing_bs) {
-            bdrv_unref(bs_entry->state.new_backing_bs);
-        }
         g_free(bs_entry);
     }
     g_free(bs_queue);
@@ -4360,53 +4342,6 @@ int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
     return ret;
 }
 
-static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,
-                                                          BdrvChild *c)
-{
-    BlockReopenQueueEntry *entry;
-
-    QTAILQ_FOREACH(entry, q, entry) {
-        BlockDriverState *bs = entry->state.bs;
-        BdrvChild *child;
-
-        QLIST_FOREACH(child, &bs->children, next) {
-            if (child == c) {
-                return entry;
-            }
-        }
-    }
-
-    return NULL;
-}
-
-static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,
-                             uint64_t *perm, uint64_t *shared)
-{
-    BdrvChild *c;
-    BlockReopenQueueEntry *parent;
-    uint64_t cumulative_perms = 0;
-    uint64_t cumulative_shared_perms = BLK_PERM_ALL;
-
-    QLIST_FOREACH(c, &bs->parents, next_parent) {
-        parent = find_parent_in_reopen_queue(q, c);
-        if (!parent) {
-            cumulative_perms |= c->perm;
-            cumulative_shared_perms &= c->shared_perm;
-        } else {
-            uint64_t nperm, nshared;
-
-            bdrv_child_perm(parent->state.bs, bs, c, c->role, q,
-                            parent->state.perm, parent->state.shared_perm,
-                            &nperm, &nshared);
-
-            cumulative_perms |= nperm;
-            cumulative_shared_perms &= nshared;
-        }
-    }
-    *perm = cumulative_perms;
-    *shared = cumulative_shared_perms;
-}
-
 static bool bdrv_reopen_can_attach(BlockDriverState *parent,
                                    BdrvChild *child,
                                    BlockDriverState *new_child,
@@ -4448,6 +4383,7 @@ static bool bdrv_reopen_can_attach(BlockDriverState *parent,
  * Return 0 on success, otherwise return < 0 and set @errp.
  */
 static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
+                                     Transaction *set_backings_tran,
                                      Error **errp)
 {
     BlockDriverState *bs = reopen_state->bs;
@@ -4524,6 +4460,8 @@ static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
 
     /* If we want to replace the backing file we need some extra checks */
     if (new_backing_bs != bdrv_filter_or_cow_bs(overlay_bs)) {
+        int ret;
+
         /* Check for implicit nodes between bs and its backing file */
         if (bs != overlay_bs) {
             error_setg(errp, "Cannot change backing link if '%s' has "
@@ -4544,9 +4482,11 @@ static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
             return -EPERM;
         }
         reopen_state->replace_backing_bs = true;
-        if (new_backing_bs) {
-            bdrv_ref(new_backing_bs);
-            reopen_state->new_backing_bs = new_backing_bs;
+        reopen_state->old_backing_bs = bs->backing ? bs->backing->bs : NULL;
+        ret = bdrv_set_backing_noperm(bs, new_backing_bs, set_backings_tran,
+                                      errp);
+        if (ret < 0) {
+            return ret;
         }
     }
 
@@ -4571,7 +4511,8 @@ static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
  *
  */
 static int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
-                               BlockReopenQueue *queue, Error **errp)
+                               BlockReopenQueue *queue,
+                               Transaction *set_backings_tran, Error **errp)
 {
     int ret = -1;
     int old_flags;
@@ -4638,10 +4579,6 @@ static int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
         goto error;
     }
 
-    /* Calculate required permissions after reopening */
-    bdrv_reopen_perm(queue, reopen_state->bs,
-                     &reopen_state->perm, &reopen_state->shared_perm);
-
     if (drv->bdrv_reopen_prepare) {
         /*
          * If a driver-specific option is missing, it means that we
@@ -4695,7 +4632,7 @@ static int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
      * either a reference to an existing node (using its node name)
      * or NULL to simply detach the current backing file.
      */
-    ret = bdrv_reopen_parse_backing(reopen_state, errp);
+    ret = bdrv_reopen_parse_backing(reopen_state, set_backings_tran, errp);
     if (ret < 0) {
         goto error;
     }
@@ -4817,22 +4754,6 @@ static void bdrv_reopen_commit(BDRVReopenState *reopen_state)
         qdict_del(bs->explicit_options, child->name);
         qdict_del(bs->options, child->name);
     }
-
-    /*
-     * Change the backing file if a new one was specified. We do this
-     * after updating bs->options, so bdrv_refresh_filename() (called
-     * from bdrv_set_backing_hd()) has the new values.
-     */
-    if (reopen_state->replace_backing_bs) {
-        BlockDriverState *old_backing_bs = child_bs(bs->backing);
-        assert(!old_backing_bs || !old_backing_bs->implicit);
-        /* Abort the permission update on the backing bs we're detaching */
-        if (old_backing_bs) {
-            bdrv_abort_perm_update(old_backing_bs);
-        }
-        bdrv_set_backing_hd(bs, reopen_state->new_backing_bs, &error_abort);
-    }
-
     bdrv_refresh_limits(bs, NULL, NULL);
 }
 
diff --git a/block/file-posix.c b/block/file-posix.c
index 05079b40ca..7b7e63cfa9 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -175,7 +175,6 @@ typedef struct BDRVRawState {
 } BDRVRawState;
 
 typedef struct BDRVRawReopenState {
-    int fd;
     int open_flags;
     bool drop_cache;
     bool check_cache_dropped;
@@ -1080,7 +1079,6 @@ static int raw_reopen_prepare(BDRVReopenState *state,
     BDRVRawReopenState *rs;
     QemuOpts *opts;
     int ret;
-    Error *local_err = NULL;
 
     assert(state != NULL);
     assert(state->bs != NULL);
@@ -1106,32 +1104,18 @@ static int raw_reopen_prepare(BDRVReopenState *state,
      * bdrv_reopen_prepare() will detect changes and complain. */
     qemu_opts_to_qdict(opts, state->options);
 
-    rs->fd = raw_reconfigure_getfd(state->bs, state->flags, &rs->open_flags,
-                                   state->perm, true, &local_err);
-    if (local_err) {
-        error_propagate(errp, local_err);
-        ret = -1;
-        goto out;
-    }
-
-    /* Fail already reopen_prepare() if we can't get a working O_DIRECT
-     * alignment with the new fd. */
-    if (rs->fd != -1) {
-        raw_probe_alignment(state->bs, rs->fd, &local_err);
-        if (local_err) {
-            error_propagate(errp, local_err);
-            ret = -EINVAL;
-            goto out_fd;
-        }
-    }
+    /*
+     * As part of reopen prepare we also want to create new fd by
+     * raw_reconfigure_getfd(). But it wants updated "perm", when in
+     * bdrv_reopen_multiple() .bdrv_reopen_prepare() callback called prior to
+     * permission update. Happily, permission update is always a part (a seprate
+     * stage) of bdrv_reopen_multiple() so we can rely on this fact and
+     * reconfigure fd in raw_check_perm().
+     */
 
     s->reopen_state = state;
     ret = 0;
-out_fd:
-    if (ret < 0) {
-        qemu_close(rs->fd);
-        rs->fd = -1;
-    }
+
 out:
     qemu_opts_del(opts);
     return ret;
@@ -1145,10 +1129,6 @@ static void raw_reopen_commit(BDRVReopenState *state)
     s->drop_cache = rs->drop_cache;
     s->check_cache_dropped = rs->check_cache_dropped;
     s->open_flags = rs->open_flags;
-
-    qemu_close(s->fd);
-    s->fd = rs->fd;
-
     g_free(state->opaque);
     state->opaque = NULL;
 
@@ -1167,10 +1147,6 @@ static void raw_reopen_abort(BDRVReopenState *state)
         return;
     }
 
-    if (rs->fd >= 0) {
-        qemu_close(rs->fd);
-        rs->fd = -1;
-    }
     g_free(state->opaque);
     state->opaque = NULL;
 
@@ -3078,39 +3054,30 @@ static int raw_check_perm(BlockDriverState *bs, uint64_t perm, uint64_t shared,
                           Error **errp)
 {
     BDRVRawState *s = bs->opaque;
-    BDRVRawReopenState *rs = NULL;
+    int input_flags = s->reopen_state ? s->reopen_state->flags : bs->open_flags;
     int open_flags;
     int ret;
 
-    if (s->perm_change_fd) {
+    /* We may need a new fd if auto-read-only switches the mode */
+    ret = raw_reconfigure_getfd(bs, input_flags, &open_flags, perm,
+                                false, errp);
+    if (ret < 0) {
+        return ret;
+    } else if (ret != s->fd) {
+        Error *local_err = NULL;
+
         /*
-         * In the context of reopen, this function may be called several times
-         * (directly and recursively while change permissions of the parent).
-         * This is even true for children that don't inherit from the original
-         * reopen node, so s->reopen_state is not set.
-         *
-         * Ignore all but the first call.
+         * Fail already check_perm() if we can't get a working O_DIRECT
+         * alignment with the new fd.
          */
-        return 0;
-    }
-
-    if (s->reopen_state) {
-        /* We already have a new file descriptor to set permissions for */
-        assert(s->reopen_state->perm == perm);
-        assert(s->reopen_state->shared_perm == shared);
-        rs = s->reopen_state->opaque;
-        s->perm_change_fd = rs->fd;
-        s->perm_change_flags = rs->open_flags;
-    } else {
-        /* We may need a new fd if auto-read-only switches the mode */
-        ret = raw_reconfigure_getfd(bs, bs->open_flags, &open_flags, perm,
-                                    false, errp);
-        if (ret < 0) {
-            return ret;
-        } else if (ret != s->fd) {
-            s->perm_change_fd = ret;
-            s->perm_change_flags = open_flags;
+        raw_probe_alignment(bs, ret, &local_err);
+        if (local_err) {
+            error_propagate(errp, local_err);
+            return -EINVAL;
         }
+
+        s->perm_change_fd = ret;
+        s->perm_change_flags = open_flags;
     }
 
     /* Prepare permissions on old fd to avoid conflicts between old and new,
@@ -3132,7 +3099,7 @@ static int raw_check_perm(BlockDriverState *bs, uint64_t perm, uint64_t shared,
     return 0;
 
 fail:
-    if (s->perm_change_fd && !s->reopen_state) {
+    if (s->perm_change_fd) {
         qemu_close(s->perm_change_fd);
     }
     s->perm_change_fd = 0;
@@ -3163,7 +3130,7 @@ static void raw_abort_perm_update(BlockDriverState *bs)
 
     /* For reopen, .bdrv_reopen_abort is called afterwards and will close
      * the file descriptor. */
-    if (s->perm_change_fd && !s->reopen_state) {
+    if (s->perm_change_fd) {
         qemu_close(s->perm_change_fd);
     }
     s->perm_change_fd = 0;
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 31/36] block: drop unused permission update functions
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (29 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 30/36] block: bdrv_reopen_multiple: refresh permissions on updated graph Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 32/36] block: inline bdrv_check_perm_common() Vladimir Sementsov-Ogievskiy
                   ` (7 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 103 --------------------------------------------------------
 1 file changed, 103 deletions(-)

diff --git a/block.c b/block.c
index 53a8af301a..b39e6455b2 100644
--- a/block.c
+++ b/block.c
@@ -1953,11 +1953,6 @@ static int bdrv_fill_options(QDict **options, const char *filename,
     return 0;
 }
 
-static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
-                                  uint64_t new_used_perm,
-                                  uint64_t new_shared_perm,
-                                  Error **errp);
-
 typedef struct BlockReopenQueueEntry {
      bool prepared;
      bool perms_checked;
@@ -2392,56 +2387,12 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
     return 0;
 }
 
-static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
-                           uint64_t cumulative_perms,
-                           uint64_t cumulative_shared_perms, Error **errp)
-{
-    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
-    return bdrv_check_perm_common(list, q, true, cumulative_perms,
-                                  cumulative_shared_perms, NULL, errp);
-}
-
 static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
                                    Transaction *tran, Error **errp)
 {
     return bdrv_check_perm_common(list, q, false, 0, 0, tran, errp);
 }
 
-/*
- * Notifies drivers that after a previous bdrv_check_perm() call, the
- * permission update is not performed and any preparations made for it (e.g.
- * taken file locks) need to be undone.
- */
-static void bdrv_node_abort_perm_update(BlockDriverState *bs)
-{
-    BlockDriver *drv = bs->drv;
-    BdrvChild *c;
-
-    if (!drv) {
-        return;
-    }
-
-    bdrv_drv_set_perm_abort(bs);
-
-    QLIST_FOREACH(c, &bs->children, next) {
-        bdrv_child_set_perm_abort(c);
-    }
-}
-
-static void bdrv_list_abort_perm_update(GSList *list)
-{
-    for ( ; list; list = list->next) {
-        bdrv_node_abort_perm_update((BlockDriverState *)list->data);
-    }
-}
-
-__attribute__((unused))
-static void bdrv_abort_perm_update(BlockDriverState *bs)
-{
-    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
-    return bdrv_list_abort_perm_update(list);
-}
-
 static void bdrv_node_set_perm(BlockDriverState *bs)
 {
     BlockDriver *drv = bs->drv;
@@ -2523,60 +2474,6 @@ char *bdrv_perm_names(uint64_t perm)
     return g_string_free(result, FALSE);
 }
 
-/*
- * Checks whether a new reference to @bs can be added if the new user requires
- * @new_used_perm/@new_shared_perm as its permissions. If @ignore_children is
- * set, the BdrvChild objects in this list are ignored in the calculations;
- * this allows checking permission updates for an existing reference.
- *
- * Needs to be followed by a call to either bdrv_set_perm() or
- * bdrv_abort_perm_update(). */
-__attribute__((unused))
-static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
-                                  uint64_t new_used_perm,
-                                  uint64_t new_shared_perm,
-                                  Error **errp)
-{
-    BdrvChild *c;
-    uint64_t cumulative_perms = new_used_perm;
-    uint64_t cumulative_shared_perms = new_shared_perm;
-
-
-    /* There is no reason why anyone couldn't tolerate write_unchanged */
-    assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
-
-    QLIST_FOREACH(c, &bs->parents, next_parent) {
-        if ((new_used_perm & c->shared_perm) != new_used_perm) {
-            char *user = bdrv_child_user_desc(c);
-            char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
-
-            error_setg(errp, "Conflicts with use by %s as '%s', which does not "
-                             "allow '%s' on %s",
-                       user, c->name, perm_names, bdrv_get_node_name(c->bs));
-            g_free(user);
-            g_free(perm_names);
-            return -EPERM;
-        }
-
-        if ((c->perm & new_shared_perm) != c->perm) {
-            char *user = bdrv_child_user_desc(c);
-            char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
-
-            error_setg(errp, "Conflicts with use by %s as '%s', which uses "
-                             "'%s' on %s",
-                       user, c->name, perm_names, bdrv_get_node_name(c->bs));
-            g_free(user);
-            g_free(perm_names);
-            return -EPERM;
-        }
-
-        cumulative_perms |= c->perm;
-        cumulative_shared_perms &= c->shared_perm;
-    }
-
-    return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
-                           errp);
-}
 
 static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
 {
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 32/36] block: inline bdrv_check_perm_common()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (30 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 31/36] block: drop unused permission update functions Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 33/36] block: inline bdrv_replace_child() Vladimir Sementsov-Ogievskiy
                   ` (6 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

bdrv_check_perm_common() has only one caller, so no more sense in
"common".

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 32 +++-----------------------------
 1 file changed, 3 insertions(+), 29 deletions(-)

diff --git a/block.c b/block.c
index b39e6455b2..29e00c4708 100644
--- a/block.c
+++ b/block.c
@@ -2339,33 +2339,13 @@ static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
     return 0;
 }
 
-/*
- * If use_cumulative_perms is true, use cumulative_perms and
- * cumulative_shared_perms for first element of the list. Otherwise just refresh
- * all permissions.
- */
-static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
-                                  bool use_cumulative_perms,
-                                  uint64_t cumulative_perms,
-                                  uint64_t cumulative_shared_perms,
-                                  Transaction *tran, Error **errp)
+static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
+                                   Transaction *tran, Error **errp)
 {
     int ret;
+    uint64_t cumulative_perms, cumulative_shared_perms;
     BlockDriverState *bs;
 
-    if (use_cumulative_perms) {
-        bs = list->data;
-
-        ret = bdrv_node_check_perm(bs, q, cumulative_perms,
-                                   cumulative_shared_perms,
-                                   tran, errp);
-        if (ret < 0) {
-            return ret;
-        }
-
-        list = list->next;
-    }
-
     for ( ; list; list = list->next) {
         bs = list->data;
 
@@ -2387,12 +2367,6 @@ static int bdrv_check_perm_common(GSList *list, BlockReopenQueue *q,
     return 0;
 }
 
-static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
-                                   Transaction *tran, Error **errp)
-{
-    return bdrv_check_perm_common(list, q, false, 0, 0, tran, errp);
-}
-
 static void bdrv_node_set_perm(BlockDriverState *bs)
 {
     BlockDriver *drv = bs->drv;
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 33/36] block: inline bdrv_replace_child()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (31 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 32/36] block: inline bdrv_check_perm_common() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 34/36] block: refactor bdrv_child_set_perm_safe() transaction action Vladimir Sementsov-Ogievskiy
                   ` (5 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

bdrv_replace_child() has only one caller, the second argument is
unused. Inline it now. This triggers deletion of some more unused
interfaces.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 101 ++++++++++----------------------------------------------
 1 file changed, 18 insertions(+), 83 deletions(-)

diff --git a/block.c b/block.c
index 29e00c4708..707a8a7f8c 100644
--- a/block.c
+++ b/block.c
@@ -2367,42 +2367,6 @@ static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
     return 0;
 }
 
-static void bdrv_node_set_perm(BlockDriverState *bs)
-{
-    BlockDriver *drv = bs->drv;
-    BdrvChild *c;
-
-    if (!drv) {
-        return;
-    }
-
-    bdrv_drv_set_perm_commit(bs);
-
-    /* Drivers that never have children can omit .bdrv_child_perm() */
-    if (!drv->bdrv_child_perm) {
-        assert(QLIST_EMPTY(&bs->children));
-        return;
-    }
-
-    /* Update all children */
-    QLIST_FOREACH(c, &bs->children, next) {
-        bdrv_child_set_perm_commit(c);
-    }
-}
-
-static void bdrv_list_set_perm(GSList *list)
-{
-    for ( ; list; list = list->next) {
-        bdrv_node_set_perm((BlockDriverState *)list->data);
-    }
-}
-
-static void bdrv_set_perm(BlockDriverState *bs)
-{
-    g_autoptr(GSList) list = bdrv_topological_dfs(NULL, NULL, bs);
-    return bdrv_list_set_perm(list);
-}
-
 void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
                               uint64_t *shared_perm)
 {
@@ -2742,52 +2706,6 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
     }
 }
 
-/*
- * Updates @child to change its reference to point to @new_bs, including
- * checking and applying the necessary permission updates both to the old node
- * and to @new_bs.
- *
- * NULL is passed as @new_bs for removing the reference before freeing @child.
- *
- * If @new_bs is not NULL, bdrv_check_perm() must be called beforehand, as this
- * function uses bdrv_set_perm() to update the permissions according to the new
- * reference that @new_bs gets.
- *
- * Callers must ensure that child->frozen is false.
- */
-static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
-{
-    BlockDriverState *old_bs = child->bs;
-
-    /* Asserts that child->frozen == false */
-    bdrv_replace_child_noperm(child, new_bs);
-
-    /*
-     * Start with the new node's permissions.  If @new_bs is a (direct
-     * or indirect) child of @old_bs, we must complete the permission
-     * update on @new_bs before we loosen the restrictions on @old_bs.
-     * Otherwise, bdrv_check_perm() on @old_bs would re-initiate
-     * updating the permissions of @new_bs, and thus not purely loosen
-     * restrictions.
-     */
-    if (new_bs) {
-        bdrv_set_perm(new_bs);
-    }
-
-    if (old_bs) {
-        /*
-         * Update permissions for old node. We're just taking a parent away, so
-         * we're loosening restrictions. Errors of permission update are not
-         * fatal in this case, ignore them.
-         */
-        bdrv_refresh_perms(old_bs, NULL);
-
-        /* When the parent requiring a non-default AioContext is removed, the
-         * node moves back to the main AioContext */
-        bdrv_try_set_aio_context(old_bs, qemu_get_aio_context(), NULL);
-    }
-}
-
 static void bdrv_child_free(void *opaque)
 {
     BdrvChild *c = opaque;
@@ -2954,8 +2872,25 @@ static int bdrv_attach_child_noperm(BlockDriverState *parent_bs,
 
 static void bdrv_detach_child(BdrvChild *child)
 {
-    bdrv_replace_child(child, NULL);
+    BlockDriverState *old_bs = child->bs;
+
+    bdrv_replace_child_noperm(child, NULL);
     bdrv_remove_empty_child(child);
+
+    if (old_bs) {
+        /*
+         * Update permissions for old node. We're just taking a parent away, so
+         * we're loosening restrictions. Errors of permission update are not
+         * fatal in this case, ignore them.
+         */
+        bdrv_refresh_perms(old_bs, NULL);
+
+        /*
+         * When the parent requiring a non-default AioContext is removed, the
+         * node moves back to the main AioContext
+         */
+        bdrv_try_set_aio_context(old_bs, qemu_get_aio_context(), NULL);
+    }
 }
 
 /*
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 34/36] block: refactor bdrv_child_set_perm_safe() transaction action
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (32 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 33/36] block: inline bdrv_replace_child() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 35/36] block: rename bdrv_replace_child_safe() to bdrv_replace_child() Vladimir Sementsov-Ogievskiy
                   ` (4 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Old interfaces dropped, nobody directly calls
bdrv_child_set_perm_abort() and bdrv_child_set_perm_commit(), so we can
use personal state structure for the action and stop exploiting
BdrvChild structure. Also, drop "_safe" suffix which is redundant now.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 include/block/block_int.h |  5 ----
 block.c                   | 63 ++++++++++++++-------------------------
 2 files changed, 22 insertions(+), 46 deletions(-)

diff --git a/include/block/block_int.h b/include/block/block_int.h
index dd2de6bd1d..c823f5b1b3 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -813,11 +813,6 @@ struct BdrvChild {
      */
     uint64_t shared_perm;
 
-    /* backup of permissions during permission update procedure */
-    bool has_backup_perm;
-    uint64_t backup_perm;
-    uint64_t backup_shared_perm;
-
     /*
      * This link is frozen: the child can neither be replaced nor
      * detached from the parent.
diff --git a/block.c b/block.c
index 707a8a7f8c..b7cded9826 100644
--- a/block.c
+++ b/block.c
@@ -2101,59 +2101,40 @@ static GSList *bdrv_topological_dfs(GSList *list, GHashTable *found,
     return g_slist_prepend(list, bs);
 }
 
-static void bdrv_child_set_perm_commit(void *opaque)
-{
-    BdrvChild *c = opaque;
-
-    c->has_backup_perm = false;
-}
+typedef struct BdrvChildSetPermState {
+    BdrvChild *child;
+    uint64_t old_perm;
+    uint64_t old_shared_perm;
+} BdrvChildSetPermState;
 
 static void bdrv_child_set_perm_abort(void *opaque)
 {
-    BdrvChild *c = opaque;
-    /*
-     * We may have child->has_backup_perm unset at this point, as in case of
-     * _check_ stage of permission update failure we may _check_ not the whole
-     * subtree.  Still, _abort_ is called on the whole subtree anyway.
-     */
-    if (c->has_backup_perm) {
-        c->perm = c->backup_perm;
-        c->shared_perm = c->backup_shared_perm;
-        c->has_backup_perm = false;
-    }
+    BdrvChildSetPermState *s = opaque;
+
+    s->child->perm = s->old_perm;
+    s->child->shared_perm = s->old_shared_perm;
 }
 
 static TransactionActionDrv bdrv_child_set_pem_drv = {
     .abort = bdrv_child_set_perm_abort,
-    .commit = bdrv_child_set_perm_commit,
+    .clean = g_free,
 };
 
-/*
- * With tran=NULL needs to be followed by direct call to either
- * bdrv_child_set_perm_commit() or bdrv_child_set_perm_abort().
- *
- * With non-NULL tran needs to be followed by tran_abort() or tran_commit()
- * instead.
- */
-static void bdrv_child_set_perm_safe(BdrvChild *c, uint64_t perm,
-                                     uint64_t shared, Transaction *tran)
+static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm,
+                                uint64_t shared, Transaction *tran)
 {
-    if (!c->has_backup_perm) {
-        c->has_backup_perm = true;
-        c->backup_perm = c->perm;
-        c->backup_shared_perm = c->shared_perm;
-    }
-    /*
-     * Note: it's OK if c->has_backup_perm was already set, as we can find the
-     * same c twice during check_perm procedure
-     */
+    BdrvChildSetPermState *s = g_new(BdrvChildSetPermState, 1);
+
+    *s = (BdrvChildSetPermState) {
+        .child = c,
+        .old_perm = c->perm,
+        .old_shared_perm = c->shared_perm,
+    };
 
     c->perm = perm;
     c->shared_perm = shared;
 
-    if (tran) {
-        tran_add(tran, &bdrv_child_set_pem_drv, c);
-    }
+    tran_add(tran, &bdrv_child_set_pem_drv, s);
 }
 
 static void bdrv_drv_set_perm_commit(void *opaque)
@@ -2333,7 +2314,7 @@ static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
         bdrv_child_perm(bs, c->bs, c, c->role, q,
                         cumulative_perms, cumulative_shared_perms,
                         &cur_perm, &cur_shared);
-        bdrv_child_set_perm_safe(c, cur_perm, cur_shared, tran);
+        bdrv_child_set_perm(c, cur_perm, cur_shared, tran);
     }
 
     return 0;
@@ -2432,7 +2413,7 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
     Transaction *tran = tran_new();
     int ret;
 
-    bdrv_child_set_perm_safe(c, perm, shared, tran);
+    bdrv_child_set_perm(c, perm, shared, tran);
 
     ret = bdrv_refresh_perms(c->bs, &local_err);
 
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 35/36] block: rename bdrv_replace_child_safe() to bdrv_replace_child()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (33 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 34/36] block: refactor bdrv_child_set_perm_safe() transaction action Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 14:35 ` [PATCH v3 36/36] block: refactor bdrv_node_check_perm() Vladimir Sementsov-Ogievskiy
                   ` (3 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

We don't have bdrv_replace_child(), so it's time for
bdrv_replace_child_safe() to take its place.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/block.c b/block.c
index b7cded9826..b61ac9ff19 100644
--- a/block.c
+++ b/block.c
@@ -2214,12 +2214,12 @@ static TransactionActionDrv bdrv_replace_child_drv = {
 };
 
 /*
- * bdrv_replace_child_safe
+ * bdrv_replace_child
  *
  * Note: real unref of old_bs is done only on commit.
  */
-static void bdrv_replace_child_safe(BdrvChild *child, BlockDriverState *new_bs,
-                                    Transaction *tran)
+static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs,
+                               Transaction *tran)
 {
     BdrvReplaceChildState *s = g_new(BdrvReplaceChildState, 1);
     *s = (BdrvReplaceChildState) {
@@ -4762,7 +4762,7 @@ static void bdrv_remove_filter_or_cow_child(BlockDriverState *bs,
     }
 
     if (child->bs) {
-        bdrv_replace_child_safe(child, NULL, tran);
+        bdrv_replace_child(child, NULL, tran);
     }
 
     s = g_new(BdrvRemoveFilterOrCowChild, 1);
@@ -4802,7 +4802,7 @@ static int bdrv_replace_node_noperm(BlockDriverState *from,
                        c->name, from->node_name);
             return -EPERM;
         }
-        bdrv_replace_child_safe(c, to, tran);
+        bdrv_replace_child(c, to, tran);
     }
 
     return 0;
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH v3 36/36] block: refactor bdrv_node_check_perm()
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (34 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 35/36] block: rename bdrv_replace_child_safe() to bdrv_replace_child() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 14:35 ` Vladimir Sementsov-Ogievskiy
  2021-03-17 15:21 ` [PATCH v3 00/36] block: update graph permissions update no-reply
                   ` (2 subsequent siblings)
  38 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 14:35 UTC (permalink / raw)
  To: qemu-block
  Cc: qemu-devel, armbru, fam, stefanha, vsementsov, jsnow, mreitz, kwolf

Now, bdrv_node_check_perm() is called only with fresh cumulative
permissions, so its actually "refresh_perm".

Move permission calculation to the function. Also, drop unreachable
error message and rewrite the remaining one to be more generic (as now
we don't know which node is added and which was already here).

Add also Virtuozzo copyright, as big work is done at this point.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
 block.c                | 38 +++++++++++---------------------------
 tests/qemu-iotests/245 |  2 +-
 2 files changed, 12 insertions(+), 28 deletions(-)

diff --git a/block.c b/block.c
index b61ac9ff19..95d8246d92 100644
--- a/block.c
+++ b/block.c
@@ -2,6 +2,7 @@
  * QEMU System Emulator block driver
  *
  * Copyright (c) 2003 Fabrice Bellard
+ * Copyright (c) 2020 Virtuozzo International GmbH.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -2236,22 +2237,18 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs,
 }
 
 /*
- * Check whether permissions on this node can be changed in a way that
- * @cumulative_perms and @cumulative_shared_perms are the new cumulative
- * permissions of all its parents. This involves checking whether all necessary
- * permission changes to child nodes can be performed.
- *
- * A call to this function must always be followed by a call to bdrv_set_perm()
- * or bdrv_abort_perm_update().
+ * Refresh permissions in @bs subtree. The function is intended to be called
+ * after some graph modification that was done without permission update.
  */
-static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
-                                uint64_t cumulative_perms,
-                                uint64_t cumulative_shared_perms,
-                                Transaction *tran, Error **errp)
+static int bdrv_node_refresh_perm(BlockDriverState *bs, BlockReopenQueue *q,
+                                  Transaction *tran, Error **errp)
 {
     BlockDriver *drv = bs->drv;
     BdrvChild *c;
     int ret;
+    uint64_t cumulative_perms, cumulative_shared_perms;
+
+    bdrv_get_cumulative_perm(bs, &cumulative_perms, &cumulative_shared_perms);
 
     /* Write permissions never work with read-only images */
     if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
@@ -2260,15 +2257,8 @@ static int bdrv_node_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
         if (!bdrv_is_writable_after_reopen(bs, NULL)) {
             error_setg(errp, "Block node is read-only");
         } else {
-            uint64_t current_perms, current_shared;
-            bdrv_get_cumulative_perm(bs, &current_perms, &current_shared);
-            if (current_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) {
-                error_setg(errp, "Cannot make block node read-only, there is "
-                           "a writer on it");
-            } else {
-                error_setg(errp, "Cannot make block node read-only and create "
-                           "a writer on it");
-            }
+            error_setg(errp, "Read-only block node '%s' cannot support "
+                       "read-write users", bdrv_get_node_name(bs));
         }
 
         return -EPERM;
@@ -2324,7 +2314,6 @@ static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
                                    Transaction *tran, Error **errp)
 {
     int ret;
-    uint64_t cumulative_perms, cumulative_shared_perms;
     BlockDriverState *bs;
 
     for ( ; list; list = list->next) {
@@ -2334,12 +2323,7 @@ static int bdrv_list_refresh_perms(GSList *list, BlockReopenQueue *q,
             return -EINVAL;
         }
 
-        bdrv_get_cumulative_perm(bs, &cumulative_perms,
-                                 &cumulative_shared_perms);
-
-        ret = bdrv_node_check_perm(bs, q, cumulative_perms,
-                                   cumulative_shared_perms,
-                                   tran, errp);
+        ret = bdrv_node_refresh_perm(bs, q, tran, errp);
         if (ret < 0) {
             return ret;
         }
diff --git a/tests/qemu-iotests/245 b/tests/qemu-iotests/245
index 11104b9208..fc5297e268 100755
--- a/tests/qemu-iotests/245
+++ b/tests/qemu-iotests/245
@@ -905,7 +905,7 @@ class TestBlockdevReopen(iotests.QMPTestCase):
         # We can't reopen hd1 to read-only, as block-stream requires it to be
         # read-write
         self.reopen(opts['backing'], {'read-only': True},
-                    "Cannot make block node read-only, there is a writer on it")
+                    "Read-only block node 'hd1' cannot support read-write users")
 
         # We can't remove hd2 while the stream job is ongoing
         opts['backing']['backing'] = None
-- 
2.29.2



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (35 preceding siblings ...)
  2021-03-17 14:35 ` [PATCH v3 36/36] block: refactor bdrv_node_check_perm() Vladimir Sementsov-Ogievskiy
@ 2021-03-17 15:21 ` no-reply
  2021-03-17 15:38   ` Vladimir Sementsov-Ogievskiy
  2021-04-23 16:16 ` Kevin Wolf
  2021-04-28 11:28 ` Kevin Wolf
  38 siblings, 1 reply; 62+ messages in thread
From: no-reply @ 2021-03-17 15:21 UTC (permalink / raw)
  To: vsementsov
  Cc: fam, kwolf, vsementsov, qemu-block, qemu-devel, armbru, stefanha,
	mreitz, jsnow

Patchew URL: https://patchew.org/QEMU/20210317143529.615584-1-vsementsov@virtuozzo.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210317143529.615584-1-vsementsov@virtuozzo.com
Subject: [PATCH v3 00/36] block: update graph permissions update

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]         patchew/20210317143529.615584-1-vsementsov@virtuozzo.com -> patchew/20210317143529.615584-1-vsementsov@virtuozzo.com
Switched to a new branch 'test'
ac26c21 block: refactor bdrv_node_check_perm()
7171293 block: rename bdrv_replace_child_safe() to bdrv_replace_child()
9430fba block: refactor bdrv_child_set_perm_safe() transaction action
2386ee1 block: inline bdrv_replace_child()
41c9fc1 block: inline bdrv_check_perm_common()
0d06ade block: drop unused permission update functions
72e8fe6 block: bdrv_reopen_multiple: refresh permissions on updated graph
b7f3a63 block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare
b9278b8 block: add bdrv_set_backing_noperm() transaction action
44f6e69 block: make bdrv_refresh_limits() to be a transaction action
a671d58 block: make bdrv_unset_inherits_from to be a transaction action
aa9e316 block: drop ignore_children for permission update functions
6e17bb7 block/backup-top: drop .active
7292e37 block: introduce bdrv_drop_filter()
9e7ce4f block: add bdrv_remove_filter_or_cow transaction action
a5f3a81 block: adapt bdrv_append() for inserting filters
ba82bea block: split out bdrv_replace_node_noperm()
4c97817 block: add bdrv_attach_child_noperm() transaction action
4a4e038 block: add bdrv_attach_child_common() transaction action
a864516 block: fix bdrv_replace_node_common
ce2b5ee block: add bdrv_replace_child_safe() transaction action
0b5ce80 block: add bdrv_list_* permission update functions
5380bbb block: add bdrv_drv_set_perm transaction action
965e80a block: use topological sort for permission update
35d94b7 block: inline bdrv_child_*() permission functions calls
84f3087 block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms()
9eb28b7 block: refactor bdrv_child* permission functions
0c068cb block: bdrv_refresh_perms: check for parents permissions conflict
23d55e7 util: add transactions.c
68189c0 block: make bdrv_reopen_{prepare, commit, abort} private
5780b80 block: drop ctx argument from bdrv_root_attach_child
34f4c11 block: BdrvChildClass: add .get_parent_aio_context handler
e79d608 block: bdrv_append(): don't consume reference
87c292c tests/test-bdrv-graph-mod: add test_append_greedy_filter
381fa0c tests/test-bdrv-graph-mod: add test_parallel_perm_update
6df2206 tests/test-bdrv-graph-mod: add test_parallel_exclusive_write

=== OUTPUT BEGIN ===
1/36 Checking commit 6df2206946ee (tests/test-bdrv-graph-mod: add test_parallel_exclusive_write)
2/36 Checking commit 381fa0c5db90 (tests/test-bdrv-graph-mod: add test_parallel_perm_update)
3/36 Checking commit 87c292ca6696 (tests/test-bdrv-graph-mod: add test_append_greedy_filter)
4/36 Checking commit e79d608e8fad (block: bdrv_append(): don't consume reference)
5/36 Checking commit 34f4c11ddd7e (block: BdrvChildClass: add .get_parent_aio_context handler)
6/36 Checking commit 5780b805277e (block: drop ctx argument from bdrv_root_attach_child)
7/36 Checking commit 68189c099a3a (block: make bdrv_reopen_{prepare, commit, abort} private)
ERROR: Author email address is mangled by the mailing list
#2: 
Author: Vladimir Sementsov-Ogievskiy via <qemu-devel@nongnu.org>

total: 1 errors, 0 warnings, 47 lines checked

Patch 7/36 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

8/36 Checking commit 23d55e73e0fa (util: add transactions.c)
9/36 Checking commit 0c068cb2d8be (block: bdrv_refresh_perms: check for parents permissions conflict)
10/36 Checking commit 9eb28b73ad7b (block: refactor bdrv_child* permission functions)
11/36 Checking commit 84f3087f8300 (block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms())
12/36 Checking commit 35d94b79e054 (block: inline bdrv_child_*() permission functions calls)
13/36 Checking commit 965e80af7b29 (block: use topological sort for permission update)
14/36 Checking commit 5380bbbb08b6 (block: add bdrv_drv_set_perm transaction action)
15/36 Checking commit 0b5ce8030a8f (block: add bdrv_list_* permission update functions)
16/36 Checking commit ce2b5ee8b20f (block: add bdrv_replace_child_safe() transaction action)
17/36 Checking commit a864516ae0f0 (block: fix bdrv_replace_node_common)
18/36 Checking commit 4a4e0386113f (block: add bdrv_attach_child_common() transaction action)
19/36 Checking commit 4c97817d23f8 (block: add bdrv_attach_child_noperm() transaction action)
20/36 Checking commit ba82bea53db2 (block: split out bdrv_replace_node_noperm())
21/36 Checking commit a5f3a81b5ad0 (block: adapt bdrv_append() for inserting filters)
22/36 Checking commit 9e7ce4f4dea2 (block: add bdrv_remove_filter_or_cow transaction action)
23/36 Checking commit 7292e37fb647 (block: introduce bdrv_drop_filter())
24/36 Checking commit 6e17bb7b248a (block/backup-top: drop .active)
25/36 Checking commit aa9e316c665f (block: drop ignore_children for permission update functions)
26/36 Checking commit a671d58d46da (block: make bdrv_unset_inherits_from to be a transaction action)
27/36 Checking commit 44f6e69305b1 (block: make bdrv_refresh_limits() to be a transaction action)
28/36 Checking commit b9278b83c02b (block: add bdrv_set_backing_noperm() transaction action)
29/36 Checking commit b7f3a63e844d (block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare)
30/36 Checking commit 72e8fe6a54ba (block: bdrv_reopen_multiple: refresh permissions on updated graph)
31/36 Checking commit 0d06ade388bb (block: drop unused permission update functions)
32/36 Checking commit 41c9fc136083 (block: inline bdrv_check_perm_common())
33/36 Checking commit 2386ee1e39eb (block: inline bdrv_replace_child())
34/36 Checking commit 9430fba2337b (block: refactor bdrv_child_set_perm_safe() transaction action)
35/36 Checking commit 71712939d665 (block: rename bdrv_replace_child_safe() to bdrv_replace_child())
36/36 Checking commit ac26c210743e (block: refactor bdrv_node_check_perm())
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20210317143529.615584-1-vsementsov@virtuozzo.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 15:21 ` [PATCH v3 00/36] block: update graph permissions update no-reply
@ 2021-03-17 15:38   ` Vladimir Sementsov-Ogievskiy
  2021-03-17 17:33     ` Eric Blake
  0 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-17 15:38 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-block, armbru, fam, stefanha, jsnow, mreitz, kwolf

17.03.2021 18:21, no-reply@patchew.org wrote:
> Patchew URL: https://patchew.org/QEMU/20210317143529.615584-1-vsementsov@virtuozzo.com/
> 
> 
> 
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Type: series
> Message-id: 20210317143529.615584-1-vsementsov@virtuozzo.com
> Subject: [PATCH v3 00/36] block: update graph permissions update
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git rev-parse base > /dev/null || exit 0
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
>  From https://github.com/patchew-project/qemu
>   * [new tag]         patchew/20210317143529.615584-1-vsementsov@virtuozzo.com -> patchew/20210317143529.615584-1-vsementsov@virtuozzo.com
> Switched to a new branch 'test'
> ac26c21 block: refactor bdrv_node_check_perm()
> 7171293 block: rename bdrv_replace_child_safe() to bdrv_replace_child()
> 9430fba block: refactor bdrv_child_set_perm_safe() transaction action
> 2386ee1 block: inline bdrv_replace_child()
> 41c9fc1 block: inline bdrv_check_perm_common()
> 0d06ade block: drop unused permission update functions
> 72e8fe6 block: bdrv_reopen_multiple: refresh permissions on updated graph
> b7f3a63 block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare
> b9278b8 block: add bdrv_set_backing_noperm() transaction action
> 44f6e69 block: make bdrv_refresh_limits() to be a transaction action
> a671d58 block: make bdrv_unset_inherits_from to be a transaction action
> aa9e316 block: drop ignore_children for permission update functions
> 6e17bb7 block/backup-top: drop .active
> 7292e37 block: introduce bdrv_drop_filter()
> 9e7ce4f block: add bdrv_remove_filter_or_cow transaction action
> a5f3a81 block: adapt bdrv_append() for inserting filters
> ba82bea block: split out bdrv_replace_node_noperm()
> 4c97817 block: add bdrv_attach_child_noperm() transaction action
> 4a4e038 block: add bdrv_attach_child_common() transaction action
> a864516 block: fix bdrv_replace_node_common
> ce2b5ee block: add bdrv_replace_child_safe() transaction action
> 0b5ce80 block: add bdrv_list_* permission update functions
> 5380bbb block: add bdrv_drv_set_perm transaction action
> 965e80a block: use topological sort for permission update
> 35d94b7 block: inline bdrv_child_*() permission functions calls
> 84f3087 block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms()
> 9eb28b7 block: refactor bdrv_child* permission functions
> 0c068cb block: bdrv_refresh_perms: check for parents permissions conflict
> 23d55e7 util: add transactions.c
> 68189c0 block: make bdrv_reopen_{prepare, commit, abort} private
> 5780b80 block: drop ctx argument from bdrv_root_attach_child
> 34f4c11 block: BdrvChildClass: add .get_parent_aio_context handler
> e79d608 block: bdrv_append(): don't consume reference
> 87c292c tests/test-bdrv-graph-mod: add test_append_greedy_filter
> 381fa0c tests/test-bdrv-graph-mod: add test_parallel_perm_update
> 6df2206 tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
> 
> === OUTPUT BEGIN ===
> 1/36 Checking commit 6df2206946ee (tests/test-bdrv-graph-mod: add test_parallel_exclusive_write)
> 2/36 Checking commit 381fa0c5db90 (tests/test-bdrv-graph-mod: add test_parallel_perm_update)
> 3/36 Checking commit 87c292ca6696 (tests/test-bdrv-graph-mod: add test_append_greedy_filter)
> 4/36 Checking commit e79d608e8fad (block: bdrv_append(): don't consume reference)
> 5/36 Checking commit 34f4c11ddd7e (block: BdrvChildClass: add .get_parent_aio_context handler)
> 6/36 Checking commit 5780b805277e (block: drop ctx argument from bdrv_root_attach_child)
> 7/36 Checking commit 68189c099a3a (block: make bdrv_reopen_{prepare, commit, abort} private)
> ERROR: Author email address is mangled by the mailing list
> #2:
> Author: Vladimir Sementsov-Ogievskiy via <qemu-devel@nongnu.org>
> 

Who know what is it? Commit message, subject and "From:" header are clean in the email..


-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 13/36] block: use topological sort for permission update
  2021-03-17 14:35 ` [PATCH v3 13/36] block: use topological sort for permission update Vladimir Sementsov-Ogievskiy
@ 2021-03-17 16:50   ` Alberto Garcia
  0 siblings, 0 replies; 62+ messages in thread
From: Alberto Garcia @ 2021-03-17 16:50 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-block
  Cc: fam, kwolf, vsementsov, qemu-devel, armbru, stefanha, mreitz, jsnow

On Wed 17 Mar 2021 03:35:06 PM CET, Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> wrote:
> Rewrite bdrv_check_perm(), bdrv_abort_perm_update() and bdrv_set_perm()
> to update nodes in topological sort order instead of simple DFS. With
> topologically sorted nodes, we update a node only when all its parents
> already updated. With DFS it's not so.

This patch does not apply cleanly on the master branch, the branch from
your repository at https://src.openvz.org/scm/~vsementsov/qemu.git does
work fine, however.

Berto


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 15:38   ` Vladimir Sementsov-Ogievskiy
@ 2021-03-17 17:33     ` Eric Blake
  2021-03-17 17:42       ` Eric Blake
  2021-03-18  8:04       ` Vladimir Sementsov-Ogievskiy
  0 siblings, 2 replies; 62+ messages in thread
From: Eric Blake @ 2021-03-17 17:33 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-devel
  Cc: fam, kwolf, qemu-block, armbru, mreitz, stefanha, jsnow

On 3/17/21 10:38 AM, Vladimir Sementsov-Ogievskiy wrote:

>> 6/36 Checking commit 5780b805277e (block: drop ctx argument from
>> bdrv_root_attach_child)
>> 7/36 Checking commit 68189c099a3a (block: make bdrv_reopen_{prepare,
>> commit, abort} private)
>> ERROR: Author email address is mangled by the mailing list
>> #2:
>> Author: Vladimir Sementsov-Ogievskiy via <qemu-devel@nongnu.org>
>>
> 
> Who know what is it? Commit message, subject and "From:" header are
> clean in the email..

The list mangles mails for setups where DKIM/SCP setups are strict
enough that the mail would be rejected by various recipients otherwise.
But I have no idea why the mailing list rewrote the headers for that one
mail, but not the rest of your series - usually, DKIM setups are
persistent enough that it will be an all-or-none conversion to the
entire series.

At any rate, a maintainer can manually fix it for one patch, or you can
resend (if the mailing list keeps mangling headers, you can add a 'From:
' line in the body of your email that will override the mangled header;
but since the list doesn't usually mangle your headers, you may not need
to resort to that).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 17:33     ` Eric Blake
@ 2021-03-17 17:42       ` Eric Blake
  2021-03-18  8:04       ` Vladimir Sementsov-Ogievskiy
  1 sibling, 0 replies; 62+ messages in thread
From: Eric Blake @ 2021-03-17 17:42 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-devel
  Cc: fam, kwolf, qemu-block, armbru, mreitz, stefanha, jsnow

On 3/17/21 12:33 PM, Eric Blake wrote:
> On 3/17/21 10:38 AM, Vladimir Sementsov-Ogievskiy wrote:
> 
>>> 6/36 Checking commit 5780b805277e (block: drop ctx argument from
>>> bdrv_root_attach_child)
>>> 7/36 Checking commit 68189c099a3a (block: make bdrv_reopen_{prepare,
>>> commit, abort} private)
>>> ERROR: Author email address is mangled by the mailing list
>>> #2:
>>> Author: Vladimir Sementsov-Ogievskiy via <qemu-devel@nongnu.org>
>>>
>>
>> Who know what is it? Commit message, subject and "From:" header are
>> clean in the email..
> 
> The list mangles mails for setups where DKIM/SCP setups are strict

Sorry, acronym soup got me confused.  I meant DKIM/ SPF, and DMARC.

> enough that the mail would be rejected by various recipients otherwise.
> But I have no idea why the mailing list rewrote the headers for that one
> mail, but not the rest of your series - usually, DKIM setups are
> persistent enough that it will be an all-or-none conversion to the
> entire series.
> 
> At any rate, a maintainer can manually fix it for one patch, or you can
> resend (if the mailing list keeps mangling headers, you can add a 'From:
> ' line in the body of your email that will override the mangled header;
> but since the list doesn't usually mangle your headers, you may not need
> to resort to that).
> 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 17:33     ` Eric Blake
  2021-03-17 17:42       ` Eric Blake
@ 2021-03-18  8:04       ` Vladimir Sementsov-Ogievskiy
  2021-04-23  8:34         ` Kevin Wolf
  1 sibling, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-03-18  8:04 UTC (permalink / raw)
  To: Eric Blake, qemu-devel
  Cc: qemu-block, armbru, fam, stefanha, jsnow, mreitz, kwolf

17.03.2021 20:33, Eric Blake wrote:
> On 3/17/21 10:38 AM, Vladimir Sementsov-Ogievskiy wrote:
> 
>>> 6/36 Checking commit 5780b805277e (block: drop ctx argument from
>>> bdrv_root_attach_child)
>>> 7/36 Checking commit 68189c099a3a (block: make bdrv_reopen_{prepare,
>>> commit, abort} private)
>>> ERROR: Author email address is mangled by the mailing list
>>> #2:
>>> Author: Vladimir Sementsov-Ogievskiy via <qemu-devel@nongnu.org>
>>>
>>
>> Who know what is it? Commit message, subject and "From:" header are
>> clean in the email..
> 
> The list mangles mails for setups where DKIM/SCP setups are strict
> enough that the mail would be rejected by various recipients otherwise.
> But I have no idea why the mailing list rewrote the headers for that one
> mail, but not the rest of your series - usually, DKIM setups are
> persistent enough that it will be an all-or-none conversion to the
> entire series.
> 
> At any rate, a maintainer can manually fix it for one patch, or you can
> resend (if the mailing list keeps mangling headers, you can add a 'From:
> ' line in the body of your email that will override the mangled header;
> but since the list doesn't usually mangle your headers, you may not need
> to resort to that).
> 

I'm looking at 7/36 in my mailbox, and don't see where is it mangled?

Looking at message source I see clean "From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>", and "qemu-devel@nongnu.org" is only in Cc:.

And I've sent the series by git-email, so emails in thunderbird came from the mailing list in a clean way.

As well, message looks good in the archive: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg06288.html

-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 04/36] block: bdrv_append(): don't consume reference
  2021-03-17 14:34 ` [PATCH v3 04/36] block: bdrv_append(): don't consume reference Vladimir Sementsov-Ogievskiy
@ 2021-04-07 17:46   ` Alberto Garcia
  2021-04-23 14:11   ` Kevin Wolf
  1 sibling, 0 replies; 62+ messages in thread
From: Alberto Garcia @ 2021-04-07 17:46 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-block
  Cc: fam, kwolf, vsementsov, qemu-devel, armbru, stefanha, mreitz, jsnow

On Wed 17 Mar 2021 03:34:57 PM CET, Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> wrote:
> We have too much comments for this feature. It seems better just don't
> do it. Most of real users (tests don't count) have to create additional
> reference.
>
> Drop also comment in external_snapshot_prepare:
>  - bdrv_append doesn't "remove" old bs in common sense, it sounds
>    strange
>  - the fact that bdrv_append can fail is obvious from the context
>  - the fact that we must rollback all changes in transaction abort is
>    known (it's the direct role of abort)
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Reviewed-by: Alberto Garcia <berto@igalia.com>

> @@ -4645,36 +4640,22 @@ int bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
>   * bs_new must not be attached to a BlockBackend.
>   *
>   * This function does not create any image files.
> - *
> - * bdrv_append() takes ownership of a bs_new reference and unrefs it because
> - * that's what the callers commonly need. bs_new will be referenced by the old
> - * parents of bs_top after bdrv_append() returns. If the caller needs to keep a
> - * reference of its own, it must call bdrv_ref().
>   */
>  int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
>                  Error **errp)

You could still mention explicitly that the old parents of @bs_top will
add a new reference to @bs_new.

Berto


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 06/36] block: drop ctx argument from bdrv_root_attach_child
  2021-03-17 14:34 ` [PATCH v3 06/36] block: drop ctx argument from bdrv_root_attach_child Vladimir Sementsov-Ogievskiy
@ 2021-04-12 14:23   ` Alberto Garcia
  0 siblings, 0 replies; 62+ messages in thread
From: Alberto Garcia @ 2021-04-12 14:23 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-block
  Cc: fam, kwolf, vsementsov, qemu-devel, armbru, stefanha, mreitz, jsnow

On Wed 17 Mar 2021 03:34:59 PM CET, Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> wrote:
> Passing parent aio context is redundant, as child_class and parent
> opaque pointer are enough to retrieve it. Drop the argument and use new
> bdrv_child_get_parent_aio_context() interface.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Reviewed-by: Alberto Garcia <berto@igalia.com>

Berto


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 05/36] block: BdrvChildClass: add .get_parent_aio_context handler
  2021-03-17 14:34 ` [PATCH v3 05/36] block: BdrvChildClass: add .get_parent_aio_context handler Vladimir Sementsov-Ogievskiy
@ 2021-04-12 15:06   ` Alberto Garcia
  0 siblings, 0 replies; 62+ messages in thread
From: Alberto Garcia @ 2021-04-12 15:06 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-block
  Cc: fam, kwolf, vsementsov, qemu-devel, armbru, stefanha, mreitz, jsnow

On Wed 17 Mar 2021 03:34:58 PM CET, Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> wrote:
> Add new handler to get aio context and implement it in all child
> classes. Add corresponding public interface to be used soon.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Reviewed-by: Alberto Garcia <berto@igalia.com>

Berto


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 09/36] block: bdrv_refresh_perms: check for parents permissions conflict
  2021-03-17 14:35 ` [PATCH v3 09/36] block: bdrv_refresh_perms: check for parents permissions conflict Vladimir Sementsov-Ogievskiy
@ 2021-04-12 15:57   ` Alberto Garcia
  0 siblings, 0 replies; 62+ messages in thread
From: Alberto Garcia @ 2021-04-12 15:57 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy, qemu-block
  Cc: fam, kwolf, vsementsov, qemu-devel, armbru, stefanha, mreitz, jsnow

On Wed 17 Mar 2021 03:35:02 PM CET, Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> wrote:
> Add additional check that node parents do not interfere with each
> other. This should not hurt existing callers and allows in further
> patch use bdrv_refresh_perms() to update a subtree of changed
> BdrvChild (check that change is correct).
>
> New check will substitute bdrv_check_update_perm() in following
> permissions refactoring, so keep error messages the same to avoid
> unit test result changes.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Reviewed-by: Alberto Garcia <berto@igalia.com>

Berto


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-18  8:04       ` Vladimir Sementsov-Ogievskiy
@ 2021-04-23  8:34         ` Kevin Wolf
  0 siblings, 0 replies; 62+ messages in thread
From: Kevin Wolf @ 2021-04-23  8:34 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, jsnow, qemu-devel, armbru, stefanha, mreitz

Am 18.03.2021 um 09:04 hat Vladimir Sementsov-Ogievskiy geschrieben:
> 17.03.2021 20:33, Eric Blake wrote:
> > On 3/17/21 10:38 AM, Vladimir Sementsov-Ogievskiy wrote:
> > 
> > > > 6/36 Checking commit 5780b805277e (block: drop ctx argument from
> > > > bdrv_root_attach_child)
> > > > 7/36 Checking commit 68189c099a3a (block: make bdrv_reopen_{prepare,
> > > > commit, abort} private)
> > > > ERROR: Author email address is mangled by the mailing list
> > > > #2:
> > > > Author: Vladimir Sementsov-Ogievskiy via <qemu-devel@nongnu.org>
> > > > 
> > > 
> > > Who know what is it? Commit message, subject and "From:" header are
> > > clean in the email..
> > 
> > The list mangles mails for setups where DKIM/SCP setups are strict
> > enough that the mail would be rejected by various recipients otherwise.
> > But I have no idea why the mailing list rewrote the headers for that one
> > mail, but not the rest of your series - usually, DKIM setups are
> > persistent enough that it will be an all-or-none conversion to the
> > entire series.
> > 
> > At any rate, a maintainer can manually fix it for one patch, or you can
> > resend (if the mailing list keeps mangling headers, you can add a 'From:
> > ' line in the body of your email that will override the mangled header;
> > but since the list doesn't usually mangle your headers, you may not need
> > to resort to that).
> > 
> 
> I'm looking at 7/36 in my mailbox, and don't see where is it mangled?

My primary copy is good, too, but that seems to be because you CCed me
directly, so it didn't even go through the list. My copy from qemu-devel
seems to be mangled, though. You can look at Patchew's here:

https://patchew.org/QEMU/20210317143529.615584-8-vsementsov@virtuozzo.com/mbox

But that you CCed me means it's not a practical problem for this series.

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
  2021-03-17 14:34 ` [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write Vladimir Sementsov-Ogievskiy
@ 2021-04-23 12:25   ` Kevin Wolf
  2021-04-23 12:46     ` Vladimir Sementsov-Ogievskiy
  0 siblings, 1 reply; 62+ messages in thread
From: Kevin Wolf @ 2021-04-23 12:25 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Add the test that shows that concept of ignore_children is incomplete.
> Actually, when we want to update something, ignoring permission of some
> existing BdrvChild, we should ignore also the propagated effect of this
> child to the other children. But that's not done. Better approach
> (update permissions on already updated graph) will be implemented
> later.
> 
> Now the test fails, so it's added with -d argument to not break make
> check.
> 
> Test fails with
> 
>  "Conflicts with use by fl1 as 'backing', which does not allow 'write' on base"
> 
> because when updating permissions we can ignore original top->fl1
> BdrvChild. But we don't ignore exclusive write permission in fl1->base
> BdrvChild, which is propagated. Correct thing to do is make graph
> change first and then do permission update from the top node.
> 
> To run test do
> 
>   ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/parallel-exclusive-write
> 
> from <build-directory>/tests.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>  tests/unit/test-bdrv-graph-mod.c | 70 +++++++++++++++++++++++++++++++-
>  1 file changed, 69 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
> index c4f7d16039..4e4e83674a 100644
> --- a/tests/unit/test-bdrv-graph-mod.c
> +++ b/tests/unit/test-bdrv-graph-mod.c
> @@ -1,7 +1,7 @@
>  /*
>   * Block node graph modifications tests
>   *
> - * Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
> + * Copyright (c) 2019-2021 Virtuozzo International GmbH. All rights reserved.
>   *
>   * This program is free software; you can redistribute it and/or modify
>   * it under the terms of the GNU General Public License as published by
> @@ -44,6 +44,21 @@ static BlockDriver bdrv_no_perm = {
>      .bdrv_child_perm = no_perm_default_perms,
>  };
>  
> +static void exclusive_write_perms(BlockDriverState *bs, BdrvChild *c,
> +                                  BdrvChildRole role,
> +                                  BlockReopenQueue *reopen_queue,
> +                                  uint64_t perm, uint64_t shared,
> +                                  uint64_t *nperm, uint64_t *nshared)
> +{
> +    *nperm = BLK_PERM_WRITE;
> +    *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE;
> +}
> +
> +static BlockDriver bdrv_exclusive_writer = {
> +    .format_name = "exclusive-writer",
> +    .bdrv_child_perm = exclusive_write_perms,
> +};
> +
>  static BlockDriverState *no_perm_node(const char *name)
>  {
>      return bdrv_new_open_driver(&bdrv_no_perm, name, BDRV_O_RDWR, &error_abort);
> @@ -55,6 +70,12 @@ static BlockDriverState *pass_through_node(const char *name)
>                                  BDRV_O_RDWR, &error_abort);
>  }
>  
> +static BlockDriverState *exclusive_writer_node(const char *name)
> +{
> +    return bdrv_new_open_driver(&bdrv_exclusive_writer, name,
> +                                BDRV_O_RDWR, &error_abort);
> +}
> +
>  /*
>   * test_update_perm_tree
>   *
> @@ -185,8 +206,50 @@ static void test_should_update_child(void)
>      blk_unref(root);
>  }
>  
> +/*
> + * test_parallel_exclusive_write
> + *
> + * Check that when we replace node, old permissions of the node being removed
> + * doesn't break the replacement.
> + */
> +static void test_parallel_exclusive_write(void)
> +{
> +    BlockDriverState *top = exclusive_writer_node("top");
> +    BlockDriverState *base = no_perm_node("base");
> +    BlockDriverState *fl1 = pass_through_node("fl1");
> +    BlockDriverState *fl2 = pass_through_node("fl2");
> +
> +    /*
> +     * bdrv_attach_child() eats child bs reference, so we need two @base
> +     * references for two filters:
> +     */
> +    bdrv_ref(base);
> +
> +    bdrv_attach_child(top, fl1, "backing", &child_of_bds, BDRV_CHILD_DATA,
> +                      &error_abort);
> +    bdrv_attach_child(fl1, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
> +                      &error_abort);
> +    bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
> +                      &error_abort);
> +
> +    bdrv_replace_node(fl1, fl2, &error_abort);
> +
> +    bdrv_unref(fl2); /* second reference was created by bdrv_replace_node() */

This line is new and I don't understand it.

Why does bdrv_replace_node() create new references? Shouldn't it just
move all parents of fl2 to fl1, and when the refcount of fl2 drops to
zero, it would be deleted?

If we have to unref manually, is this a bug?

> +    bdrv_unref(top);
> +}

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
  2021-04-23 12:25   ` Kevin Wolf
@ 2021-04-23 12:46     ` Vladimir Sementsov-Ogievskiy
  2021-04-23 12:59       ` Kevin Wolf
  0 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-04-23 12:46 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-block, qemu-devel, armbru, fam, stefanha, jsnow, mreitz

23.04.2021 15:25, Kevin Wolf wrote:
> Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
>> Add the test that shows that concept of ignore_children is incomplete.
>> Actually, when we want to update something, ignoring permission of some
>> existing BdrvChild, we should ignore also the propagated effect of this
>> child to the other children. But that's not done. Better approach
>> (update permissions on already updated graph) will be implemented
>> later.
>>
>> Now the test fails, so it's added with -d argument to not break make
>> check.
>>
>> Test fails with
>>
>>   "Conflicts with use by fl1 as 'backing', which does not allow 'write' on base"
>>
>> because when updating permissions we can ignore original top->fl1
>> BdrvChild. But we don't ignore exclusive write permission in fl1->base
>> BdrvChild, which is propagated. Correct thing to do is make graph
>> change first and then do permission update from the top node.
>>
>> To run test do
>>
>>    ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/parallel-exclusive-write
>>
>> from <build-directory>/tests.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> ---
>>   tests/unit/test-bdrv-graph-mod.c | 70 +++++++++++++++++++++++++++++++-
>>   1 file changed, 69 insertions(+), 1 deletion(-)
>>
>> diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
>> index c4f7d16039..4e4e83674a 100644
>> --- a/tests/unit/test-bdrv-graph-mod.c
>> +++ b/tests/unit/test-bdrv-graph-mod.c
>> @@ -1,7 +1,7 @@
>>   /*
>>    * Block node graph modifications tests
>>    *
>> - * Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
>> + * Copyright (c) 2019-2021 Virtuozzo International GmbH. All rights reserved.
>>    *
>>    * This program is free software; you can redistribute it and/or modify
>>    * it under the terms of the GNU General Public License as published by
>> @@ -44,6 +44,21 @@ static BlockDriver bdrv_no_perm = {
>>       .bdrv_child_perm = no_perm_default_perms,
>>   };
>>   
>> +static void exclusive_write_perms(BlockDriverState *bs, BdrvChild *c,
>> +                                  BdrvChildRole role,
>> +                                  BlockReopenQueue *reopen_queue,
>> +                                  uint64_t perm, uint64_t shared,
>> +                                  uint64_t *nperm, uint64_t *nshared)
>> +{
>> +    *nperm = BLK_PERM_WRITE;
>> +    *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE;
>> +}
>> +
>> +static BlockDriver bdrv_exclusive_writer = {
>> +    .format_name = "exclusive-writer",
>> +    .bdrv_child_perm = exclusive_write_perms,
>> +};
>> +
>>   static BlockDriverState *no_perm_node(const char *name)
>>   {
>>       return bdrv_new_open_driver(&bdrv_no_perm, name, BDRV_O_RDWR, &error_abort);
>> @@ -55,6 +70,12 @@ static BlockDriverState *pass_through_node(const char *name)
>>                                   BDRV_O_RDWR, &error_abort);
>>   }
>>   
>> +static BlockDriverState *exclusive_writer_node(const char *name)
>> +{
>> +    return bdrv_new_open_driver(&bdrv_exclusive_writer, name,
>> +                                BDRV_O_RDWR, &error_abort);
>> +}
>> +
>>   /*
>>    * test_update_perm_tree
>>    *
>> @@ -185,8 +206,50 @@ static void test_should_update_child(void)
>>       blk_unref(root);
>>   }
>>   
>> +/*
>> + * test_parallel_exclusive_write
>> + *
>> + * Check that when we replace node, old permissions of the node being removed
>> + * doesn't break the replacement.
>> + */
>> +static void test_parallel_exclusive_write(void)
>> +{
>> +    BlockDriverState *top = exclusive_writer_node("top");
>> +    BlockDriverState *base = no_perm_node("base");
>> +    BlockDriverState *fl1 = pass_through_node("fl1");
>> +    BlockDriverState *fl2 = pass_through_node("fl2");
>> +
>> +    /*
>> +     * bdrv_attach_child() eats child bs reference, so we need two @base
>> +     * references for two filters:
>> +     */
>> +    bdrv_ref(base);
>> +
>> +    bdrv_attach_child(top, fl1, "backing", &child_of_bds, BDRV_CHILD_DATA,
>> +                      &error_abort);
>> +    bdrv_attach_child(fl1, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
>> +                      &error_abort);
>> +    bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
>> +                      &error_abort);
>> +
>> +    bdrv_replace_node(fl1, fl2, &error_abort);
>> +
>> +    bdrv_unref(fl2); /* second reference was created by bdrv_replace_node() */
> 
> This line is new and I don't understand it.
> 
> Why does bdrv_replace_node() create new references? Shouldn't it just
> move all parents of fl2 to fl1, and when the refcount of fl2 drops to
> zero, it would be deleted?
> 

fl2 is second argument of bdrv_replace_node, it's @to. So all parents of fl1 moved to fl2. So, fl2 referenced by top. But our first reference that comes from pass_through_node() is still here as well.



-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
  2021-04-23 12:46     ` Vladimir Sementsov-Ogievskiy
@ 2021-04-23 12:59       ` Kevin Wolf
  2021-04-23 13:03         ` Vladimir Sementsov-Ogievskiy
  0 siblings, 1 reply; 62+ messages in thread
From: Kevin Wolf @ 2021-04-23 12:59 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 23.04.2021 um 14:46 hat Vladimir Sementsov-Ogievskiy geschrieben:
> 23.04.2021 15:25, Kevin Wolf wrote:
> > Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
> > > Add the test that shows that concept of ignore_children is incomplete.
> > > Actually, when we want to update something, ignoring permission of some
> > > existing BdrvChild, we should ignore also the propagated effect of this
> > > child to the other children. But that's not done. Better approach
> > > (update permissions on already updated graph) will be implemented
> > > later.
> > > 
> > > Now the test fails, so it's added with -d argument to not break make
> > > check.
> > > 
> > > Test fails with
> > > 
> > >   "Conflicts with use by fl1 as 'backing', which does not allow 'write' on base"
> > > 
> > > because when updating permissions we can ignore original top->fl1
> > > BdrvChild. But we don't ignore exclusive write permission in fl1->base
> > > BdrvChild, which is propagated. Correct thing to do is make graph
> > > change first and then do permission update from the top node.
> > > 
> > > To run test do
> > > 
> > >    ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/parallel-exclusive-write
> > > 
> > > from <build-directory>/tests.
> > > 
> > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> > > ---
> > >   tests/unit/test-bdrv-graph-mod.c | 70 +++++++++++++++++++++++++++++++-
> > >   1 file changed, 69 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
> > > index c4f7d16039..4e4e83674a 100644
> > > --- a/tests/unit/test-bdrv-graph-mod.c
> > > +++ b/tests/unit/test-bdrv-graph-mod.c
> > > @@ -1,7 +1,7 @@
> > >   /*
> > >    * Block node graph modifications tests
> > >    *
> > > - * Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
> > > + * Copyright (c) 2019-2021 Virtuozzo International GmbH. All rights reserved.
> > >    *
> > >    * This program is free software; you can redistribute it and/or modify
> > >    * it under the terms of the GNU General Public License as published by
> > > @@ -44,6 +44,21 @@ static BlockDriver bdrv_no_perm = {
> > >       .bdrv_child_perm = no_perm_default_perms,
> > >   };
> > > +static void exclusive_write_perms(BlockDriverState *bs, BdrvChild *c,
> > > +                                  BdrvChildRole role,
> > > +                                  BlockReopenQueue *reopen_queue,
> > > +                                  uint64_t perm, uint64_t shared,
> > > +                                  uint64_t *nperm, uint64_t *nshared)
> > > +{
> > > +    *nperm = BLK_PERM_WRITE;
> > > +    *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE;
> > > +}
> > > +
> > > +static BlockDriver bdrv_exclusive_writer = {
> > > +    .format_name = "exclusive-writer",
> > > +    .bdrv_child_perm = exclusive_write_perms,
> > > +};
> > > +
> > >   static BlockDriverState *no_perm_node(const char *name)
> > >   {
> > >       return bdrv_new_open_driver(&bdrv_no_perm, name, BDRV_O_RDWR, &error_abort);
> > > @@ -55,6 +70,12 @@ static BlockDriverState *pass_through_node(const char *name)
> > >                                   BDRV_O_RDWR, &error_abort);
> > >   }
> > > +static BlockDriverState *exclusive_writer_node(const char *name)
> > > +{
> > > +    return bdrv_new_open_driver(&bdrv_exclusive_writer, name,
> > > +                                BDRV_O_RDWR, &error_abort);
> > > +}
> > > +
> > >   /*
> > >    * test_update_perm_tree
> > >    *
> > > @@ -185,8 +206,50 @@ static void test_should_update_child(void)
> > >       blk_unref(root);
> > >   }
> > > +/*
> > > + * test_parallel_exclusive_write
> > > + *
> > > + * Check that when we replace node, old permissions of the node being removed
> > > + * doesn't break the replacement.
> > > + */
> > > +static void test_parallel_exclusive_write(void)
> > > +{
> > > +    BlockDriverState *top = exclusive_writer_node("top");
> > > +    BlockDriverState *base = no_perm_node("base");
> > > +    BlockDriverState *fl1 = pass_through_node("fl1");
> > > +    BlockDriverState *fl2 = pass_through_node("fl2");
> > > +
> > > +    /*
> > > +     * bdrv_attach_child() eats child bs reference, so we need two @base
> > > +     * references for two filters:
> > > +     */
> > > +    bdrv_ref(base);
> > > +
> > > +    bdrv_attach_child(top, fl1, "backing", &child_of_bds, BDRV_CHILD_DATA,
> > > +                      &error_abort);
> > > +    bdrv_attach_child(fl1, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
> > > +                      &error_abort);
> > > +    bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
> > > +                      &error_abort);
> > > +
> > > +    bdrv_replace_node(fl1, fl2, &error_abort);
> > > +
> > > +    bdrv_unref(fl2); /* second reference was created by bdrv_replace_node() */
> > 
> > This line is new and I don't understand it.
> > 
> > Why does bdrv_replace_node() create new references? Shouldn't it just
> > move all parents of fl2 to fl1, and when the refcount of fl2 drops to
> > zero, it would be deleted?
> 
> fl2 is second argument of bdrv_replace_node, it's @to. So all parents
> of fl1 moved to fl2. So, fl2 referenced by top. But our first
> reference that comes from pass_through_node() is still here as well.

Oh, right. I assumed that fl2 was attached to top, but it isn't. So we
indeed still own that reference.

I feel the comment is misleading, it made me think that we unref a
reference that was created by bdrv_replace_node(). What you probably
meant is that bdrv_replace_node() only took an additional reference (by
attaching it to top), but did not take ownership of the reference that
the test function owns.

Maybe it would be better without the comment.

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write
  2021-04-23 12:59       ` Kevin Wolf
@ 2021-04-23 13:03         ` Vladimir Sementsov-Ogievskiy
  0 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-04-23 13:03 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-block, qemu-devel, armbru, fam, stefanha, jsnow, mreitz

23.04.2021 15:59, Kevin Wolf wrote:
> Am 23.04.2021 um 14:46 hat Vladimir Sementsov-Ogievskiy geschrieben:
>> 23.04.2021 15:25, Kevin Wolf wrote:
>>> Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
>>>> Add the test that shows that concept of ignore_children is incomplete.
>>>> Actually, when we want to update something, ignoring permission of some
>>>> existing BdrvChild, we should ignore also the propagated effect of this
>>>> child to the other children. But that's not done. Better approach
>>>> (update permissions on already updated graph) will be implemented
>>>> later.
>>>>
>>>> Now the test fails, so it's added with -d argument to not break make
>>>> check.
>>>>
>>>> Test fails with
>>>>
>>>>    "Conflicts with use by fl1 as 'backing', which does not allow 'write' on base"
>>>>
>>>> because when updating permissions we can ignore original top->fl1
>>>> BdrvChild. But we don't ignore exclusive write permission in fl1->base
>>>> BdrvChild, which is propagated. Correct thing to do is make graph
>>>> change first and then do permission update from the top node.
>>>>
>>>> To run test do
>>>>
>>>>     ./test-bdrv-graph-mod -d -p /bdrv-graph-mod/parallel-exclusive-write
>>>>
>>>> from <build-directory>/tests.
>>>>
>>>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>>>> ---
>>>>    tests/unit/test-bdrv-graph-mod.c | 70 +++++++++++++++++++++++++++++++-
>>>>    1 file changed, 69 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
>>>> index c4f7d16039..4e4e83674a 100644
>>>> --- a/tests/unit/test-bdrv-graph-mod.c
>>>> +++ b/tests/unit/test-bdrv-graph-mod.c
>>>> @@ -1,7 +1,7 @@
>>>>    /*
>>>>     * Block node graph modifications tests
>>>>     *
>>>> - * Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
>>>> + * Copyright (c) 2019-2021 Virtuozzo International GmbH. All rights reserved.
>>>>     *
>>>>     * This program is free software; you can redistribute it and/or modify
>>>>     * it under the terms of the GNU General Public License as published by
>>>> @@ -44,6 +44,21 @@ static BlockDriver bdrv_no_perm = {
>>>>        .bdrv_child_perm = no_perm_default_perms,
>>>>    };
>>>> +static void exclusive_write_perms(BlockDriverState *bs, BdrvChild *c,
>>>> +                                  BdrvChildRole role,
>>>> +                                  BlockReopenQueue *reopen_queue,
>>>> +                                  uint64_t perm, uint64_t shared,
>>>> +                                  uint64_t *nperm, uint64_t *nshared)
>>>> +{
>>>> +    *nperm = BLK_PERM_WRITE;
>>>> +    *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE;
>>>> +}
>>>> +
>>>> +static BlockDriver bdrv_exclusive_writer = {
>>>> +    .format_name = "exclusive-writer",
>>>> +    .bdrv_child_perm = exclusive_write_perms,
>>>> +};
>>>> +
>>>>    static BlockDriverState *no_perm_node(const char *name)
>>>>    {
>>>>        return bdrv_new_open_driver(&bdrv_no_perm, name, BDRV_O_RDWR, &error_abort);
>>>> @@ -55,6 +70,12 @@ static BlockDriverState *pass_through_node(const char *name)
>>>>                                    BDRV_O_RDWR, &error_abort);
>>>>    }
>>>> +static BlockDriverState *exclusive_writer_node(const char *name)
>>>> +{
>>>> +    return bdrv_new_open_driver(&bdrv_exclusive_writer, name,
>>>> +                                BDRV_O_RDWR, &error_abort);
>>>> +}
>>>> +
>>>>    /*
>>>>     * test_update_perm_tree
>>>>     *
>>>> @@ -185,8 +206,50 @@ static void test_should_update_child(void)
>>>>        blk_unref(root);
>>>>    }
>>>> +/*
>>>> + * test_parallel_exclusive_write
>>>> + *
>>>> + * Check that when we replace node, old permissions of the node being removed
>>>> + * doesn't break the replacement.
>>>> + */
>>>> +static void test_parallel_exclusive_write(void)
>>>> +{
>>>> +    BlockDriverState *top = exclusive_writer_node("top");
>>>> +    BlockDriverState *base = no_perm_node("base");
>>>> +    BlockDriverState *fl1 = pass_through_node("fl1");
>>>> +    BlockDriverState *fl2 = pass_through_node("fl2");
>>>> +
>>>> +    /*
>>>> +     * bdrv_attach_child() eats child bs reference, so we need two @base
>>>> +     * references for two filters:
>>>> +     */
>>>> +    bdrv_ref(base);
>>>> +
>>>> +    bdrv_attach_child(top, fl1, "backing", &child_of_bds, BDRV_CHILD_DATA,
>>>> +                      &error_abort);
>>>> +    bdrv_attach_child(fl1, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
>>>> +                      &error_abort);
>>>> +    bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED,
>>>> +                      &error_abort);
>>>> +
>>>> +    bdrv_replace_node(fl1, fl2, &error_abort);
>>>> +
>>>> +    bdrv_unref(fl2); /* second reference was created by bdrv_replace_node() */
>>>
>>> This line is new and I don't understand it.
>>>
>>> Why does bdrv_replace_node() create new references? Shouldn't it just
>>> move all parents of fl2 to fl1, and when the refcount of fl2 drops to
>>> zero, it would be deleted?
>>
>> fl2 is second argument of bdrv_replace_node, it's @to. So all parents
>> of fl1 moved to fl2. So, fl2 referenced by top. But our first
>> reference that comes from pass_through_node() is still here as well.
> 
> Oh, right. I assumed that fl2 was attached to top, but it isn't. So we
> indeed still own that reference.
> 
> I feel the comment is misleading, it made me think that we unref a
> reference that was created by bdrv_replace_node(). What you probably
> meant is that bdrv_replace_node() only took an additional reference (by
> attaching it to top), but did not take ownership of the reference that
> the test function owns.
> 
> Maybe it would be better without the comment.

Agree

-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 04/36] block: bdrv_append(): don't consume reference
  2021-03-17 14:34 ` [PATCH v3 04/36] block: bdrv_append(): don't consume reference Vladimir Sementsov-Ogievskiy
  2021-04-07 17:46   ` Alberto Garcia
@ 2021-04-23 14:11   ` Kevin Wolf
  1 sibling, 0 replies; 62+ messages in thread
From: Kevin Wolf @ 2021-04-23 14:11 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
> We have too much comments for this feature. It seems better just don't
> do it. Most of real users (tests don't count) have to create additional
> reference.
> 
> Drop also comment in external_snapshot_prepare:
>  - bdrv_append doesn't "remove" old bs in common sense, it sounds
>    strange
>  - the fact that bdrv_append can fail is obvious from the context
>  - the fact that we must rollback all changes in transaction abort is
>    known (it's the direct role of abort)
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

test_append_greedy_filter() is new since v2 and needs an additional
bdrv_unref() now, too.

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 08/36] util: add transactions.c
  2021-03-17 14:35 ` [PATCH v3 08/36] util: add transactions.c Vladimir Sementsov-Ogievskiy
@ 2021-04-23 14:43   ` Kevin Wolf
  0 siblings, 0 replies; 62+ messages in thread
From: Kevin Wolf @ 2021-04-23 14:43 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Add simple transaction API to use in further update of block graph
> operations.
> 
> Supposed usage is:
> 
> - "prepare" is main function of the action and it should make the main
>   effect of the action to be visible for the following actions, keeping
>   possibility of roll-back, saving necessary things in action state,
>   which is prepended to the action list (to do that, prepare func
>   should call tran_add()). So, driver struct doesn't include "prepare"
>   field, as it is supposed to be called directly.
> 
> - commit/rollback is supposed to be called for the list of action
>   states, to commit/rollback all the actions in reverse order
> 
> - When possible "commit" should not make visible effect for other
>   actions, which make possible transparent logical interaction between
>   actions.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>  include/qemu/transactions.h | 63 ++++++++++++++++++++++++
>  util/transactions.c         | 96 +++++++++++++++++++++++++++++++++++++
>  MAINTAINERS                 |  6 +++
>  util/meson.build            |  1 +
>  4 files changed, 166 insertions(+)
>  create mode 100644 include/qemu/transactions.h
>  create mode 100644 util/transactions.c
> 
> diff --git a/include/qemu/transactions.h b/include/qemu/transactions.h
> new file mode 100644
> index 0000000000..e7add9637f
> --- /dev/null
> +++ b/include/qemu/transactions.h
> @@ -0,0 +1,63 @@
> +/*
> + * Simple transactions API
> + *
> + * Copyright (c) 2021 Virtuozzo International GmbH.
> + *
> + * Author:
> + *  Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + *
> + *
> + * = Generic transaction API =
> + *
> + * The intended usage is the following: you create "prepare" functions, which
> + * represents the actions. They will usually have Transaction* argument, and
> + * call tran_add() to register finalization callbacks. For finalization
> + * callbacks, prepare corresponding TransactionActionDrv structures.
> + *
> + * Than, when you need to make a transaction, create an empty Transaction by

Then

> + * tran_create(), call your "prepare" functions on it, and finally call
> + * tran_abort() or tran_commit() to finalize the transaction by corresponding
> + * finalization actions in reverse order.
> + */
> +
> +#ifndef QEMU_TRANSACTIONS_H
> +#define QEMU_TRANSACTIONS_H
> +
> +#include <gmodule.h>
> +
> +typedef struct TransactionActionDrv {
> +    void (*abort)(void *opaque);
> +    void (*commit)(void *opaque);
> +    void (*clean)(void *opaque);
> +} TransactionActionDrv;
> +
> +typedef struct Transaction Transaction;
> +
> +Transaction *tran_new(void);
> +void tran_add(Transaction *tran, TransactionActionDrv *drv, void *opaque);
> +void tran_abort(Transaction *tran);
> +void tran_commit(Transaction *tran);
> +
> +static inline void tran_finalize(Transaction *tran, int ret)
> +{
> +    if (ret < 0) {
> +        tran_abort(tran);
> +    } else {
> +        tran_commit(tran);
> +    }
> +}
> +
> +#endif /* QEMU_TRANSACTIONS_H */
> diff --git a/util/transactions.c b/util/transactions.c
> new file mode 100644
> index 0000000000..d0bc9a3e73
> --- /dev/null
> +++ b/util/transactions.c
> @@ -0,0 +1,96 @@
> +/*
> + * Simple transactions API
> + *
> + * Copyright (c) 2021 Virtuozzo International GmbH.
> + *
> + * Author:
> + *  Sementsov-Ogievskiy Vladimir <vsementsov@virtuozzo.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "qemu/transactions.h"
> +#include "qemu/queue.h"
> +
> +typedef struct TransactionAction {
> +    TransactionActionDrv *drv;
> +    void *opaque;
> +    QSLIST_ENTRY(TransactionAction) entry;

"next" is a bit more conventional as a name, but by far not as much as I
thought, so no objection.

With the than/then typo fixed:
Reviewed-by: Kevin Wolf <kwolf@redhat.com>



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (36 preceding siblings ...)
  2021-03-17 15:21 ` [PATCH v3 00/36] block: update graph permissions update no-reply
@ 2021-04-23 16:16 ` Kevin Wolf
  2021-04-28 11:28 ` Kevin Wolf
  38 siblings, 0 replies; 62+ messages in thread
From: Kevin Wolf @ 2021-04-23 16:16 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Hi all!
> 
> Finally, I finished v3. Phew.
> 
> Missed a soft-freeze. Should we consider it a bugfix? There are bugfixes
> here but they are mostly theoretical. So, up to Kevin, should it go to
> current release or to the next..
> 
> The main point of the series is fixing some permission update problems
> (see patches 01-03 as examples), that in turn makes possible more clean
> inserting and removing of filters (see patch 26 where .active field is
> dropped finally from backup-top filter, we don't need a workaround
> anymore).
> 
> The series brings util/transactions.c (patch 10) and use of it in
> block.c, which allows clean block graph change transactions, with
> possibility of reverting all modifications (movement and removement of
> children, changing aio context, changing permissions) in reverse order
> on failure path.
> 
> The series also helps Alberto's "Allow changing bs->file on reopen"
> which we want to merge prior dropping x- prefix from blockdev-reopen
> command.

With the minor comments I had so far fixed, patches 1-13 are:
Reviewed-by: Kevin Wolf <kwolf@redhat.com>

I'll continue next week.

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action
  2021-03-17 14:35 ` [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action Vladimir Sementsov-Ogievskiy
@ 2021-04-26 16:14   ` Kevin Wolf
  2021-04-26 16:56     ` Vladimir Sementsov-Ogievskiy
  0 siblings, 1 reply; 62+ messages in thread
From: Kevin Wolf @ 2021-04-26 16:14 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Split out no-perm part of bdrv_root_attach_child() into separate
> transaction action. bdrv_root_attach_child() now moves to new
> permission update paradigm: first update graph relations then update
> permissions.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>  block.c | 189 ++++++++++++++++++++++++++++++++++++++++----------------
>  1 file changed, 135 insertions(+), 54 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 98ff44dbf7..b6bdc534d2 100644
> --- a/block.c
> +++ b/block.c
> @@ -2921,37 +2921,73 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
>      }
>  }
>  
> -/*
> - * This function steals the reference to child_bs from the caller.
> - * That reference is later dropped by bdrv_root_unref_child().
> - *
> - * On failure NULL is returned, errp is set and the reference to
> - * child_bs is also dropped.
> - *
> - * The caller must hold the AioContext lock @child_bs, but not that of @ctx
> - * (unless @child_bs is already in @ctx).
> - */
> -BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
> -                                  const char *child_name,
> -                                  const BdrvChildClass *child_class,
> -                                  BdrvChildRole child_role,
> -                                  uint64_t perm, uint64_t shared_perm,
> -                                  void *opaque, Error **errp)
> +static void bdrv_remove_empty_child(BdrvChild *child)
>  {
> -    BdrvChild *child;
> -    Error *local_err = NULL;
> -    int ret;
> -    AioContext *ctx;
> +    assert(!child->bs);
> +    QLIST_SAFE_REMOVE(child, next);
> +    g_free(child->name);
> +    g_free(child);
> +}
>  
> -    ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
> -    if (ret < 0) {
> -        bdrv_abort_perm_update(child_bs);
> -        bdrv_unref(child_bs);
> -        return NULL;
> +typedef struct BdrvAttachChildCommonState {
> +    BdrvChild **child;
> +    AioContext *old_parent_ctx;
> +    AioContext *old_child_ctx;
> +} BdrvAttachChildCommonState;
> +
> +static void bdrv_attach_child_common_abort(void *opaque)
> +{
> +    BdrvAttachChildCommonState *s = opaque;
> +    BdrvChild *child = *s->child;
> +    BlockDriverState *bs = child->bs;
> +
> +    bdrv_replace_child_noperm(child, NULL);
> +
> +    if (bdrv_get_aio_context(bs) != s->old_child_ctx) {
> +        bdrv_try_set_aio_context(bs, s->old_child_ctx, &error_abort);
>      }
>  
> -    child = g_new(BdrvChild, 1);
> -    *child = (BdrvChild) {
> +    if (bdrv_child_get_parent_aio_context(child) != s->old_parent_ctx) {
> +        GSList *ignore = g_slist_prepend(NULL, child);
> +
> +        child->klass->can_set_aio_ctx(child, s->old_parent_ctx, &ignore,
> +                                      &error_abort);
> +        g_slist_free(ignore);
> +        ignore = g_slist_prepend(NULL, child);
> +        child->klass->set_aio_ctx(child, s->old_parent_ctx, &ignore);
> +
> +        g_slist_free(ignore);
> +    }
> +
> +    bdrv_unref(bs);
> +    bdrv_remove_empty_child(child);
> +    *s->child = NULL;
> +}
> +
> +static TransactionActionDrv bdrv_attach_child_common_drv = {
> +    .abort = bdrv_attach_child_common_abort,
> +};
> +
> +/*
> + * Common part of attoching bdrv child to bs or to blk or to job
> + */
> +static int bdrv_attach_child_common(BlockDriverState *child_bs,
> +                                    const char *child_name,
> +                                    const BdrvChildClass *child_class,
> +                                    BdrvChildRole child_role,
> +                                    uint64_t perm, uint64_t shared_perm,
> +                                    void *opaque, BdrvChild **child,
> +                                    Transaction *tran, Error **errp)
> +{
> +    BdrvChild *new_child;
> +    AioContext *parent_ctx;
> +    AioContext *child_ctx = bdrv_get_aio_context(child_bs);
> +
> +    assert(child);
> +    assert(*child == NULL);
> +
> +    new_child = g_new(BdrvChild, 1);
> +    *new_child = (BdrvChild) {
>          .bs             = NULL,
>          .name           = g_strdup(child_name),
>          .klass          = child_class,
> @@ -2961,37 +2997,92 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
>          .opaque         = opaque,
>      };
>  
> -    ctx = bdrv_child_get_parent_aio_context(child);
> -
> -    /* If the AioContexts don't match, first try to move the subtree of
> +    /*
> +     * If the AioContexts don't match, first try to move the subtree of
>       * child_bs into the AioContext of the new parent. If this doesn't work,
> -     * try moving the parent into the AioContext of child_bs instead. */
> -    if (bdrv_get_aio_context(child_bs) != ctx) {
> -        ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
> +     * try moving the parent into the AioContext of child_bs instead.
> +     */
> +    parent_ctx = bdrv_child_get_parent_aio_context(new_child);
> +    if (child_ctx != parent_ctx) {
> +        Error *local_err = NULL;
> +        int ret = bdrv_try_set_aio_context(child_bs, parent_ctx, &local_err);
> +
>          if (ret < 0 && child_class->can_set_aio_ctx) {
> -            GSList *ignore = g_slist_prepend(NULL, child);
> -            ctx = bdrv_get_aio_context(child_bs);
> -            if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
> +            GSList *ignore = g_slist_prepend(NULL, new_child);
> +            if (child_class->can_set_aio_ctx(new_child, child_ctx, &ignore,
> +                                             NULL))
> +            {
>                  error_free(local_err);
>                  ret = 0;
>                  g_slist_free(ignore);
> -                ignore = g_slist_prepend(NULL, child);
> -                child_class->set_aio_ctx(child, ctx, &ignore);
> +                ignore = g_slist_prepend(NULL, new_child);
> +                child_class->set_aio_ctx(new_child, child_ctx, &ignore);
>              }
>              g_slist_free(ignore);
>          }
> +
>          if (ret < 0) {
>              error_propagate(errp, local_err);
> -            g_free(child);
> -            bdrv_abort_perm_update(child_bs);
> -            bdrv_unref(child_bs);
> -            return NULL;
> +            bdrv_remove_empty_child(new_child);
> +            return ret;
>          }
>      }
>  
> -    /* This performs the matching bdrv_set_perm() for the above check. */
> -    bdrv_replace_child(child, child_bs);
> +    bdrv_ref(child_bs);
> +    bdrv_replace_child_noperm(new_child, child_bs);
> +
> +    *child = new_child;
>  
> +    BdrvAttachChildCommonState *s = g_new(BdrvAttachChildCommonState, 1);
> +    *s = (BdrvAttachChildCommonState) {
> +        .child = child,
> +        .old_parent_ctx = parent_ctx,
> +        .old_child_ctx = child_ctx,
> +    };
> +    tran_add(tran, &bdrv_attach_child_common_drv, s);

Who frees s? Should bdrv_attach_child_common_drv have a .clean?

> +
> +    return 0;
> +}

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action
  2021-03-17 14:35 ` [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action Vladimir Sementsov-Ogievskiy
@ 2021-04-26 16:26   ` Kevin Wolf
  2021-04-26 17:18     ` Vladimir Sementsov-Ogievskiy
  0 siblings, 1 reply; 62+ messages in thread
From: Kevin Wolf @ 2021-04-26 16:26 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>  block.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 76 insertions(+), 2 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 11f7ad0818..2fca1f2ad5 100644
> --- a/block.c
> +++ b/block.c
> @@ -2929,12 +2929,19 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
>      }
>  }
>  
> +static void bdrv_child_free(void *opaque)
> +{
> +    BdrvChild *c = opaque;
> +
> +    g_free(c->name);
> +    g_free(c);
> +}
> +
>  static void bdrv_remove_empty_child(BdrvChild *child)
>  {
>      assert(!child->bs);
>      QLIST_SAFE_REMOVE(child, next);
> -    g_free(child->name);
> -    g_free(child);
> +    bdrv_child_free(child);
>  }
>  
>  typedef struct BdrvAttachChildCommonState {
> @@ -4956,6 +4963,73 @@ static bool should_update_child(BdrvChild *c, BlockDriverState *to)
>      return ret;
>  }
>  
> +typedef struct BdrvRemoveFilterOrCowChild {
> +    BdrvChild *child;
> +    bool is_backing;
> +} BdrvRemoveFilterOrCowChild;
> +
> +/* this doesn't restore original child bs, only the child itself */

Hm, this comment tells me that it's intentional, but why is it correct?

> +static void bdrv_remove_filter_or_cow_child_abort(void *opaque)
> +{
> +    BdrvRemoveFilterOrCowChild *s = opaque;
> +    BlockDriverState *parent_bs = s->child->opaque;
> +
> +    QLIST_INSERT_HEAD(&parent_bs->children, s->child, next);
> +    if (s->is_backing) {
> +        parent_bs->backing = s->child;
> +    } else {
> +        parent_bs->file = s->child;
> +    }
> +}

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action
  2021-04-26 16:14   ` Kevin Wolf
@ 2021-04-26 16:56     ` Vladimir Sementsov-Ogievskiy
  0 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-04-26 16:56 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-block, qemu-devel, armbru, fam, stefanha, jsnow, mreitz

26.04.2021 19:14, Kevin Wolf wrote:
> Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
>> Split out no-perm part of bdrv_root_attach_child() into separate
>> transaction action. bdrv_root_attach_child() now moves to new
>> permission update paradigm: first update graph relations then update
>> permissions.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> ---
>>   block.c | 189 ++++++++++++++++++++++++++++++++++++++++----------------
>>   1 file changed, 135 insertions(+), 54 deletions(-)
>>
>> diff --git a/block.c b/block.c
>> index 98ff44dbf7..b6bdc534d2 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -2921,37 +2921,73 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
>>       }
>>   }
>>   
>> -/*
>> - * This function steals the reference to child_bs from the caller.
>> - * That reference is later dropped by bdrv_root_unref_child().
>> - *
>> - * On failure NULL is returned, errp is set and the reference to
>> - * child_bs is also dropped.
>> - *
>> - * The caller must hold the AioContext lock @child_bs, but not that of @ctx
>> - * (unless @child_bs is already in @ctx).
>> - */
>> -BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
>> -                                  const char *child_name,
>> -                                  const BdrvChildClass *child_class,
>> -                                  BdrvChildRole child_role,
>> -                                  uint64_t perm, uint64_t shared_perm,
>> -                                  void *opaque, Error **errp)
>> +static void bdrv_remove_empty_child(BdrvChild *child)
>>   {
>> -    BdrvChild *child;
>> -    Error *local_err = NULL;
>> -    int ret;
>> -    AioContext *ctx;
>> +    assert(!child->bs);
>> +    QLIST_SAFE_REMOVE(child, next);
>> +    g_free(child->name);
>> +    g_free(child);
>> +}
>>   
>> -    ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
>> -    if (ret < 0) {
>> -        bdrv_abort_perm_update(child_bs);
>> -        bdrv_unref(child_bs);
>> -        return NULL;
>> +typedef struct BdrvAttachChildCommonState {
>> +    BdrvChild **child;
>> +    AioContext *old_parent_ctx;
>> +    AioContext *old_child_ctx;
>> +} BdrvAttachChildCommonState;
>> +
>> +static void bdrv_attach_child_common_abort(void *opaque)
>> +{
>> +    BdrvAttachChildCommonState *s = opaque;
>> +    BdrvChild *child = *s->child;
>> +    BlockDriverState *bs = child->bs;
>> +
>> +    bdrv_replace_child_noperm(child, NULL);
>> +
>> +    if (bdrv_get_aio_context(bs) != s->old_child_ctx) {
>> +        bdrv_try_set_aio_context(bs, s->old_child_ctx, &error_abort);
>>       }
>>   
>> -    child = g_new(BdrvChild, 1);
>> -    *child = (BdrvChild) {
>> +    if (bdrv_child_get_parent_aio_context(child) != s->old_parent_ctx) {
>> +        GSList *ignore = g_slist_prepend(NULL, child);
>> +
>> +        child->klass->can_set_aio_ctx(child, s->old_parent_ctx, &ignore,
>> +                                      &error_abort);
>> +        g_slist_free(ignore);
>> +        ignore = g_slist_prepend(NULL, child);
>> +        child->klass->set_aio_ctx(child, s->old_parent_ctx, &ignore);
>> +
>> +        g_slist_free(ignore);
>> +    }
>> +
>> +    bdrv_unref(bs);
>> +    bdrv_remove_empty_child(child);
>> +    *s->child = NULL;
>> +}
>> +
>> +static TransactionActionDrv bdrv_attach_child_common_drv = {
>> +    .abort = bdrv_attach_child_common_abort,
>> +};
>> +
>> +/*
>> + * Common part of attoching bdrv child to bs or to blk or to job
>> + */
>> +static int bdrv_attach_child_common(BlockDriverState *child_bs,
>> +                                    const char *child_name,
>> +                                    const BdrvChildClass *child_class,
>> +                                    BdrvChildRole child_role,
>> +                                    uint64_t perm, uint64_t shared_perm,
>> +                                    void *opaque, BdrvChild **child,
>> +                                    Transaction *tran, Error **errp)
>> +{
>> +    BdrvChild *new_child;
>> +    AioContext *parent_ctx;
>> +    AioContext *child_ctx = bdrv_get_aio_context(child_bs);
>> +
>> +    assert(child);
>> +    assert(*child == NULL);
>> +
>> +    new_child = g_new(BdrvChild, 1);
>> +    *new_child = (BdrvChild) {
>>           .bs             = NULL,
>>           .name           = g_strdup(child_name),
>>           .klass          = child_class,
>> @@ -2961,37 +2997,92 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
>>           .opaque         = opaque,
>>       };
>>   
>> -    ctx = bdrv_child_get_parent_aio_context(child);
>> -
>> -    /* If the AioContexts don't match, first try to move the subtree of
>> +    /*
>> +     * If the AioContexts don't match, first try to move the subtree of
>>        * child_bs into the AioContext of the new parent. If this doesn't work,
>> -     * try moving the parent into the AioContext of child_bs instead. */
>> -    if (bdrv_get_aio_context(child_bs) != ctx) {
>> -        ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
>> +     * try moving the parent into the AioContext of child_bs instead.
>> +     */
>> +    parent_ctx = bdrv_child_get_parent_aio_context(new_child);
>> +    if (child_ctx != parent_ctx) {
>> +        Error *local_err = NULL;
>> +        int ret = bdrv_try_set_aio_context(child_bs, parent_ctx, &local_err);
>> +
>>           if (ret < 0 && child_class->can_set_aio_ctx) {
>> -            GSList *ignore = g_slist_prepend(NULL, child);
>> -            ctx = bdrv_get_aio_context(child_bs);
>> -            if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
>> +            GSList *ignore = g_slist_prepend(NULL, new_child);
>> +            if (child_class->can_set_aio_ctx(new_child, child_ctx, &ignore,
>> +                                             NULL))
>> +            {
>>                   error_free(local_err);
>>                   ret = 0;
>>                   g_slist_free(ignore);
>> -                ignore = g_slist_prepend(NULL, child);
>> -                child_class->set_aio_ctx(child, ctx, &ignore);
>> +                ignore = g_slist_prepend(NULL, new_child);
>> +                child_class->set_aio_ctx(new_child, child_ctx, &ignore);
>>               }
>>               g_slist_free(ignore);
>>           }
>> +
>>           if (ret < 0) {
>>               error_propagate(errp, local_err);
>> -            g_free(child);
>> -            bdrv_abort_perm_update(child_bs);
>> -            bdrv_unref(child_bs);
>> -            return NULL;
>> +            bdrv_remove_empty_child(new_child);
>> +            return ret;
>>           }
>>       }
>>   
>> -    /* This performs the matching bdrv_set_perm() for the above check. */
>> -    bdrv_replace_child(child, child_bs);
>> +    bdrv_ref(child_bs);
>> +    bdrv_replace_child_noperm(new_child, child_bs);
>> +
>> +    *child = new_child;
>>   
>> +    BdrvAttachChildCommonState *s = g_new(BdrvAttachChildCommonState, 1);
>> +    *s = (BdrvAttachChildCommonState) {
>> +        .child = child,
>> +        .old_parent_ctx = parent_ctx,
>> +        .old_child_ctx = child_ctx,
>> +    };
>> +    tran_add(tran, &bdrv_attach_child_common_drv, s);
> 
> Who frees s? Should bdrv_attach_child_common_drv have a .clean?
> 

Hmm, yes, looks like ".clean = g_free" missed.

-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action
  2021-04-26 16:26   ` Kevin Wolf
@ 2021-04-26 17:18     ` Vladimir Sementsov-Ogievskiy
  2021-04-27 11:09       ` Kevin Wolf
  0 siblings, 1 reply; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-04-26 17:18 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-block, qemu-devel, armbru, fam, stefanha, jsnow, mreitz

26.04.2021 19:26, Kevin Wolf wrote:
> Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> ---
>>   block.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
>>   1 file changed, 76 insertions(+), 2 deletions(-)
>>
>> diff --git a/block.c b/block.c
>> index 11f7ad0818..2fca1f2ad5 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -2929,12 +2929,19 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
>>       }
>>   }
>>   
>> +static void bdrv_child_free(void *opaque)
>> +{
>> +    BdrvChild *c = opaque;
>> +
>> +    g_free(c->name);
>> +    g_free(c);
>> +}
>> +
>>   static void bdrv_remove_empty_child(BdrvChild *child)
>>   {
>>       assert(!child->bs);
>>       QLIST_SAFE_REMOVE(child, next);
>> -    g_free(child->name);
>> -    g_free(child);
>> +    bdrv_child_free(child);
>>   }
>>   
>>   typedef struct BdrvAttachChildCommonState {
>> @@ -4956,6 +4963,73 @@ static bool should_update_child(BdrvChild *c, BlockDriverState *to)
>>       return ret;
>>   }
>>   
>> +typedef struct BdrvRemoveFilterOrCowChild {
>> +    BdrvChild *child;
>> +    bool is_backing;
>> +} BdrvRemoveFilterOrCowChild;
>> +
>> +/* this doesn't restore original child bs, only the child itself */
> 
> Hm, this comment tells me that it's intentional, but why is it correct?

that's because bdrv_remove_filter_or_cow_child_abort() aborts only part of  bdrv_remove_filter_or_cow_child().

Look: bdrv_remove_filter_or_cow_child() firstly do bdrv_replace_child_safe(child, NULL, tran);, so bs would be restored by .abort() of bdrv_replace_child_safe() action.


So, improved comment may look like:

This doesn't restore original child bs, only the child itself. The bs would be restored by .abort() bdrv_replace_child_safe() subation of bdrv_remove_filter_or_cow_child() action.

Probably it would be more correct to rename

BdrvRemoveFilterOrCowChild -> BdrvRemoveFilterOrCowChildNoBs
bdrv_remove_filter_or_cow_child_abort -> bdrv_remove_filter_or_cow_child_no_bs_abort
bdrv_remove_filter_or_cow_child_commit -> bdrv_remove_filter_or_cow_child_no_bs_commit

and assert on .abort() and .commit() that s->child->bs is NULL.

> 
>> +static void bdrv_remove_filter_or_cow_child_abort(void *opaque)
>> +{
>> +    BdrvRemoveFilterOrCowChild *s = opaque;
>> +    BlockDriverState *parent_bs = s->child->opaque;
>> +
>> +    QLIST_INSERT_HEAD(&parent_bs->children, s->child, next);
>> +    if (s->is_backing) {
>> +        parent_bs->backing = s->child;
>> +    } else {
>> +        parent_bs->file = s->child;
>> +    }
>> +}
> 
> Kevin
> 


-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action
  2021-04-26 17:18     ` Vladimir Sementsov-Ogievskiy
@ 2021-04-27 11:09       ` Kevin Wolf
  2021-04-27 11:41         ` Vladimir Sementsov-Ogievskiy
  0 siblings, 1 reply; 62+ messages in thread
From: Kevin Wolf @ 2021-04-27 11:09 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 26.04.2021 um 19:18 hat Vladimir Sementsov-Ogievskiy geschrieben:
> 26.04.2021 19:26, Kevin Wolf wrote:
> > Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
> > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> > > ---
> > >   block.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> > >   1 file changed, 76 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/block.c b/block.c
> > > index 11f7ad0818..2fca1f2ad5 100644
> > > --- a/block.c
> > > +++ b/block.c
> > > @@ -2929,12 +2929,19 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
> > >       }
> > >   }
> > > +static void bdrv_child_free(void *opaque)
> > > +{
> > > +    BdrvChild *c = opaque;
> > > +
> > > +    g_free(c->name);
> > > +    g_free(c);
> > > +}
> > > +
> > >   static void bdrv_remove_empty_child(BdrvChild *child)
> > >   {
> > >       assert(!child->bs);
> > >       QLIST_SAFE_REMOVE(child, next);
> > > -    g_free(child->name);
> > > -    g_free(child);
> > > +    bdrv_child_free(child);
> > >   }
> > >   typedef struct BdrvAttachChildCommonState {
> > > @@ -4956,6 +4963,73 @@ static bool should_update_child(BdrvChild *c, BlockDriverState *to)
> > >       return ret;
> > >   }
> > > +typedef struct BdrvRemoveFilterOrCowChild {
> > > +    BdrvChild *child;
> > > +    bool is_backing;
> > > +} BdrvRemoveFilterOrCowChild;
> > > +
> > > +/* this doesn't restore original child bs, only the child itself */
> > 
> > Hm, this comment tells me that it's intentional, but why is it correct?
> 
> that's because bdrv_remove_filter_or_cow_child_abort() aborts only
> part of  bdrv_remove_filter_or_cow_child().

I see that it aborts only part of it, but why?

Normally, a function getting a Transaction object suggests to me that on
failure, all changes the function made will be reverted, not just parts
of the changes.

> Look: bdrv_remove_filter_or_cow_child() firstly do
> bdrv_replace_child_safe(child, NULL, tran);, so bs would be restored
> by .abort() of bdrv_replace_child_safe() action.

Ah! So the reason is not that we don't want to restore child->bs, but
that bdrv_replace_child_safe() is already transactionable and will
automatically do this.

> So, improved comment may look like:
> 
> This doesn't restore original child bs, only the child itself. The bs
> would be restored by .abort() bdrv_replace_child_safe() subation of
> bdrv_remove_filter_or_cow_child() action.

"subation" is a typo for "subaction"?

Maybe something like this:

    We don't have to restore child->bs here to undo bdrv_replace_child()
    because that function is already transactionable and will do so in
    its own .abort() callback.

> Probably it would be more correct to rename
> 
> BdrvRemoveFilterOrCowChild -> BdrvRemoveFilterOrCowChildNoBs
> bdrv_remove_filter_or_cow_child_abort -> bdrv_remove_filter_or_cow_child_no_bs_abort
> bdrv_remove_filter_or_cow_child_commit -> bdrv_remove_filter_or_cow_child_no_bs_commit
> 
> and assert on .abort() and .commit() that s->child->bs is NULL.

I wouldn't bother with that. It was just that the comment confused me
because it seemed to suggest that we actually don't want to restore
child->bs, when its real intention was to say that it's already restored
somewhere else.

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action
  2021-04-27 11:09       ` Kevin Wolf
@ 2021-04-27 11:41         ` Vladimir Sementsov-Ogievskiy
  0 siblings, 0 replies; 62+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-04-27 11:41 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-block, qemu-devel, armbru, fam, stefanha, jsnow, mreitz

27.04.2021 14:09, Kevin Wolf wrote:
> Am 26.04.2021 um 19:18 hat Vladimir Sementsov-Ogievskiy geschrieben:
>> 26.04.2021 19:26, Kevin Wolf wrote:
>>> Am 17.03.2021 um 15:35 hat Vladimir Sementsov-Ogievskiy geschrieben:
>>>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>>>> ---
>>>>    block.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
>>>>    1 file changed, 76 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/block.c b/block.c
>>>> index 11f7ad0818..2fca1f2ad5 100644
>>>> --- a/block.c
>>>> +++ b/block.c
>>>> @@ -2929,12 +2929,19 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
>>>>        }
>>>>    }
>>>> +static void bdrv_child_free(void *opaque)
>>>> +{
>>>> +    BdrvChild *c = opaque;
>>>> +
>>>> +    g_free(c->name);
>>>> +    g_free(c);
>>>> +}
>>>> +
>>>>    static void bdrv_remove_empty_child(BdrvChild *child)
>>>>    {
>>>>        assert(!child->bs);
>>>>        QLIST_SAFE_REMOVE(child, next);
>>>> -    g_free(child->name);
>>>> -    g_free(child);
>>>> +    bdrv_child_free(child);
>>>>    }
>>>>    typedef struct BdrvAttachChildCommonState {
>>>> @@ -4956,6 +4963,73 @@ static bool should_update_child(BdrvChild *c, BlockDriverState *to)
>>>>        return ret;
>>>>    }
>>>> +typedef struct BdrvRemoveFilterOrCowChild {
>>>> +    BdrvChild *child;
>>>> +    bool is_backing;
>>>> +} BdrvRemoveFilterOrCowChild;
>>>> +
>>>> +/* this doesn't restore original child bs, only the child itself */
>>>
>>> Hm, this comment tells me that it's intentional, but why is it correct?
>>
>> that's because bdrv_remove_filter_or_cow_child_abort() aborts only
>> part of  bdrv_remove_filter_or_cow_child().
> 
> I see that it aborts only part of it, but why?
> 
> Normally, a function getting a Transaction object suggests to me that on
> failure, all changes the function made will be reverted, not just parts
> of the changes.
> 
>> Look: bdrv_remove_filter_or_cow_child() firstly do
>> bdrv_replace_child_safe(child, NULL, tran);, so bs would be restored
>> by .abort() of bdrv_replace_child_safe() action.
> 
> Ah! So the reason is not that we don't want to restore child->bs, but
> that bdrv_replace_child_safe() is already transactionable and will
> automatically do this.
> 
>> So, improved comment may look like:
>>
>> This doesn't restore original child bs, only the child itself. The bs
>> would be restored by .abort() bdrv_replace_child_safe() subation of
>> bdrv_remove_filter_or_cow_child() action.
> 
> "subation" is a typo for "subaction"?
> 
> Maybe something like this:
> 
>      We don't have to restore child->bs here to undo bdrv_replace_child()
>      because that function is already transactionable and will do so in
>      its own .abort() callback.

Sounds good, thanks

> 
>> Probably it would be more correct to rename
>>
>> BdrvRemoveFilterOrCowChild -> BdrvRemoveFilterOrCowChildNoBs
>> bdrv_remove_filter_or_cow_child_abort -> bdrv_remove_filter_or_cow_child_no_bs_abort
>> bdrv_remove_filter_or_cow_child_commit -> bdrv_remove_filter_or_cow_child_no_bs_commit
>>
>> and assert on .abort() and .commit() that s->child->bs is NULL.
> 
> I wouldn't bother with that. It was just that the comment confused me
> because it seemed to suggest that we actually don't want to restore
> child->bs, when its real intention was to say that it's already restored
> somewhere else.
> 

OK


-- 
Best regards,
Vladimir


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH v3 00/36] block: update graph permissions update
  2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
                   ` (37 preceding siblings ...)
  2021-04-23 16:16 ` Kevin Wolf
@ 2021-04-28 11:28 ` Kevin Wolf
  38 siblings, 0 replies; 62+ messages in thread
From: Kevin Wolf @ 2021-04-28 11:28 UTC (permalink / raw)
  To: Vladimir Sementsov-Ogievskiy
  Cc: fam, qemu-block, qemu-devel, armbru, stefanha, mreitz, jsnow

Am 17.03.2021 um 15:34 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Hi all!
> 
> Finally, I finished v3. Phew.
> 
> Missed a soft-freeze. Should we consider it a bugfix? There are bugfixes
> here but they are mostly theoretical. So, up to Kevin, should it go to
> current release or to the next..
> 
> The main point of the series is fixing some permission update problems
> (see patches 01-03 as examples), that in turn makes possible more clean
> inserting and removing of filters (see patch 26 where .active field is
> dropped finally from backup-top filter, we don't need a workaround
> anymore).
> 
> The series brings util/transactions.c (patch 10) and use of it in
> block.c, which allows clean block graph change transactions, with
> possibility of reverting all modifications (movement and removement of
> children, changing aio context, changing permissions) in reverse order
> on failure path.
> 
> The series also helps Alberto's "Allow changing bs->file on reopen"
> which we want to merge prior dropping x- prefix from blockdev-reopen
> command.

Ok, I made it through the whole series. Looking quite good, I just had
some minor comments, but maybe not quite trival enough to just fix them
up while applying.

I had comments on patches 1, 4, 8, 18 and 22. With these addressed, you
can add to all patches in the whole series:
Reviewed-by: Kevin Wolf <kwolf@redhat.com>

v4 should then be the final version. :-)

Kevin



^ permalink raw reply	[flat|nested] 62+ messages in thread

end of thread, other threads:[~2021-04-28 11:29 UTC | newest]

Thread overview: 62+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-17 14:34 [PATCH v3 00/36] block: update graph permissions update Vladimir Sementsov-Ogievskiy
2021-03-17 14:34 ` [PATCH v3 01/36] tests/test-bdrv-graph-mod: add test_parallel_exclusive_write Vladimir Sementsov-Ogievskiy
2021-04-23 12:25   ` Kevin Wolf
2021-04-23 12:46     ` Vladimir Sementsov-Ogievskiy
2021-04-23 12:59       ` Kevin Wolf
2021-04-23 13:03         ` Vladimir Sementsov-Ogievskiy
2021-03-17 14:34 ` [PATCH v3 02/36] tests/test-bdrv-graph-mod: add test_parallel_perm_update Vladimir Sementsov-Ogievskiy
2021-03-17 14:34 ` [PATCH v3 03/36] tests/test-bdrv-graph-mod: add test_append_greedy_filter Vladimir Sementsov-Ogievskiy
2021-03-17 14:34 ` [PATCH v3 04/36] block: bdrv_append(): don't consume reference Vladimir Sementsov-Ogievskiy
2021-04-07 17:46   ` Alberto Garcia
2021-04-23 14:11   ` Kevin Wolf
2021-03-17 14:34 ` [PATCH v3 05/36] block: BdrvChildClass: add .get_parent_aio_context handler Vladimir Sementsov-Ogievskiy
2021-04-12 15:06   ` Alberto Garcia
2021-03-17 14:34 ` [PATCH v3 06/36] block: drop ctx argument from bdrv_root_attach_child Vladimir Sementsov-Ogievskiy
2021-04-12 14:23   ` Alberto Garcia
2021-03-17 14:35 ` [PATCH v3 07/36] block: make bdrv_reopen_{prepare, commit, abort} private Vladimir Sementsov-Ogievskiy via
2021-03-17 14:35 ` [PATCH v3 08/36] util: add transactions.c Vladimir Sementsov-Ogievskiy
2021-04-23 14:43   ` Kevin Wolf
2021-03-17 14:35 ` [PATCH v3 09/36] block: bdrv_refresh_perms: check for parents permissions conflict Vladimir Sementsov-Ogievskiy
2021-04-12 15:57   ` Alberto Garcia
2021-03-17 14:35 ` [PATCH v3 10/36] block: refactor bdrv_child* permission functions Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 11/36] block: rewrite bdrv_child_try_set_perm() using bdrv_refresh_perms() Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 12/36] block: inline bdrv_child_*() permission functions calls Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 13/36] block: use topological sort for permission update Vladimir Sementsov-Ogievskiy
2021-03-17 16:50   ` Alberto Garcia
2021-03-17 14:35 ` [PATCH v3 14/36] block: add bdrv_drv_set_perm transaction action Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 15/36] block: add bdrv_list_* permission update functions Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 16/36] block: add bdrv_replace_child_safe() transaction action Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 17/36] block: fix bdrv_replace_node_common Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 18/36] block: add bdrv_attach_child_common() transaction action Vladimir Sementsov-Ogievskiy
2021-04-26 16:14   ` Kevin Wolf
2021-04-26 16:56     ` Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 19/36] block: add bdrv_attach_child_noperm() " Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 20/36] block: split out bdrv_replace_node_noperm() Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 21/36] block: adapt bdrv_append() for inserting filters Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 22/36] block: add bdrv_remove_filter_or_cow transaction action Vladimir Sementsov-Ogievskiy
2021-04-26 16:26   ` Kevin Wolf
2021-04-26 17:18     ` Vladimir Sementsov-Ogievskiy
2021-04-27 11:09       ` Kevin Wolf
2021-04-27 11:41         ` Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 23/36] block: introduce bdrv_drop_filter() Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 24/36] block/backup-top: drop .active Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 25/36] block: drop ignore_children for permission update functions Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 26/36] block: make bdrv_unset_inherits_from to be a transaction action Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 27/36] block: make bdrv_refresh_limits() " Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 28/36] block: add bdrv_set_backing_noperm() " Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 29/36] block: bdrv_reopen_multiple(): move bdrv_flush to separate pre-prepare Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 30/36] block: bdrv_reopen_multiple: refresh permissions on updated graph Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 31/36] block: drop unused permission update functions Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 32/36] block: inline bdrv_check_perm_common() Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 33/36] block: inline bdrv_replace_child() Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 34/36] block: refactor bdrv_child_set_perm_safe() transaction action Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 35/36] block: rename bdrv_replace_child_safe() to bdrv_replace_child() Vladimir Sementsov-Ogievskiy
2021-03-17 14:35 ` [PATCH v3 36/36] block: refactor bdrv_node_check_perm() Vladimir Sementsov-Ogievskiy
2021-03-17 15:21 ` [PATCH v3 00/36] block: update graph permissions update no-reply
2021-03-17 15:38   ` Vladimir Sementsov-Ogievskiy
2021-03-17 17:33     ` Eric Blake
2021-03-17 17:42       ` Eric Blake
2021-03-18  8:04       ` Vladimir Sementsov-Ogievskiy
2021-04-23  8:34         ` Kevin Wolf
2021-04-23 16:16 ` Kevin Wolf
2021-04-28 11:28 ` Kevin Wolf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).