This includes some permission limiting (for example, we only need to
take the RESIZE permission for active commits where the base is smaller
than the top).
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
block/mirror.c | 110 +++++++++++++++++++++++++++++++++++++------------
blockdev.c | 47 +++++++++++++++++----
2 files changed, 124 insertions(+), 33 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 4fa8f57c80..3d767e3030 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -660,8 +660,10 @@ static int mirror_exit_common(Job *job)
&error_abort);
if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
BlockDriverState *backing = s->is_none_mode ? src : s->base;
- if (backing_bs(target_bs) != backing) {
- bdrv_set_backing_hd(target_bs, backing, &local_err);
+ BlockDriverState *unfiltered_target = bdrv_skip_rw_filters(target_bs);
+
+ if (bdrv_filtered_cow_bs(unfiltered_target) != backing) {
+ bdrv_set_backing_hd(unfiltered_target, backing, &local_err);
if (local_err) {
error_report_err(local_err);
ret = -EPERM;
@@ -711,7 +713,7 @@ static int mirror_exit_common(Job *job)
block_job_remove_all_bdrv(bjob);
bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
&error_abort);
- bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
+ bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
/* We just changed the BDS the job BB refers to (with either or both of the
* bdrv_replace_node() calls), so switch the BB back so the cleanup does
@@ -757,6 +759,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
{
int64_t offset;
BlockDriverState *base = s->base;
+ BlockDriverState *filtered_base;
BlockDriverState *bs = s->mirror_top_bs->backing->bs;
BlockDriverState *target_bs = blk_bs(s->target);
int ret;
@@ -795,6 +798,9 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
s->initial_zeroing_ongoing = false;
}
+ /* Will be NULL if @base is not in @bs's chain */
+ filtered_base = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, base));
+
/* First part, loop on the sectors and initialize the dirty bitmap. */
for (offset = 0; offset < s->bdev_length; ) {
/* Just to make sure we are not exceeding int limit. */
@@ -807,7 +813,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
return 0;
}
- ret = bdrv_is_allocated_above(bs, base, offset, bytes, &count);
+ ret = bdrv_is_allocated_above(bs, filtered_base, offset, bytes, &count);
if (ret < 0) {
return ret;
}
@@ -903,7 +909,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
} else {
s->target_cluster_size = BDRV_SECTOR_SIZE;
}
- if (backing_filename[0] && !target_bs->backing &&
+ if (backing_filename[0] && !bdrv_backing_chain_next(target_bs) &&
s->granularity < s->target_cluster_size) {
s->buf_size = MAX(s->buf_size, s->target_cluster_size);
s->cow_bitmap = bitmap_new(length);
@@ -1083,8 +1089,9 @@ static void mirror_complete(Job *job, Error **errp)
if (s->backing_mode == MIRROR_OPEN_BACKING_CHAIN) {
int ret;
- assert(!target->backing);
- ret = bdrv_open_backing_file(target, NULL, "backing", errp);
+ assert(!bdrv_backing_chain_next(target));
+ ret = bdrv_open_backing_file(bdrv_skip_rw_filters(target), NULL,
+ "backing", errp);
if (ret < 0) {
return;
}
@@ -1503,8 +1510,8 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
MirrorBlockJob *s;
MirrorBDSOpaque *bs_opaque;
BlockDriverState *mirror_top_bs;
- bool target_graph_mod;
bool target_is_backing;
+ uint64_t target_perms, target_shared_perms;
Error *local_err = NULL;
int ret;
@@ -1523,7 +1530,7 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
buf_size = DEFAULT_MIRROR_BUF_SIZE;
}
- if (bs == target) {
+ if (bdrv_skip_rw_filters(bs) == bdrv_skip_rw_filters(target)) {
error_setg(errp, "Can't mirror node into itself");
return;
}
@@ -1583,15 +1590,42 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
* In the case of active commit, things look a bit different, though,
* because the target is an already populated backing file in active use.
* We can allow anything except resize there.*/
+
+ target_perms = BLK_PERM_WRITE;
+ target_shared_perms = BLK_PERM_WRITE_UNCHANGED;
+
target_is_backing = bdrv_chain_contains(bs, target);
- target_graph_mod = (backing_mode != MIRROR_LEAVE_BACKING_CHAIN);
+ if (target_is_backing) {
+ int64_t bs_size, target_size;
+ bs_size = bdrv_getlength(bs);
+ if (bs_size < 0) {
+ error_setg_errno(errp, -bs_size,
+ "Could not inquire top image size");
+ goto fail;
+ }
+
+ target_size = bdrv_getlength(target);
+ if (target_size < 0) {
+ error_setg_errno(errp, -target_size,
+ "Could not inquire base image size");
+ goto fail;
+ }
+
+ if (target_size < bs_size) {
+ target_perms |= BLK_PERM_RESIZE;
+ }
+
+ target_shared_perms |= BLK_PERM_CONSISTENT_READ
+ | BLK_PERM_WRITE
+ | BLK_PERM_GRAPH_MOD;
+ }
+
+ if (backing_mode != MIRROR_LEAVE_BACKING_CHAIN) {
+ target_perms |= BLK_PERM_GRAPH_MOD;
+ }
+
s->target = blk_new(s->common.job.aio_context,
- BLK_PERM_WRITE | BLK_PERM_RESIZE |
- (target_graph_mod ? BLK_PERM_GRAPH_MOD : 0),
- BLK_PERM_WRITE_UNCHANGED |
- (target_is_backing ? BLK_PERM_CONSISTENT_READ |
- BLK_PERM_WRITE |
- BLK_PERM_GRAPH_MOD : 0));
+ target_perms, target_shared_perms);
ret = blk_insert_bs(s->target, target, errp);
if (ret < 0) {
goto fail;
@@ -1641,15 +1675,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
/* In commit_active_start() all intermediate nodes disappear, so
* any jobs in them must be blocked */
if (target_is_backing) {
- BlockDriverState *iter;
- for (iter = backing_bs(bs); iter != target; iter = backing_bs(iter)) {
- /* XXX BLK_PERM_WRITE needs to be allowed so we don't block
- * ourselves at s->base (if writes are blocked for a node, they are
- * also blocked for its backing file). The other options would be a
- * second filter driver above s->base (== target). */
+ BlockDriverState *iter, *filtered_target;
+ uint64_t iter_shared_perms;
+
+ /*
+ * The topmost node with
+ * bdrv_skip_rw_filters(filtered_target) == bdrv_skip_rw_filters(target)
+ */
+ filtered_target = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, target));
+
+ assert(bdrv_skip_rw_filters(filtered_target) ==
+ bdrv_skip_rw_filters(target));
+
+ /*
+ * XXX BLK_PERM_WRITE needs to be allowed so we don't block
+ * ourselves at s->base (if writes are blocked for a node, they are
+ * also blocked for its backing file). The other options would be a
+ * second filter driver above s->base (== target).
+ */
+ iter_shared_perms = BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE;
+
+ for (iter = bdrv_filtered_bs(bs); iter != target;
+ iter = bdrv_filtered_bs(iter))
+ {
+ if (iter == filtered_target) {
+ /*
+ * From here on, all nodes are filters on the base.
+ * This allows us to share BLK_PERM_CONSISTENT_READ.
+ */
+ iter_shared_perms |= BLK_PERM_CONSISTENT_READ;
+ }
+
ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
- errp);
+ iter_shared_perms, errp);
if (ret < 0) {
goto fail;
}
@@ -1683,7 +1741,7 @@ fail:
bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
&error_abort);
- bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
+ bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
bdrv_unref(mirror_top_bs);
}
@@ -1706,7 +1764,7 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
return;
}
is_none_mode = mode == MIRROR_SYNC_MODE_NONE;
- base = mode == MIRROR_SYNC_MODE_TOP ? backing_bs(bs) : NULL;
+ base = mode == MIRROR_SYNC_MODE_TOP ? bdrv_backing_chain_next(bs) : NULL;
mirror_start_job(job_id, bs, creation_flags, target, replaces,
speed, granularity, buf_size, backing_mode,
on_source_error, on_target_error, unmap, NULL, NULL,
diff --git a/blockdev.c b/blockdev.c
index 0f0cf0d9ae..68e8d33447 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3777,7 +3777,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
return;
}
- if (!bs->backing && sync == MIRROR_SYNC_MODE_TOP) {
+ if (!bdrv_backing_chain_next(bs) && sync == MIRROR_SYNC_MODE_TOP) {
sync = MIRROR_SYNC_MODE_FULL;
}
@@ -3826,7 +3826,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
void qmp_drive_mirror(DriveMirror *arg, Error **errp)
{
- BlockDriverState *bs;
+ BlockDriverState *bs, *unfiltered_bs;
BlockDriverState *source, *target_bs;
AioContext *aio_context;
BlockMirrorBackingMode backing_mode;
@@ -3835,6 +3835,7 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
int flags;
int64_t size;
const char *format = arg->format;
+ const char *replaces_node_name = NULL;
int ret;
bs = qmp_get_root_bs(arg->device, errp);
@@ -3847,6 +3848,16 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
return;
}
+ /*
+ * If the user has not instructed us otherwise, we should let the
+ * block job run from @bs (thus taking into account all filters on
+ * it) but replace @unfiltered_bs when it finishes (thus not
+ * removing those filters).
+ * (And if there are any explicit filters, we should assume the
+ * user knows how to use the @replaces option.)
+ */
+ unfiltered_bs = bdrv_skip_implicit_filters(bs);
+
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
@@ -3860,8 +3871,14 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
}
flags = bs->open_flags | BDRV_O_RDWR;
- source = backing_bs(bs);
+ source = bdrv_filtered_cow_bs(unfiltered_bs);
if (!source && arg->sync == MIRROR_SYNC_MODE_TOP) {
+ if (bdrv_filtered_bs(unfiltered_bs)) {
+ /* @unfiltered_bs is an explicit filter */
+ error_setg(errp, "Cannot perform sync=top mirror through an "
+ "explicitly added filter node on the source");
+ goto out;
+ }
arg->sync = MIRROR_SYNC_MODE_FULL;
}
if (arg->sync == MIRROR_SYNC_MODE_NONE) {
@@ -3880,6 +3897,9 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
" named node of the graph");
goto out;
}
+ replaces_node_name = arg->replaces;
+ } else if (unfiltered_bs != bs) {
+ replaces_node_name = unfiltered_bs->node_name;
}
if (arg->mode == NEW_IMAGE_MODE_ABSOLUTE_PATHS) {
@@ -3899,6 +3919,9 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
bdrv_img_create(arg->target, format,
NULL, NULL, NULL, size, flags, false, &local_err);
} else {
+ /* Implicit filters should not appear in the filename */
+ BlockDriverState *explicit_backing = bdrv_skip_implicit_filters(source);
+
switch (arg->mode) {
case NEW_IMAGE_MODE_EXISTING:
break;
@@ -3906,8 +3929,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
/* create new image with backing file */
bdrv_refresh_filename(source);
bdrv_img_create(arg->target, format,
- source->filename,
- source->drv->format_name,
+ explicit_backing->filename,
+ explicit_backing->drv->format_name,
NULL, size, flags, false, &local_err);
break;
default:
@@ -3943,7 +3966,7 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
}
blockdev_mirror_common(arg->has_job_id ? arg->job_id : NULL, bs, target_bs,
- arg->has_replaces, arg->replaces, arg->sync,
+ !!replaces_node_name, replaces_node_name, arg->sync,
backing_mode, arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
arg->has_buf_size, arg->buf_size,
@@ -3979,7 +4002,7 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
bool has_auto_dismiss, bool auto_dismiss,
Error **errp)
{
- BlockDriverState *bs;
+ BlockDriverState *bs, *unfiltered_bs;
BlockDriverState *target_bs;
AioContext *aio_context;
BlockMirrorBackingMode backing_mode = MIRROR_LEAVE_BACKING_CHAIN;
@@ -3991,6 +4014,16 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
return;
}
+ /*
+ * Same as in qmp_drive_mirror(): We want to run the job from @bs,
+ * but we want to replace @unfiltered_bs on completion.
+ */
+ unfiltered_bs = bdrv_skip_implicit_filters(bs);
+ if (!has_replaces && unfiltered_bs != bs) {
+ replaces = unfiltered_bs->node_name;
+ has_replaces = true;
+ }
+
target_bs = bdrv_lookup_bs(target, target, errp);
if (!target_bs) {
return;
--
2.21.0
13.06.2019 1:09, Max Reitz wrote:
> This includes some permission limiting (for example, we only need to
> take the RESIZE permission for active commits where the base is smaller
> than the top).
>
> Signed-off-by: Max Reitz <mreitz@redhat.com>
ohm, unfortunately I'm far from knowing block/mirror mechanics and interfaces :(.
still some comments below.
> ---
> block/mirror.c | 110 +++++++++++++++++++++++++++++++++++++------------
> blockdev.c | 47 +++++++++++++++++----
> 2 files changed, 124 insertions(+), 33 deletions(-)
>
> diff --git a/block/mirror.c b/block/mirror.c
> index 4fa8f57c80..3d767e3030 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -660,8 +660,10 @@ static int mirror_exit_common(Job *job)
> &error_abort);
> if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
> BlockDriverState *backing = s->is_none_mode ? src : s->base;
> - if (backing_bs(target_bs) != backing) {
> - bdrv_set_backing_hd(target_bs, backing, &local_err);
> + BlockDriverState *unfiltered_target = bdrv_skip_rw_filters(target_bs);
> +
> + if (bdrv_filtered_cow_bs(unfiltered_target) != backing) {
> + bdrv_set_backing_hd(unfiltered_target, backing, &local_err);
> if (local_err) {
> error_report_err(local_err);
> ret = -EPERM;
> @@ -711,7 +713,7 @@ static int mirror_exit_common(Job *job)
> block_job_remove_all_bdrv(bjob);
> bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
> &error_abort);
> - bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
> + bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
>
> /* We just changed the BDS the job BB refers to (with either or both of the
> * bdrv_replace_node() calls), so switch the BB back so the cleanup does
> @@ -757,6 +759,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
> {
> int64_t offset;
> BlockDriverState *base = s->base;
> + BlockDriverState *filtered_base;
> BlockDriverState *bs = s->mirror_top_bs->backing->bs;
> BlockDriverState *target_bs = blk_bs(s->target);
> int ret;
> @@ -795,6 +798,9 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
> s->initial_zeroing_ongoing = false;
> }
>
> + /* Will be NULL if @base is not in @bs's chain */
Should we assert that not NULL?
Hmm, so this is the way to "skip filters reverse from the base", yes? Worth add a comment?
> + filtered_base = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, base));
> +
> /* First part, loop on the sectors and initialize the dirty bitmap. */
> for (offset = 0; offset < s->bdev_length; ) {
> /* Just to make sure we are not exceeding int limit. */
> @@ -807,7 +813,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
> return 0;
> }
>
> - ret = bdrv_is_allocated_above(bs, base, offset, bytes, &count);
> + ret = bdrv_is_allocated_above(bs, filtered_base, offset, bytes, &count);
> if (ret < 0) {
> return ret;
> }
> @@ -903,7 +909,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
> } else {
> s->target_cluster_size = BDRV_SECTOR_SIZE;
> }
> - if (backing_filename[0] && !target_bs->backing &&
> + if (backing_filename[0] && !bdrv_backing_chain_next(target_bs) &&
> s->granularity < s->target_cluster_size) {
> s->buf_size = MAX(s->buf_size, s->target_cluster_size);
> s->cow_bitmap = bitmap_new(length);
> @@ -1083,8 +1089,9 @@ static void mirror_complete(Job *job, Error **errp)
> if (s->backing_mode == MIRROR_OPEN_BACKING_CHAIN) {
> int ret;
>
> - assert(!target->backing);
> - ret = bdrv_open_backing_file(target, NULL, "backing", errp);
> + assert(!bdrv_backing_chain_next(target));
> + ret = bdrv_open_backing_file(bdrv_skip_rw_filters(target), NULL,
> + "backing", errp);
> if (ret < 0) {
> return;
> }
> @@ -1503,8 +1510,8 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> MirrorBlockJob *s;
> MirrorBDSOpaque *bs_opaque;
> BlockDriverState *mirror_top_bs;
> - bool target_graph_mod;
> bool target_is_backing;
> + uint64_t target_perms, target_shared_perms;
> Error *local_err = NULL;
> int ret;
>
> @@ -1523,7 +1530,7 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> buf_size = DEFAULT_MIRROR_BUF_SIZE;
> }
>
> - if (bs == target) {
> + if (bdrv_skip_rw_filters(bs) == bdrv_skip_rw_filters(target)) {
> error_setg(errp, "Can't mirror node into itself");
> return;
> }
> @@ -1583,15 +1590,42 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> * In the case of active commit, things look a bit different, though,
> * because the target is an already populated backing file in active use.
> * We can allow anything except resize there.*/
> +
> + target_perms = BLK_PERM_WRITE;
> + target_shared_perms = BLK_PERM_WRITE_UNCHANGED;
> +
> target_is_backing = bdrv_chain_contains(bs, target);
don't you want skip filters here? actual target node may be in backing chain, but has separate
filters above it
> - target_graph_mod = (backing_mode != MIRROR_LEAVE_BACKING_CHAIN);
> + if (target_is_backing) {
> + int64_t bs_size, target_size;
> + bs_size = bdrv_getlength(bs);
> + if (bs_size < 0) {
> + error_setg_errno(errp, -bs_size,
> + "Could not inquire top image size");
> + goto fail;
> + }
> +
> + target_size = bdrv_getlength(target);
> + if (target_size < 0) {
> + error_setg_errno(errp, -target_size,
> + "Could not inquire base image size");
> + goto fail;
> + }
> +
> + if (target_size < bs_size) {
> + target_perms |= BLK_PERM_RESIZE;
> + }
> +
> + target_shared_perms |= BLK_PERM_CONSISTENT_READ
> + | BLK_PERM_WRITE
> + | BLK_PERM_GRAPH_MOD;
> + }
> +
> + if (backing_mode != MIRROR_LEAVE_BACKING_CHAIN) {
> + target_perms |= BLK_PERM_GRAPH_MOD;
> + }
> +
> s->target = blk_new(s->common.job.aio_context,
> - BLK_PERM_WRITE | BLK_PERM_RESIZE |
> - (target_graph_mod ? BLK_PERM_GRAPH_MOD : 0),
> - BLK_PERM_WRITE_UNCHANGED |
> - (target_is_backing ? BLK_PERM_CONSISTENT_READ |
> - BLK_PERM_WRITE |
> - BLK_PERM_GRAPH_MOD : 0));
> + target_perms, target_shared_perms);
> ret = blk_insert_bs(s->target, target, errp);
> if (ret < 0) {
> goto fail;
> @@ -1641,15 +1675,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> /* In commit_active_start() all intermediate nodes disappear, so
> * any jobs in them must be blocked */
hmm, preexisting, it s/jobs/nodes/
> if (target_is_backing) {
> - BlockDriverState *iter;
> - for (iter = backing_bs(bs); iter != target; iter = backing_bs(iter)) {
> - /* XXX BLK_PERM_WRITE needs to be allowed so we don't block
> - * ourselves at s->base (if writes are blocked for a node, they are
> - * also blocked for its backing file). The other options would be a
> - * second filter driver above s->base (== target). */
> + BlockDriverState *iter, *filtered_target;
> + uint64_t iter_shared_perms;
> +
> + /*
> + * The topmost node with
> + * bdrv_skip_rw_filters(filtered_target) == bdrv_skip_rw_filters(target)
> + */
> + filtered_target = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, target));
> +
> + assert(bdrv_skip_rw_filters(filtered_target) ==
> + bdrv_skip_rw_filters(target));
> +
> + /*
> + * XXX BLK_PERM_WRITE needs to be allowed so we don't block
> + * ourselves at s->base (if writes are blocked for a node, they are
> + * also blocked for its backing file). The other options would be a
> + * second filter driver above s->base (== target).
> + */
> + iter_shared_perms = BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE;
> +
> + for (iter = bdrv_filtered_bs(bs); iter != target;
> + iter = bdrv_filtered_bs(iter))
> + {
> + if (iter == filtered_target) {
> + /*
> + * From here on, all nodes are filters on the base.
> + * This allows us to share BLK_PERM_CONSISTENT_READ.
> + */
> + iter_shared_perms |= BLK_PERM_CONSISTENT_READ;
> + }
> +
> ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
> - BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
> - errp);
> + iter_shared_perms, errp);
> if (ret < 0) {
> goto fail;
> }
> @@ -1683,7 +1741,7 @@ fail:
>
> bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
> &error_abort);
> - bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
> + bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
>
> bdrv_unref(mirror_top_bs);
> }
> @@ -1706,7 +1764,7 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
> return;
> }
> is_none_mode = mode == MIRROR_SYNC_MODE_NONE;
> - base = mode == MIRROR_SYNC_MODE_TOP ? backing_bs(bs) : NULL;
> + base = mode == MIRROR_SYNC_MODE_TOP ? bdrv_backing_chain_next(bs) : NULL;
> mirror_start_job(job_id, bs, creation_flags, target, replaces,
> speed, granularity, buf_size, backing_mode,
> on_source_error, on_target_error, unmap, NULL, NULL,
> diff --git a/blockdev.c b/blockdev.c
> index 0f0cf0d9ae..68e8d33447 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -3777,7 +3777,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
> return;
> }
>
> - if (!bs->backing && sync == MIRROR_SYNC_MODE_TOP) {
> + if (!bdrv_backing_chain_next(bs) && sync == MIRROR_SYNC_MODE_TOP) {
> sync = MIRROR_SYNC_MODE_FULL;
> }
>
> @@ -3826,7 +3826,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
>
> void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> {
> - BlockDriverState *bs;
> + BlockDriverState *bs, *unfiltered_bs;
> BlockDriverState *source, *target_bs;
> AioContext *aio_context;
> BlockMirrorBackingMode backing_mode;
> @@ -3835,6 +3835,7 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> int flags;
> int64_t size;
> const char *format = arg->format;
> + const char *replaces_node_name = NULL;
> int ret;
>
> bs = qmp_get_root_bs(arg->device, errp);
> @@ -3847,6 +3848,16 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> return;
> }
>
> + /*
> + * If the user has not instructed us otherwise, we should let the
> + * block job run from @bs (thus taking into account all filters on
> + * it) but replace @unfiltered_bs when it finishes (thus not
> + * removing those filters).
> + * (And if there are any explicit filters, we should assume the
> + * user knows how to use the @replaces option.)
> + */
> + unfiltered_bs = bdrv_skip_implicit_filters(bs);
> +
> aio_context = bdrv_get_aio_context(bs);
> aio_context_acquire(aio_context);
>
> @@ -3860,8 +3871,14 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> }
>
> flags = bs->open_flags | BDRV_O_RDWR;
> - source = backing_bs(bs);
> + source = bdrv_filtered_cow_bs(unfiltered_bs);
> if (!source && arg->sync == MIRROR_SYNC_MODE_TOP) {
> + if (bdrv_filtered_bs(unfiltered_bs)) {
> + /* @unfiltered_bs is an explicit filter */
> + error_setg(errp, "Cannot perform sync=top mirror through an "
> + "explicitly added filter node on the source");
> + goto out;
> + }
> arg->sync = MIRROR_SYNC_MODE_FULL;
> }
> if (arg->sync == MIRROR_SYNC_MODE_NONE) {
> @@ -3880,6 +3897,9 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> " named node of the graph");
> goto out;
> }
> + replaces_node_name = arg->replaces;
> + } else if (unfiltered_bs != bs) {
> + replaces_node_name = unfiltered_bs->node_name;
> }
>
> if (arg->mode == NEW_IMAGE_MODE_ABSOLUTE_PATHS) {
> @@ -3899,6 +3919,9 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> bdrv_img_create(arg->target, format,
> NULL, NULL, NULL, size, flags, false, &local_err);
> } else {
> + /* Implicit filters should not appear in the filename */
> + BlockDriverState *explicit_backing = bdrv_skip_implicit_filters(source);
> +
> switch (arg->mode) {
> case NEW_IMAGE_MODE_EXISTING:
> break;
> @@ -3906,8 +3929,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> /* create new image with backing file */
> bdrv_refresh_filename(source);
> bdrv_img_create(arg->target, format,
> - source->filename,
> - source->drv->format_name,
> + explicit_backing->filename,
> + explicit_backing->drv->format_name,
> NULL, size, flags, false, &local_err);
> break;
> default:
> @@ -3943,7 +3966,7 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
> }
>
> blockdev_mirror_common(arg->has_job_id ? arg->job_id : NULL, bs, target_bs,
> - arg->has_replaces, arg->replaces, arg->sync,
> + !!replaces_node_name, replaces_node_name, arg->sync,
> backing_mode, arg->has_speed, arg->speed,
> arg->has_granularity, arg->granularity,
> arg->has_buf_size, arg->buf_size,
> @@ -3979,7 +4002,7 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
> bool has_auto_dismiss, bool auto_dismiss,
> Error **errp)
> {
> - BlockDriverState *bs;
> + BlockDriverState *bs, *unfiltered_bs;
> BlockDriverState *target_bs;
> AioContext *aio_context;
> BlockMirrorBackingMode backing_mode = MIRROR_LEAVE_BACKING_CHAIN;
> @@ -3991,6 +4014,16 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
> return;
> }
>
> + /*
> + * Same as in qmp_drive_mirror(): We want to run the job from @bs,
> + * but we want to replace @unfiltered_bs on completion.
> + */
> + unfiltered_bs = bdrv_skip_implicit_filters(bs);
> + if (!has_replaces && unfiltered_bs != bs) {
> + replaces = unfiltered_bs->node_name;
> + has_replaces = true;
> + }
> +
> target_bs = bdrv_lookup_bs(target, target, errp);
> if (!target_bs) {
> return;
>
--
Best regards,
Vladimir
On 18.06.19 15:12, Vladimir Sementsov-Ogievskiy wrote:
> 13.06.2019 1:09, Max Reitz wrote:
>> This includes some permission limiting (for example, we only need to
>> take the RESIZE permission for active commits where the base is smaller
>> than the top).
>>
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>
> ohm, unfortunately I'm far from knowing block/mirror mechanics and interfaces :(.
>
> still some comments below.
>
>> ---
>> block/mirror.c | 110 +++++++++++++++++++++++++++++++++++++------------
>> blockdev.c | 47 +++++++++++++++++----
>> 2 files changed, 124 insertions(+), 33 deletions(-)
>>
>> diff --git a/block/mirror.c b/block/mirror.c
>> index 4fa8f57c80..3d767e3030 100644
>> --- a/block/mirror.c
>> +++ b/block/mirror.c
>> @@ -660,8 +660,10 @@ static int mirror_exit_common(Job *job)
>> &error_abort);
>> if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
>> BlockDriverState *backing = s->is_none_mode ? src : s->base;
>> - if (backing_bs(target_bs) != backing) {
>> - bdrv_set_backing_hd(target_bs, backing, &local_err);
>> + BlockDriverState *unfiltered_target = bdrv_skip_rw_filters(target_bs);
>> +
>> + if (bdrv_filtered_cow_bs(unfiltered_target) != backing) {
>> + bdrv_set_backing_hd(unfiltered_target, backing, &local_err);
>> if (local_err) {
>> error_report_err(local_err);
>> ret = -EPERM;
>> @@ -711,7 +713,7 @@ static int mirror_exit_common(Job *job)
>> block_job_remove_all_bdrv(bjob);
>> bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
>> &error_abort);
>> - bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
>> + bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
>>
>> /* We just changed the BDS the job BB refers to (with either or both of the
>> * bdrv_replace_node() calls), so switch the BB back so the cleanup does
>> @@ -757,6 +759,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
>> {
>> int64_t offset;
>> BlockDriverState *base = s->base;
>> + BlockDriverState *filtered_base;
>> BlockDriverState *bs = s->mirror_top_bs->backing->bs;
>> BlockDriverState *target_bs = blk_bs(s->target);
>> int ret;
>> @@ -795,6 +798,9 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
>> s->initial_zeroing_ongoing = false;
>> }
>>
>> + /* Will be NULL if @base is not in @bs's chain */
>
> Should we assert that not NULL?
Well, but it can be NULL. It is only non-NULL for active commit.
> Hmm, so this is the way to "skip filters reverse from the base", yes? Worth add a comment?
We need this because bdrv_is_allocated() will report everything as
allocated in a filter if it is allocated in its filtered child. So if
we use @base in bdrv_is_allocated_above() and there is a filter on top
of it, bdrv_is_allocated_above() will report everything as allocated
that is allocated in @base (which we do not want).
Therefor, we need to go to the topmost R/W filter on top of @base, so
that bdrv_is_allocated_above() actually starts at the first COW chain
element above @base.
As for the comment, I thought the name “filtered base” would suffice,
but sure.
(“@filtered_base is the topmost node in the @bs-@base chain that is
connected to @base only through filters” or something; plus the
explanation why we need it.)
>> + filtered_base = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, base));
>> +
>> /* First part, loop on the sectors and initialize the dirty bitmap. */
>> for (offset = 0; offset < s->bdev_length; ) {
>> /* Just to make sure we are not exceeding int limit. */
[...]
>> @@ -1583,15 +1590,42 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
>> * In the case of active commit, things look a bit different, though,
>> * because the target is an already populated backing file in active use.
>> * We can allow anything except resize there.*/
>> +
>> + target_perms = BLK_PERM_WRITE;
>> + target_shared_perms = BLK_PERM_WRITE_UNCHANGED;
>> +
>> target_is_backing = bdrv_chain_contains(bs, target);
>
> don't you want skip filters here? actual target node may be in backing chain, but has separate
> filters above it
I don’t quite understand. bdrv_chain_contains() iterates over the
filter chain, so it shouldn’t matter whether there are filters above
target or not.
[...]
>> @@ -1641,15 +1675,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
>> /* In commit_active_start() all intermediate nodes disappear, so
>> * any jobs in them must be blocked */
>
> hmm, preexisting, it s/jobs/nodes/
I think the idea was that no other jobs may be run on intermediate
nodes. (But by now it’s no longer just about jobs, so yes, should be
s/jobs/nodes/. I don’t know whether I should squeeze that in here, though.)
Max
18.06.2019 17:47, Max Reitz wrote:
> On 18.06.19 15:12, Vladimir Sementsov-Ogievskiy wrote:
>> 13.06.2019 1:09, Max Reitz wrote:
>>> This includes some permission limiting (for example, we only need to
>>> take the RESIZE permission for active commits where the base is smaller
>>> than the top).
>>>
>>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>>
>> ohm, unfortunately I'm far from knowing block/mirror mechanics and interfaces :(.
>>
>> still some comments below.
>>
>>> ---
>>> block/mirror.c | 110 +++++++++++++++++++++++++++++++++++++------------
>>> blockdev.c | 47 +++++++++++++++++----
>>> 2 files changed, 124 insertions(+), 33 deletions(-)
>>>
>>> diff --git a/block/mirror.c b/block/mirror.c
>>> index 4fa8f57c80..3d767e3030 100644
>>> --- a/block/mirror.c
>>> +++ b/block/mirror.c
>>> @@ -660,8 +660,10 @@ static int mirror_exit_common(Job *job)
>>> &error_abort);
>>> if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
>>> BlockDriverState *backing = s->is_none_mode ? src : s->base;
>>> - if (backing_bs(target_bs) != backing) {
>>> - bdrv_set_backing_hd(target_bs, backing, &local_err);
>>> + BlockDriverState *unfiltered_target = bdrv_skip_rw_filters(target_bs);
>>> +
>>> + if (bdrv_filtered_cow_bs(unfiltered_target) != backing) {
>>> + bdrv_set_backing_hd(unfiltered_target, backing, &local_err);
>>> if (local_err) {
>>> error_report_err(local_err);
>>> ret = -EPERM;
>>> @@ -711,7 +713,7 @@ static int mirror_exit_common(Job *job)
>>> block_job_remove_all_bdrv(bjob);
>>> bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
>>> &error_abort);
>>> - bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
>>> + bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
>>>
>>> /* We just changed the BDS the job BB refers to (with either or both of the
>>> * bdrv_replace_node() calls), so switch the BB back so the cleanup does
>>> @@ -757,6 +759,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
>>> {
>>> int64_t offset;
>>> BlockDriverState *base = s->base;
>>> + BlockDriverState *filtered_base;
>>> BlockDriverState *bs = s->mirror_top_bs->backing->bs;
>>> BlockDriverState *target_bs = blk_bs(s->target);
>>> int ret;
>>> @@ -795,6 +798,9 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
>>> s->initial_zeroing_ongoing = false;
>>> }
>>>
>>> + /* Will be NULL if @base is not in @bs's chain */
>>
>> Should we assert that not NULL?
>
> Well, but it can be NULL. It is only non-NULL for active commit.
>
>> Hmm, so this is the way to "skip filters reverse from the base", yes? Worth add a comment?
>
> We need this because bdrv_is_allocated() will report everything as
> allocated in a filter if it is allocated in its filtered child. So if
> we use @base in bdrv_is_allocated_above() and there is a filter on top
> of it, bdrv_is_allocated_above() will report everything as allocated
> that is allocated in @base (which we do not want).
>
> Therefor, we need to go to the topmost R/W filter on top of @base, so
> that bdrv_is_allocated_above() actually starts at the first COW chain
> element above @base.
>
> As for the comment, I thought the name “filtered base” would suffice,
> but sure.
>
> (“@filtered_base is the topmost node in the @bs-@base chain that is
> connected to @base only through filters” or something; plus the
> explanation why we need it.)
>
>>> + filtered_base = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, base));
>>> +
>>> /* First part, loop on the sectors and initialize the dirty bitmap. */
>>> for (offset = 0; offset < s->bdev_length; ) {
>>> /* Just to make sure we are not exceeding int limit. */
>
> [...]
>
>>> @@ -1583,15 +1590,42 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
>>> * In the case of active commit, things look a bit different, though,
>>> * because the target is an already populated backing file in active use.
>>> * We can allow anything except resize there.*/
>>> +
>>> + target_perms = BLK_PERM_WRITE;
>>> + target_shared_perms = BLK_PERM_WRITE_UNCHANGED;
>>> +
>>> target_is_backing = bdrv_chain_contains(bs, target);
>>
>> don't you want skip filters here? actual target node may be in backing chain, but has separate
>> filters above it
>
> I don’t quite understand. bdrv_chain_contains() iterates over the
> filter chain, so it shouldn’t matter whether there are filters above
> target or not.
>
> [...]
I just imagine something like this:
bs
|
... target node (it's filter)
| /
v v
base (unfiltered target)
>
>>> @@ -1641,15 +1675,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
>>> /* In commit_active_start() all intermediate nodes disappear, so
>>> * any jobs in them must be blocked */
>>
>> hmm, preexisting, it s/jobs/nodes/
>
> I think the idea was that no other jobs may be run on intermediate
> nodes. (But by now it’s no longer just about jobs, so yes, should be
> s/jobs/nodes/. I don’t know whether I should squeeze that in here, though.)
>
> Max
>
--
Best regards,
Vladimir
On 18.06.19 16:55, Vladimir Sementsov-Ogievskiy wrote:
> 18.06.2019 17:47, Max Reitz wrote:
>> On 18.06.19 15:12, Vladimir Sementsov-Ogievskiy wrote:
>>> 13.06.2019 1:09, Max Reitz wrote:
>>>> This includes some permission limiting (for example, we only need to
>>>> take the RESIZE permission for active commits where the base is smaller
>>>> than the top).
>>>>
>>>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>>>
>>> ohm, unfortunately I'm far from knowing block/mirror mechanics and interfaces :(.
>>>
>>> still some comments below.
>>>
>>>> ---
>>>> block/mirror.c | 110 +++++++++++++++++++++++++++++++++++++------------
>>>> blockdev.c | 47 +++++++++++++++++----
>>>> 2 files changed, 124 insertions(+), 33 deletions(-)
>>>>
>>>> diff --git a/block/mirror.c b/block/mirror.c
>>>> index 4fa8f57c80..3d767e3030 100644
>>>> --- a/block/mirror.c
>>>> +++ b/block/mirror.c
>>>> @@ -660,8 +660,10 @@ static int mirror_exit_common(Job *job)
>>>> &error_abort);
>>>> if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
>>>> BlockDriverState *backing = s->is_none_mode ? src : s->base;
>>>> - if (backing_bs(target_bs) != backing) {
>>>> - bdrv_set_backing_hd(target_bs, backing, &local_err);
>>>> + BlockDriverState *unfiltered_target = bdrv_skip_rw_filters(target_bs);
>>>> +
>>>> + if (bdrv_filtered_cow_bs(unfiltered_target) != backing) {
>>>> + bdrv_set_backing_hd(unfiltered_target, backing, &local_err);
>>>> if (local_err) {
>>>> error_report_err(local_err);
>>>> ret = -EPERM;
>>>> @@ -711,7 +713,7 @@ static int mirror_exit_common(Job *job)
>>>> block_job_remove_all_bdrv(bjob);
>>>> bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
>>>> &error_abort);
>>>> - bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
>>>> + bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
>>>>
>>>> /* We just changed the BDS the job BB refers to (with either or both of the
>>>> * bdrv_replace_node() calls), so switch the BB back so the cleanup does
>>>> @@ -757,6 +759,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
>>>> {
>>>> int64_t offset;
>>>> BlockDriverState *base = s->base;
>>>> + BlockDriverState *filtered_base;
>>>> BlockDriverState *bs = s->mirror_top_bs->backing->bs;
>>>> BlockDriverState *target_bs = blk_bs(s->target);
>>>> int ret;
>>>> @@ -795,6 +798,9 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
>>>> s->initial_zeroing_ongoing = false;
>>>> }
>>>>
>>>> + /* Will be NULL if @base is not in @bs's chain */
>>>
>>> Should we assert that not NULL?
>>
>> Well, but it can be NULL. It is only non-NULL for active commit.
>>
>>> Hmm, so this is the way to "skip filters reverse from the base", yes? Worth add a comment?
>>
>> We need this because bdrv_is_allocated() will report everything as
>> allocated in a filter if it is allocated in its filtered child. So if
>> we use @base in bdrv_is_allocated_above() and there is a filter on top
>> of it, bdrv_is_allocated_above() will report everything as allocated
>> that is allocated in @base (which we do not want).
>>
>> Therefor, we need to go to the topmost R/W filter on top of @base, so
>> that bdrv_is_allocated_above() actually starts at the first COW chain
>> element above @base.
>>
>> As for the comment, I thought the name “filtered base” would suffice,
>> but sure.
>>
>> (“@filtered_base is the topmost node in the @bs-@base chain that is
>> connected to @base only through filters” or something; plus the
>> explanation why we need it.)
>>
>>>> + filtered_base = bdrv_filtered_cow_bs(bdrv_find_overlay(bs, base));
>>>> +
>>>> /* First part, loop on the sectors and initialize the dirty bitmap. */
>>>> for (offset = 0; offset < s->bdev_length; ) {
>>>> /* Just to make sure we are not exceeding int limit. */
>>
>> [...]
>>
>>>> @@ -1583,15 +1590,42 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
>>>> * In the case of active commit, things look a bit different, though,
>>>> * because the target is an already populated backing file in active use.
>>>> * We can allow anything except resize there.*/
>>>> +
>>>> + target_perms = BLK_PERM_WRITE;
>>>> + target_shared_perms = BLK_PERM_WRITE_UNCHANGED;
>>>> +
>>>> target_is_backing = bdrv_chain_contains(bs, target);
>>>
>>> don't you want skip filters here? actual target node may be in backing chain, but has separate
>>> filters above it
>>
>> I don’t quite understand. bdrv_chain_contains() iterates over the
>> filter chain, so it shouldn’t matter whether there are filters above
>> target or not.
>>
>> [...]
>
>
> I just imagine something like this:
>
> bs
> |
> ... target node (it's filter)
> | /
> v v
> base (unfiltered target)
Well, that’s just broken. Good point.
Hm. Can this be actually made to work? The filter_target search could
be amended (by looking for the overlay of bdrv_skip_rw_filters(target)).
The loop to block intermediate nodes, though... Would require some
more modifications. We’d probably also need two loops, one from bs to
bdrv_skip_rw_filters(target), and one from the target to
bdrv_skip_rw_filters(target).
All in all I think it’s best to just forbid this case for now. (We can
try something like that again for blockdev-copy in the future(TM).) So
I’ll just check whether bdrv_skip_rw_filters(target) is in the chain,
and if so (but target_is_backing is false), return an error.
Max
>>>> @@ -1641,15 +1675,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
>>>> /* In commit_active_start() all intermediate nodes disappear, so
>>>> * any jobs in them must be blocked */
>>>
>>> hmm, preexisting, it s/jobs/nodes/
>>
>> I think the idea was that no other jobs may be run on intermediate
>> nodes. (But by now it’s no longer just about jobs, so yes, should be
>> s/jobs/nodes/. I don’t know whether I should squeeze that in here, though.)
>>
>> Max
>>
>
>
© 2016 - 2026 Red Hat, Inc.