[3/8] block: implement reference count for BlockDriverState

Introduce bdrv_ref/bdrv_unref to manage the lifecycle of
BlockDriverState. They are unused for now but will used to replace
bdrv_delete() later.

Signed-off-by: Fam Zheng <famz@redhat.com>
---
 block.c                   | 22 ++++++++++++++++++++++
 include/block/block.h     |  2 ++
 include/block/block_int.h |  1 +
 3 files changed, 25 insertions(+)

On Thu, Jul 25, 2013 at 05:01:41PM +0800, Fam Zheng wrote:
> Introduce bdrv_ref/bdrv_unref to manage the lifecycle of
> BlockDriverState. They are unused for now but will used to replace
> bdrv_delete() later.
> 
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
>  block.c                   | 22 ++++++++++++++++++++++
>  include/block/block.h     |  2 ++
>  include/block/block_int.h |  1 +
>  3 files changed, 25 insertions(+)
> 
> diff --git a/block.c b/block.c
> index 6cd39fa..6f7ad7f 100644
> --- a/block.c
> +++ b/block.c
> @@ -306,6 +306,7 @@ BlockDriverState *bdrv_new(const char *device_name)
>      bdrv_iostatus_disable(bs);
>      notifier_list_init(&bs->close_notifiers);
>      notifier_with_return_list_init(&bs->before_write_notifiers);
> +    bs->refcnt = 1;
>  
>      return bs;
>  }
> @@ -1511,6 +1512,9 @@ static void bdrv_move_feature_fields(BlockDriverState *bs_dest,
>      /* dirty bitmap */
>      bs_dest->dirty_bitmap       = bs_src->dirty_bitmap;
>  
> +    /* reference count */
> +    bs_dest->refcnt             = bs_src->refcnt;
> +
>      /* job */
>      bs_dest->in_use             = bs_src->in_use;
>      bs_dest->job                = bs_src->job;
> @@ -4385,6 +4389,24 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs)
>      }
>  }
>  
> +/* Get a reference to bs */
> +void bdrv_ref(BlockDriverState *bs)
> +{
> +    bs->refcnt++;
> +}
> +
> +/* Release a previously grabbed reference to bs.
> + * If after releasing, reference count is zero, the BlockDriverState is
> + * deleted. */
> +void bdrv_unref(BlockDriverState *bs)
> +{
> +    assert(bs->refcnt > 0);
> +    if (--bs->refcnt == 0) {
> +        bdrv_close(bs);
> +        bdrv_delete(bs);
> +    }
> +}

The problem with this is that a caller to bdrv_unref() has no
way of knowing after calling bdrv_unref() if bs is still valid.  We
can't just set bs to NULL after calling bdrv_unref() as with
bdrv_delete(), because now it may not have been freed.

Maybe bdrv_unref should either return the current bs pointer, or
alternatively accept as its argument a pointer to the BDS pointer:

void bdrv_unref(BlockDriverState **bs)
{
    assert(*bs->refcnt > 0);
    if (--*bs->refcnt == 0) {
        bdrv_close(*bs);
        bdrv_delete(*bs);
        *bs = NULL;
    }
}

Of course, all callers would need to then check for NULL.

Also, do we need to call bdrv_close() in here?  In bdrv_delete(),
bdrv_close() is called prior to the free.

> +
>  void bdrv_set_in_use(BlockDriverState *bs, int in_use)
>  {
>      assert(bs->in_use != in_use);
> diff --git a/include/block/block.h b/include/block/block.h
> index 742fce5..b33ef62 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -356,6 +356,8 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs);
>  void bdrv_enable_copy_on_read(BlockDriverState *bs);
>  void bdrv_disable_copy_on_read(BlockDriverState *bs);
>  
> +void bdrv_ref(BlockDriverState *bs);
> +void bdrv_unref(BlockDriverState *bs);
>  void bdrv_set_in_use(BlockDriverState *bs, int in_use);
>  int bdrv_in_use(BlockDriverState *bs);
>  
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index c6ac871..a282d56 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -294,6 +294,7 @@ struct BlockDriverState {
>      BlockDeviceIoStatus iostatus;
>      char device_name[32];
>      HBitmap *dirty_bitmap;
> +    int refcnt;
>      int in_use; /* users other than guest access, eg. block migration */
>      QTAILQ_ENTRY(BlockDriverState) list;
>  
> -- 
> 1.8.3.2
> 
>

On Thu, 07/25 09:15, Jeff Cody wrote:
> On Thu, Jul 25, 2013 at 05:01:41PM +0800, Fam Zheng wrote:
> > Introduce bdrv_ref/bdrv_unref to manage the lifecycle of
> > BlockDriverState. They are unused for now but will used to replace
> > bdrv_delete() later.
> > 
> > Signed-off-by: Fam Zheng <famz@redhat.com>
> > ---
> >  block.c                   | 22 ++++++++++++++++++++++
> >  include/block/block.h     |  2 ++
> >  include/block/block_int.h |  1 +
> >  3 files changed, 25 insertions(+)
> > 
> > diff --git a/block.c b/block.c
> > index 6cd39fa..6f7ad7f 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -306,6 +306,7 @@ BlockDriverState *bdrv_new(const char *device_name)
> >      bdrv_iostatus_disable(bs);
> >      notifier_list_init(&bs->close_notifiers);
> >      notifier_with_return_list_init(&bs->before_write_notifiers);
> > +    bs->refcnt = 1;
> >  
> >      return bs;
> >  }
> > @@ -1511,6 +1512,9 @@ static void bdrv_move_feature_fields(BlockDriverState *bs_dest,
> >      /* dirty bitmap */
> >      bs_dest->dirty_bitmap       = bs_src->dirty_bitmap;
> >  
> > +    /* reference count */
> > +    bs_dest->refcnt             = bs_src->refcnt;
> > +
> >      /* job */
> >      bs_dest->in_use             = bs_src->in_use;
> >      bs_dest->job                = bs_src->job;
> > @@ -4385,6 +4389,24 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs)
> >      }
> >  }
> >  
> > +/* Get a reference to bs */
> > +void bdrv_ref(BlockDriverState *bs)
> > +{
> > +    bs->refcnt++;
> > +}
> > +
> > +/* Release a previously grabbed reference to bs.
> > + * If after releasing, reference count is zero, the BlockDriverState is
> > + * deleted. */
> > +void bdrv_unref(BlockDriverState *bs)
> > +{
> > +    assert(bs->refcnt > 0);
> > +    if (--bs->refcnt == 0) {
> > +        bdrv_close(bs);
> > +        bdrv_delete(bs);
> > +    }
> > +}
> 
> The problem with this is that a caller to bdrv_unref() has no
> way of knowing after calling bdrv_unref() if bs is still valid.  We
> can't just set bs to NULL after calling bdrv_unref() as with
> bdrv_delete(), because now it may not have been freed.
> 
By calling bdrv_unref, it means the caller is not going to use bs any
more.  In other words, bdrv_unref() is a bdrv_delete() as seen by the
caller, if bs is still valid pointer after unref, it's no longer safe
for the caller: it can be freed by other code, in any time, but the
caller can't know.

> Maybe bdrv_unref should either return the current bs pointer, or
> alternatively accept as its argument a pointer to the BDS pointer:
> 
> void bdrv_unref(BlockDriverState **bs)
> {
>     assert(*bs->refcnt > 0);
>     if (--*bs->refcnt == 0) {
>         bdrv_close(*bs);
>         bdrv_delete(*bs);
>         *bs = NULL;
>     }
> }
> 
> Of course, all callers would need to then check for NULL.
> 
> Also, do we need to call bdrv_close() in here?  In bdrv_delete(),
> bdrv_close() is called prior to the free.
> 
Yes, it can be omited.

> > +
> >  void bdrv_set_in_use(BlockDriverState *bs, int in_use)
> >  {
> >      assert(bs->in_use != in_use);
> > diff --git a/include/block/block.h b/include/block/block.h
> > index 742fce5..b33ef62 100644
> > --- a/include/block/block.h
> > +++ b/include/block/block.h
> > @@ -356,6 +356,8 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs);
> >  void bdrv_enable_copy_on_read(BlockDriverState *bs);
> >  void bdrv_disable_copy_on_read(BlockDriverState *bs);
> >  
> > +void bdrv_ref(BlockDriverState *bs);
> > +void bdrv_unref(BlockDriverState *bs);
> >  void bdrv_set_in_use(BlockDriverState *bs, int in_use);
> >  int bdrv_in_use(BlockDriverState *bs);
> >  
> > diff --git a/include/block/block_int.h b/include/block/block_int.h
> > index c6ac871..a282d56 100644
> > --- a/include/block/block_int.h
> > +++ b/include/block/block_int.h
> > @@ -294,6 +294,7 @@ struct BlockDriverState {
> >      BlockDeviceIoStatus iostatus;
> >      char device_name[32];
> >      HBitmap *dirty_bitmap;
> > +    int refcnt;
> >      int in_use; /* users other than guest access, eg. block migration */
> >      QTAILQ_ENTRY(BlockDriverState) list;
> >  
> > -- 
> > 1.8.3.2
> > 
> >

On Fri, Jul 26, 2013 at 09:13:32AM +0800, Fam Zheng wrote:
> On Thu, 07/25 09:15, Jeff Cody wrote:
> > On Thu, Jul 25, 2013 at 05:01:41PM +0800, Fam Zheng wrote:
> > > Introduce bdrv_ref/bdrv_unref to manage the lifecycle of
> > > BlockDriverState. They are unused for now but will used to replace
> > > bdrv_delete() later.
> > > 
> > > Signed-off-by: Fam Zheng <famz@redhat.com>
> > > ---
> > >  block.c                   | 22 ++++++++++++++++++++++
> > >  include/block/block.h     |  2 ++
> > >  include/block/block_int.h |  1 +
> > >  3 files changed, 25 insertions(+)
> > > 
> > > diff --git a/block.c b/block.c
> > > index 6cd39fa..6f7ad7f 100644
> > > --- a/block.c
> > > +++ b/block.c
> > > @@ -306,6 +306,7 @@ BlockDriverState *bdrv_new(const char *device_name)
> > >      bdrv_iostatus_disable(bs);
> > >      notifier_list_init(&bs->close_notifiers);
> > >      notifier_with_return_list_init(&bs->before_write_notifiers);
> > > +    bs->refcnt = 1;
> > >  
> > >      return bs;
> > >  }
> > > @@ -1511,6 +1512,9 @@ static void bdrv_move_feature_fields(BlockDriverState *bs_dest,
> > >      /* dirty bitmap */
> > >      bs_dest->dirty_bitmap       = bs_src->dirty_bitmap;
> > >  
> > > +    /* reference count */
> > > +    bs_dest->refcnt             = bs_src->refcnt;
> > > +
> > >      /* job */
> > >      bs_dest->in_use             = bs_src->in_use;
> > >      bs_dest->job                = bs_src->job;
> > > @@ -4385,6 +4389,24 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs)
> > >      }
> > >  }
> > >  
> > > +/* Get a reference to bs */
> > > +void bdrv_ref(BlockDriverState *bs)
> > > +{
> > > +    bs->refcnt++;
> > > +}
> > > +
> > > +/* Release a previously grabbed reference to bs.
> > > + * If after releasing, reference count is zero, the BlockDriverState is
> > > + * deleted. */
> > > +void bdrv_unref(BlockDriverState *bs)
> > > +{
> > > +    assert(bs->refcnt > 0);
> > > +    if (--bs->refcnt == 0) {
> > > +        bdrv_close(bs);
> > > +        bdrv_delete(bs);
> > > +    }
> > > +}
> > 
> > The problem with this is that a caller to bdrv_unref() has no
> > way of knowing after calling bdrv_unref() if bs is still valid.  We
> > can't just set bs to NULL after calling bdrv_unref() as with
> > bdrv_delete(), because now it may not have been freed.
> > 
> By calling bdrv_unref, it means the caller is not going to use bs any
> more.  In other words, bdrv_unref() is a bdrv_delete() as seen by the
> caller, if bs is still valid pointer after unref, it's no longer safe
> for the caller: it can be freed by other code, in any time, but the
> caller can't know.

OK, I can go with that.  I can't think off the top of my head where
this would cause a problem if it is just used in place of current
bdrv_delete(), so long as everyone refs it when they should.

But then going with a bdrv_delete() equivalency model, I don't know if
it is appropriate to call bdrv_unref() in bdrv_detach_dev() (in patch
5/8).  Maybe all that is really needed there is some more cleanup in
the places that call bdrv_detach_dev(), and then it would be OK.
> 
> > Maybe bdrv_unref should either return the current bs pointer, or
> > alternatively accept as its argument a pointer to the BDS pointer:
> > 
> > void bdrv_unref(BlockDriverState **bs)
> > {
> >     assert(*bs->refcnt > 0);
> >     if (--*bs->refcnt == 0) {
> >         bdrv_close(*bs);
> >         bdrv_delete(*bs);
> >         *bs = NULL;
> >     }
> > }
> > 
> > Of course, all callers would need to then check for NULL.
> > 
> > Also, do we need to call bdrv_close() in here?  In bdrv_delete(),
> > bdrv_close() is called prior to the free.
> > 
> Yes, it can be omited.
> 
> > > +
> > >  void bdrv_set_in_use(BlockDriverState *bs, int in_use)
> > >  {
> > >      assert(bs->in_use != in_use);
> > > diff --git a/include/block/block.h b/include/block/block.h
> > > index 742fce5..b33ef62 100644
> > > --- a/include/block/block.h
> > > +++ b/include/block/block.h
> > > @@ -356,6 +356,8 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs);
> > >  void bdrv_enable_copy_on_read(BlockDriverState *bs);
> > >  void bdrv_disable_copy_on_read(BlockDriverState *bs);
> > >  
> > > +void bdrv_ref(BlockDriverState *bs);
> > > +void bdrv_unref(BlockDriverState *bs);
> > >  void bdrv_set_in_use(BlockDriverState *bs, int in_use);
> > >  int bdrv_in_use(BlockDriverState *bs);
> > >  
> > > diff --git a/include/block/block_int.h b/include/block/block_int.h
> > > index c6ac871..a282d56 100644
> > > --- a/include/block/block_int.h
> > > +++ b/include/block/block_int.h
> > > @@ -294,6 +294,7 @@ struct BlockDriverState {
> > >      BlockDeviceIoStatus iostatus;
> > >      char device_name[32];
> > >      HBitmap *dirty_bitmap;
> > > +    int refcnt;
> > >      int in_use; /* users other than guest access, eg. block migration */
> > >      QTAILQ_ENTRY(BlockDriverState) list;
> > >  
> > > -- 
> > > 1.8.3.2
> > > 
> > > 
> 
> -- 
> Fam

On Thu, 07/25 21:50, Jeff Cody wrote:
> On Fri, Jul 26, 2013 at 09:13:32AM +0800, Fam Zheng wrote:
> > On Thu, 07/25 09:15, Jeff Cody wrote:
> > > On Thu, Jul 25, 2013 at 05:01:41PM +0800, Fam Zheng wrote:
> > > > Introduce bdrv_ref/bdrv_unref to manage the lifecycle of
> > > > BlockDriverState. They are unused for now but will used to replace
> > > > bdrv_delete() later.
> > > > 
> > > > Signed-off-by: Fam Zheng <famz@redhat.com>
> > > > ---
> > > >  block.c                   | 22 ++++++++++++++++++++++
> > > >  include/block/block.h     |  2 ++
> > > >  include/block/block_int.h |  1 +
> > > >  3 files changed, 25 insertions(+)
> > > > 
> > > > diff --git a/block.c b/block.c
> > > > index 6cd39fa..6f7ad7f 100644
> > > > --- a/block.c
> > > > +++ b/block.c
> > > > @@ -306,6 +306,7 @@ BlockDriverState *bdrv_new(const char *device_name)
> > > >      bdrv_iostatus_disable(bs);
> > > >      notifier_list_init(&bs->close_notifiers);
> > > >      notifier_with_return_list_init(&bs->before_write_notifiers);
> > > > +    bs->refcnt = 1;
> > > >  
> > > >      return bs;
> > > >  }
> > > > @@ -1511,6 +1512,9 @@ static void bdrv_move_feature_fields(BlockDriverState *bs_dest,
> > > >      /* dirty bitmap */
> > > >      bs_dest->dirty_bitmap       = bs_src->dirty_bitmap;
> > > >  
> > > > +    /* reference count */
> > > > +    bs_dest->refcnt             = bs_src->refcnt;
> > > > +
> > > >      /* job */
> > > >      bs_dest->in_use             = bs_src->in_use;
> > > >      bs_dest->job                = bs_src->job;
> > > > @@ -4385,6 +4389,24 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs)
> > > >      }
> > > >  }
> > > >  
> > > > +/* Get a reference to bs */
> > > > +void bdrv_ref(BlockDriverState *bs)
> > > > +{
> > > > +    bs->refcnt++;
> > > > +}
> > > > +
> > > > +/* Release a previously grabbed reference to bs.
> > > > + * If after releasing, reference count is zero, the BlockDriverState is
> > > > + * deleted. */
> > > > +void bdrv_unref(BlockDriverState *bs)
> > > > +{
> > > > +    assert(bs->refcnt > 0);
> > > > +    if (--bs->refcnt == 0) {
> > > > +        bdrv_close(bs);
> > > > +        bdrv_delete(bs);
> > > > +    }
> > > > +}
> > > 
> > > The problem with this is that a caller to bdrv_unref() has no
> > > way of knowing after calling bdrv_unref() if bs is still valid.  We
> > > can't just set bs to NULL after calling bdrv_unref() as with
> > > bdrv_delete(), because now it may not have been freed.
> > > 
> > By calling bdrv_unref, it means the caller is not going to use bs any
> > more.  In other words, bdrv_unref() is a bdrv_delete() as seen by the
> > caller, if bs is still valid pointer after unref, it's no longer safe
> > for the caller: it can be freed by other code, in any time, but the
> > caller can't know.
> 
> OK, I can go with that.  I can't think off the top of my head where
> this would cause a problem if it is just used in place of current
> bdrv_delete(), so long as everyone refs it when they should.
> 
> But then going with a bdrv_delete() equivalency model, I don't know if
> it is appropriate to call bdrv_unref() in bdrv_detach_dev() (in patch
> 5/8).  Maybe all that is really needed there is some more cleanup in
> the places that call bdrv_detach_dev(), and then it would be OK.

Yes, you're right. I need to audit the device code yet. Thanks for
pointing out.
> > 
> > > Maybe bdrv_unref should either return the current bs pointer, or
> > > alternatively accept as its argument a pointer to the BDS pointer:
> > > 
> > > void bdrv_unref(BlockDriverState **bs)
> > > {
> > >     assert(*bs->refcnt > 0);
> > >     if (--*bs->refcnt == 0) {
> > >         bdrv_close(*bs);
> > >         bdrv_delete(*bs);
> > >         *bs = NULL;
> > >     }
> > > }
> > > 
> > > Of course, all callers would need to then check for NULL.
> > > 
> > > Also, do we need to call bdrv_close() in here?  In bdrv_delete(),
> > > bdrv_close() is called prior to the free.
> > > 
> > Yes, it can be omited.
> > 
> > > > +
> > > >  void bdrv_set_in_use(BlockDriverState *bs, int in_use)
> > > >  {
> > > >      assert(bs->in_use != in_use);
> > > > diff --git a/include/block/block.h b/include/block/block.h
> > > > index 742fce5..b33ef62 100644
> > > > --- a/include/block/block.h
> > > > +++ b/include/block/block.h
> > > > @@ -356,6 +356,8 @@ int64_t bdrv_get_dirty_count(BlockDriverState *bs);
> > > >  void bdrv_enable_copy_on_read(BlockDriverState *bs);
> > > >  void bdrv_disable_copy_on_read(BlockDriverState *bs);
> > > >  
> > > > +void bdrv_ref(BlockDriverState *bs);
> > > > +void bdrv_unref(BlockDriverState *bs);
> > > >  void bdrv_set_in_use(BlockDriverState *bs, int in_use);
> > > >  int bdrv_in_use(BlockDriverState *bs);
> > > >  
> > > > diff --git a/include/block/block_int.h b/include/block/block_int.h
> > > > index c6ac871..a282d56 100644
> > > > --- a/include/block/block_int.h
> > > > +++ b/include/block/block_int.h
> > > > @@ -294,6 +294,7 @@ struct BlockDriverState {
> > > >      BlockDeviceIoStatus iostatus;
> > > >      char device_name[32];
> > > >      HBitmap *dirty_bitmap;
> > > > +    int refcnt;
> > > >      int in_use; /* users other than guest access, eg. block migration */
> > > >      QTAILQ_ENTRY(BlockDriverState) list;
> > > >  
> > > > -- 
> > > > 1.8.3.2
> > > > 
> > > > 
> > 
> > -- 
> > Fam