[COLO-BLOCK,v7,02/17] quorum: implement block driver interfaces add/delete a BDS's child

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Cc: Alberto Garcia <berto@igalia.com>
---
 block/quorum.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 70 insertions(+), 2 deletions(-)

On Tue 30 Jun 2015 05:34:30 AM CEST, Wen Congyang wrote:

> +static void quorum_add_child(BlockDriverState *bs, QDict *options, Error **errp)
> +{
> +    BDRVQuorumState *s = bs->opaque;
> +    int ret;
> +    Error *local_err = NULL;
> +
> +    bdrv_drain(bs);
> +
> +    if (s->num_children == s->max_children) {
> +        if (s->max_children >= INT_MAX / 2) {
> +            error_setg(errp, "Too many children");
> +            return;
> +        }
> +
> +        s->bs = g_renew(BlockDriverState *, s->bs, s->max_children * 2);
> +        memset(&s->bs[s->max_children], 0, s->max_children * sizeof(void *));
> +        s->max_children *= 2;
> +    }
> +
> +    ret = bdrv_open_image(&s->bs[s->num_children], NULL, options, "child", bs,
> +                          &child_format, false, &local_err);
> +    if (ret < 0) {
> +        error_propagate(errp, local_err);
> +        return;
> +    }
> +    s->num_children++;
> +
> +    /* TODO: Update vote_threshold */
> +}

A few comments:

1) Is there any reason why you grow the array exponentially instead of
   adding a fixed number of elements when the limit is reached? I guess
   in practice the number of children is never going to be too high
   anyway...

2) Did you think of any API to update vote_threshold? Currently it
   cannot be higher than num_children, so it's effectively limited by
   the number of children that are attached when the quorum device is
   created.

3) I don't think it's necessary to set to NULL the pointers in s->bs[i]
   when i >= num_children. There's no way to access those pointers
   anyway. Same for the ' s->bs[s->num_children] = NULL; ' bit in
   quorum_del_child(). I also think that using memset() for setting NULL
   pointers is not portable, although QEMU is already doing this in a
   few places.

Otherwise the code looks good to me. Thanks!

Berto

At 2015/7/2 22:02, Alberto Garcia Wrote:
> On Tue 30 Jun 2015 05:34:30 AM CEST, Wen Congyang wrote:
>
>> +static void quorum_add_child(BlockDriverState *bs, QDict *options, Error **errp)
>> +{
>> +    BDRVQuorumState *s = bs->opaque;
>> +    int ret;
>> +    Error *local_err = NULL;
>> +
>> +    bdrv_drain(bs);
>> +
>> +    if (s->num_children == s->max_children) {
>> +        if (s->max_children >= INT_MAX / 2) {
>> +            error_setg(errp, "Too many children");
>> +            return;
>> +        }
>> +
>> +        s->bs = g_renew(BlockDriverState *, s->bs, s->max_children * 2);
>> +        memset(&s->bs[s->max_children], 0, s->max_children * sizeof(void *));
>> +        s->max_children *= 2;
>> +    }
>> +
>> +    ret = bdrv_open_image(&s->bs[s->num_children], NULL, options, "child", bs,
>> +                          &child_format, false, &local_err);
>> +    if (ret < 0) {
>> +        error_propagate(errp, local_err);
>> +        return;
>> +    }
>> +    s->num_children++;
>> +
>> +    /* TODO: Update vote_threshold */
>> +}
>
> A few comments:
>
> 1) Is there any reason why you grow the array exponentially instead of
>     adding a fixed number of elements when the limit is reached? I guess
>     in practice the number of children is never going to be too high
>     anyway...

Yes, will do it in the next version.

>
> 2) Did you think of any API to update vote_threshold? Currently it
>     cannot be higher than num_children, so it's effectively limited by
>     the number of children that are attached when the quorum device is
>     created.

The things I think about it is: if vote_threshold-- when deleting a 
child, vote_threshold
will be less than 0. If we don't do vote_threshold-- when it is 1, the 
vote_threshold will
be changed when all children are added again. Which behavior is better?

>
> 3) I don't think it's necessary to set to NULL the pointers in s->bs[i]
>     when i >= num_children. There's no way to access those pointers
>     anyway. Same for the ' s->bs[s->num_children] = NULL; ' bit in
>     quorum_del_child(). I also think that using memset() for setting NULL
>     pointers is not portable, although QEMU is already doing this in a
>     few places.

OK, will remove it in the next version. Just a question: why is using 
memset()
for setting NULL pointers is not prtable?

Thanks
Wen Congyang

>
> Otherwise the code looks good to me. Thanks!
>
> Berto
>
>

On Thu 02 Jul 2015 04:30:50 PM CEST, Wen Congyang wrote:

>> 2) Did you think of any API to update vote_threshold? Currently it
>>     cannot be higher than num_children, so it's effectively limited by
>>     the number of children that are attached when the quorum device is
>>     created.
>
> The things I think about it is: if vote_threshold-- when deleting a
> child, vote_threshold will be less than 0. If we don't do
> vote_threshold-- when it is 1, the vote_threshold will be changed when
> all children are added again. Which behavior is better?

Adding/removing a child and changing vote_threshold are in principle two
unrelated operations. One user could want to modify one but not the
other, so linking them together does not seem like a good idea. A
specific API to change vote_threshold could be added when the use case
appears (currently no one seems to have missed it).

So I think I would keep these things separate, I would also remove the
"TODO" comments that mention it.

With the current patches (that do not touch vote_threshold), you can
remove as many children as you want as long as there's at least one
left. However if you end up with num_chilren < vote_threshold then you
will get read errors. I see two alternatives:

  - Allow that and expect that the user will add the necessary children
    afterwards.

  - Forbid that completely and return an error.

I think I prefer the second option.

>> 3) I don't think it's necessary to set to NULL the pointers in
>> s->bs[i] when i >= num_children. There's no way to access those
>> pointers anyway. Same for the ' s->bs[s->num_children] = NULL; ' bit
>> in quorum_del_child(). I also think that using memset() for setting
>> NULL pointers is not portable, although QEMU is already doing this in
>> a few places.
>
> OK, will remove it in the next version. Just a question: why is using
> memset() for setting NULL pointers is not prtable?

The standard allows for null pointers to be internally represented by
nonzero bit patterns. However I'm not aware of any system that we
support that does that.

   http://c-faq.com/null/confusion4.html
   http://c-faq.com/null/machexamp.html

Berto

On 07/02/2015 11:21 PM, Alberto Garcia wrote:
> On Thu 02 Jul 2015 04:30:50 PM CEST, Wen Congyang wrote:
> 
>>> 2) Did you think of any API to update vote_threshold? Currently it
>>>     cannot be higher than num_children, so it's effectively limited by
>>>     the number of children that are attached when the quorum device is
>>>     created.
>>
>> The things I think about it is: if vote_threshold-- when deleting a
>> child, vote_threshold will be less than 0. If we don't do
>> vote_threshold-- when it is 1, the vote_threshold will be changed when
>> all children are added again. Which behavior is better?
> 
> Adding/removing a child and changing vote_threshold are in principle two
> unrelated operations. One user could want to modify one but not the
> other, so linking them together does not seem like a good idea. A
> specific API to change vote_threshold could be added when the use case
> appears (currently no one seems to have missed it).
> 
> So I think I would keep these things separate, I would also remove the
> "TODO" comments that mention it.
> 
> With the current patches (that do not touch vote_threshold), you can
> remove as many children as you want as long as there's at least one
> left. However if you end up with num_chilren < vote_threshold then you
> will get read errors. I see two alternatives:
> 
>   - Allow that and expect that the user will add the necessary children
>     afterwards.
> 
>   - Forbid that completely and return an error.
> 
> I think I prefer the second option.

OK, I will do it.

> 
>>> 3) I don't think it's necessary to set to NULL the pointers in
>>> s->bs[i] when i >= num_children. There's no way to access those
>>> pointers anyway. Same for the ' s->bs[s->num_children] = NULL; ' bit
>>> in quorum_del_child(). I also think that using memset() for setting
>>> NULL pointers is not portable, although QEMU is already doing this in
>>> a few places.
>>
>> OK, will remove it in the next version. Just a question: why is using
>> memset() for setting NULL pointers is not prtable?
> 
> The standard allows for null pointers to be internally represented by
> nonzero bit patterns. However I'm not aware of any system that we
> support that does that.
> 
>    http://c-faq.com/null/confusion4.html
>    http://c-faq.com/null/machexamp.html

Thanks for your explantion.

Wen Congyang

> 
> Berto
> .
>

On 07/02/2015 09:21 AM, Alberto Garcia wrote:

> 
>>> 3) I don't think it's necessary to set to NULL the pointers in
>>> s->bs[i] when i >= num_children. There's no way to access those
>>> pointers anyway. Same for the ' s->bs[s->num_children] = NULL; ' bit
>>> in quorum_del_child(). I also think that using memset() for setting
>>> NULL pointers is not portable, although QEMU is already doing this in
>>> a few places.
>>
>> OK, will remove it in the next version. Just a question: why is using
>> memset() for setting NULL pointers is not prtable?
> 
> The standard allows for null pointers to be internally represented by
> nonzero bit patterns. However I'm not aware of any system that we
> support that does that.
> 
>    http://c-faq.com/null/confusion4.html
>    http://c-faq.com/null/machexamp.html

What's more, POSIX has very recently taken the stance that memset() to 0
will work on all POSIX systems, even if someone is insane enough to use
a non-zero bit pattern for NULL on modern hardware:

http://austingroupbugs.net/view.php?id=940