9:26 a.m.
*** BLURB HERE ***
Michal Prívozník (2):
virdevmapper: Don't error on kernels without DM support
virdevmapper: Deal with unloading dm module
src/util/virdevmapper.c | 59 ++++++++++++++++++++++++++++++++---------
1 file changed, 47 insertions(+), 12 deletions(-)
--
2.26.2
9:26 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
In one of my latest patch (v6.6.0~30) I was trying to remove
libdevmapper use in favor of our own implementation. However, the
code did not take into account that device mapper can be not
compiled into the kernel (e.g. be a separate module that's not
loaded) in which case /proc/devices won't have the device-mapper
major number and thus virDevMapperGetTargets() and/or
virIsDevMapperDevice() fails.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Reported-by: Andrea Bolognani <abologna(a)redhat.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/util/virdevmapper.c | 41 +++++++++++++++++++++++++++++++----------
1 file changed, 31 insertions(+), 10 deletions(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index fe7f611496..cc33d8211e 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -47,10 +47,11 @@
G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
static unsigned int virDMMajor;
+static virMutex virDevMapperInitMutex = VIR_MUTEX_INITIALIZER;
static int
-virDevMapperOnceInit(void)
+virDevMapperGetMajor(unsigned int *dmmaj)
{
g_autofree char *buf = NULL;
VIR_AUTOSTRINGLIST lines = NULL;
@@ -69,23 +70,34 @@ virDevMapperOnceInit(void)
if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2 &&
STREQ(dev, DM_NAME)) {
- virDMMajor = maj;
+ *dmmaj = maj;
break;
}
}
if (!lines[i]) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to find major for %s"),
- DM_NAME);
- return -1;
+ /* Don't error here. Maybe the kernel was built without
+ * devmapper. Let the caller decide. */
+ return -2;
}
return 0;
}
-VIR_ONCE_GLOBAL_INIT(virDevMapper);
+static int
+virDevMapperInit(void)
+{
+ int rc = 0;
+
+ virMutexLock(&virDevMapperInitMutex);
+
+ if (virDMMajor == 0)
+ rc = virDevMapperGetMajor(&virDMMajor);
+
+ virMutexUnlock(&virDevMapperInitMutex);
+ return rc;
+}
static void *
@@ -220,7 +232,6 @@ virDevMapperGetTargetsImpl(int controlFD,
size_t i;
memset(&dm, 0, sizeof(dm));
- *devPaths_ret = NULL;
if (ttl == 0) {
errno = ELOOP;
@@ -298,14 +309,24 @@ virDevMapperGetTargets(const char *path,
char ***devPaths)
{
VIR_AUTOCLOSE controlFD = -1;
+ int rc;
const unsigned int ttl = 32;
/* Arbitrary limit on recursion level. A devmapper target can
* consist of devices or yet another targets. If that's the
* case, we have to stop recursion somewhere. */
- if (virDevMapperInitialize() < 0)
+ *devPaths = NULL;
+
+ if ((rc = virDevMapperInit()) < 0) {
+ if (rc == -2) {
+ /* Devmapper is not available. Yet. Maybe the module
+ * will be loaded later, but do not error out for now. */
+ return 0;
+ }
+
return -1;
+ }
if ((controlFD = virDMOpen()) < 0)
return -1;
@@ -319,7 +340,7 @@ virIsDevMapperDevice(const char *dev_name)
{
struct stat buf;
- if (virDevMapperInitialize() < 0)
+ if (virDevMapperInit() < 0)
return false;
if (!stat(dev_name, &buf) &&
--
2.26.2
10:16 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On Mon, Aug 17, 2020 at 16:26:54 +0200, Michal Privoznik wrote:
In one of my latest patch (v6.6.0~30) I was trying to remove
libdevmapper use in favor of our own implementation. However, the
code did not take into account that device mapper can be not
compiled into the kernel (e.g. be a separate module that's not
loaded) in which case /proc/devices won't have the device-mapper
major number and thus virDevMapperGetTargets() and/or
virIsDevMapperDevice() fails.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Reported-by: Andrea Bolognani <abologna(a)redhat.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/util/virdevmapper.c | 41 +++++++++++++++++++++++++++++++----------
1 file changed, 31 insertions(+), 10 deletions(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index fe7f611496..cc33d8211e 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -47,10 +47,11 @@
G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
static unsigned int virDMMajor;
+static virMutex virDevMapperInitMutex = VIR_MUTEX_INITIALIZER;
'virDMMajor' should now be initialized explicitly ...
static int
-virDevMapperOnceInit(void)
+virDevMapperGetMajor(unsigned int *dmmaj)
{
g_autofree char *buf = NULL;
VIR_AUTOSTRINGLIST lines = NULL;
@@ -69,23 +70,34 @@ virDevMapperOnceInit(void)
if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2 &&
STREQ(dev, DM_NAME)) {
- virDMMajor = maj;
... since it's not always initialized here.
+ *dmmaj = maj;
break;
}
}
if (!lines[i]) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to find major for %s"),
- DM_NAME);
- return -1;
+ /* Don't error here. Maybe the kernel was built without
+ * devmapper. Let the caller decide. */
+ return -2;
}
return 0;
}
-VIR_ONCE_GLOBAL_INIT(virDevMapper);
+static int
+virDevMapperInit(void)
+{
+ int rc = 0;
+
+ virMutexLock(&virDevMapperInitMutex);
+
+ if (virDMMajor == 0)
I'm not quite persuaded with this caching here. For cases when the
device mapper is loaded we cache it, but in the negative case ...
+ rc = virDevMapperGetMajor(&virDMMajor);
... we always process /proc/devices. Why is caching necessary then?
+
+ virMutexUnlock(&virDevMapperInitMutex);
+ return rc;
+}
static void *
@@ -220,7 +232,6 @@ virDevMapperGetTargetsImpl(int controlFD,
size_t i;
memset(&dm, 0, sizeof(dm));
- *devPaths_ret = NULL;
if (ttl == 0) {
errno = ELOOP;
@@ -298,14 +309,24 @@ virDevMapperGetTargets(const char *path,
char ***devPaths)
{
VIR_AUTOCLOSE controlFD = -1;
+ int rc;
const unsigned int ttl = 32;
/* Arbitrary limit on recursion level. A devmapper target can
* consist of devices or yet another targets. If that's the
* case, we have to stop recursion somewhere. */
- if (virDevMapperInitialize() < 0)
+ *devPaths = NULL;
+
+ if ((rc = virDevMapperInit()) < 0) {
+ if (rc == -2) {
+ /* Devmapper is not available. Yet. Maybe the module
+ * will be loaded later, but do not error out for now. */
+ return 0;
+ }
+
return -1;
+ }
if ((controlFD = virDMOpen()) < 0)
return -1;
@@ -319,7 +340,7 @@ virIsDevMapperDevice(const char *dev_name)
{
struct stat buf;
- if (virDevMapperInitialize() < 0)
+ if (virDevMapperInit() < 0)
return false;
if (!stat(dev_name, &buf) &&
Code after this hunk reads 'virDMMajor' directly without locks. Since
virDevMapperInit returns it here it should be used from the return value
rather than accessed directly which creates a code-pattern open for race
conditions.
--
2.26.2
10:40 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On 8/17/20 5:16 PM, Peter Krempa wrote:
On Mon, Aug 17, 2020 at 16:26:54 +0200, Michal Privoznik wrote:
> In one of my latest patch (v6.6.0~30) I was trying to remove
> libdevmapper use in favor of our own implementation. However, the
> code did not take into account that device mapper can be not
> compiled into the kernel (e.g. be a separate module that's not
> loaded) in which case /proc/devices won't have the device-mapper
> major number and thus virDevMapperGetTargets() and/or
> virIsDevMapperDevice() fails.
>
> Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
> Reported-by: Andrea Bolognani <abologna(a)redhat.com>
> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
> ---
> src/util/virdevmapper.c | 41 +++++++++++++++++++++++++++++++----------
> 1 file changed, 31 insertions(+), 10 deletions(-)
>
> diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
> index fe7f611496..cc33d8211e 100644
> --- a/src/util/virdevmapper.c
> +++ b/src/util/virdevmapper.c
> @@ -47,10 +47,11 @@
> G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
>
> static unsigned int virDMMajor;
> +static virMutex virDevMapperInitMutex = VIR_MUTEX_INITIALIZER;
'virDMMajor' should now be initialized explicitly ...
Aren't global static variables initialized to zero automatically
(something about .bss section)?
> static int
> -virDevMapperOnceInit(void)
> +virDevMapperGetMajor(unsigned int *dmmaj)
> {
> g_autofree char *buf = NULL;
> VIR_AUTOSTRINGLIST lines = NULL;
> @@ -69,23 +70,34 @@ virDevMapperOnceInit(void)
>
> if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2
&&
> STREQ(dev, DM_NAME)) {
> - virDMMajor = maj;
... since it's not always initialized here.
> + *dmmaj = maj;
> break;
> }
> }
>
> if (!lines[i]) {
> - virReportError(VIR_ERR_INTERNAL_ERROR,
> - _("Unable to find major for %s"),
> - DM_NAME);
> - return -1;
> + /* Don't error here. Maybe the kernel was built without
> + * devmapper. Let the caller decide. */
> + return -2;
> }
>
> return 0;
> }
>
>
> -VIR_ONCE_GLOBAL_INIT(virDevMapper);
> +static int
> +virDevMapperInit(void)
> +{
> + int rc = 0;
> +
> + virMutexLock(&virDevMapperInitMutex);
> +
> + if (virDMMajor == 0)
I'm not quite persuaded with this caching here. For cases when the
device mapper is loaded we cache it, but in the negative case ...
> + rc = virDevMapperGetMajor(&virDMMajor);
... we always process /proc/devices. Why is caching necessary then?
Are you suggesting to parse /proc/devices every time? My concern is it
will burn CPU cycles needlessly. And I'm not sure how to address the
negative case when DM module is not loaded. It's ineffective, I agree, I
just don't see how to make it better.
> +
> + virMutexUnlock(&virDevMapperInitMutex);
> + return rc;
> +}
>
>
> static void *
> @@ -220,7 +232,6 @@ virDevMapperGetTargetsImpl(int controlFD,
> size_t i;
>
> memset(&dm, 0, sizeof(dm));
> - *devPaths_ret = NULL;
>
> if (ttl == 0) {
> errno = ELOOP;
> @@ -298,14 +309,24 @@ virDevMapperGetTargets(const char *path,
> char ***devPaths)
> {
> VIR_AUTOCLOSE controlFD = -1;
> + int rc;
> const unsigned int ttl = 32;
>
> /* Arbitrary limit on recursion level. A devmapper target can
> * consist of devices or yet another targets. If that's the
> * case, we have to stop recursion somewhere. */
>
> - if (virDevMapperInitialize() < 0)
> + *devPaths = NULL;
> +
> + if ((rc = virDevMapperInit()) < 0) {
> + if (rc == -2) {
> + /* Devmapper is not available. Yet. Maybe the module
> + * will be loaded later, but do not error out for now. */
> + return 0;
> + }
> +
> return -1;
> + }
>
> if ((controlFD = virDMOpen()) < 0)
> return -1;
> @@ -319,7 +340,7 @@ virIsDevMapperDevice(const char *dev_name)
> {
> struct stat buf;
>
> - if (virDevMapperInitialize() < 0)
> + if (virDevMapperInit() < 0)
> return false;
>
> if (!stat(dev_name, &buf) &&
Code after this hunk reads 'virDMMajor' directly without locks. Since
virDevMapperInit returns it here it should be used from the return value
rather than accessed directly which creates a code-pattern open for race
conditions.
I'm not sure I follow. virDevMapperInit() returns -2, -1, or 0. Not the
major. And reading without lock is fine because there is no way that the
virDMMajor is not set at this point (in which case the
virDevMapperInit() is basically a NOP. But if it makes us feel better I
can put some locking around.
Michal
10:58 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On Mon, Aug 17, 2020 at 17:40:04 +0200, Michal Privoznik wrote:
On 8/17/20 5:16 PM, Peter Krempa wrote:
> On Mon, Aug 17, 2020 at 16:26:54 +0200, Michal Privoznik wrote:
> > In one of my latest patch (v6.6.0~30) I was trying to remove
> > libdevmapper use in favor of our own implementation. However, the
> > code did not take into account that device mapper can be not
> > compiled into the kernel (e.g. be a separate module that's not
> > loaded) in which case /proc/devices won't have the device-mapper
> > major number and thus virDevMapperGetTargets() and/or
> > virIsDevMapperDevice() fails.
> >
> > Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
> > Reported-by: Andrea Bolognani <abologna(a)redhat.com>
> > Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
> > ---
> > src/util/virdevmapper.c | 41 +++++++++++++++++++++++++++++++----------
> > 1 file changed, 31 insertions(+), 10 deletions(-)
> >
> > diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
> > index fe7f611496..cc33d8211e 100644
> > --- a/src/util/virdevmapper.c
> > +++ b/src/util/virdevmapper.c
> > @@ -47,10 +47,11 @@
> > G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
> > static unsigned int virDMMajor;
> > +static virMutex virDevMapperInitMutex = VIR_MUTEX_INITIALIZER;
>
> 'virDMMajor' should now be initialized explicitly ...
Aren't global static variables initialized to zero automatically (something
about .bss section)?
Yes, they are.
>
> > static int
> > -virDevMapperOnceInit(void)
> > +virDevMapperGetMajor(unsigned int *dmmaj)
> > {
> > g_autofree char *buf = NULL;
> > VIR_AUTOSTRINGLIST lines = NULL;
> > @@ -69,23 +70,34 @@ virDevMapperOnceInit(void)
> > if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2
&&
> > STREQ(dev, DM_NAME)) {
> > - virDMMajor = maj;
>
> ... since it's not always initialized here.
>
> > + *dmmaj = maj;
> > break;
> > }
> > }
> > if (!lines[i]) {
> > - virReportError(VIR_ERR_INTERNAL_ERROR,
> > - _("Unable to find major for %s"),
> > - DM_NAME);
> > - return -1;
> > + /* Don't error here. Maybe the kernel was built without
> > + * devmapper. Let the caller decide. */
> > + return -2;
> > }
> > return 0;
> > }
> > -VIR_ONCE_GLOBAL_INIT(virDevMapper);
> > +static int
> > +virDevMapperInit(void)
> > +{
> > + int rc = 0;
> > +
> > + virMutexLock(&virDevMapperInitMutex);
> > +
> > + if (virDMMajor == 0)
>
> I'm not quite persuaded with this caching here. For cases when the
> device mapper is loaded we cache it, but in the negative case ...
>
> > + rc = virDevMapperGetMajor(&virDMMajor);
>
> ... we always process /proc/devices. Why is caching necessary then?
Are you suggesting to parse /proc/devices every time? My concern is it will
burn CPU cycles needlessly. And I'm not sure how to address the negative
case when DM module is not loaded. It's ineffective, I agree, I just don't
see how to make it better.
Well, at first we should establish when the value is determined/can
change:
1) at kernel build time/boot time (any case when the libvirtd process
will need to be restarted for it to change)
In these scenarios it doesn't actually make sense to check it prior to
trying to open the device mapper control socket first. You can look it
up and cache it after you open the socket and don't ever need to re-do
it. In that case you can also use the existing VIR_ONCE code.
You then don't have to clear it when the module is ejected, because
afterwards the control socket will not exist. In case the module is
re-injected, given the contstraints above the value will not change so
no need to re-load.
2) at module insertion time
In this case it's actually wrong to cache it, because the module can
be unloaded and reloaded while libvirt will not check and update the
cached value. In those scenarios it should also be determined only
after you open the control fd frist.
>
> > +
> > + virMutexUnlock(&virDevMapperInitMutex);
> > + return rc;
> > +}
> > static void *
> > @@ -220,7 +232,6 @@ virDevMapperGetTargetsImpl(int controlFD,
> > size_t i;
> > memset(&dm, 0, sizeof(dm));
> > - *devPaths_ret = NULL;
> > if (ttl == 0) {
> > errno = ELOOP;
> > @@ -298,14 +309,24 @@ virDevMapperGetTargets(const char *path,
> > char ***devPaths)
> > {
> > VIR_AUTOCLOSE controlFD = -1;
> > + int rc;
> > const unsigned int ttl = 32;
> > /* Arbitrary limit on recursion level. A devmapper target can
> > * consist of devices or yet another targets. If that's the
> > * case, we have to stop recursion somewhere. */
> > - if (virDevMapperInitialize() < 0)
> > + *devPaths = NULL;
> > +
> > + if ((rc = virDevMapperInit()) < 0) {
> > + if (rc == -2) {
> > + /* Devmapper is not available. Yet. Maybe the module
> > + * will be loaded later, but do not error out for now. */
> > + return 0;
> > + }
> > +
> > return -1;
> > + }
> > if ((controlFD = virDMOpen()) < 0)
> > return -1;
> > @@ -319,7 +340,7 @@ virIsDevMapperDevice(const char *dev_name)
> > {
> > struct stat buf;
> > - if (virDevMapperInitialize() < 0)
> > + if (virDevMapperInit() < 0)
> > return false;
> > if (!stat(dev_name, &buf) &&
>
> Code after this hunk reads 'virDMMajor' directly without locks. Since
> virDevMapperInit returns it here it should be used from the return value
> rather than accessed directly which creates a code-pattern open for race
> conditions.
I'm not sure I follow. virDevMapperInit() returns -2, -1, or 0. Not the
major. And reading without lock is fine because there is no way that the
Sorry, I thought it returned it, which would IMO make sense given the
locks.
virDMMajor is not set at this point (in which case the
virDevMapperInit() is
basically a NOP. But if it makes us feel better I can put some locking
around.
Well, right in the next patch you introduce a way which can change the
value without the lock to 0.
I'm not saying that the code will break, but you are adding code which
is not obvious without properly documenting the implications and
contstraints in the code.
Once somebody else will try to see how it works, this will most
certainly look wrong on the first glance given the obvius races present
even when they are impossible due to constraints outside of libvirt.
2:54 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On 8/17/20 5:58 PM, Peter Krempa wrote:
On Mon, Aug 17, 2020 at 17:40:04 +0200, Michal Privoznik wrote:
> On 8/17/20 5:16 PM, Peter Krempa wrote:
>> On Mon, Aug 17, 2020 at 16:26:54 +0200, Michal Privoznik wrote:
>>> In one of my latest patch (v6.6.0~30) I was trying to remove
>>> libdevmapper use in favor of our own implementation. However, the
>>> code did not take into account that device mapper can be not
>>> compiled into the kernel (e.g. be a separate module that's not
>>> loaded) in which case /proc/devices won't have the device-mapper
>>> major number and thus virDevMapperGetTargets() and/or
>>> virIsDevMapperDevice() fails.
>>>
>>> Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
>>> Reported-by: Andrea Bolognani <abologna(a)redhat.com>
>>> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
>>> ---
>>> src/util/virdevmapper.c | 41 +++++++++++++++++++++++++++++++----------
>>> 1 file changed, 31 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
>>> index fe7f611496..cc33d8211e 100644
>>> --- a/src/util/virdevmapper.c
>>> +++ b/src/util/virdevmapper.c
>>> @@ -47,10 +47,11 @@
>>> G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
>>> static unsigned int virDMMajor;
>>> +static virMutex virDevMapperInitMutex = VIR_MUTEX_INITIALIZER;
>>
>> 'virDMMajor' should now be initialized explicitly ...
>
> Aren't global static variables initialized to zero automatically (something
> about .bss section)?
Yes, they are.
>
>>
>>> static int
>>> -virDevMapperOnceInit(void)
>>> +virDevMapperGetMajor(unsigned int *dmmaj)
>>> {
>>> g_autofree char *buf = NULL;
>>> VIR_AUTOSTRINGLIST lines = NULL;
>>> @@ -69,23 +70,34 @@ virDevMapperOnceInit(void)
>>> if (sscanf(lines[i], "%u %ms\n", &maj, &dev) ==
2 &&
>>> STREQ(dev, DM_NAME)) {
>>> - virDMMajor = maj;
>>
>> ... since it's not always initialized here.
>>
>>> + *dmmaj = maj;
>>> break;
>>> }
>>> }
>>> if (!lines[i]) {
>>> - virReportError(VIR_ERR_INTERNAL_ERROR,
>>> - _("Unable to find major for %s"),
>>> - DM_NAME);
>>> - return -1;
>>> + /* Don't error here. Maybe the kernel was built without
>>> + * devmapper. Let the caller decide. */
>>> + return -2;
>>> }
>>> return 0;
>>> }
>>> -VIR_ONCE_GLOBAL_INIT(virDevMapper);
>>> +static int
>>> +virDevMapperInit(void)
>>> +{
>>> + int rc = 0;
>>> +
>>> + virMutexLock(&virDevMapperInitMutex);
>>> +
>>> + if (virDMMajor == 0)
>>
>> I'm not quite persuaded with this caching here. For cases when the
>> device mapper is loaded we cache it, but in the negative case ...
>>
>>> + rc = virDevMapperGetMajor(&virDMMajor);
>>
>> ... we always process /proc/devices. Why is caching necessary then?
>
> Are you suggesting to parse /proc/devices every time? My concern is it will
> burn CPU cycles needlessly. And I'm not sure how to address the negative
> case when DM module is not loaded. It's ineffective, I agree, I just don't
> see how to make it better.
Well, at first we should establish when the value is determined/can
change:
1) at kernel build time/boot time (any case when the libvirtd process
will need to be restarted for it to change)
In these scenarios it doesn't actually make sense to check it prior to
trying to open the device mapper control socket first. You can look it
up and cache it after you open the socket and don't ever need to re-do
it. In that case you can also use the existing VIR_ONCE code.
You then don't have to clear it when the module is ejected, because
afterwards the control socket will not exist. In case the module is
re-injected, given the contstraints above the value will not change so
no need to re-load.
2) at module insertion time
In this case it's actually wrong to cache it, because the module can
be unloaded and reloaded while libvirt will not check and update the
cached value. In those scenarios it should also be determined only
after you open the control fd frist.
As promised yesterday, I've dived into the code and found out that the
major number can be specified as a parameter to the dm module (just
tested and it works). So the next thing I tried was to see how could we
check whether the module was reloaded. I've tried opening
/dev/mapper/control hoping that I will get EOF on module unload (which I
could then use to run a callback that would invalidate the cached
value). But having the file open prevents unloading the module.
Loading/unloading a module results in an udev event, BUT we listen for
udev events only in nodedev driver and moving the code out to a driver
agnostic location and making it driver agnostic is too much code for a
little gain.
Then I looked whether it's possible to get the major number via an
ioctl(). But haven't found anything.
Hence, I think the best solution for us is to not cache anything and
simply parse /proc/devices every time. As an optimization, I can firstly
check whether /dev/mapper/control exists at all an if not exit early.
Michal
3:10 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On Tuesday, 18 August 2020 09:54:25 CEST Michal Privoznik wrote:
On 8/17/20 5:58 PM, Peter Krempa wrote:
> On Mon, Aug 17, 2020 at 17:40:04 +0200, Michal Privoznik wrote:
>> On 8/17/20 5:16 PM, Peter Krempa wrote:
>>> On Mon, Aug 17, 2020 at 16:26:54 +0200, Michal Privoznik wrote:
>>>> In one of my latest patch (v6.6.0~30) I was trying to remove
>>>> libdevmapper use in favor of our own implementation. However, the
>>>> code did not take into account that device mapper can be not
>>>> compiled into the kernel (e.g. be a separate module that's not
>>>> loaded) in which case /proc/devices won't have the device-mapper
>>>> major number and thus virDevMapperGetTargets() and/or
>>>> virIsDevMapperDevice() fails.
>>>>
>>>> Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
>>>> Reported-by: Andrea Bolognani <abologna(a)redhat.com>
>>>> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
>>>> ---
>>>> src/util/virdevmapper.c | 41
+++++++++++++++++++++++++++++++----------
>>>> 1 file changed, 31 insertions(+), 10 deletions(-)
>>>>
>>>> diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
>>>> index fe7f611496..cc33d8211e 100644
>>>> --- a/src/util/virdevmapper.c
>>>> +++ b/src/util/virdevmapper.c
>>>> @@ -47,10 +47,11 @@
>>>> G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
>>>> static unsigned int virDMMajor;
>>>> +static virMutex virDevMapperInitMutex = VIR_MUTEX_INITIALIZER;
>>>
>>> 'virDMMajor' should now be initialized explicitly ...
>>
>> Aren't global static variables initialized to zero automatically (something
>> about .bss section)?
>
> Yes, they are.
>
>>
>>>
>>>> static int
>>>> -virDevMapperOnceInit(void)
>>>> +virDevMapperGetMajor(unsigned int *dmmaj)
>>>> {
>>>> g_autofree char *buf = NULL;
>>>> VIR_AUTOSTRINGLIST lines = NULL;
>>>> @@ -69,23 +70,34 @@ virDevMapperOnceInit(void)
>>>> if (sscanf(lines[i], "%u %ms\n", &maj,
&dev) == 2 &&
>>>> STREQ(dev, DM_NAME)) {
>>>> - virDMMajor = maj;
>>>
>>> ... since it's not always initialized here.
>>>
>>>> + *dmmaj = maj;
>>>> break;
>>>> }
>>>> }
>>>> if (!lines[i]) {
>>>> - virReportError(VIR_ERR_INTERNAL_ERROR,
>>>> - _("Unable to find major for %s"),
>>>> - DM_NAME);
>>>> - return -1;
>>>> + /* Don't error here. Maybe the kernel was built without
>>>> + * devmapper. Let the caller decide. */
>>>> + return -2;
>>>> }
>>>> return 0;
>>>> }
>>>> -VIR_ONCE_GLOBAL_INIT(virDevMapper);
>>>> +static int
>>>> +virDevMapperInit(void)
>>>> +{
>>>> + int rc = 0;
>>>> +
>>>> + virMutexLock(&virDevMapperInitMutex);
>>>> +
>>>> + if (virDMMajor == 0)
>>>
>>> I'm not quite persuaded with this caching here. For cases when the
>>> device mapper is loaded we cache it, but in the negative case ...
>>>
>>>> + rc = virDevMapperGetMajor(&virDMMajor);
>>>
>>> ... we always process /proc/devices. Why is caching necessary then?
>>
>> Are you suggesting to parse /proc/devices every time? My concern is it will
>> burn CPU cycles needlessly. And I'm not sure how to address the negative
>> case when DM module is not loaded. It's ineffective, I agree, I just
don't
>> see how to make it better.
>
> Well, at first we should establish when the value is determined/can
> change:
>
> 1) at kernel build time/boot time (any case when the libvirtd process
> will need to be restarted for it to change)
>
> In these scenarios it doesn't actually make sense to check it prior to
> trying to open the device mapper control socket first. You can look it
> up and cache it after you open the socket and don't ever need to re-do
> it. In that case you can also use the existing VIR_ONCE code.
>
> You then don't have to clear it when the module is ejected, because
> afterwards the control socket will not exist. In case the module is
> re-injected, given the contstraints above the value will not change so
> no need to re-load.
>
> 2) at module insertion time
>
> In this case it's actually wrong to cache it, because the module can
> be unloaded and reloaded while libvirt will not check and update the
> cached value. In those scenarios it should also be determined only
> after you open the control fd frist.
>
As promised yesterday, I've dived into the code and found out that the
major number can be specified as a parameter to the dm module (just
tested and it works). So the next thing I tried was to see how could we
check whether the module was reloaded. I've tried opening
/dev/mapper/control hoping that I will get EOF on module unload (which I
could then use to run a callback that would invalidate the cached
value). But having the file open prevents unloading the module.
Loading/unloading a module results in an udev event, BUT we listen for
udev events only in nodedev driver and moving the code out to a driver
agnostic location and making it driver agnostic is too much code for a
little gain.
Then I looked whether it's possible to get the major number via an
ioctl(). But haven't found anything.
What about stat()ing /dev/mapper/control? That should give you the
major/minor of that special character device.
--
Pino Toscano
3:38 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On 8/18/20 10:10 AM, Pino Toscano wrote:
What about stat()ing /dev/mapper/control? That should give you the
major/minor of that special character device.
That won't help. We need to get the major of devmapper targets. For
instance, if there is /dev/dm-0 node, it's going to be a block device
with major of devmapper targets. All devmapper targets will have the
same major number. And this number can be defined when loading the
module. Then, /dev/mapper/control is a character device with completely
different major:minor numbers.
Michal
3:29 a.m.
New subject: [PATCH 1/2] virdevmapper: Don't error on kernels without DM support
On Tue, Aug 18, 2020 at 09:54:25 +0200, Michal Privoznik wrote:
[...]
As promised yesterday, I've dived into the code and found out
that the major
number can be specified as a parameter to the dm module (just tested and it
works). So the next thing I tried was to see how could we check whether the
module was reloaded. I've tried opening /dev/mapper/control hoping that I
will get EOF on module unload (which I could then use to run a callback that
would invalidate the cached value). But having the file open prevents
unloading the module.
Loading/unloading a module results in an udev event, BUT we listen for udev
events only in nodedev driver and moving the code out to a driver agnostic
location and making it driver agnostic is too much code for a little gain.
Then I looked whether it's possible to get the major number via an ioctl().
But haven't found anything.
Hence, I think the best solution for us is to not cache anything and simply
parse /proc/devices every time. As an optimization, I can firstly check
whether /dev/mapper/control exists at all an if not exit early.
I agree with this solution. In the end, loading a <1k file from procfs
and looking for a string doesn't really add too much to the code. In the
end libvirt mainly just shovels strings from one pile to another most of
the time. (see domain definition copy function for example).
9:26 a.m.
New subject: [PATCH 2/2] virdevmapper: Deal with unloading dm module
The following situation can happen: we've initialized DM major
successfully. But later, the devmapper module(s) was removed and
thus kernel lost its ability to handle multipath devices. More
importantly, the /dev/mapper/control file is removed and thus our
attempt to open it will fail. Note, we will attempt to open it
only after we've found devmapper major number successfully in one
of the previous runs. Anyway, if it so happens that the module
was unloaded then we have to reset the major number we remembered
from one of the previous runs and not report error.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Reported-by: Andrea Bolognani <abologna(a)redhat.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/util/virdevmapper.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index cc33d8211e..642f1d9bdb 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -143,8 +143,13 @@ virDMOpen(void)
memset(&dm, 0, sizeof(dm));
- if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0)
+ if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
+ if (errno == ENOENT)
+ return -2;
+
+ virReportSystemError(errno, _("Unable to open %s"), CONTROL_PATH);
return -1;
+ }
if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
virReportSystemError(errno, "%s",
@@ -328,8 +333,17 @@ virDevMapperGetTargets(const char *path,
return -1;
}
- if ((controlFD = virDMOpen()) < 0)
+ if ((controlFD = virDMOpen()) < 0) {
+ if (controlFD == -2) {
+ /* Devmapper was available but now it isn't. Somebody
+ * must have removed the module. Reset the major
+ * number we remember. */
+ virDMMajor = 0;
+ return 0;
+ }
+
return -1;
+ }
return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl);
}
--
2.26.2
10:28 a.m.
New subject: [PATCH 2/2] virdevmapper: Deal with unloading dm module
On Mon, Aug 17, 2020 at 16:26:55 +0200, Michal Privoznik wrote:
The following situation can happen: we've initialized DM major
successfully. But later, the devmapper module(s) was removed and
thus kernel lost its ability to handle multipath devices. More
importantly, the /dev/mapper/control file is removed and thus our
attempt to open it will fail. Note, we will attempt to open it
only after we've found devmapper major number successfully in one
of the previous runs. Anyway, if it so happens that the module
was unloaded then we have to reset the major number we remembered
from one of the previous runs and not report error.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Reported-by: Andrea Bolognani <abologna(a)redhat.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/util/virdevmapper.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index cc33d8211e..642f1d9bdb 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -143,8 +143,13 @@ virDMOpen(void)
memset(&dm, 0, sizeof(dm));
- if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0)
+ if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
+ if (errno == ENOENT)
+ return -2;
+
+ virReportSystemError(errno, _("Unable to open %s"), CONTROL_PATH);
return -1;
+ }
if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
virReportSystemError(errno, "%s",
@@ -328,8 +333,17 @@ virDevMapperGetTargets(const char *path,
return -1;
}
- if ((controlFD = virDMOpen()) < 0)
+ if ((controlFD = virDMOpen()) < 0) {
+ if (controlFD == -2) {
+ /* Devmapper was available but now it isn't. Somebody
+ * must have removed the module. Reset the major
+ * number we remember. */
+ virDMMajor = 0;
This overwrites 'virDMMajor' without taking the mutex. 'unsigned int' on
x86_64 will be atomic, we shouldn't use a knowingly broken code pattern
without at least a proper explanation why it's okay.
Also as noted in review of previous patch this looks shady and
error-prone. If the unloading and re-loading of the device mapper module
changes the 'major' number of number we use internally for checking,
then caching it without validating that somebody didn't unload and
reload the module between two calls to virDMOpen is wrong as we might
use the wrong number.
In case when for a given kernel it can only have one value regardless of
how you load the module, you can cache it without the mutex dance after
calling virDMOpen and remember it for ever, you'll still be gated
whether the control device path exists.
In any other case, caching it is just wrong.
+ return 0;
+ }
+
return -1;
+ }
return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl);
}
--
2.26.2
10:43 a.m.
New subject: [PATCH 2/2] virdevmapper: Deal with unloading dm module
On 8/17/20 5:28 PM, Peter Krempa wrote:
On Mon, Aug 17, 2020 at 16:26:55 +0200, Michal Privoznik wrote:
> The following situation can happen: we've initialized DM major
> successfully. But later, the devmapper module(s) was removed and
> thus kernel lost its ability to handle multipath devices. More
> importantly, the /dev/mapper/control file is removed and thus our
> attempt to open it will fail. Note, we will attempt to open it
> only after we've found devmapper major number successfully in one
> of the previous runs. Anyway, if it so happens that the module
> was unloaded then we have to reset the major number we remembered
> from one of the previous runs and not report error.
>
> Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
> Reported-by: Andrea Bolognani <abologna(a)redhat.com>
> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
> ---
> src/util/virdevmapper.c | 18 ++++++++++++++++--
> 1 file changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
> index cc33d8211e..642f1d9bdb 100644
> --- a/src/util/virdevmapper.c
> +++ b/src/util/virdevmapper.c
> @@ -143,8 +143,13 @@ virDMOpen(void)
>
> memset(&dm, 0, sizeof(dm));
>
> - if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0)
> + if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
> + if (errno == ENOENT)
> + return -2;
> +
> + virReportSystemError(errno, _("Unable to open %s"),
CONTROL_PATH);
> return -1;
> + }
>
> if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
> virReportSystemError(errno, "%s",
> @@ -328,8 +333,17 @@ virDevMapperGetTargets(const char *path,
> return -1;
> }
>
> - if ((controlFD = virDMOpen()) < 0)
> + if ((controlFD = virDMOpen()) < 0) {
> + if (controlFD == -2) {
> + /* Devmapper was available but now it isn't. Somebody
> + * must have removed the module. Reset the major
> + * number we remember. */
> + virDMMajor = 0;
This overwrites 'virDMMajor' without taking the mutex. 'unsigned int' on
x86_64 will be atomic, we shouldn't use a knowingly broken code pattern
without at least a proper explanation why it's okay.
Also as noted in review of previous patch this looks shady and
error-prone. If the unloading and re-loading of the device mapper module
changes the 'major' number of number we use internally for checking,
then caching it without validating that somebody didn't unload and
reload the module between two calls to virDMOpen is wrong as we might
use the wrong number.
I haven't looked into the kernel code, but IIRC even libdevmapper
considered the major number immutable. Let me dive into the code.
In case when for a given kernel it can only have one value regardless of
how you load the module, you can cache it without the mutex dance after
calling virDMOpen and remember it for ever, you'll still be gated
whether the control device path exists.
The dance with locks is to have only one thread parse /proc/devices
instead of all of them at once. That's why I did not bother guarding
other accesses to virDMMajor with locks.
Michal
11:02 a.m.
New subject: [PATCH 2/2] virdevmapper: Deal with unloading dm module
On Mon, 2020-08-17 at 17:28 +0200, Peter Krempa wrote:
On Mon, Aug 17, 2020 at 16:26:55 +0200, Michal Privoznik wrote:
> - if ((controlFD = virDMOpen()) < 0)
> + if ((controlFD = virDMOpen()) < 0) {
> + if (controlFD == -2) {
> + /* Devmapper was available but now it isn't. Somebody
> + * must have removed the module. Reset the major
> + * number we remember. */
> + virDMMajor = 0;
This overwrites 'virDMMajor' without taking the mutex. 'unsigned int' on
x86_64 will be atomic, we shouldn't use a knowingly broken code pattern
without at least a proper explanation why it's okay.
IIUC you're saying that you'd be okay with adding a comment that
explains why this will work fine on x86_64. If so, I'd like to point
out that libvirt supports many other architectures... Is the same
pattern safe on those as well?
--
Andrea Bolognani / Red Hat / Virtualization
3:23 a.m.
New subject: [PATCH 2/2] virdevmapper: Deal with unloading dm module
On Mon, Aug 17, 2020 at 18:02:04 +0200, Andrea Bolognani wrote:
On Mon, 2020-08-17 at 17:28 +0200, Peter Krempa wrote:
> On Mon, Aug 17, 2020 at 16:26:55 +0200, Michal Privoznik wrote:
> > - if ((controlFD = virDMOpen()) < 0)
> > + if ((controlFD = virDMOpen()) < 0) {
> > + if (controlFD == -2) {
> > + /* Devmapper was available but now it isn't. Somebody
> > + * must have removed the module. Reset the major
> > + * number we remember. */
> > + virDMMajor = 0;
>
> This overwrites 'virDMMajor' without taking the mutex. 'unsigned
int' on
> x86_64 will be atomic, we shouldn't use a knowingly broken code pattern
> without at least a proper explanation why it's okay.
IIUC you're saying that you'd be okay with adding a comment that
explains why this will work fine on x86_64. If so, I'd like to point
out that libvirt supports many other architectures... Is the same
pattern safe on those as well?
It would really depend on how the arguments in the explanation persuade
me that the non-obvious/weird/wrong-looking code is justified in that
particular scenario. If the justification doesn't include that it's safe
in every scenario I'd protest it anyways.
What I wanted to say is that I know that this works on x86 but it goes
against established patterns of lock usage. That was to prevent any
discussion in the direction "but it's safe to do in this case" from
happening without moving towards a better code pattern or explanation
why it's necessary in this case.
4 a.m.
On Mon, Aug 17, 2020 at 4:27 PM Michal Privoznik <mprivozn(a)redhat.com> wrote:
*** BLURB HERE ***
Michal Prívozník (2):
virdevmapper: Don't error on kernels without DM support
virdevmapper: Deal with unloading dm module
Hi Michal,
I know from the discussions on the patches that there likely will be
some changes before this is complete.
Nevertheless I did some testing with them already.
In particular since I was reporting this to also affect system
containers that have device-mapper
loaded as module and in /proc/devices but no /dev/mapper/control
exposed. I wanted to
give your patches a try for this use case as well since I wasn't sure
anyone else would.
I can confirm that functionally your patches applied on top of 6.6 (as
we work on it for
Debian&Ubuntu) make it work again. Therefore:
Tested-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
src/util/virdevmapper.c | 59
++++++++++++++++++++++++++++++++---------
1 file changed, 47 insertions(+), 12 deletions(-)
--
2.26.2
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
1557
days inactive
1558
days old
14 comments
5 participants
participants (5)
-
Andrea Bolognani -
Christian Ehrhardt -
Michal Privoznik -
Peter Krempa -
Pino Toscano