1 /* 2 * Block node graph modifications tests 3 * 4 * Copyright (c) 2019-2021 Virtuozzo International GmbH. All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program. If not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "qemu/main-loop.h" 24 #include "block/block_int.h" 25 #include "sysemu/block-backend.h" 26 27 static BlockDriver bdrv_pass_through = { 28 .format_name = "pass-through", 29 .is_filter = true, 30 .filtered_child_is_backing = true, 31 .bdrv_child_perm = bdrv_default_perms, 32 }; 33 34 static void no_perm_default_perms(BlockDriverState *bs, BdrvChild *c, 35 BdrvChildRole role, 36 BlockReopenQueue *reopen_queue, 37 uint64_t perm, uint64_t shared, 38 uint64_t *nperm, uint64_t *nshared) 39 { 40 *nperm = 0; 41 *nshared = BLK_PERM_ALL; 42 } 43 44 static BlockDriver bdrv_no_perm = { 45 .format_name = "no-perm", 46 .supports_backing = true, 47 .bdrv_child_perm = no_perm_default_perms, 48 }; 49 50 static void exclusive_write_perms(BlockDriverState *bs, BdrvChild *c, 51 BdrvChildRole role, 52 BlockReopenQueue *reopen_queue, 53 uint64_t perm, uint64_t shared, 54 uint64_t *nperm, uint64_t *nshared) 55 { 56 *nperm = BLK_PERM_WRITE; 57 *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE; 58 } 59 60 static BlockDriver bdrv_exclusive_writer = { 61 .format_name = "exclusive-writer", 62 .is_filter = true, 63 .filtered_child_is_backing = true, 64 .bdrv_child_perm = exclusive_write_perms, 65 }; 66 67 static BlockDriverState *no_perm_node(const char *name) 68 { 69 return bdrv_new_open_driver(&bdrv_no_perm, name, BDRV_O_RDWR, &error_abort); 70 } 71 72 static BlockDriverState *pass_through_node(const char *name) 73 { 74 return bdrv_new_open_driver(&bdrv_pass_through, name, 75 BDRV_O_RDWR, &error_abort); 76 } 77 78 static BlockDriverState *exclusive_writer_node(const char *name) 79 { 80 return bdrv_new_open_driver(&bdrv_exclusive_writer, name, 81 BDRV_O_RDWR, &error_abort); 82 } 83 84 /* 85 * test_update_perm_tree 86 * 87 * When checking node for a possibility to update permissions, it's subtree 88 * should be correctly checked too. New permissions for each node should be 89 * calculated and checked in context of permissions of other nodes. If we 90 * check new permissions of the node only in context of old permissions of 91 * its neighbors, we can finish up with wrong permission graph. 92 * 93 * This test firstly create the following graph: 94 * +--------+ 95 * | root | 96 * +--------+ 97 * | 98 * | perm: write, read 99 * | shared: except write 100 * v 101 * +--------------------+ +----------------+ 102 * | passthrough filter |--------->| null-co node | 103 * +--------------------+ +----------------+ 104 * 105 * 106 * and then, tries to append filter under node. Expected behavior: fail. 107 * Otherwise we'll get the following picture, with two BdrvChild'ren, having 108 * write permission to one node, without actually sharing it. 109 * 110 * +--------+ 111 * | root | 112 * +--------+ 113 * | 114 * | perm: write, read 115 * | shared: except write 116 * v 117 * +--------------------+ 118 * | passthrough filter | 119 * +--------------------+ 120 * | | 121 * perm: write, read | | perm: write, read 122 * shared: except write | | shared: except write 123 * v v 124 * +----------------+ 125 * | null co node | 126 * +----------------+ 127 */ 128 static void test_update_perm_tree(void) 129 { 130 int ret; 131 132 BlockBackend *root = blk_new(qemu_get_aio_context(), 133 BLK_PERM_WRITE | BLK_PERM_CONSISTENT_READ, 134 BLK_PERM_ALL & ~BLK_PERM_WRITE); 135 BlockDriverState *bs = no_perm_node("node"); 136 BlockDriverState *filter = pass_through_node("filter"); 137 138 blk_insert_bs(root, bs, &error_abort); 139 140 bdrv_graph_wrlock(NULL); 141 bdrv_attach_child(filter, bs, "child", &child_of_bds, 142 BDRV_CHILD_DATA, &error_abort); 143 bdrv_graph_wrunlock(); 144 145 aio_context_acquire(qemu_get_aio_context()); 146 ret = bdrv_append(filter, bs, NULL); 147 g_assert_cmpint(ret, <, 0); 148 aio_context_release(qemu_get_aio_context()); 149 150 bdrv_unref(filter); 151 blk_unref(root); 152 } 153 154 /* 155 * test_should_update_child 156 * 157 * Test that bdrv_replace_node, and concretely should_update_child 158 * do the right thing, i.e. not creating loops on the graph. 159 * 160 * The test does the following: 161 * 1. initial graph: 162 * 163 * +------+ +--------+ 164 * | root | | filter | 165 * +------+ +--------+ 166 * | | 167 * root| target| 168 * v v 169 * +------+ +--------+ 170 * | node |<---------| target | 171 * +------+ backing +--------+ 172 * 173 * 2. Append @filter above @node. If should_update_child works correctly, 174 * it understands, that backing child of @target should not be updated, 175 * as it will create a loop on node graph. Resulting picture should 176 * be the left one, not the right: 177 * 178 * +------+ +------+ 179 * | root | | root | 180 * +------+ +------+ 181 * | | 182 * root| root| 183 * v v 184 * +--------+ target +--------+ target 185 * | filter |--------------+ | filter |--------------+ 186 * +--------+ | +--------+ | 187 * | | | ^ v 188 * backing| | backing| | +--------+ 189 * v v | +-----------| target | 190 * +------+ +--------+ v backing +--------+ 191 * | node |<---------| target | +------+ 192 * +------+ backing +--------+ | node | 193 * +------+ 194 * 195 * (good picture) (bad picture) 196 * 197 */ 198 static void test_should_update_child(void) 199 { 200 BlockBackend *root = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 201 BlockDriverState *bs = no_perm_node("node"); 202 BlockDriverState *filter = no_perm_node("filter"); 203 BlockDriverState *target = no_perm_node("target"); 204 205 blk_insert_bs(root, bs, &error_abort); 206 207 bdrv_set_backing_hd(target, bs, &error_abort); 208 209 bdrv_graph_wrlock(NULL); 210 g_assert(target->backing->bs == bs); 211 bdrv_attach_child(filter, target, "target", &child_of_bds, 212 BDRV_CHILD_DATA, &error_abort); 213 bdrv_graph_wrunlock(); 214 aio_context_acquire(qemu_get_aio_context()); 215 bdrv_append(filter, bs, &error_abort); 216 aio_context_release(qemu_get_aio_context()); 217 218 bdrv_graph_rdlock_main_loop(); 219 g_assert(target->backing->bs == bs); 220 bdrv_graph_rdunlock_main_loop(); 221 222 bdrv_unref(filter); 223 bdrv_unref(bs); 224 blk_unref(root); 225 } 226 227 /* 228 * test_parallel_exclusive_write 229 * 230 * Check that when we replace node, old permissions of the node being removed 231 * doesn't break the replacement. 232 */ 233 static void test_parallel_exclusive_write(void) 234 { 235 BlockDriverState *top = exclusive_writer_node("top"); 236 BlockDriverState *base = no_perm_node("base"); 237 BlockDriverState *fl1 = pass_through_node("fl1"); 238 BlockDriverState *fl2 = pass_through_node("fl2"); 239 240 bdrv_drained_begin(fl1); 241 bdrv_drained_begin(fl2); 242 243 /* 244 * bdrv_attach_child() eats child bs reference, so we need two @base 245 * references for two filters. We also need an additional @fl1 reference so 246 * that it still exists when we want to undrain it. 247 */ 248 bdrv_ref(base); 249 bdrv_ref(fl1); 250 251 bdrv_graph_wrlock(NULL); 252 bdrv_attach_child(top, fl1, "backing", &child_of_bds, 253 BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, 254 &error_abort); 255 bdrv_attach_child(fl1, base, "backing", &child_of_bds, 256 BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, 257 &error_abort); 258 bdrv_attach_child(fl2, base, "backing", &child_of_bds, 259 BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, 260 &error_abort); 261 262 bdrv_replace_node(fl1, fl2, &error_abort); 263 bdrv_graph_wrunlock(); 264 265 bdrv_drained_end(fl2); 266 bdrv_drained_end(fl1); 267 268 bdrv_unref(fl1); 269 bdrv_unref(fl2); 270 bdrv_unref(top); 271 } 272 273 /* 274 * write-to-selected node may have several DATA children, one of them may be 275 * "selected". Exclusive write permission is taken on selected child. 276 * 277 * We don't realize write handler itself, as we need only to test how permission 278 * update works. 279 */ 280 typedef struct BDRVWriteToSelectedState { 281 BdrvChild *selected; 282 } BDRVWriteToSelectedState; 283 284 static void write_to_selected_perms(BlockDriverState *bs, BdrvChild *c, 285 BdrvChildRole role, 286 BlockReopenQueue *reopen_queue, 287 uint64_t perm, uint64_t shared, 288 uint64_t *nperm, uint64_t *nshared) 289 { 290 BDRVWriteToSelectedState *s = bs->opaque; 291 292 if (s->selected && c == s->selected) { 293 *nperm = BLK_PERM_WRITE; 294 *nshared = BLK_PERM_ALL & ~BLK_PERM_WRITE; 295 } else { 296 *nperm = 0; 297 *nshared = BLK_PERM_ALL; 298 } 299 } 300 301 static BlockDriver bdrv_write_to_selected = { 302 .format_name = "write-to-selected", 303 .instance_size = sizeof(BDRVWriteToSelectedState), 304 .bdrv_child_perm = write_to_selected_perms, 305 }; 306 307 308 /* 309 * The following test shows that topological-sort order is required for 310 * permission update, simple DFS is not enough. 311 * 312 * Consider the block driver (write-to-selected) which has two children: one is 313 * selected so we have exclusive write access to it and for the other one we 314 * don't need any specific permissions. 315 * 316 * And, these two children has a common base child, like this: 317 * (additional "top" on top is used in test just because the only public 318 * function to update permission should get a specific child to update. 319 * Making bdrv_refresh_perms() public just for this test isn't worth it) 320 * 321 * ┌─────┐ ┌───────────────────┐ ┌─────┐ 322 * │ fl2 │ ◀── │ write-to-selected │ ◀── │ top │ 323 * └─────┘ └───────────────────┘ └─────┘ 324 * │ │ 325 * │ │ w 326 * │ ▼ 327 * │ ┌──────┐ 328 * │ │ fl1 │ 329 * │ └──────┘ 330 * │ │ 331 * │ │ w 332 * │ ▼ 333 * │ ┌──────┐ 334 * └───────▶ │ base │ 335 * └──────┘ 336 * 337 * So, exclusive write is propagated. 338 * 339 * Assume, we want to select fl2 instead of fl1. 340 * So, we set some option for write-to-selected driver and do permission update. 341 * 342 * With simple DFS, if permission update goes first through 343 * write-to-selected -> fl1 -> base branch it will succeed: it firstly drop 344 * exclusive write permissions and than apply them for another BdrvChildren. 345 * But if permission update goes first through write-to-selected -> fl2 -> base 346 * branch it will fail, as when we try to update fl2->base child, old not yet 347 * updated fl1->base child will be in conflict. 348 * 349 * With topological-sort order we always update parents before children, so fl1 350 * and fl2 are both updated when we update base and there is no conflict. 351 */ 352 static void test_parallel_perm_update(void) 353 { 354 BlockDriverState *top = no_perm_node("top"); 355 BlockDriverState *ws = 356 bdrv_new_open_driver(&bdrv_write_to_selected, "ws", BDRV_O_RDWR, 357 &error_abort); 358 BDRVWriteToSelectedState *s = ws->opaque; 359 BlockDriverState *base = no_perm_node("base"); 360 BlockDriverState *fl1 = pass_through_node("fl1"); 361 BlockDriverState *fl2 = pass_through_node("fl2"); 362 BdrvChild *c_fl1, *c_fl2; 363 364 /* 365 * bdrv_attach_child() eats child bs reference, so we need two @base 366 * references for two filters: 367 */ 368 bdrv_ref(base); 369 370 bdrv_graph_wrlock(NULL); 371 bdrv_attach_child(top, ws, "file", &child_of_bds, BDRV_CHILD_DATA, 372 &error_abort); 373 c_fl1 = bdrv_attach_child(ws, fl1, "first", &child_of_bds, 374 BDRV_CHILD_DATA, &error_abort); 375 c_fl2 = bdrv_attach_child(ws, fl2, "second", &child_of_bds, 376 BDRV_CHILD_DATA, &error_abort); 377 bdrv_attach_child(fl1, base, "backing", &child_of_bds, 378 BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, 379 &error_abort); 380 bdrv_attach_child(fl2, base, "backing", &child_of_bds, 381 BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, 382 &error_abort); 383 bdrv_graph_wrunlock(); 384 385 /* Select fl1 as first child to be active */ 386 s->selected = c_fl1; 387 388 bdrv_graph_rdlock_main_loop(); 389 390 bdrv_child_refresh_perms(top, top->children.lh_first, &error_abort); 391 392 assert(c_fl1->perm & BLK_PERM_WRITE); 393 assert(!(c_fl2->perm & BLK_PERM_WRITE)); 394 395 /* Now, try to switch active child and update permissions */ 396 s->selected = c_fl2; 397 bdrv_child_refresh_perms(top, top->children.lh_first, &error_abort); 398 399 assert(c_fl2->perm & BLK_PERM_WRITE); 400 assert(!(c_fl1->perm & BLK_PERM_WRITE)); 401 402 /* Switch once more, to not care about real child order in the list */ 403 s->selected = c_fl1; 404 bdrv_child_refresh_perms(top, top->children.lh_first, &error_abort); 405 406 assert(c_fl1->perm & BLK_PERM_WRITE); 407 assert(!(c_fl2->perm & BLK_PERM_WRITE)); 408 409 bdrv_graph_rdunlock_main_loop(); 410 bdrv_unref(top); 411 } 412 413 /* 414 * It's possible that filter required permissions allows to insert it to backing 415 * chain, like: 416 * 417 * 1. [top] -> [filter] -> [base] 418 * 419 * but doesn't allow to add it as a branch: 420 * 421 * 2. [filter] --\ 422 * v 423 * [top] -> [base] 424 * 425 * So, inserting such filter should do all graph modifications and only then 426 * update permissions. If we try to go through intermediate state [2] and update 427 * permissions on it we'll fail. 428 * 429 * Let's check that bdrv_append() can append such a filter. 430 */ 431 static void test_append_greedy_filter(void) 432 { 433 BlockDriverState *top = exclusive_writer_node("top"); 434 BlockDriverState *base = no_perm_node("base"); 435 BlockDriverState *fl = exclusive_writer_node("fl1"); 436 437 bdrv_graph_wrlock(NULL); 438 bdrv_attach_child(top, base, "backing", &child_of_bds, 439 BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, 440 &error_abort); 441 bdrv_graph_wrunlock(); 442 443 aio_context_acquire(qemu_get_aio_context()); 444 bdrv_append(fl, base, &error_abort); 445 aio_context_release(qemu_get_aio_context()); 446 bdrv_unref(fl); 447 bdrv_unref(top); 448 } 449 450 int main(int argc, char *argv[]) 451 { 452 bdrv_init(); 453 qemu_init_main_loop(&error_abort); 454 455 g_test_init(&argc, &argv, NULL); 456 457 g_test_add_func("/bdrv-graph-mod/update-perm-tree", test_update_perm_tree); 458 g_test_add_func("/bdrv-graph-mod/should-update-child", 459 test_should_update_child); 460 g_test_add_func("/bdrv-graph-mod/parallel-perm-update", 461 test_parallel_perm_update); 462 g_test_add_func("/bdrv-graph-mod/parallel-exclusive-write", 463 test_parallel_exclusive_write); 464 g_test_add_func("/bdrv-graph-mod/append-greedy-filter", 465 test_append_greedy_filter); 466 467 return g_test_run(); 468 } 469