On Tue, 04/11 15:30, Kevin Wolf wrote: > Am 11.04.2017 um 15:14 hat Eric Blake geschrieben: > > On 04/11/2017 07:05 AM, Kevin Wolf wrote: > > > Note that job completion/cancellation aren't synchronous QMP commands. > > > The job works something like this, where '...' means that the VM can run > > > and submit new writes etc.: > > > > > > 1. Start job: mirror_start > > > ... > > > 2. Bulk has completed: BLOCK_JOB_READY event > > > ... > > > 3. Request completion/cancellation: block-job-completet/cancel > > > ... > > > 4. Actual completion/cancellation: BLOCK_JOB_COMPLETED > > > > > > The last one is the actual job completion that we want to be atomic for > > > a group of nodes. Just making step 3 atomic (which is what including > > > block-job-complete/cancel in transaction would mean) doesn't really buy > > > us anything because the data will still change between step 3 and 4. > > > > But as long as the data changes between steps 3 and 4 are written to > > only one of the two devices, rather than both, then the disk contents > > atomicity is guaranteed at the point where we stopped the mirroring (ie. > > during step 3). > > But that's not how things work. Essentially requesting completion means > that the next time that source and target are in sync, we complete the > block job. This means that still new copying requests can be issued > before the job actually completes (and it's even likely to happen). > > > > Now step 4 is reached for each job individually, and unless you stop the > > > VM (or at least the processing of I/O requests), I don't see how you > > > could reach it at the same time for all jobs. > > > > The fact that the jobs complete independently (based on different > > amounts of data to flush) is not problematic, if we are still guaranteed > > that issuing the request altered the graph so that future writes by the > > guest only go to one side, and the delay in closing is only due to > > flushing write requests that pre-dated the job end request. > > This is not easily possible without implementing something like a backup > job for the final stage of the mirror job... Otherwise the guest can > always overwrite a sector that is still marked dirty and then that new > sector will definitely be copied still.
We can add a block-job-cancel-sync command and call block_job_cancel_sync(). If added to transaction, this does what Eric is asking, right? Fam
