On Tue, 08/22 10:56, Peter Xu wrote: > I haven't really encountered (c), but I think it's the migrate_cancel > command that matters, which should not need BQL as well.
There is bdrv_invalidate_cache_all() in migrate_cancel which clearly isn't safe. Is that if block unreachable in this case? If so we should assert, otherwise this command is not okay to run without BQL. Generically, what guarantee the thread-safety of a qmp command when you decide BQL is not needed? In other words, how do you prove commands are safe without BQL? I think almost every command accesses global state, but lock-free data structures are rare AFAICT. Fam
