[Qemu-devel] [RFC PATCH 11/16] qcow2: Add error handling to the l2meta coroutine

[Kevin Wolf]

Not exactly bisectable, but one large patch isn't much better either :-(

m->error is used to allow bdrv_drain() to stop with l2meta in error
state rather than go into an endless loop.

Signed-off-by: Kevin Wolf <address@hidden>
---
 block/qcow2.c |   44 ++++++++++++++++++++++++++++++++++++++++----
 block/qcow2.h |    3 +++
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 2e220c7..e001436 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -771,11 +771,33 @@ static void coroutine_fn process_l2meta(void *opaque)
         m->sleeping = false;
     }
 
+again:
     qemu_co_mutex_lock(&s->lock);
 
     ret = qcow2_alloc_cluster_link_l2(bs, m);
     if (ret < 0) {
-        /* FIXME */
+        /*
+         * This is a nasty situation: We have already completed the allocation
+         * write request and returned success, so just failing it isn't
+         * possible. We need to make sure to return an error during the next
+         * flush.
+         *
+         * However, we still can't drop the l2meta because we want I/O errors
+         * to be recoverable e.g. after the block device has been grown or the
+         * network connection restored. Sleep until the next flush comes and
+         * then retry.
+         */
+        s->flush_error = ret;
+
+        qemu_co_mutex_unlock(&s->lock);
+        qemu_co_rwlock_unlock(&s->l2meta_flush);
+        m->sleeping = true;
+        m->error = true;
+        qemu_coroutine_yield();
+        m->error = false;
+        m->sleeping = false;
+        qemu_co_rwlock_rdlock(&s->l2meta_flush);
+        goto again;
     }
 
     run_dependent_requests(s, m);
@@ -812,14 +834,27 @@ static bool qcow2_drain(BlockDriverState *bs)
 {
     BDRVQcowState *s = bs->opaque;
     QCowL2Meta *m;
+    bool busy = false;
 
     QLIST_FOREACH(m, &s->cluster_allocs, next_in_flight) {
-        if (m->sleeping) {
+        if (m->sleeping && !m->error) {
             qemu_coroutine_enter(m->co, NULL);
         }
     }
 
-    return !QLIST_EMPTY(&s->cluster_allocs);
+    /*
+     * If there's still a sleeping l2meta, then an error must have occured.
+     * Don't consider l2metas in this state as busy, they only get active on
+     * flushes.
+     */
+    QLIST_FOREACH(m, &s->cluster_allocs, next_in_flight) {
+        if (!m->sleeping) {
+            busy = true;
+            break;
+        }
+    }
+
+    return busy;
 }
 
 static coroutine_fn int qcow2_co_writev(BlockDriverState *bs,
@@ -1648,7 +1683,8 @@ static coroutine_fn int 
qcow2_co_flush_to_os(BlockDriverState *bs)
         }
     }
 
-    ret = 0;
+    ret = s->flush_error;
+    s->flush_error = 0;
 fail:
     qemu_co_mutex_unlock(&s->lock);
     resume_l2meta(s);
diff --git a/block/qcow2.h b/block/qcow2.h
index 8bf145c..1c4dc0e 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -171,6 +171,8 @@ typedef struct BDRVQcowState {
     CoRwlock l2meta_flush;
     bool in_l2meta_flush;
 
+    int flush_error;
+
     uint32_t crypt_method; /* current crypt method, 0 if no key yet */
     uint32_t crypt_method_header;
     AES_KEY aes_encrypt_key;
@@ -250,6 +252,7 @@ typedef struct QCowL2Meta
      * be reentered in order to cancel the timer.
      */
     bool sleeping;
+    bool error;
 
     /** Coroutine that handles delayed COW and updates L2 entry */
     Coroutine *co;
-- 
1.7.6.5