Send all flushes through the deferred jobs queue (if present) #1575
Conversation
There was a problem hiding this comment.
Unclear if this actually matters, but I'm worried that flushes and barriers can skip the deferred job queue.
I don't think I understand the concern - my mental model of the deferred job queue is that it offloads the encryption and decryption from the main loop?
| } else { | ||
| info!(self.log, "not ready to deactivate client {i}"); | ||
| if !self.deferred_ops.is_empty() { | ||
| info!(self.log, "waiting for deferred ops..."); |
There was a problem hiding this comment.
this is a behaviour change, no?
I think we should allow the guest to deactivate at any time. I imagine in a scenario where the Upstairs / Propolis is stuck, we would still want to shut down or migrate a instance, and if Propolis calls deactivate that could block those.
| @@ -1278,10 +1294,12 @@ impl Upstairs { | |||
| } | |||
| UpstairsState::Active => (), | |||
| } | |||
| if !self.downstairs.can_deactivate_immediately() { | |||
| if self.need_flush.is_some() | |||
| || !self.deferred_ops.is_empty() | |||
|
My concern is the following sequence of events:
However, after trying to build a unit test for this, I couldn't trigger any issues:
In other words, this is safe because the deactivation request goes through the same queued as deferred writes, even though the final flush does not go through that queue. Automatically generated flushes and barriers are still unqueued, so I need to think more about whether this could cause problems, but my immediate concerns are lessened. |
As I understand it this flush would be submitted to each downstairs immediately, but wouldn't complete due to the job dependency on the write? |
Unclear if this actually matters, but I'm worried that flushes and barriers can skip the deferred job queue.