libdevmapper should be thread-safe #67
Comments
|
Unfortunately this is very complicated - and currently there is no manpower to handle this task. Portion of libdm is thread-safe and used as such by i.e. dmeventd - but without knowing consequences of threaded usage, it would be quite hard to expose and support this as public API. The reason #1 is handling of 'suspends'. What may work one day in future as some sort of user-space ''DM" management daemon. But there can't be expected threaded ioctl() based library support as is libdm today. |
The problem with this is that it causes problems for those (such as Stratis) writing their own volume managers. Stratis had to resort to wrapping calls to libcryptsetup (which uses libdevmapper) in a global lock. If this is sufficient, it should be fairly easy to implement in libdevmapper; I might even be able to make a PR for it. On the other hand, if it is not sufficient, then Stratis is broken.
Can you explain? I know that libdevmapper needs to call |
There are more ways to skin the cat - AFAIK Stratis is using Rust - so most likely they have their own API.
mlockall() is unfortunately not good way of using it - it can lock i.e. whole locale files - these have hundreds of MiB.... |
Makes sense.
Been there, done that. Qubes OS calls
Okay, that makes sense. The reason I asked for libdevmapper to be thread-safe (even if not thread-efficient) is that its lack of thread-safety makes using it from many modern programming environments extremely clumsy, unsafe, or both. For instance, all programs using Go, glib, or Java must assume that multiple threads are running, and the Rust ecosystem expects that an API not marked as
And that is 100% valid. |
And we've been used from i.e. Python apps - so there were even gigabytes of RAM locked into user-space - to solve it we would really need to use some from of 'daemon' to handle this DM table manipulation job. |
Or a kernel change so that a sequence of DM ioctls can be done atomically.
I certainly hope so. |
This would not likely help much. In general 'DM world' prefers to keep kernel 'simple' and leave all the complexity in users space. |
|
@zkabelac It’s worth noting that there are some cases where suspends are simply not an issue. If I write a volume manager for Qubes OS, it simply will not support managing the volume on which the root filesystem is located. So there is no need for memory locking.
The problem is that if your process dies (say due to the OOM killer) you have a completely hosed system and no way to recover except by reboot. Part of that can be solved by having Linux automatically resume a device if the process that suspended it dies, but still. |
We are solving withing lvm2 many system failure situation - against OOM we protect ourself by locking our code into RAM before we execute critical section of lvm2 code and we preallocate all needed RAM ahead of time. However I'm very far away of saying we solved every possible cases - so surely there are possible highly unusual scenarios that may end as system deadlock. But knowing from many years of support for lvm2 product - we are not aware users are facing such situation (at lost they do not report to us about them). i.e. we know that some resume failure error paths are sometimes simply too hard to make them correct and reboot might be actually the best way how to deal with the problem.... |
Obvious solution I can come up with is for the kernel to keep track of which process suspended a device, and for the kernel to automatically resume the device when that process dies. That would require some sort of locking, though. |
Which will not work - since we are suspending/resuming 'trees' of devices - each path has different error recovery sequence and further require adapting lvm metadata - and for that you need further locking. |
libdevmapper should be safe to use in multiple threads concurrently.
The text was updated successfully, but these errors were encountered: