Layer 5 · lvol

What diskengine actually does when it touches an lvol.

This is the marquee page of Layer 5. We trace three diskengine loops that touch lvols, end to end, from the outermost Go tick to the innermost C function. The loops are: provisionLvol (creating a new lvol), processInPlaceResizes (growing an existing lvol), and processDeletingSnapshots (deleting a snapshot and reconciling the lvstore's free-cluster count). At the end of each trace you'll know exactly which bytes move on the wire, which C function runs, and which DB write finalizes the operation.

~20 min read1 sequence diagramprerequisites: 5.1 lvstore · 5.2 thin + snapshots · 5.3 CoW · 3.2 bdev_lvol_create end-to-end

On this page

The orchestrator: provisioningLoop ticks every second
Trace 1: processProvisioning
Trace 1: provisionLvol
Trace 1: ensureNvmeofReady
Trace 1: BdevLvolCreate — Go to C
Trace 1: rpc_bdev_lvol_create — the C handler
Trace 1: vbdev_lvol_create — into the lvol layer
Trace 1: the cluster allocation and metadata write
Trace 1: NvmfSubsystemAddNs — the response path
Trace 1: verifyState does a parallel check
Trace 2: processInPlaceResizes
Trace 3: processDeletingSnapshots
Edge cases & what trips people up

The orchestrator: `provisioningLoop` ticks every second

Three diskengine goroutines drive lvol state. They all run on the storagenode and tick on a 1 Hz time.Ticker:

Goroutine	File	What it does
`provisioningLoop`	`provisionlvol.go`	Reads DB rows in `CREATING` state, calls `bdev_lvol_create`, attaches the lvol to an NVMe-oF subsystem, marks the DB row `READY`.
`inPlaceResizeLoop`	`resize.go`	Reads DB rows in `RESIZING` state, computes the target size, calls `bdev_lvol_resize`, zeros the new region.
`snapshotDeleteLoop`	`snapshotdelete.go`	Reads DB rows in `DELETING` state, calls `bdev_lvol_delete`, finalizes the row, re-syncs the lvstore's free-cluster count from SPDK.

provisioningLoop also runs verifyState in the same tick. That means the create path is also the reconciliation path — every second, the system either makes progress or notices drift.

spdk_v26_01_migration/diskengine/internal/storagenode/provisionlvol.go · lines 16-46 provisioningLoop — the per-second tick

func provisioningLoop(ctx context.Context) {
    spdkClient, err := spdkclient.CreateClientWithJsonCodec(
        "unix", config.Value.SPDK_RPC_SOCK)
    if err != nil {
        logger.Error.Printf("could not create spdk client: %v", err)
        return
    }
    defer spdkClient.Close()

    ticker := time.NewTicker(1 * time.Second)
    defer ticker.Stop()

    for {
        select {
        case <-cancelCtx.Done():
            return
        case <-ticker.C:
            if err := processProvisioning(ctx, spdkClient); err != nil {
                logger.Error.Printf("Error processing provisioning: %v", err)
            }
            if err := verifyState(ctx, spdkClient); err != nil {
                logger.Error.Printf("State drift detected: %v", err)
            }
            if err := helpers.SaveConfig(spdkClient,
                    config.Value.SPDK_CONFIG_PATH,
                    []string{"bdev", "nvmf"}); err != nil {
                logger.Error.Printf("Failed to save SPDK config: %v", err)
            }
        }
    }
}

Three things per tick: process, verify, save. The save call dumps the current SPDK configuration to SPDK_CONFIG_PATH so the next SPDK restart can replay it via RestoreConfig:143 .

Trace 1: `processProvisioning`

The DB read. The query returns every lvol on this baremetal that's in CREATING state. The loop iterates them, calling provisionLvol on each.

spdk_v26_01_migration/diskengine/internal/storagenode/provisionlvol.go · lines 48-72 processProvisioning — the per-lvol dispatcher

func processProvisioning(ctx context.Context,
        spdkClient *spdkclient.Client) error {
    lvols, err := repository.GetCreatingLvols(ctx,
            config.Value.BAREMETAL_ID)
    if err != nil {
        return err
    }
    if len(lvols) == 0 {
        logger.Info.Println("No lvols to provision.")
        return nil
    }
    for _, l := range lvols {
        select {
        case <-ctx.Done():
            return ctx.Err()
        default:
            if err := provisionLvol(ctx, spdkClient, l); err != nil {
                logger.Error.Printf("provisioning: failed to provision lvol %s: %v",
                        l.LvolUUID, err)
                continue
            }
        }
    }
    return nil
}

The loop is forgiving: a per-lvol failure logs and continues. There is no global rollback. A failed lvol stays in CREATING state and will be retried on the next tick — the isAlreadyExistsErr check in provisionLvol (line 101) makes that safe.

Trace 1: `provisionLvol`

The per-lvol work. Six steps: validate placement, ensure NVMe-oF, build the params, call bdev_lvol_create, attach to the subsystem, finalize the DB row.

spdk_v26_01_migration/diskengine/internal/storagenode/provisionlvol.go · lines 74-146 provisionLvol — the per-lvol work, top to bottom

func provisionLvol(ctx context.Context,
        spdkClient *spdkclient.Client,
        lvol repository.LvolToProcess) error {
    logger.Info.Printf("Provisioning lvol %s", lvol.LvolUUID)

    if lvol.NQN == "" || lvol.RDMAIP == "" || lvol.RDMAPort == 0 {
        return fmt.Errorf("missing NVMe-oF placement info ...")
    }

    if err := ensureNvmeofReady(spdkClient, lvol.NQN,
            lvol.RDMAIP, lvol.RDMAPort, lvol.DiskSerial); err != nil {
        return fmt.Errorf("ensure nvmeof ready failed: %w", err)
    }

    thinProvisioning := true
    clearMethod := "unmap"
    lvolName := fmt.Sprintf("%d", lvol.LvolID)
    req := spdkclient.BdevLvolCreateParams{
        LvstoreUUID:   &lvol.LvstoreUUID,
        LvolName:      lvolName,
        SizeInMib:     uint64(lvol.CapacityBytes / (1024 * 1024)),
        ClearMethod:   &clearMethod,
        ThinProvision: &thinProvisioning,
    }
    createdLvolUUID, err := spdkClient.BdevLvolCreate(req)
    if err != nil {
        if isAlreadyExistsErr(err) {
            existingUUID, findErr := findExistingLvolUUID(
                spdkClient, lvol.LvstoreUUID, lvolName)
            if findErr != nil {
                return fmt.Errorf("lvol already exists but ...")
            }
            createdLvolUUID = existingUUID
        } else {
            return err
        }
    }

    if err := spdkClient.NvmfSubsystemAddNs(
        spdkclient.NvmfSubsystemAddNsParams{
            NQN: lvol.NQN,
            Namespace: spdkclient.NvmfNamespaceParams{
                BdevName: createdLvolUUID,
            },
        }); err != nil {
        // also handle "already exists" ...
    }

    if err := repository.FinalizeProvisioningForLvol(ctx, lvol,
            createdLvolUUID); err != nil {
        return fmt.Errorf("failed to finalize provisioning: %w", err)
    }

    return nil
}

Six steps, each one explained in its own section below.

Trace 1: `ensureNvmeofReady`

Before creating the lvol, the NVMe-oF transport, subsystem, and listener must exist. The check is "create-if-missing" — idempotent, safe to call on every tick. The function is in ensureNvmeofReady:13 .

spdk_v26_01_migration/diskengine/internal/storagenode/utils.go · lines 12-53 ensureNvmeofReady — transport creation

func ensureNvmeofReady(client *spdkclient.Client, nqn string,
        ip string, port int, diskSerial string) error {
    ips := splitCSV(ip)
    if len(ips) == 0 {
        ips = []string{ip}
    }

    transports, err := client.NvmfGetTransports(
        spdkclient.NvmfGetTransportsParams{})
    if err != nil {
        return fmt.Errorf("nvmf_get_transports: %w", err)
    }
    hasRDMA := false
    for _, t := range transports {
        if strings.EqualFold(t.Trtype, "RDMA") {
            hasRDMA = true
            break
        }
    }
    if !hasRDMA {
        ioUnit := 16384
        numShared := 1024
        // ... many other tuning params ...
        if err := client.NvmfCreateTransport(
            spdkclient.NvmfCreateTransportParams{
                Trtype: "RDMA",
                IoUnitSize: &ioUnit,
                NumSharedBuffers: &numShared,
                // ...
            }); err != nil {
            return fmt.Errorf("nvmf_create_transport RDMA: %w", err)
        }
    }
    // ... subsystem check + listener check follow ...
}

Three things to note:

NvmfGetTransports is a query — it returns the current state. We use it to avoid re-creating the transport.
The RDMA tuning numbers (16384, 1024, 256, 128, 8192, 256) are explicit defaults, not magic numbers. If a transport with different settings exists already, we don't override it.
NvmfCreateTransport returns success if the transport already exists (it's an idempotent RPC). The hasRDMA pre-check is an optimization, not a correctness requirement.

The subsystem check (lines 55-93) does the same dance for the NQN: query, find or create, then refresh and locate. The listener check (lines 94-118) iterates the list of IPs the disk's RDMA interface is bound to and creates a listener on each. The full function makes 1-3 RPCs in the common case, more if multiple IPs are configured.

Trace 1: `BdevLvolCreate` — Go to C

The Go wrapper is in BdevLvolCreate:42 . The full trace of how the call lands in the C handler is in 3.2 — bdev_lvol_create end-to-end. The short version:

STEP 01

Go client encodes

json.Marshal of BdevLvolCreateParams

→

STEP 02

Unix socket write

one JSON object + newline

→

STEP 03

SPDK recv

spdk_jsonrpc_server_poll pulls the bytes

→

STEP 04

JSON parse

two-pass: dry run + real decode

→

STEP 05

Method lookup

linear scan of g_rpc_methods

→

STEP 06

Handler dispatch

rpc_bdev_lvol_create runs

The Go-side payload is the struct from BdevLvolCreateParams:90 :

{
  "lvol_name":      "42",
  "size_in_mib":    1024,
  "thin_provision": true,
  "clear_method":   "unmap",
  "uuid":           "bd56a4e6-..."
}

The "uuid" field is the lvstore's UUID — diskengine always addresses the lvstore by UUID, never by name. The "lvol_name" is the integer lvol ID rendered as a string. The "size_in_mib" is the rounded-down MiB count (any bytes past the cluster boundary are silently dropped).

Trace 1: `rpc_bdev_lvol_create` — the C handler

The C handler is at module/bdev/lvol/vbdev_lvol_rpc.c:332 . The body decodes, looks up, translates, dispatches, and queues the response:

spdk_v26_01_migration/module/bdev/lvol/vbdev_lvol_rpc.c · lines 332-383 rpc_bdev_lvol_create — the SPDK handler

static void
rpc_bdev_lvol_create(struct spdk_jsonrpc_request *request,
            const struct spdk_json_val *params)
{
    struct rpc_bdev_lvol_create req = {};
    enum lvol_clear_method clear_method;
    int rc = 0;
    struct spdk_lvol_store *lvs = NULL;

    if (spdk_json_decode_object(params,
            rpc_bdev_lvol_create_decoders,
            SPDK_COUNTOF(rpc_bdev_lvol_create_decoders), &req)) {
        spdk_jsonrpc_send_error_response(request,
            SPDK_JSONRPC_ERROR_INTERNAL_ERROR,
            "spdk_json_decode_object failed");
        goto cleanup;
    }

    rc = vbdev_get_lvol_store_by_uuid_xor_name(req.uuid,
            req.lvs_name, &lvs);
    if (rc != 0) {
        spdk_jsonrpc_send_error_response(request, rc,
                spdk_strerror(-rc));
        goto cleanup;
    }

    if (req.clear_method != NULL) {
        if (!strcasecmp(req.clear_method, "none")) {
            clear_method = LVOL_CLEAR_WITH_NONE;
        } else if (!strcasecmp(req.clear_method, "unmap")) {
            clear_method = LVOL_CLEAR_WITH_UNMAP;
        } else if (!strcasecmp(req.clear_method, "write_zeroes")) {
            clear_method = LVOL_CLEAR_WITH_WRITE_ZEROES;
        } else {
            spdk_jsonrpc_send_error_response(request, -EINVAL,
                    "Invalid clean_method option");
            goto cleanup;
        }
    } else {
        clear_method = LVOL_CLEAR_WITH_DEFAULT;
    }

    rc = vbdev_lvol_create(lvs, req.lvol_name,
            req.size_in_mib * 1024 * 1024,
            req.thin_provision, clear_method,
            rpc_bdev_lvol_create_cb, request);
    if (rc < 0) {
        spdk_jsonrpc_send_error_response(request, rc,
                spdk_strerror(-rc));
        goto cleanup;
    }

cleanup:
    free_rpc_bdev_lvol_create(&req);
}

Six things to notice:

spdk_json_decode_object matches the JSON keys against the decoder table ( module/bdev/lvol/vbdev_lvol_rpc.c:302 ). Missing required fields are caught here.
The XOR helper vbdev_get_lvol_store_by_uuid_xor_name ( module/bdev/lvol/vbdev_lvol_rpc.c:42 ) rejects both or neither. Diskengine sends one.
The clear_method translation uses strcasecmp — "Unmap" and "UNMAP" are both valid. The error message has a typo ("clean_method" instead of "clear_method") — known issue.
The MiB-to-bytes multiplication (req.size_in_mib * 1024 * 1024) happens at the handler. The lvol layer works in bytes from here on.
vbdev_lvol_create returns synchronously. A return value of 0 means "queued successfully"; the response will be written from rpc_bdev_lvol_create_cb at module/bdev/lvol/vbdev_lvol_rpc.c:312 . A negative return value means "couldn't even queue" and the handler sends the error response immediately.
The free_rpc_bdev_lvol_create at the cleanup label releases the strdup'd strings from the decoder. Without this, every bdev_lvol_create would leak ~100 bytes.

Trace 1: `vbdev_lvol_create` — into the lvol layer

The bridge from the bdev module to the lvol subsystem is at module/bdev/lvol/vbdev_lvol.c:1232 . It allocates a request wrapper and calls the lvol library:

spdk_v26_01_migration/module/bdev/lvol/vbdev_lvol.c · lines 1232-1253 vbdev_lvol_create — the bridge function

int
vbdev_lvol_create(struct spdk_lvol_store *lvs, const char *name,
          uint64_t sz, bool thin_provision,
          enum lvol_clear_method clear_method,
          spdk_lvol_op_with_handle_complete cb_fn, void *cb_arg)
{
    struct spdk_lvol_with_handle_req *req;
    int rc;

    req = calloc(1, sizeof(*req));
    if (req == NULL) {
        return -ENOMEM;
    }
    req->cb_fn = cb_fn;
    req->cb_arg = cb_arg;

    rc = spdk_lvol_create(lvs, name, sz, thin_provision,
                  clear_method, _vbdev_lvol_create_cb, req);
    if (rc != 0) {
        free(req);
    }

    return rc;
}

Two things to notice:

The completion callback is _vbdev_lvol_create_cb (defined at line 1216), not the RPC's callback. The reason: the lvol layer needs to do the bdev registration first, and only then hand control back to the RPC layer to write the response.
spdk_lvol_create is the public lvol library entry point (in lib/lvol/lvol.c:1173 ). It allocates the in-memory spdk_lvol struct, sets up the blob options, and calls spdk_bs_create_blob_ext. The blob creation is the part that hits the disk.

Trace 1: the cluster allocation and metadata write

spdk_lvol_create ( lib/lvol/lvol.c:1173 ) sets up the blob options:

spdk_v26_01_migration/lib/lvol/lvol.c · lines 1212-1224 spdk_lvol_create — the blob options

spdk_blob_opts_init(&opts, sizeof(opts));
opts.thin_provision = thin_provision;
opts.num_clusters = spdk_divide_round_up(sz,
                            spdk_bs_get_cluster_size(bs));
opts.clear_method = lvol->clear_method;
opts.xattrs.count = SPDK_COUNTOF(xattr_names);
opts.xattrs.names = xattr_names;
opts.xattrs.ctx = lvol;
opts.xattrs.get_value = lvol_get_xattr_value;

spdk_bs_create_blob_ext(lvs->blobstore, &opts,
            lvol_create_cb, req);

The two things that matter for our trace:

num_clusters is the number of clusters backing the new lvol. For a thin lvol, the value is still recorded in the blob metadata — the metadata says "this lvol is 256 clusters long" — but no clusters are allocated yet. The clusters are allocated lazily on first write.
The xattrs are written as part of blob creation. The "name" and "uuid" xattrs ( lib/lvol/lvol.c:1181 ) are what let the lvol be identified after a restart.

The actual cluster allocation and metadata write happens inside spdk_bs_create_blob_ext. For a thick lvol, this is a synchronous-feeling sequence of:

Allocate a blob ID (find a clear bit in used_blobids).
For each cluster in num_clusters: find a free cluster in used_clusters, then write the new extent table entry.
Persist the metadata pages (one md_page write per page that's been dirtied).
Mark the lvstore clean (if all writes succeeded).

For a thin lvol, step 2 is skipped — the extent table is just zeros — but the blob ID allocation and the metadata write still happen. The "thick vs. thin" distinction is purely about whether num_clusters worth of free clusters were taken from the pool.

Once the blob is created, the completion callback lvol_create_cb ( lib/lvol/lvol.c:1050 ) opens the blob, attaches it to the lvol struct, and returns control up the chain. The bdev layer's _vbdev_lvol_create_cb ( module/bdev/lvol/vbdev_lvol.c:1216 ) then calls _create_lvol_disk (line 1131), which builds the spdk_bdev and registers it via spdk_bdev_register. The bdev's name is the lvol UUID; the alias is "<lvstore_name>/<lvol_name>".

Once the bdev is registered, the lvol layer's _vbdev_lvol_create_cb invokes the original RPC callback rpc_bdev_lvol_create_cb ( module/bdev/lvol/vbdev_lvol_rpc.c:312 ). That callback writes the response:

spdk_v26_01_migration/module/bdev/lvol/vbdev_lvol_rpc.c · lines 311-329 rpc_bdev_lvol_create_cb — the response

static void
rpc_bdev_lvol_create_cb(void *cb_arg,
            struct spdk_lvol *lvol, int lvolerrno)
{
    struct spdk_json_write_ctx *w;
    struct spdk_jsonrpc_request *request = cb_arg;

    if (lvolerrno != 0) {
        goto invalid;
    }

    w = spdk_jsonrpc_begin_result(request);
    spdk_json_write_string(w, lvol->unique_id);
    spdk_jsonrpc_end_result(request, w);
    return;

invalid:
    spdk_jsonrpc_send_error_response(request,
            SPDK_JSONRPC_ERROR_INVALID_PARAMS,
            spdk_strerror(-lvolerrno));
}

The response is a single JSON string: the lvol's UUID. That's createdLvolUUID on the Go side.

Trace 1: `NvmfSubsystemAddNs` — the response path

Back in Go, the response is at NvmfSubsystemAddNs:114 . The call attaches the lvol bdev to the NVMe-oF subsystem that was set up by ensureNvmeofReady. The handler is in the nvmf RPC layer; the lvol layer is not involved.

spdk_v26_01_migration/diskengine/internal/storagenode/provisionlvol.go · lines 114-141 NvmfSubsystemAddNs — the attach step

if err := spdkClient.NvmfSubsystemAddNs(
    spdkclient.NvmfSubsystemAddNsParams{
        NQN: lvol.NQN,
        Namespace: spdkclient.NvmfNamespaceParams{
            BdevName: createdLvolUUID,
        },
    }); err != nil {
    if isAlreadyExistsErr(err) {
        attached, checkErr := isNamespaceAttached(
            spdkClient, lvol.NQN, createdLvolUUID)
        if checkErr != nil {
            return fmt.Errorf("namespace attach returned already-exists but verification failed: %w", checkErr)
        }
        if !attached {
            return fmt.Errorf("namespace already exists but bdev %s not attached to subsystem %s", createdLvolUUID, lvol.NQN)
        }
        logger.Info.Printf("provisionLvol: lvol %s already attached to subsystem %s", createdLvolUUID, lvol.NQN)
    } else {
        logger.Error.Printf("Failed to attach lvol %s to subsystem %s: %v", createdLvolUUID, lvol.NQN, err)
        logger.Error.Printf("Lvol %s was created in SPDK but not attached - this will cause state drift", createdLvolUUID)
        logger.Error.Printf("Manual cleanup may be required for orphaned bdev %s", createdLvolUUID)
        return fmt.Errorf("failed to attach lvol to subsystem: %w", err)
    }
}

The "already exists" branch is the post-crash recovery path: SPDK might have created the lvol and attached the namespace before crashing, and the DB wasn't updated. On the next tick, we re-attach, discover the lvol already exists, find its UUID, and re-attach. The isNamespaceAttached check is what makes this safe — we verify the attach actually happened before declaring success.

The final step is repository.FinalizeProvisioningForLvol, which updates the DB row from CREATING to READY. After this, the next tick's processProvisioning query won't return this lvol. The trace is done.

Trace 1: `verifyState` does a parallel check

On the same tick (back in provisioningLoop), verifyState runs. It cross-references the DB against SPDK's view of the world:

spdk_v26_01_migration/diskengine/internal/storagenode/verifystate.go · lines 19-100 verifyState — the parallel reconciliation

func verifyState(ctx context.Context, client *spdkclient.Client) error {
    // 1. Pull DB state
    dbLvols, err := repository.GetReadyLvols(ctx, config.Value.BAREMETAL_ID)
    // ...

    // 2. Build SPDK state
    bdevInfos, err := client.BdevGetBdevs(spdkclient.BdevGetBdevsParams{})
    bdevSet := map[string]struct{}{}
    for _, info := range bdevInfos {
        if info.ProductName != "Logical Volume" {
            continue
        }
        bdevSet[info.UUID] = struct{}{}
    }
    // ...

    spdkLvstores, err := client.BdevLvolGetLvstores()
    spdkLvstoreSet := map[string]struct{}{}
    for _, lvs := range spdkLvstores {
        spdkLvstoreSet[lvs.UUID] = struct{}{}
    }

    // 3. Cross-reference (DB -> SPDK)
    for _, l := range dbLvols {
        if _, ok := bdevSet[l.UUID]; !ok {
            // DB says lvol is READY but SPDK doesn't have the bdev
            // -> STATE DRIFT
            drifts = append(drifts, ...)
        }
    }

    // 4. LVStore cross-reference (DB <-> SPDK)
    for _, lvs := range dbLvstores {
        if _, ok := spdkLvstoreSet[lvs.UUID]; !ok {
            drifts = append(drifts, ...)
        }
    }

    // 4b. Sync lvstore capacity/free bytes from SPDK to DB
    for _, dbLvs := range dbLvstores {
        for _, spdkLvs := range spdkLvstores {
            if dbLvs.UUID == spdkLvs.UUID {
                spdkCapacity := int64(spdkLvs.ClusterSize *
                                      spdkLvs.TotalDataClusters)
                spdkFree := int64(spdkLvs.ClusterSize *
                                   spdkLvs.FreeClusters)
                if dbLvs.CapacityBytes != spdkCapacity ||
                    dbLvs.FreeBytes != spdkFree {
                    repository.UpdateLvstoreCapacityAndFreeBytes(
                        ctx, dbLvs.UUID, spdkCapacity, spdkFree)
                }
            }
        }
    }
    // ...
}

The four checks: every DB lvol has a matching SPDK bdev, every DB lvstore has a matching SPDK lvstore, every SPDK lvstore is in the DB, and the capacity/free-bytes counters agree. Disagreements are reported as state drift.

Trace 2: `processInPlaceResizes`

The resize loop. A separate goroutine on a 1 Hz tick. The DB returns lvols in RESIZING state with a new capacity. The loop computes the target size, issues bdev_lvol_resize, and (importantly) zeros the delta region.

spdk_v26_01_migration/diskengine/internal/storagenode/resize.go · lines 43-107 processInPlaceResizes — the resize dispatcher

func processInPlaceResizes(ctx context.Context,
        spdkClient *spdkclient.Client) error {
    resizing, err := repository.GetResizingLvolsWithSize(
            ctx, config.Value.BAREMETAL_ID)
    if err != nil { return err }
    if len(resizing) == 0 {
        return nil
    }

    bdevs, err := spdkClient.BdevGetBdevs(
        spdkclient.BdevGetBdevsParams{})
    if err != nil { return err }

    sizes := make(map[string]struct{ bytes uint64 })
    for _, b := range bdevs {
        if b.UUID == "" || b.BlockSize == 0 { continue }
        sizes[b.UUID] = struct{ bytes uint64 }{
            bytes: b.NumBlocks * uint64(b.BlockSize),
        }
    }

    for _, rl := range resizing {
        want := uint64(rl.CapacityBytes)
        cur, ok := sizes[rl.UUID]
        if !ok {
            logger.Warn.Printf("bdev for lvol %s not found; will rely on verification loop", rl.UUID)
            continue
        }
        mib := want / (1024 * 1024)
        if mib == 0 {
            logger.Info.Printf("computed target size 0 MiB for lvol %s; skipping", rl.UUID)
            continue
        }
        if cur.bytes >= want {
            logger.Info.Printf("lvol %s already at or above requested size; skipping", rl.UUID)
        } else {
            if err := spdkClient.BdevLvolResize(
                spdkclient.BdevLvolResizeParams{
                    Name: rl.UUID,
                    SizeInMib: mib,
                }); err != nil {
                logger.Error.Printf("bdev_lvol_resize failed for %s: %v", rl.UUID, err)
                continue
            }

            deltaBytes := int64(want - cur.bytes)
            if deltaBytes > 0 {
                if err := zeroLvolDeltaRegion(ctx, spdkClient,
                        rl.UUID, int64(cur.bytes), deltaBytes); err != nil {
                    logger.Error.Printf("failed to zero delta region for lvol %s: %v", rl.UUID, err)
                    continue
                }
            }
        }
        if err := repository.MarkLvolUpByUUID(ctx, rl.UUID); err != nil {
            logger.Error.Printf("failed to mark lvol %s UP in DB: %v", rl.UUID, err)
        }
    }
    return nil
}

Five steps per lvol: read current size, compute target, call bdev_lvol_resize, zero the delta, mark UP. The zero step is what makes the resize safe for a multi-tenant system: the new region is filled with zeros so the next tenant doesn't see the previous tenant's data.

The C-side handler is rpc_bdev_lvol_resize ( module/bdev/lvol/vbdev_lvol_rpc.c:846 ). The chain is vbdev_lvol_resize → spdk_lvol_resize → spdk_blob_resize. The blobstore allocates the new clusters (or extends the extent table for thin lvols), updates the blob's metadata, and on completion notifies the bdev layer via spdk_bdev_notify_blockcnt_change ( module/bdev/lvol/vbdev_lvol.c:1406 ). The framework then re-evaluates the bdev's blockcnt and notifies any desc holders.

Trace 3: `processDeletingSnapshots`

The snapshot-delete loop. A separate goroutine on a 1 Hz tick. The DB returns snapshots in DELETING state on this node.

spdk_v26_01_migration/diskengine/internal/storagenode/snapshotdelete.go · lines 40-102 processDeletingSnapshots — the delete dispatcher

func processDeletingSnapshots(ctx context.Context,
        client *spdkclient.Client) {
    snapshots, err := repository.GetDeletingSnapshotsOnNode(
            ctx, config.Value.BAREMETAL_ID)
    if err != nil { return }

    // Build set of loaded lvstores in SPDK to verify deletion safety
    loadedLvstores := make(map[string]struct{})
    if lvstores, err := client.BdevLvolGetLvstores(); err != nil {
        // ...
    } else {
        for _, lvs := range lvstores {
            loadedLvstores[lvs.UUID] = struct{}{}
        }
    }

    for _, s := range snapshots {
        params := spdkclient.BdevLvolDeleteParams{Name: s.LvolUUID}
        err := client.BdevLvolDelete(params)
        if err != nil {
            msg := strings.ToLower(err.Error())
            if strings.Contains(msg, "not found") ||
                    strings.Contains(msg, "no such") ||
                    strings.Contains(msg, "does not exist") {
                // Lvol not found - check if the lvstore is loaded
                if s.LvstoreUUID != "" {
                    if _, loaded := loadedLvstores[s.LvstoreUUID]; !loaded {
                        // lvstore not loaded yet; the snapshot may
                        // still exist on disk and will reappear.
                        // Defer.
                        continue
                    }
                }
                // lvstore is loaded and lvol is confirmed absent -
                // safe to finalize
            } else {
                logger.Error.Printf("delete lvol %s failed: %v", s.LvolUUID, err)
                continue
            }
        } else {
            logger.Info.Printf("deleted lvol %s for snapshot %d", s.LvolUUID, s.SnapshotID)
        }

        // Finalize in DB
        if err := repository.FinalizeSnapshotDeletion(
                ctx, s.SnapshotID); err != nil {
            continue
        }

        // Reconcile lvstore free bytes from SPDK as source of truth
        if s.LvstoreUUID != "" {
            if lvsInfo, er := client.BdevLvolGetLvstore(
                    s.LvstoreUUID); er == nil {
                spdkFree := int64(lvsInfo.FreeClusters *
                                   lvsInfo.ClusterSize)
                if err := repository.UpdateLvstoreFreeBytes(
                        ctx, s.LvstoreUUID, spdkFree); err != nil {
                    logger.Error.Printf("update lvstore free_bytes failed: %v", err)
                }
            }
        }
    }
}

Five steps: read DB, build loaded-lvstore set (for the "not found" safety check), call bdev_lvol_delete, finalize the row, re-sync the lvstore's free-cluster count.

The C-side handler is rpc_bdev_lvol_delete ( module/bdev/lvol/vbdev_lvol_rpc.c:995 ), which calls vbdev_lvol_destroy ( module/bdev/lvol/vbdev_lvol.c:690 ). That function calls _vbdev_lvol_destroy (line 650), which checks for clones and then calls spdk_bdev_unregister. The bdev unregister fires vbdev_lvol_unregister (line 615), which calls spdk_lvol_close. The lvol close path then triggers the blob's destroy, which releases the clusters back to the pool and updates FreeClusters.

The free-cluster re-sync is the part diskengine cares about: after the delete, the lvstore's free pool is bigger by however many clusters the snapshot owned. The spdkFree calculation at line 95 is the same FreeClusters * ClusterSize formula we saw in the lvstore-metadata page, just applied here to a post-delete state.

Edge cases & what trips people up

"Already exists" recovery: this is the path you want to hit

The isAlreadyExistsErr check in

isAlreadyExistsErr:101

exists for a reason: SPDK may have created the lvol, the Go process may have crashed before marking the DB row READY, and the next tick would otherwise re-create. The recovery flow ( findExistingLvolUUID:103 ) queries SPDK for the lvol by name and uses its UUID. The fact that this is in the hot path is a feature, not a bug — it makes the loop crash-safe.

Lvstore not loaded: defer the snapshot delete

If the lvol's lvstore isn't loaded in SPDK yet (e.g. after an SPDK restart that hasn't finished examining all bdevs), the snapshot delete would say "not found" but the snapshot might still exist on disk. The loadedLvstores set ( loadedLvstores:49 ) prevents the diskengine from finalizing the deletion in that case. The delete retries on the next tick.

Concurrent provision + verify on the same tick

provisioningLoop calls processProvisioning and verifyState in the same tick. The verify state is just-after-the-create, which means it sees the newly-created lvol in SPDK and the still-CREATING row in the DB. The verifier doesn't check the CREATING state — it only checks READY lvols (see GetReadyLvols:24 ). So a create-in-progress doesn't trigger a false drift report. The create-then-finalize window is one function call, not a tick.

Resize with an in-progress NBD zero

If the resize succeeds but the NBD-based zeroing fails (e.g. dd is killed), the lvol is in a halfway state: it has the new size, but the delta region is uninitialized. The processInPlaceResizes loop returns without calling repository.MarkLvolUpByUUID, so the DB row stays in RESIZING state and the resize retries on the next tick. The next tick reads the current SPDK size (which already includes the delta), and the "already at or above requested size" check at

cur.bytes >= want:81

makes it skip the resize — but the zero is still missing. The cleanest fix is to record in the DB that the resize succeeded but the zero didn't, and re-zero on the next tick. Diskengine currently doesn't track this state separately; it logs the failure and hopes the next restart catches it via the verification loop.

RPC failure mid-create: the lvol is orphaned

If bdev_lvol_create succeeds but the subsequent NvmfSubsystemAddNs fails for a reason other than "already exists", the lvol is created in SPDK but not exposed via NVMe-oF. The log at

orphan bdev warning:132

is the operator's hint. The cleanup is manual (bdev_lvol_delete by hand, or verifyState will report it on the next tick).

What to take away

Three goroutines, three 1 Hz loops, three end-to-end traces. The create path goes Go → JSON-RPC → rpc_bdev_lvol_create → vbdev_lvol_create → spdk_lvol_create → blobstore. The resize path adds a zeroing step (via NBD + dd) that is the slowest part of the operation. The delete path re-syncs the lvstore's free-cluster count from SPDK after the lvol is destroyed. verifyState runs on the same tick as the create path and is the safety net for all three: every discrepancy between DB and SPDK is reported, and the capacity / free-bytes counters are updated to match SPDK's view. The whole subsystem is designed to make a 1-second-tick, eventually consistent system that converges in the face of crashes and partial failures.

You're now at the end of Layer 5. The next layer is 6.1 — NVMe-oF concepts, which is about how those lvols get exposed over the network.

What diskengine actually does when it touches an lvol.

The orchestrator: provisioningLoop ticks every second

Trace 1: processProvisioning

Trace 1: provisionLvol

Trace 1: ensureNvmeofReady

Trace 1: BdevLvolCreate — Go to C

Trace 1: rpc_bdev_lvol_create — the C handler

Trace 1: vbdev_lvol_create — into the lvol layer