search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
linux-aio: avoid deadlock in nested aio_poll() calls
[qemu/ar7.git] / block / linux-aio.c
blob9aca758b10f54f187b1147febd09fdfa1a5da656
1 /*
2 * Linux native AIO support.
3 *
4 * Copyright (C) 2009 IBM, Corp.
5 * Copyright (C) 2009 Red Hat, Inc.
6 *
7 * This work is licensed under the terms of the GNU GPL, version 2 or later.
8 * See the COPYING file in the top-level directory.
9 */
10 #include "qemu-common.h"
11 #include "block/aio.h"
12 #include "qemu/queue.h"
13 #include "block/raw-aio.h"
14 #include "qemu/event_notifier.h"
15
16 #include <libaio.h>
17
18 /*
19 * Queue size (per-device).
20 *
21 * XXX: eventually we need to communicate this to the guest and/or make it
22 * tunable by the guest. If we get more outstanding requests at a time
23 * than this we will get EAGAIN from io_submit which is communicated to
24 * the guest as an I/O error.
25 */
26 #define MAX_EVENTS 128
27
28 #define MAX_QUEUED_IO 128
29
30 struct qemu_laiocb {
31 BlockDriverAIOCB common;
32 struct qemu_laio_state *ctx;
33 struct iocb iocb;
34 ssize_t ret;
35 size_t nbytes;
36 QEMUIOVector *qiov;
37 bool is_read;
38 QLIST_ENTRY(qemu_laiocb) node;
39 };
40
41 typedef struct {
42 struct iocb *iocbs[MAX_QUEUED_IO];
43 int plugged;
44 unsigned int size;
45 unsigned int idx;
46 } LaioQueue;
47
48 struct qemu_laio_state {
49 io_context_t ctx;
50 EventNotifier e;
51
52 /* io queue for submit at batch */
53 LaioQueue io_q;
54
55 /* I/O completion processing */
56 QEMUBH *completion_bh;
57 struct io_event events[MAX_EVENTS];
58 int event_idx;
59 int event_max;
60 };
61
62 static inline ssize_t io_event_ret(struct io_event *ev)
63 {
64 return (ssize_t)(((uint64_t)ev->res2 << 32) | ev->res);
65 }
66
67 /*
68 * Completes an AIO request (calls the callback and frees the ACB).
69 */
70 static void qemu_laio_process_completion(struct qemu_laio_state *s,
71 struct qemu_laiocb *laiocb)
72 {
73 int ret;
74
75 ret = laiocb->ret;
76 if (ret != -ECANCELED) {
77 if (ret == laiocb->nbytes) {
78 ret = 0;
79 } else if (ret >= 0) {
80 /* Short reads mean EOF, pad with zeros. */
81 if (laiocb->is_read) {
82 qemu_iovec_memset(laiocb->qiov, ret, 0,
83 laiocb->qiov->size - ret);
84 } else {
85 ret = -EINVAL;
86 }
87 }
88
89 laiocb->common.cb(laiocb->common.opaque, ret);
90 }
91
92 qemu_aio_release(laiocb);
93 }
94
95 /* The completion BH fetches completed I/O requests and invokes their
96 * callbacks.
97 *
98 * The function is somewhat tricky because it supports nested event loops, for
99 * example when a request callback invokes aio_poll(). In order to do this,
100 * the completion events array and index are kept in qemu_laio_state. The BH
101 * reschedules itself as long as there are completions pending so it will
102 * either be called again in a nested event loop or will be called after all
103 * events have been completed. When there are no events left to complete, the
104 * BH returns without rescheduling.
105 */
106 static void qemu_laio_completion_bh(void *opaque)
107 {
108 struct qemu_laio_state *s = opaque;
109
110 /* Fetch more completion events when empty */
111 if (s->event_idx == s->event_max) {
112 do {
113 struct timespec ts = { 0 };
114 s->event_max = io_getevents(s->ctx, MAX_EVENTS, MAX_EVENTS,
115 s->events, &ts);
116 } while (s->event_max == -EINTR);
117
118 s->event_idx = 0;
119 if (s->event_max <= 0) {
120 s->event_max = 0;
121 return; /* no more events */
122 }
123 }
124
125 /* Reschedule so nested event loops see currently pending completions */
126 qemu_bh_schedule(s->completion_bh);
127
128 /* Process completion events */
129 while (s->event_idx < s->event_max) {
130 struct iocb *iocb = s->events[s->event_idx].obj;
131 struct qemu_laiocb *laiocb =
132 container_of(iocb, struct qemu_laiocb, iocb);
133
134 laiocb->ret = io_event_ret(&s->events[s->event_idx]);
135 s->event_idx++;
136
137 qemu_laio_process_completion(s, laiocb);
138 }
139 }
140
141 static void qemu_laio_completion_cb(EventNotifier *e)
142 {
143 struct qemu_laio_state *s = container_of(e, struct qemu_laio_state, e);
144
145 if (event_notifier_test_and_clear(&s->e)) {
146 qemu_bh_schedule(s->completion_bh);
147 }
148 }
149
150 static void laio_cancel(BlockDriverAIOCB *blockacb)
151 {
152 struct qemu_laiocb *laiocb = (struct qemu_laiocb *)blockacb;
153 struct io_event event;
154 int ret;
155
156 if (laiocb->ret != -EINPROGRESS)
157 return;
158
159 /*
160 * Note that as of Linux 2.6.31 neither the block device code nor any
161 * filesystem implements cancellation of AIO request.
162 * Thus the polling loop below is the normal code path.
163 */
164 ret = io_cancel(laiocb->ctx->ctx, &laiocb->iocb, &event);
165 if (ret == 0) {
166 laiocb->ret = -ECANCELED;
167 return;
168 }
169
170 /*
171 * We have to wait for the iocb to finish.
172 *
173 * The only way to get the iocb status update is by polling the io context.
174 * We might be able to do this slightly more optimal by removing the
175 * O_NONBLOCK flag.
176 */
177 while (laiocb->ret == -EINPROGRESS) {
178 qemu_laio_completion_cb(&laiocb->ctx->e);
179 }
180 }
181
182 static const AIOCBInfo laio_aiocb_info = {
183 .aiocb_size = sizeof(struct qemu_laiocb),
184 .cancel = laio_cancel,
185 };
186
187 static void ioq_init(LaioQueue *io_q)
188 {
189 io_q->size = MAX_QUEUED_IO;
190 io_q->idx = 0;
191 io_q->plugged = 0;
192 }
193
194 static int ioq_submit(struct qemu_laio_state *s)
195 {
196 int ret, i = 0;
197 int len = s->io_q.idx;
198
199 do {
200 ret = io_submit(s->ctx, len, s->io_q.iocbs);
201 } while (i++ < 3 && ret == -EAGAIN);
202
203 /* empty io queue */
204 s->io_q.idx = 0;
205
206 if (ret < 0) {
207 i = 0;
208 } else {
209 i = ret;
210 }
211
212 for (; i < len; i++) {
213 struct qemu_laiocb *laiocb =
214 container_of(s->io_q.iocbs[i], struct qemu_laiocb, iocb);
215
216 laiocb->ret = (ret < 0) ? ret : -EIO;
217 qemu_laio_process_completion(s, laiocb);
218 }
219 return ret;
220 }
221
222 static void ioq_enqueue(struct qemu_laio_state *s, struct iocb *iocb)
223 {
224 unsigned int idx = s->io_q.idx;
225
226 s->io_q.iocbs[idx++] = iocb;
227 s->io_q.idx = idx;
228
229 /* submit immediately if queue is full */
230 if (idx == s->io_q.size) {
231 ioq_submit(s);
232 }
233 }
234
235 void laio_io_plug(BlockDriverState *bs, void *aio_ctx)
236 {
237 struct qemu_laio_state *s = aio_ctx;
238
239 s->io_q.plugged++;
240 }
241
242 int laio_io_unplug(BlockDriverState *bs, void *aio_ctx, bool unplug)
243 {
244 struct qemu_laio_state *s = aio_ctx;
245 int ret = 0;
246
247 assert(s->io_q.plugged > 0 || !unplug);
248
249 if (unplug && --s->io_q.plugged > 0) {
250 return 0;
251 }
252
253 if (s->io_q.idx > 0) {
254 ret = ioq_submit(s);
255 }
256
257 return ret;
258 }
259
260 BlockDriverAIOCB *laio_submit(BlockDriverState *bs, void *aio_ctx, int fd,
261 int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
262 BlockDriverCompletionFunc *cb, void *opaque, int type)
263 {
264 struct qemu_laio_state *s = aio_ctx;
265 struct qemu_laiocb *laiocb;
266 struct iocb *iocbs;
267 off_t offset = sector_num * 512;
268
269 laiocb = qemu_aio_get(&laio_aiocb_info, bs, cb, opaque);
270 laiocb->nbytes = nb_sectors * 512;
271 laiocb->ctx = s;
272 laiocb->ret = -EINPROGRESS;
273 laiocb->is_read = (type == QEMU_AIO_READ);
274 laiocb->qiov = qiov;
275
276 iocbs = &laiocb->iocb;
277
278 switch (type) {
279 case QEMU_AIO_WRITE:
280 io_prep_pwritev(iocbs, fd, qiov->iov, qiov->niov, offset);
281 break;
282 case QEMU_AIO_READ:
283 io_prep_preadv(iocbs, fd, qiov->iov, qiov->niov, offset);
284 break;
285 /* Currently Linux kernel does not support other operations */
286 default:
287 fprintf(stderr, "%s: invalid AIO request type 0x%x.\n",
288 __func__, type);
289 goto out_free_aiocb;
290 }
291 io_set_eventfd(&laiocb->iocb, event_notifier_get_fd(&s->e));
292
293 if (!s->io_q.plugged) {
294 if (io_submit(s->ctx, 1, &iocbs) < 0) {
295 goto out_free_aiocb;
296 }
297 } else {
298 ioq_enqueue(s, iocbs);
299 }
300 return &laiocb->common;
301
302 out_free_aiocb:
303 qemu_aio_release(laiocb);
304 return NULL;
305 }
306
307 void laio_detach_aio_context(void *s_, AioContext *old_context)
308 {
309 struct qemu_laio_state *s = s_;
310
311 aio_set_event_notifier(old_context, &s->e, NULL);
312 qemu_bh_delete(s->completion_bh);
313 }
314
315 void laio_attach_aio_context(void *s_, AioContext *new_context)
316 {
317 struct qemu_laio_state *s = s_;
318
319 s->completion_bh = aio_bh_new(new_context, qemu_laio_completion_bh, s);
320 aio_set_event_notifier(new_context, &s->e, qemu_laio_completion_cb);
321 }
322
323 void *laio_init(void)
324 {
325 struct qemu_laio_state *s;
326
327 s = g_malloc0(sizeof(*s));
328 if (event_notifier_init(&s->e, false) < 0) {
329 goto out_free_state;
330 }
331
332 if (io_setup(MAX_EVENTS, &s->ctx) != 0) {
333 goto out_close_efd;
334 }
335
336 ioq_init(&s->io_q);
337
338 return s;
339
340 out_close_efd:
341 event_notifier_cleanup(&s->e);
342 out_free_state:
343 g_free(s);
344 return NULL;
345 }
346
347 void laio_cleanup(void *s_)
348 {
349 struct qemu_laio_state *s = s_;
350
351 event_notifier_cleanup(&s->e);
352
353 if (io_destroy(s->ctx) != 0) {
354 fprintf(stderr, "%s: destroy AIO context %p failed\n",
355 __func__, &s->ctx);
356 }
357 g_free(s);
358 }
AR7 emulation for QEMU