Series comparison

-[Qemu-devel] [PULL 0/5] Block patches
+[PULL 0/1] Block patches
-The following changes since commit d147f7e815f97cb477e223586bcb80c316ae10ea:
+The following changes since commit 887cba855bb6ff4775256f7968409281350b568c:
-  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2017-10-03 16:27:24 +0100)
+  configure: Fix cross-building for RISCV host (v5) (2023-07-11 17:56:09 +0100)
-are available in the git repository at:
+are available in the Git repository at:
-  git://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to f708a5e71cba0d784e307334c07ade5f56f827ab:
+for you to fetch changes up to 75dcb4d790bbe5327169fd72b185960ca58e2fa6:
-  aio: fix assert when remove poll during destroy (2017-10-03 14:36:19 -0400)
+  virtio-blk: fix host notifier issues during dataplane start/stop (2023-07-12 15:20:32 -0400)
 ----------------------------------------------------------------
 Pull request
 ----------------------------------------------------------------
-----------------------------------------------------------------
+Stefan Hajnoczi (1):
   virtio-blk: fix host notifier issues during dataplane start/stop
-Peter Xu (4):
+ hw/block/dataplane/virtio-blk.c | 67 +++++++++++++++++++--------------
-  qom: provide root container for internal objs
+file changed, 38 insertions(+), 29 deletions(-)
   iothread: provide helpers for internal use
   iothread: export iothread_stop()
   iothread: delay the context release to finalize
 Stefan Hajnoczi (1):
   aio: fix assert when remove poll during destroy
  include/qom/object.h      | 11 +++++++++++
  include/sysemu/iothread.h |  9 +++++++++
  iothread.c                | 46 ++++++++++++++++++++++++++++++++++++----------
  qom/object.c              | 11 +++++++++++
  util/aio-posix.c          |  9 ++++++++-
 files changed, 75 insertions(+), 11 deletions(-)
 --
-.13.6
+.40.1

-[Qemu-devel] [PULL 1/5] qom: provide root container for internal objs
+[PULL 1/1] virtio-blk: fix host notifier issues during dataplane start/stop
-From: Peter Xu <peterx@redhat.com>
+The main loop thread can consume 100% CPU when using --device
 virtio-blk-pci,iothread=<iothread>. ppoll() constantly returns but
 reading virtqueue host notifiers fails with EAGAIN. The file descriptors
 are stale and remain registered with the AioContext because of bugs in
 the virtio-blk dataplane start/stop code.
-We have object_get_objects_root() to keep user created objects, however
+The problem is that the dataplane start/stop code involves drain
-no place for objects that will be used internally.  Create such a
+operations, which call virtio_blk_drained_begin() and
-container for internal objects.
+virtio_blk_drained_end() at points where the host notifier is not
 operational:
 - In virtio_blk_data_plane_start(), blk_set_aio_context() drains after
   vblk->dataplane_started has been set to true but the host notifier has
   not been attached yet.
 - In virtio_blk_data_plane_stop(), blk_drain() and blk_set_aio_context()
   drain after the host notifier has already been detached but with
   vblk->dataplane_started still set to true.
-CC: Andreas Färber <afaerber@suse.de>
+I would like to simplify ->ioeventfd_start/stop() to avoid interactions
-CC: Markus Armbruster <armbru@redhat.com>
+with drain entirely, but couldn't find a way to do that. Instead, this
-CC: Paolo Bonzini <pbonzini@redhat.com>
+patch accepts the fragile nature of the code and reorders it so that
-Suggested-by: Daniel P. Berrange <berrange@redhat.com>
+vblk->dataplane_started is false during drain operations. This way the
-Signed-off-by: Peter Xu <peterx@redhat.com>
+virtio_blk_drained_begin() and virtio_blk_drained_end() calls don't
-Reviewed-by: Fam Zheng <famz@redhat.com>
+touch the host notifier. The result is that
-Message-id: 20170928025958.1420-2-peterx@redhat.com
+virtio_blk_data_plane_start() and virtio_blk_data_plane_stop() have
 complete control over the host notifier and stale file descriptors are
 no longer left in the AioContext.
 This patch fixes the 100% CPU consumption in the main loop thread and
 correctly moves host notifier processing to the IOThread.
 Fixes: 1665d9326fd2 ("virtio-blk: implement BlockDevOps->drained_begin()")
 Reported-by: Lukáš Doktor <ldoktor@redhat.com>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 Tested-by: Lukas Doktor <ldoktor@redhat.com>
 Message-id: 20230704151527.193586-1-stefanha@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/qom/object.h | 11 +++++++++++
+ hw/block/dataplane/virtio-blk.c | 67 +++++++++++++++++++--------------
- qom/object.c         | 11 +++++++++++
+file changed, 38 insertions(+), 29 deletions(-)
 files changed, 22 insertions(+)
-diff --git a/include/qom/object.h b/include/qom/object.h
+diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/qom/object.h
+--- a/hw/block/dataplane/virtio-blk.c
-+++ b/include/qom/object.h
++++ b/hw/block/dataplane/virtio-blk.c
-@@ -XXX,XX +XXX,XX @@ Object *object_get_root(void);
+@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
- Object *object_get_objects_root(void);
+     memory_region_transaction_commit();
- /**
-+ * object_get_internal_root:
+-    /*
-+ *
+-     * These fields are visible to the IOThread so we rely on implicit barriers
-+ * Get the container object that holds internally used object
+-     * in aio_context_acquire() on the write side and aio_notify_accept() on
-+ * instances.  Any object which is put into this container must not be
+-     * the read side.
-+ * user visible, and it will not be exposed in the QOM tree.
+-     */
-+ *
+-    s->starting = false;
-+ * Returns: the internal object container
+-    vblk->dataplane_started = true;
-+ */
+     trace_virtio_blk_data_plane_start(s);
-+Object *object_get_internal_root(void);
      old_context = blk_get_aio_context(s->conf->conf.blk);
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
          event_notifier_set(virtio_queue_get_host_notifier(vq));
      }
 +    /*
 +     * These fields must be visible to the IOThread when it processes the
 +     * virtqueue, otherwise it will think dataplane has not started yet.
 +     *
 +     * Make sure ->dataplane_started is false when blk_set_aio_context() is
 +     * called above so that draining does not cause the host notifier to be
 +     * detached/attached prematurely.
 +     */
 +    s->starting = false;
 +    vblk->dataplane_started = true;
 +    smp_wmb(); /* paired with aio_notify_accept() on the read side */
 +
-+/**
+     /* Get this show started by hooking up our callbacks */
-  * object_get_canonical_path_component:
+     if (!blk_in_drain(s->conf->conf.blk)) {
-  *
+         aio_context_acquire(s->ctx);
-  * Returns: The final component in the object's canonical path.  The canonical
+@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
-diff --git a/qom/object.c b/qom/object.c
+   fail_guest_notifiers:
-index XXXXXXX..XXXXXXX 100644
+     vblk->dataplane_disabled = true;
---- a/qom/object.c
+     s->starting = false;
-+++ b/qom/object.c
+-    vblk->dataplane_started = true;
-@@ -XXX,XX +XXX,XX @@ Object *object_get_objects_root(void)
+     return -ENOSYS;
      return container_get(object_get_root(), "/objects");
  }
-+Object *object_get_internal_root(void)
+@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
-+{
+         aio_wait_bh_oneshot(s->ctx, virtio_blk_data_plane_stop_bh, s);
-+    static Object *internal_root;
+     }
 +    /*
 +     * Batch all the host notifiers in a single transaction to avoid
 +     * quadratic time complexity in address_space_update_ioeventfds().
 +     */
 +    memory_region_transaction_begin();
 +
-+    if (!internal_root) {
++    for (i = 0; i < nvqs; i++) {
-+        internal_root = object_new("container");
++        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
 +    }
 +
-+    return internal_root;
++    /*
-+}
++     * The transaction expects the ioeventfds to be open when it
 +     * commits. Do it now, before the cleanup loop.
 +     */
 +    memory_region_transaction_commit();
 +
- static void object_get_child_property(Object *obj, Visitor *v,
++    for (i = 0; i < nvqs; i++) {
-                                       const char *name, void *opaque,
++        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
-                                       Error **errp)
++    }
 +
 +    /*
 +     * Set ->dataplane_started to false before draining so that host notifiers
 +     * are not detached/attached anymore.
 +     */
 +    vblk->dataplane_started = false;
 +
      aio_context_acquire(s->ctx);
      /* Wait for virtio_blk_dma_restart_bh() and in flight I/O to complete */
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
      aio_context_release(s->ctx);
 -    /*
 -     * Batch all the host notifiers in a single transaction to avoid
 -     * quadratic time complexity in address_space_update_ioeventfds().
 -     */
 -    memory_region_transaction_begin();
 -
 -    for (i = 0; i < nvqs; i++) {
 -        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
 -    }
 -
 -    /*
 -     * The transaction expects the ioeventfds to be open when it
 -     * commits. Do it now, before the cleanup loop.
 -     */
 -    memory_region_transaction_commit();
 -
 -    for (i = 0; i < nvqs; i++) {
 -        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
 -    }
 -
      qemu_bh_cancel(s->bh);
      notify_guest_bh(s); /* final chance to notify guest */
      /* Clean up guest notifier (irq) */
      k->set_guest_notifiers(qbus->parent, nvqs, false);
 -    vblk->dataplane_started = false;
      s->stopping = false;
  }
 --
-.13.6
+.40.1

-[Qemu-devel] [PULL 2/5] iothread: provide helpers for internal use
+Deleted patch
-From: Peter Xu <peterx@redhat.com>
-IOThread is a general framework that contains IO loop environment and a
-real thread behind.  It's also good to be used internally inside qemu.
-Provide some helpers for it to create iothreads to be used internally.
-Put all the internal used iothreads into the internal object container.
-Reviewed-by: Fam Zheng <famz@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Message-id: 20170928025958.1420-3-peterx@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/sysemu/iothread.h |  8 ++++++++
- iothread.c                | 16 ++++++++++++++++
-files changed, 24 insertions(+)
-diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/sysemu/iothread.h
-+++ b/include/sysemu/iothread.h
-@@ -XXX,XX +XXX,XX @@ AioContext *iothread_get_aio_context(IOThread *iothread);
- void iothread_stop_all(void);
- GMainContext *iothread_get_g_main_context(IOThread *iothread);
-+/*
-+ * Helpers used to allocate iothreads for internal use.  These
-+ * iothreads will not be seen by monitor clients when query using
-+ * "query-iothreads".
-+ */
-+IOThread *iothread_create(const char *id, Error **errp);
-+void iothread_destroy(IOThread *iothread);
-+
- #endif /* IOTHREAD_H */
-diff --git a/iothread.c b/iothread.c
-index XXXXXXX..XXXXXXX 100644
---- a/iothread.c
-+++ b/iothread.c
-@@ -XXX,XX +XXX,XX @@ GMainContext *iothread_get_g_main_context(IOThread *iothread)
-     return iothread->worker_context;
- }
-+
-+IOThread *iothread_create(const char *id, Error **errp)
-+{
-+    Object *obj;
-+
-+    obj = object_new_with_props(TYPE_IOTHREAD,
-+                                object_get_internal_root(),
-+                                id, errp, NULL);
-+
-+    return IOTHREAD(obj);
-+}
-+
-+void iothread_destroy(IOThread *iothread)
-+{
-+    object_unparent(OBJECT(iothread));
-+}
---
-.13.6

-[Qemu-devel] [PULL 3/5] iothread: export iothread_stop()
+Deleted patch
-From: Peter Xu <peterx@redhat.com>
-So that internal iothread users can explicitly stop one iothread without
-destroying it.
-Since at it, fix iothread_stop() to allow it to be called multiple
-times.  Before this patch we may call iothread_stop() more than once on
-single iothread, while that may not be correct since qemu_thread_join()
-is not allowed to run twice.  From manual of pthread_join():
-  Joining with a thread that has previously been joined results in
-  undefined behavior.
-Reviewed-by: Fam Zheng <famz@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Message-id: 20170928025958.1420-4-peterx@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/sysemu/iothread.h |  1 +
- iothread.c                | 24 ++++++++++++++++--------
-files changed, 17 insertions(+), 8 deletions(-)
-diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/sysemu/iothread.h
-+++ b/include/sysemu/iothread.h
-@@ -XXX,XX +XXX,XX @@ GMainContext *iothread_get_g_main_context(IOThread *iothread);
-  * "query-iothreads".
-  */
- IOThread *iothread_create(const char *id, Error **errp);
-+void iothread_stop(IOThread *iothread);
- void iothread_destroy(IOThread *iothread);
- #endif /* IOTHREAD_H */
-diff --git a/iothread.c b/iothread.c
-index XXXXXXX..XXXXXXX 100644
---- a/iothread.c
-+++ b/iothread.c
-@@ -XXX,XX +XXX,XX @@ static void *iothread_run(void *opaque)
-     return NULL;
- }
--static int iothread_stop(Object *object, void *opaque)
-+void iothread_stop(IOThread *iothread)
- {
--    IOThread *iothread;
--
--    iothread = (IOThread *)object_dynamic_cast(object, TYPE_IOTHREAD);
--    if (!iothread || !iothread->ctx || iothread->stopping) {
--        return 0;
-+    if (!iothread->ctx || iothread->stopping) {
-+        return;
-     }
-     iothread->stopping = true;
-     aio_notify(iothread->ctx);
-@@ -XXX,XX +XXX,XX @@ static int iothread_stop(Object *object, void *opaque)
-         g_main_loop_quit(iothread->main_loop);
-     }
-     qemu_thread_join(&iothread->thread);
-+}
-+
-+static int iothread_stop_iter(Object *object, void *opaque)
-+{
-+    IOThread *iothread;
-+
-+    iothread = (IOThread *)object_dynamic_cast(object, TYPE_IOTHREAD);
-+    if (!iothread) {
-+        return 0;
-+    }
-+    iothread_stop(iothread);
-     return 0;
- }
-@@ -XXX,XX +XXX,XX @@ static void iothread_instance_finalize(Object *obj)
- {
-     IOThread *iothread = IOTHREAD(obj);
--    iothread_stop(obj, NULL);
-+    iothread_stop(iothread);
-     qemu_cond_destroy(&iothread->init_done_cond);
-     qemu_mutex_destroy(&iothread->init_done_lock);
-     if (!iothread->ctx) {
-@@ -XXX,XX +XXX,XX @@ void iothread_stop_all(void)
-         aio_context_release(ctx);
-     }
--    object_child_foreach(container, iothread_stop, NULL);
-+    object_child_foreach(container, iothread_stop_iter, NULL);
- }
- static gpointer iothread_g_main_context_init(gpointer opaque)
---
-.13.6

-[Qemu-devel] [PULL 4/5] iothread: delay the context release to finalize
+Deleted patch
-From: Peter Xu <peterx@redhat.com>
-When gcontext is used with iothread, the context will be destroyed
-during iothread_stop().  That's not good since sometimes we would like
-to keep the resources until iothread is destroyed, but we may want to
-stop the thread before that point.
-Delay the destruction of gcontext to iothread finalize.  Then we can do:
-  iothread_stop(thread);
-  some_cleanup_on_resources();
-  iothread_destroy(thread);
-We may need this patch if we want to run chardev IOs in iothreads and
-hopefully clean them up correctly.  For more specific information,
-please see 2b316774f6 ("qemu-char: do not operate on sources from
-finalize callbacks").
-Reviewed-by: Fam Zheng <famz@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Message-id: 20170928025958.1420-5-peterx@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- iothread.c | 6 ++++--
-file changed, 4 insertions(+), 2 deletions(-)
-diff --git a/iothread.c b/iothread.c
-index XXXXXXX..XXXXXXX 100644
---- a/iothread.c
-+++ b/iothread.c
-@@ -XXX,XX +XXX,XX @@ static void *iothread_run(void *opaque)
-             g_main_loop_unref(loop);
-             g_main_context_pop_thread_default(iothread->worker_context);
--            g_main_context_unref(iothread->worker_context);
--            iothread->worker_context = NULL;
-         }
-     }
-@@ -XXX,XX +XXX,XX @@ static void iothread_instance_finalize(Object *obj)
-     IOThread *iothread = IOTHREAD(obj);
-     iothread_stop(iothread);
-+    if (iothread->worker_context) {
-+        g_main_context_unref(iothread->worker_context);
-+        iothread->worker_context = NULL;
-+    }
-     qemu_cond_destroy(&iothread->init_done_cond);
-     qemu_mutex_destroy(&iothread->init_done_lock);
-     if (!iothread->ctx) {
---
-.13.6

-[Qemu-devel] [PULL 5/5] aio: fix assert when remove poll during destroy
+Deleted patch
-After iothread is enabled internally inside QEMU with GMainContext, we
-may encounter this warning when destroying the iothread:
-(qemu-system-x86_64:19925): GLib-CRITICAL **: g_source_remove_poll:
- assertion '!SOURCE_DESTROYED (source)' failed
-The problem is that g_source_remove_poll() does not allow to remove one
-source from array if the source is detached from its owner
-context. (peterx: which IMHO does not make much sense)
-Fix it on QEMU side by avoid calling g_source_remove_poll() if we know
-the object is during destruction, and we won't leak anything after all
-since the array will be gone soon cleanly even with that fd.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Fam Zheng <famz@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Message-id: 20170928025958.1420-6-peterx@redhat.com
-[peterx: write the commit message]
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- util/aio-posix.c | 9 ++++++++-
-file changed, 8 insertions(+), 1 deletion(-)
-diff --git a/util/aio-posix.c b/util/aio-posix.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/aio-posix.c
-+++ b/util/aio-posix.c
-@@ -XXX,XX +XXX,XX @@ void aio_set_fd_handler(AioContext *ctx,
-             return;
-         }
--        g_source_remove_poll(&ctx->source, &node->pfd);
-+        /* If the GSource is in the process of being destroyed then
-+         * g_source_remove_poll() causes an assertion failure.  Skip
-+         * removal in that case, because glib cleans up its state during
-+         * destruction anyway.
-+         */
-+        if (!g_source_is_destroyed(&ctx->source)) {
-+            g_source_remove_poll(&ctx->source, &node->pfd);
-+        }
-         /* If the lock is held, just mark the node as deleted */
-         if (qemu_lockcnt_count(&ctx->list_lock)) {
---
-.13.6

The following changes since commit d147f7e815f97cb477e223586bcb80c316ae10ea:

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2017-10-03 16:27:24 +0100)

are available in the git repository at:

git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to f708a5e71cba0d784e307334c07ade5f56f827ab:

aio: fix assert when remove poll during destroy (2017-10-03 14:36:19 -0400)

----------------------------------------------------------------

Peter Xu (4):
  qom: provide root container for internal objs
  iothread: provide helpers for internal use
  iothread: export iothread_stop()
  iothread: delay the context release to finalize

Stefan Hajnoczi (1):
  aio: fix assert when remove poll during destroy

-- 
2.13.6

From: Peter Xu <peterx@redhat.com>

We have object_get_objects_root() to keep user created objects, however
no place for objects that will be used internally.  Create such a
container for internal objects.

CC: Andreas Färber <afaerber@suse.de>
CC: Markus Armbruster <armbru@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 20170928025958.1420-2-peterx@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qom/object.h | 11 +++++++++++
 qom/object.c         | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/include/qom/object.h b/include/qom/object.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -XXX,XX +XXX,XX @@ Object *object_get_root(void);
 Object *object_get_objects_root(void);
 
 /**
+ * object_get_internal_root:
+ *
+ * Get the container object that holds internally used object
+ * instances.  Any object which is put into this container must not be
+ * user visible, and it will not be exposed in the QOM tree.
+ *
+ * Returns: the internal object container
+ */
+Object *object_get_internal_root(void);
+
+/**
  * object_get_canonical_path_component:
  *
  * Returns: The final component in the object's canonical path.  The canonical
diff --git a/qom/object.c b/qom/object.c
index XXXXXXX..XXXXXXX 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -XXX,XX +XXX,XX @@ Object *object_get_objects_root(void)
     return container_get(object_get_root(), "/objects");
 }
 
+Object *object_get_internal_root(void)
+{
+    static Object *internal_root;
+
+    if (!internal_root) {
+        internal_root = object_new("container");
+    }
+
+    return internal_root;
+}
+
 static void object_get_child_property(Object *obj, Visitor *v,
                                       const char *name, void *opaque,
                                       Error **errp)
-- 
2.13.6

From: Peter Xu <peterx@redhat.com>

IOThread is a general framework that contains IO loop environment and a
real thread behind.  It's also good to be used internally inside qemu.
Provide some helpers for it to create iothreads to be used internally.

Put all the internal used iothreads into the internal object container.

Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 20170928025958.1420-3-peterx@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/sysemu/iothread.h |  8 ++++++++
 iothread.c                | 16 ++++++++++++++++
 2 files changed, 24 insertions(+)

From: Peter Xu <peterx@redhat.com>

So that internal iothread users can explicitly stop one iothread without
destroying it.

Since at it, fix iothread_stop() to allow it to be called multiple
times.  Before this patch we may call iothread_stop() more than once on
single iothread, while that may not be correct since qemu_thread_join()
is not allowed to run twice.  From manual of pthread_join():

Joining with a thread that has previously been joined results in
  undefined behavior.

Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 20170928025958.1420-4-peterx@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/sysemu/iothread.h |  1 +
 iothread.c                | 24 ++++++++++++++++--------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
index XXXXXXX..XXXXXXX 100644
--- a/include/sysemu/iothread.h
+++ b/include/sysemu/iothread.h
@@ -XXX,XX +XXX,XX @@ GMainContext *iothread_get_g_main_context(IOThread *iothread);
  * "query-iothreads".
  */
 IOThread *iothread_create(const char *id, Error **errp);
+void iothread_stop(IOThread *iothread);
 void iothread_destroy(IOThread *iothread);
 
 #endif /* IOTHREAD_H */
diff --git a/iothread.c b/iothread.c
index XXXXXXX..XXXXXXX 100644
--- a/iothread.c
+++ b/iothread.c
@@ -XXX,XX +XXX,XX @@ static void *iothread_run(void *opaque)
     return NULL;
 }
 
-static int iothread_stop(Object *object, void *opaque)
+void iothread_stop(IOThread *iothread)
 {
-    IOThread *iothread;
-
-    iothread = (IOThread *)object_dynamic_cast(object, TYPE_IOTHREAD);
-    if (!iothread || !iothread->ctx || iothread->stopping) {
-        return 0;
+    if (!iothread->ctx || iothread->stopping) {
+        return;
     }
     iothread->stopping = true;
     aio_notify(iothread->ctx);
@@ -XXX,XX +XXX,XX @@ static int iothread_stop(Object *object, void *opaque)
         g_main_loop_quit(iothread->main_loop);
     }
     qemu_thread_join(&iothread->thread);
+}
+
+static int iothread_stop_iter(Object *object, void *opaque)
+{
+    IOThread *iothread;
+
+    iothread = (IOThread *)object_dynamic_cast(object, TYPE_IOTHREAD);
+    if (!iothread) {
+        return 0;
+    }
+    iothread_stop(iothread);
     return 0;
 }
 
@@ -XXX,XX +XXX,XX @@ static void iothread_instance_finalize(Object *obj)
 {
     IOThread *iothread = IOTHREAD(obj);
 
-    iothread_stop(obj, NULL);
+    iothread_stop(iothread);
     qemu_cond_destroy(&iothread->init_done_cond);
     qemu_mutex_destroy(&iothread->init_done_lock);
     if (!iothread->ctx) {
@@ -XXX,XX +XXX,XX @@ void iothread_stop_all(void)
         aio_context_release(ctx);
     }
 
-    object_child_foreach(container, iothread_stop, NULL);
+    object_child_foreach(container, iothread_stop_iter, NULL);
 }
 
 static gpointer iothread_g_main_context_init(gpointer opaque)
-- 
2.13.6

From: Peter Xu <peterx@redhat.com>

When gcontext is used with iothread, the context will be destroyed
during iothread_stop().  That's not good since sometimes we would like
to keep the resources until iothread is destroyed, but we may want to
stop the thread before that point.

Delay the destruction of gcontext to iothread finalize.  Then we can do:

iothread_stop(thread);
  some_cleanup_on_resources();
  iothread_destroy(thread);

We may need this patch if we want to run chardev IOs in iothreads and
hopefully clean them up correctly.  For more specific information,
please see 2b316774f6 ("qemu-char: do not operate on sources from
finalize callbacks").

Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 20170928025958.1420-5-peterx@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 iothread.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/iothread.c b/iothread.c
index XXXXXXX..XXXXXXX 100644
--- a/iothread.c
+++ b/iothread.c
@@ -XXX,XX +XXX,XX @@ static void *iothread_run(void *opaque)
             g_main_loop_unref(loop);
 
             g_main_context_pop_thread_default(iothread->worker_context);
-            g_main_context_unref(iothread->worker_context);
-            iothread->worker_context = NULL;
         }
     }
 
@@ -XXX,XX +XXX,XX @@ static void iothread_instance_finalize(Object *obj)
     IOThread *iothread = IOTHREAD(obj);
 
     iothread_stop(iothread);
+    if (iothread->worker_context) {
+        g_main_context_unref(iothread->worker_context);
+        iothread->worker_context = NULL;
+    }
     qemu_cond_destroy(&iothread->init_done_cond);
     qemu_mutex_destroy(&iothread->init_done_lock);
     if (!iothread->ctx) {
-- 
2.13.6

After iothread is enabled internally inside QEMU with GMainContext, we
may encounter this warning when destroying the iothread:

(qemu-system-x86_64:19925): GLib-CRITICAL **: g_source_remove_poll:
 assertion '!SOURCE_DESTROYED (source)' failed

The problem is that g_source_remove_poll() does not allow to remove one
source from array if the source is detached from its owner
context. (peterx: which IMHO does not make much sense)

Fix it on QEMU side by avoid calling g_source_remove_poll() if we know
the object is during destruction, and we won't leak anything after all
since the array will be gone soon cleanly even with that fd.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 20170928025958.1420-6-peterx@redhat.com
[peterx: write the commit message]
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 util/aio-posix.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/util/aio-posix.c b/util/aio-posix.c
index XXXXXXX..XXXXXXX 100644
--- a/util/aio-posix.c
+++ b/util/aio-posix.c
@@ -XXX,XX +XXX,XX @@ void aio_set_fd_handler(AioContext *ctx,
             return;
         }
 
-        g_source_remove_poll(&ctx->source, &node->pfd);
+        /* If the GSource is in the process of being destroyed then
+         * g_source_remove_poll() causes an assertion failure.  Skip
+         * removal in that case, because glib cleans up its state during
+         * destruction anyway.
+         */
+        if (!g_source_is_destroyed(&ctx->source)) {
+            g_source_remove_poll(&ctx->source, &node->pfd);
+        }
 
         /* If the lock is held, just mark the node as deleted */
         if (qemu_lockcnt_count(&ctx->list_lock)) {
-- 
2.13.6

The main loop thread can consume 100% CPU when using --device
virtio-blk-pci,iothread=<iothread>. ppoll() constantly returns but
reading virtqueue host notifiers fails with EAGAIN. The file descriptors
are stale and remain registered with the AioContext because of bugs in
the virtio-blk dataplane start/stop code.

The problem is that the dataplane start/stop code involves drain
operations, which call virtio_blk_drained_begin() and
virtio_blk_drained_end() at points where the host notifier is not
operational:
- In virtio_blk_data_plane_start(), blk_set_aio_context() drains after
  vblk->dataplane_started has been set to true but the host notifier has
  not been attached yet.
- In virtio_blk_data_plane_stop(), blk_drain() and blk_set_aio_context()
  drain after the host notifier has already been detached but with
  vblk->dataplane_started still set to true.

I would like to simplify ->ioeventfd_start/stop() to avoid interactions
with drain entirely, but couldn't find a way to do that. Instead, this
patch accepts the fragile nature of the code and reorders it so that
vblk->dataplane_started is false during drain operations. This way the
virtio_blk_drained_begin() and virtio_blk_drained_end() calls don't
touch the host notifier. The result is that
virtio_blk_data_plane_start() and virtio_blk_data_plane_stop() have
complete control over the host notifier and stale file descriptors are
no longer left in the AioContext.

This patch fixes the 100% CPU consumption in the main loop thread and
correctly moves host notifier processing to the IOThread.

Fixes: 1665d9326fd2 ("virtio-blk: implement BlockDevOps->drained_begin()")
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Lukas Doktor <ldoktor@redhat.com>
Message-id: 20230704151527.193586-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/block/dataplane/virtio-blk.c | 67 +++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 29 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
 
     memory_region_transaction_commit();
 
-    /*
-     * These fields are visible to the IOThread so we rely on implicit barriers
-     * in aio_context_acquire() on the write side and aio_notify_accept() on
-     * the read side.
-     */
-    s->starting = false;
-    vblk->dataplane_started = true;
     trace_virtio_blk_data_plane_start(s);
 
     old_context = blk_get_aio_context(s->conf->conf.blk);
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
         event_notifier_set(virtio_queue_get_host_notifier(vq));
     }
 
+    /*
+     * These fields must be visible to the IOThread when it processes the
+     * virtqueue, otherwise it will think dataplane has not started yet.
+     *
+     * Make sure ->dataplane_started is false when blk_set_aio_context() is
+     * called above so that draining does not cause the host notifier to be
+     * detached/attached prematurely.
+     */
+    s->starting = false;
+    vblk->dataplane_started = true;
+    smp_wmb(); /* paired with aio_notify_accept() on the read side */
+
     /* Get this show started by hooking up our callbacks */
     if (!blk_in_drain(s->conf->conf.blk)) {
         aio_context_acquire(s->ctx);
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
   fail_guest_notifiers:
     vblk->dataplane_disabled = true;
     s->starting = false;
-    vblk->dataplane_started = true;
     return -ENOSYS;
 }
 
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
         aio_wait_bh_oneshot(s->ctx, virtio_blk_data_plane_stop_bh, s);
     }
 
+    /*
+     * Batch all the host notifiers in a single transaction to avoid
+     * quadratic time complexity in address_space_update_ioeventfds().
+     */
+    memory_region_transaction_begin();
+
+    for (i = 0; i < nvqs; i++) {
+        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
+    }
+
+    /*
+     * The transaction expects the ioeventfds to be open when it
+     * commits. Do it now, before the cleanup loop.
+     */
+    memory_region_transaction_commit();
+
+    for (i = 0; i < nvqs; i++) {
+        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
+    }
+
+    /*
+     * Set ->dataplane_started to false before draining so that host notifiers
+     * are not detached/attached anymore.
+     */
+    vblk->dataplane_started = false;
+
     aio_context_acquire(s->ctx);
 
     /* Wait for virtio_blk_dma_restart_bh() and in flight I/O to complete */
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
 
     aio_context_release(s->ctx);
 
-    /*
-     * Batch all the host notifiers in a single transaction to avoid
-     * quadratic time complexity in address_space_update_ioeventfds().
-     */
-    memory_region_transaction_begin();
-
-    for (i = 0; i < nvqs; i++) {
-        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
-    }
-
-    /*
-     * The transaction expects the ioeventfds to be open when it
-     * commits. Do it now, before the cleanup loop.
-     */
-    memory_region_transaction_commit();
-
-    for (i = 0; i < nvqs; i++) {
-        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
-    }
-
     qemu_bh_cancel(s->bh);
     notify_guest_bh(s); /* final chance to notify guest */
 
     /* Clean up guest notifier (irq) */
     k->set_guest_notifiers(qbus->parent, nvqs, false);
 
-    vblk->dataplane_started = false;
     s->stopping = false;
 }
-- 
2.40.1