Series comparison

-[Qemu-devel] [PULL 0/4] Block patches
+[PULL for-6.0 0/8] Block patches
-The following changes since commit f58d9620aa4a514b1227074ff56eefd1334a6225:
+The following changes since commit 6c769690ac845fa62642a5f93b4e4bd906adab95:
-  Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20180326' into staging (2018-03-27 10:27:34 +0100)
+  Merge remote-tracking branch 'remotes/vsementsov/tags/pull-simplebench-2021-05-04' into staging (2021-05-21 12:02:34 +0100)
 are available in the Git repository at:
-  git://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to f5a53faad4bfbf1b86012a13055d2a1a774a42b6:
+for you to fetch changes up to 0a6f0c76a030710780ce10d6347a70f098024d21:
-  MAINTAINERS: add include/block/aio-wait.h (2018-03-27 13:05:48 +0100)
+  coroutine-sleep: introduce qemu_co_sleep (2021-05-21 18:22:33 +0100)
 ----------------------------------------------------------------
 Pull request
 ----------------------------------------------------------------
-----------------------------------------------------------------
+Paolo Bonzini (6):
   coroutine-sleep: use a stack-allocated timer
   coroutine-sleep: disallow NULL QemuCoSleepState** argument
   coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing
   coroutine-sleep: move timer out of QemuCoSleepState
   coroutine-sleep: replace QemuCoSleepState pointer with struct in the
     API
   coroutine-sleep: introduce qemu_co_sleep
-Stefan Hajnoczi (4):
+Philippe Mathieu-Daudé (1):
-  queue: add QSIMPLEQ_PREPEND()
+  bitops.h: Improve find_xxx_bit() documentation
   coroutine: avoid co_queue_wakeup recursion
   coroutine: add test-aio coroutine queue chaining test case
   MAINTAINERS: add include/block/aio-wait.h
- MAINTAINERS                  |   1 +
+Zenghui Yu (1):
- include/qemu/coroutine_int.h |   1 -
+  multi-process: Initialize variables declared with g_auto*
- include/qemu/queue.h         |   8 ++++
- block/io.c                   |   3 +-
+ include/qemu/bitops.h       | 15 ++++++--
- tests/test-aio.c             |  65 ++++++++++++++++++++-----
+ include/qemu/coroutine.h    | 27 ++++++++-----
- util/qemu-coroutine-lock.c   |  34 -------------
+ block/block-copy.c          | 10 ++---
- util/qemu-coroutine.c        | 110 +++++++++++++++++++++++--------------------
+ block/nbd.c                 | 14 +++----
-files changed, 121 insertions(+), 101 deletions(-)
+ hw/remote/memory.c          |  5 +--
  hw/remote/proxy.c           |  3 +-
  util/qemu-coroutine-sleep.c | 75 +++++++++++++++++++------------------
 files changed, 79 insertions(+), 70 deletions(-)
 --
-.14.3
+.31.1

-[Qemu-devel] [PULL 1/4] queue: add QSIMPLEQ_PREPEND()
+Deleted patch
-QSIMPLEQ_CONCAT(a, b) joins a = a + b.  The new QSIMPLEQ_PREPEND(a, b)
-API joins a = b + a.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20180322152834.12656-2-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/qemu/queue.h | 8 ++++++++
-file changed, 8 insertions(+)
-diff --git a/include/qemu/queue.h b/include/qemu/queue.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/queue.h
-+++ b/include/qemu/queue.h
-@@ -XXX,XX +XXX,XX @@ struct {                                                                \
-     }                                                                   \
- } while (/*CONSTCOND*/0)
-+#define QSIMPLEQ_PREPEND(head1, head2) do {                             \
-+    if (!QSIMPLEQ_EMPTY((head2))) {                                     \
-+        *(head2)->sqh_last = (head1)->sqh_first;                        \
-+        (head1)->sqh_first = (head2)->sqh_first;                          \
-+        QSIMPLEQ_INIT((head2));                                         \
-+    }                                                                   \
-+} while (/*CONSTCOND*/0)
-+
- #define QSIMPLEQ_LAST(head, type, field)                                \
-     (QSIMPLEQ_EMPTY((head)) ?                                           \
-         NULL :                                                          \
---
-.14.3

-[Qemu-devel] [PULL 2/4] coroutine: avoid co_queue_wakeup recursion
+Deleted patch
-qemu_aio_coroutine_enter() is (indirectly) called recursively when
-processing co_queue_wakeup.  This can lead to stack exhaustion.
-This patch rewrites co_queue_wakeup in an iterative fashion (instead of
-recursive) with bounded memory usage to prevent stack exhaustion.
-qemu_co_queue_run_restart() is inlined into qemu_aio_coroutine_enter()
-and the qemu_coroutine_enter() call is turned into a loop to avoid
-recursion.
-There is one change that is worth mentioning:  Previously, when
-coroutine A queued coroutine B, qemu_co_queue_run_restart() entered
-coroutine B from coroutine A.  If A was terminating then it would still
-stay alive until B yielded.  After this patch B is entered by A's parent
-so that a A can be deleted immediately if it is terminating.
-It is safe to make this change since B could never interact with A if it
-was terminating anyway.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20180322152834.12656-3-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/qemu/coroutine_int.h |   1 -
- block/io.c                   |   3 +-
- util/qemu-coroutine-lock.c   |  34 -------------
- util/qemu-coroutine.c        | 110 +++++++++++++++++++++++--------------------
-files changed, 60 insertions(+), 88 deletions(-)
-diff --git a/include/qemu/coroutine_int.h b/include/qemu/coroutine_int.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/coroutine_int.h
-+++ b/include/qemu/coroutine_int.h
-@@ -XXX,XX +XXX,XX @@ Coroutine *qemu_coroutine_new(void);
- void qemu_coroutine_delete(Coroutine *co);
- CoroutineAction qemu_coroutine_switch(Coroutine *from, Coroutine *to,
-                                       CoroutineAction action);
--void coroutine_fn qemu_co_queue_run_restart(Coroutine *co);
- #endif
-diff --git a/block/io.c b/block/io.c
-index XXXXXXX..XXXXXXX 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -XXX,XX +XXX,XX @@ static void coroutine_fn bdrv_co_yield_to_drain(BlockDriverState *bs,
-     BdrvCoDrainData data;
-     /* Calling bdrv_drain() from a BH ensures the current coroutine yields and
--     * other coroutines run if they were queued from
--     * qemu_co_queue_run_restart(). */
-+     * other coroutines run if they were queued by aio_co_enter(). */
-     assert(qemu_in_coroutine());
-     data = (BdrvCoDrainData) {
-diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine-lock.c
-+++ b/util/qemu-coroutine-lock.c
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock)
-     }
- }
--/**
-- * qemu_co_queue_run_restart:
-- *
-- * Enter each coroutine that was previously marked for restart by
-- * qemu_co_queue_next() or qemu_co_queue_restart_all().  This function is
-- * invoked by the core coroutine code when the current coroutine yields or
-- * terminates.
-- */
--void qemu_co_queue_run_restart(Coroutine *co)
--{
--    Coroutine *next;
--    QSIMPLEQ_HEAD(, Coroutine) tmp_queue_wakeup =
--        QSIMPLEQ_HEAD_INITIALIZER(tmp_queue_wakeup);
--
--    trace_qemu_co_queue_run_restart(co);
--
--    /* Because "co" has yielded, any coroutine that we wakeup can resume it.
--     * If this happens and "co" terminates, co->co_queue_wakeup becomes
--     * invalid memory.  Therefore, use a temporary queue and do not touch
--     * the "co" coroutine as soon as you enter another one.
--     *
--     * In its turn resumed "co" can populate "co_queue_wakeup" queue with
--     * new coroutines to be woken up.  The caller, who has resumed "co",
--     * will be responsible for traversing the same queue, which may cause
--     * a different wakeup order but not any missing wakeups.
--     */
--    QSIMPLEQ_CONCAT(&tmp_queue_wakeup, &co->co_queue_wakeup);
--
--    while ((next = QSIMPLEQ_FIRST(&tmp_queue_wakeup))) {
--        QSIMPLEQ_REMOVE_HEAD(&tmp_queue_wakeup, co_queue_next);
--        qemu_coroutine_enter(next);
--    }
--}
--
- static bool qemu_co_queue_do_restart(CoQueue *queue, bool single)
- {
-     Coroutine *next;
-diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine.c
-+++ b/util/qemu-coroutine.c
-@@ -XXX,XX +XXX,XX @@ static void coroutine_delete(Coroutine *co)
- void qemu_aio_coroutine_enter(AioContext *ctx, Coroutine *co)
- {
--    Coroutine *self = qemu_coroutine_self();
--    CoroutineAction ret;
--
--    /* Cannot rely on the read barrier for co in aio_co_wake(), as there are
--     * callers outside of aio_co_wake() */
--    const char *scheduled = atomic_mb_read(&co->scheduled);
--
--    trace_qemu_aio_coroutine_enter(ctx, self, co, co->entry_arg);
--
--    /* if the Coroutine has already been scheduled, entering it again will
--     * cause us to enter it twice, potentially even after the coroutine has
--     * been deleted */
--    if (scheduled) {
--        fprintf(stderr,
--                "%s: Co-routine was already scheduled in '%s'\n",
--                __func__, scheduled);
--        abort();
--    }
--
--    if (co->caller) {
--        fprintf(stderr, "Co-routine re-entered recursively\n");
--        abort();
--    }
--
--    co->caller = self;
--    co->ctx = ctx;
--
--    /* Store co->ctx before anything that stores co.  Matches
--     * barrier in aio_co_wake and qemu_co_mutex_wake.
--     */
--    smp_wmb();
--
--    ret = qemu_coroutine_switch(self, co, COROUTINE_ENTER);
--
--    qemu_co_queue_run_restart(co);
--
--    /* Beware, if ret == COROUTINE_YIELD and qemu_co_queue_run_restart()
--     * has started any other coroutine, "co" might have been reentered
--     * and even freed by now!  So be careful and do not touch it.
--     */
--
--    switch (ret) {
--    case COROUTINE_YIELD:
--        return;
--    case COROUTINE_TERMINATE:
--        assert(!co->locks_held);
--        trace_qemu_coroutine_terminate(co);
--        coroutine_delete(co);
--        return;
--    default:
--        abort();
-+    QSIMPLEQ_HEAD(, Coroutine) pending = QSIMPLEQ_HEAD_INITIALIZER(pending);
-+    Coroutine *from = qemu_coroutine_self();
-+
-+    QSIMPLEQ_INSERT_TAIL(&pending, co, co_queue_next);
-+
-+    /* Run co and any queued coroutines */
-+    while (!QSIMPLEQ_EMPTY(&pending)) {
-+        Coroutine *to = QSIMPLEQ_FIRST(&pending);
-+        CoroutineAction ret;
-+
-+        /* Cannot rely on the read barrier for to in aio_co_wake(), as there are
-+         * callers outside of aio_co_wake() */
-+        const char *scheduled = atomic_mb_read(&to->scheduled);
-+
-+        QSIMPLEQ_REMOVE_HEAD(&pending, co_queue_next);
-+
-+        trace_qemu_aio_coroutine_enter(ctx, from, to, to->entry_arg);
-+
-+        /* if the Coroutine has already been scheduled, entering it again will
-+         * cause us to enter it twice, potentially even after the coroutine has
-+         * been deleted */
-+        if (scheduled) {
-+            fprintf(stderr,
-+                    "%s: Co-routine was already scheduled in '%s'\n",
-+                    __func__, scheduled);
-+            abort();
-+        }
-+
-+        if (to->caller) {
-+            fprintf(stderr, "Co-routine re-entered recursively\n");
-+            abort();
-+        }
-+
-+        to->caller = from;
-+        to->ctx = ctx;
-+
-+        /* Store to->ctx before anything that stores to.  Matches
-+         * barrier in aio_co_wake and qemu_co_mutex_wake.
-+         */
-+        smp_wmb();
-+
-+        ret = qemu_coroutine_switch(from, to, COROUTINE_ENTER);
-+
-+        /* Queued coroutines are run depth-first; previously pending coroutines
-+         * run after those queued more recently.
-+         */
-+        QSIMPLEQ_PREPEND(&pending, &to->co_queue_wakeup);
-+
-+        switch (ret) {
-+        case COROUTINE_YIELD:
-+            break;
-+        case COROUTINE_TERMINATE:
-+            assert(!to->locks_held);
-+            trace_qemu_coroutine_terminate(to);
-+            coroutine_delete(to);
-+            break;
-+        default:
-+            abort();
-+        }
-     }
- }
---
-.14.3

-[Qemu-devel] [PULL 3/4] coroutine: add test-aio coroutine queue chaining test case
+Deleted patch
-Check that two coroutines can queue each other repeatedly without
-hitting stack exhaustion.
-Switch to qemu_init_main_loop() in main() because coroutines use
-qemu_get_aio_context() - they don't know about test-aio's ctx variable.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20180322152834.12656-4-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/test-aio.c | 65 ++++++++++++++++++++++++++++++++++++++++++++------------
-file changed, 52 insertions(+), 13 deletions(-)
-diff --git a/tests/test-aio.c b/tests/test-aio.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/test-aio.c
-+++ b/tests/test-aio.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/timer.h"
- #include "qemu/sockets.h"
- #include "qemu/error-report.h"
-+#include "qemu/coroutine.h"
-+#include "qemu/main-loop.h"
- static AioContext *ctx;
-@@ -XXX,XX +XXX,XX @@ static void test_source_timer_schedule(void)
-     timer_del(&data.timer);
- }
-+/*
-+ * Check that aio_co_enter() can chain many times
-+ *
-+ * Two coroutines should be able to invoke each other via aio_co_enter() many
-+ * times without hitting a limit like stack exhaustion.  In other words, the
-+ * calls should be chained instead of nested.
-+ */
-+
-+typedef struct {
-+    Coroutine *other;
-+    unsigned i;
-+    unsigned max;
-+} ChainData;
-+
-+static void coroutine_fn chain(void *opaque)
-+{
-+    ChainData *data = opaque;
-+
-+    for (data->i = 0; data->i < data->max; data->i++) {
-+        /* Queue up the other coroutine... */
-+        aio_co_enter(ctx, data->other);
-+
-+        /* ...and give control to it */
-+        qemu_coroutine_yield();
-+    }
-+}
-+
-+static void test_queue_chaining(void)
-+{
-+    /* This number of iterations hit stack exhaustion in the past: */
-+    ChainData data_a = { .max = 25000 };
-+    ChainData data_b = { .max = 25000 };
-+
-+    data_b.other = qemu_coroutine_create(chain, &data_a);
-+    data_a.other = qemu_coroutine_create(chain, &data_b);
-+
-+    qemu_coroutine_enter(data_b.other);
-+
-+    g_assert_cmpint(data_a.i, ==, data_a.max);
-+    g_assert_cmpint(data_b.i, ==, data_b.max - 1);
-+
-+    /* Allow the second coroutine to terminate */
-+    qemu_coroutine_enter(data_a.other);
-+
-+    g_assert_cmpint(data_b.i, ==, data_b.max);
-+}
- /* End of tests.  */
- int main(int argc, char **argv)
- {
--    Error *local_error = NULL;
--    GSource *src;
--
--    init_clocks(NULL);
--
--    ctx = aio_context_new(&local_error);
--    if (!ctx) {
--        error_reportf_err(local_error, "Failed to create AIO Context: ");
--        exit(1);
--    }
--    src = aio_get_g_source(ctx);
--    g_source_attach(src, NULL);
--    g_source_unref(src);
-+    qemu_init_main_loop(&error_fatal);
-+    ctx = qemu_get_aio_context();
-     while (g_main_context_iteration(NULL, false));
-@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv)
-     g_test_add_func("/aio/external-client",         test_aio_external_client);
-     g_test_add_func("/aio/timer/schedule",          test_timer_schedule);
-+    g_test_add_func("/aio/coroutine/queue-chaining", test_queue_chaining);
-+
-     g_test_add_func("/aio-gsource/flush",                   test_source_flush);
-     g_test_add_func("/aio-gsource/bh/schedule",             test_source_bh_schedule);
-     g_test_add_func("/aio-gsource/bh/schedule10",           test_source_bh_schedule10);
---
-.14.3

-[Qemu-devel] [PULL 4/4] MAINTAINERS: add include/block/aio-wait.h
+[PULL for-6.0 1/8] multi-process: Initialize variables declared with g_auto*
-The include/block/aio-wait.h header file was added by commit
+From: Zenghui Yu <yuzenghui@huawei.com>
 f3c968c59e1bcda7e177679dc765b59e578f ("block: extract
 AIO_WAIT_WHILE() from BlockDriverState") without updating MAINTAINERS.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Quote docs/devel/style.rst (section "Automatic memory deallocation"):
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Message-id: 20180312132204.23683-1-stefanha@redhat.com
+* Variables declared with g_auto* MUST always be initialized,
   otherwise the cleanup function will use uninitialized stack memory
 Initialize @name properly to get rid of the compilation error (using
 gcc-7.3.0 on CentOS):
 ../hw/remote/proxy.c: In function 'pci_proxy_dev_realize':
 /usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'name' may be used uninitialized in this function [-Werror=maybe-uninitialized]
    g_free (*pp);
    ^~~~~~~~~~~~
 ../hw/remote/proxy.c:350:30: note: 'name' was declared here
              g_autofree char *name;
                               ^~~~
 Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
 Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
 Message-id: 20210312112143.1369-1-yuzenghui@huawei.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- MAINTAINERS | 1 +
+ hw/remote/memory.c | 5 ++---
-file changed, 1 insertion(+)
+ hw/remote/proxy.c  | 3 +--
 files changed, 3 insertions(+), 5 deletions(-)
-diff --git a/MAINTAINERS b/MAINTAINERS
+diff --git a/hw/remote/memory.c b/hw/remote/memory.c
 index XXXXXXX..XXXXXXX 100644
---- a/MAINTAINERS
+--- a/hw/remote/memory.c
-+++ b/MAINTAINERS
++++ b/hw/remote/memory.c
-@@ -XXX,XX +XXX,XX @@ F: util/aio-*.c
+@@ -XXX,XX +XXX,XX @@ void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp)
- F: block/io.c
- F: migration/block*
+     remote_sysmem_reset();
- F: include/block/aio.h
-+F: include/block/aio-wait.h
+-    for (region = 0; region < msg->num_fds; region++) {
- F: scripts/qemugdb/aio.py
+-        g_autofree char *name;
- T: git git://github.com/stefanha/qemu.git block
++    for (region = 0; region < msg->num_fds; region++, suffix++) {
++        g_autofree char *name = g_strdup_printf("remote-mem-%u", suffix);
          subregion = g_new(MemoryRegion, 1);
 -        name = g_strdup_printf("remote-mem-%u", suffix++);
          memory_region_init_ram_from_fd(subregion, NULL,
                                         name, sysmem_info->sizes[region],
                                         true, msg->fds[region],
 diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/proxy.c
 +++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@ static void probe_pci_info(PCIDevice *dev, Error **errp)
                     PCI_BASE_ADDRESS_SPACE_IO : PCI_BASE_ADDRESS_SPACE_MEMORY;
          if (size) {
 -            g_autofree char *name;
 +            g_autofree char *name = g_strdup_printf("bar-region-%d", i);
              pdev->region[i].dev = pdev;
              pdev->region[i].present = true;
              if (type == PCI_BASE_ADDRESS_SPACE_MEMORY) {
                  pdev->region[i].memory = true;
              }
 -            name = g_strdup_printf("bar-region-%d", i);
              memory_region_init_io(&pdev->region[i].mr, OBJECT(pdev),
                                    &proxy_mr_ops, &pdev->region[i],
                                    name, size);
 --
-.14.3
+.31.1

The following changes since commit f58d9620aa4a514b1227074ff56eefd1334a6225:

Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20180326' into staging (2018-03-27 10:27:34 +0100)

are available in the Git repository at:

git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to f5a53faad4bfbf1b86012a13055d2a1a774a42b6:

MAINTAINERS: add include/block/aio-wait.h (2018-03-27 13:05:48 +0100)

----------------------------------------------------------------

Stefan Hajnoczi (4):
  queue: add QSIMPLEQ_PREPEND()
  coroutine: avoid co_queue_wakeup recursion
  coroutine: add test-aio coroutine queue chaining test case
  MAINTAINERS: add include/block/aio-wait.h

-- 
2.14.3

QSIMPLEQ_CONCAT(a, b) joins a = a + b.  The new QSIMPLEQ_PREPEND(a, b)
API joins a = b + a.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/queue.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -XXX,XX +XXX,XX @@ struct {                                                                \
     }                                                                   \
 } while (/*CONSTCOND*/0)
 
+#define QSIMPLEQ_PREPEND(head1, head2) do {                             \
+    if (!QSIMPLEQ_EMPTY((head2))) {                                     \
+        *(head2)->sqh_last = (head1)->sqh_first;                        \
+        (head1)->sqh_first = (head2)->sqh_first;                          \
+        QSIMPLEQ_INIT((head2));                                         \
+    }                                                                   \
+} while (/*CONSTCOND*/0)
+
 #define QSIMPLEQ_LAST(head, type, field)                                \
     (QSIMPLEQ_EMPTY((head)) ?                                           \
         NULL :                                                          \
-- 
2.14.3

qemu_aio_coroutine_enter() is (indirectly) called recursively when
processing co_queue_wakeup.  This can lead to stack exhaustion.

This patch rewrites co_queue_wakeup in an iterative fashion (instead of
recursive) with bounded memory usage to prevent stack exhaustion.

qemu_co_queue_run_restart() is inlined into qemu_aio_coroutine_enter()
and the qemu_coroutine_enter() call is turned into a loop to avoid
recursion.

There is one change that is worth mentioning:  Previously, when
coroutine A queued coroutine B, qemu_co_queue_run_restart() entered
coroutine B from coroutine A.  If A was terminating then it would still
stay alive until B yielded.  After this patch B is entered by A's parent
so that a A can be deleted immediately if it is terminating.

It is safe to make this change since B could never interact with A if it
was terminating anyway.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/coroutine_int.h |   1 -
 block/io.c                   |   3 +-
 util/qemu-coroutine-lock.c   |  34 -------------
 util/qemu-coroutine.c        | 110 +++++++++++++++++++++++--------------------
 4 files changed, 60 insertions(+), 88 deletions(-)

diff --git a/include/qemu/coroutine_int.h b/include/qemu/coroutine_int.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/coroutine_int.h
+++ b/include/qemu/coroutine_int.h
@@ -XXX,XX +XXX,XX @@ Coroutine *qemu_coroutine_new(void);
 void qemu_coroutine_delete(Coroutine *co);
 CoroutineAction qemu_coroutine_switch(Coroutine *from, Coroutine *to,
                                       CoroutineAction action);
-void coroutine_fn qemu_co_queue_run_restart(Coroutine *co);
 
 #endif
diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ static void coroutine_fn bdrv_co_yield_to_drain(BlockDriverState *bs,
     BdrvCoDrainData data;
 
     /* Calling bdrv_drain() from a BH ensures the current coroutine yields and
-     * other coroutines run if they were queued from
-     * qemu_co_queue_run_restart(). */
+     * other coroutines run if they were queued by aio_co_enter(). */
 
     assert(qemu_in_coroutine());
     data = (BdrvCoDrainData) {
diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
index XXXXXXX..XXXXXXX 100644
--- a/util/qemu-coroutine-lock.c
+++ b/util/qemu-coroutine-lock.c
@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock)
     }
 }
 
-/**
- * qemu_co_queue_run_restart:
- *
- * Enter each coroutine that was previously marked for restart by
- * qemu_co_queue_next() or qemu_co_queue_restart_all().  This function is
- * invoked by the core coroutine code when the current coroutine yields or
- * terminates.
- */
-void qemu_co_queue_run_restart(Coroutine *co)
-{
-    Coroutine *next;
-    QSIMPLEQ_HEAD(, Coroutine) tmp_queue_wakeup =
-        QSIMPLEQ_HEAD_INITIALIZER(tmp_queue_wakeup);
-
-    trace_qemu_co_queue_run_restart(co);
-
-    /* Because "co" has yielded, any coroutine that we wakeup can resume it.
-     * If this happens and "co" terminates, co->co_queue_wakeup becomes
-     * invalid memory.  Therefore, use a temporary queue and do not touch
-     * the "co" coroutine as soon as you enter another one.
-     *
-     * In its turn resumed "co" can populate "co_queue_wakeup" queue with
-     * new coroutines to be woken up.  The caller, who has resumed "co",
-     * will be responsible for traversing the same queue, which may cause
-     * a different wakeup order but not any missing wakeups.
-     */
-    QSIMPLEQ_CONCAT(&tmp_queue_wakeup, &co->co_queue_wakeup);
-
-    while ((next = QSIMPLEQ_FIRST(&tmp_queue_wakeup))) {
-        QSIMPLEQ_REMOVE_HEAD(&tmp_queue_wakeup, co_queue_next);
-        qemu_coroutine_enter(next);
-    }
-}
-
 static bool qemu_co_queue_do_restart(CoQueue *queue, bool single)
 {
     Coroutine *next;
diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
index XXXXXXX..XXXXXXX 100644
--- a/util/qemu-coroutine.c
+++ b/util/qemu-coroutine.c
@@ -XXX,XX +XXX,XX @@ static void coroutine_delete(Coroutine *co)
 
 void qemu_aio_coroutine_enter(AioContext *ctx, Coroutine *co)
 {
-    Coroutine *self = qemu_coroutine_self();
-    CoroutineAction ret;
-
-    /* Cannot rely on the read barrier for co in aio_co_wake(), as there are
-     * callers outside of aio_co_wake() */
-    const char *scheduled = atomic_mb_read(&co->scheduled);
-
-    trace_qemu_aio_coroutine_enter(ctx, self, co, co->entry_arg);
-
-    /* if the Coroutine has already been scheduled, entering it again will
-     * cause us to enter it twice, potentially even after the coroutine has
-     * been deleted */
-    if (scheduled) {
-        fprintf(stderr,
-                "%s: Co-routine was already scheduled in '%s'\n",
-                __func__, scheduled);
-        abort();
-    }
-
-    if (co->caller) {
-        fprintf(stderr, "Co-routine re-entered recursively\n");
-        abort();
-    }
-
-    co->caller = self;
-    co->ctx = ctx;
-
-    /* Store co->ctx before anything that stores co.  Matches
-     * barrier in aio_co_wake and qemu_co_mutex_wake.
-     */
-    smp_wmb();
-
-    ret = qemu_coroutine_switch(self, co, COROUTINE_ENTER);
-
-    qemu_co_queue_run_restart(co);
-
-    /* Beware, if ret == COROUTINE_YIELD and qemu_co_queue_run_restart()
-     * has started any other coroutine, "co" might have been reentered
-     * and even freed by now!  So be careful and do not touch it.
-     */
-
-    switch (ret) {
-    case COROUTINE_YIELD:
-        return;
-    case COROUTINE_TERMINATE:
-        assert(!co->locks_held);
-        trace_qemu_coroutine_terminate(co);
-        coroutine_delete(co);
-        return;
-    default:
-        abort();
+    QSIMPLEQ_HEAD(, Coroutine) pending = QSIMPLEQ_HEAD_INITIALIZER(pending);
+    Coroutine *from = qemu_coroutine_self();
+
+    QSIMPLEQ_INSERT_TAIL(&pending, co, co_queue_next);
+
+    /* Run co and any queued coroutines */
+    while (!QSIMPLEQ_EMPTY(&pending)) {
+        Coroutine *to = QSIMPLEQ_FIRST(&pending);
+        CoroutineAction ret;
+
+        /* Cannot rely on the read barrier for to in aio_co_wake(), as there are
+         * callers outside of aio_co_wake() */
+        const char *scheduled = atomic_mb_read(&to->scheduled);
+
+        QSIMPLEQ_REMOVE_HEAD(&pending, co_queue_next);
+
+        trace_qemu_aio_coroutine_enter(ctx, from, to, to->entry_arg);
+
+        /* if the Coroutine has already been scheduled, entering it again will
+         * cause us to enter it twice, potentially even after the coroutine has
+         * been deleted */
+        if (scheduled) {
+            fprintf(stderr,
+                    "%s: Co-routine was already scheduled in '%s'\n",
+                    __func__, scheduled);
+            abort();
+        }
+
+        if (to->caller) {
+            fprintf(stderr, "Co-routine re-entered recursively\n");
+            abort();
+        }
+
+        to->caller = from;
+        to->ctx = ctx;
+
+        /* Store to->ctx before anything that stores to.  Matches
+         * barrier in aio_co_wake and qemu_co_mutex_wake.
+         */
+        smp_wmb();
+
+        ret = qemu_coroutine_switch(from, to, COROUTINE_ENTER);
+
+        /* Queued coroutines are run depth-first; previously pending coroutines
+         * run after those queued more recently.
+         */
+        QSIMPLEQ_PREPEND(&pending, &to->co_queue_wakeup);
+
+        switch (ret) {
+        case COROUTINE_YIELD:
+            break;
+        case COROUTINE_TERMINATE:
+            assert(!to->locks_held);
+            trace_qemu_coroutine_terminate(to);
+            coroutine_delete(to);
+            break;
+        default:
+            abort();
+        }
     }
 }
 
-- 
2.14.3

Check that two coroutines can queue each other repeatedly without
hitting stack exhaustion.

Switch to qemu_init_main_loop() in main() because coroutines use
qemu_get_aio_context() - they don't know about test-aio's ctx variable.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-4-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/test-aio.c | 65 ++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 52 insertions(+), 13 deletions(-)

diff --git a/tests/test-aio.c b/tests/test-aio.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/test-aio.c
+++ b/tests/test-aio.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/timer.h"
 #include "qemu/sockets.h"
 #include "qemu/error-report.h"
+#include "qemu/coroutine.h"
+#include "qemu/main-loop.h"
 
 static AioContext *ctx;
 
@@ -XXX,XX +XXX,XX @@ static void test_source_timer_schedule(void)
     timer_del(&data.timer);
 }
 
+/*
+ * Check that aio_co_enter() can chain many times
+ *
+ * Two coroutines should be able to invoke each other via aio_co_enter() many
+ * times without hitting a limit like stack exhaustion.  In other words, the
+ * calls should be chained instead of nested.
+ */
+
+typedef struct {
+    Coroutine *other;
+    unsigned i;
+    unsigned max;
+} ChainData;
+
+static void coroutine_fn chain(void *opaque)
+{
+    ChainData *data = opaque;
+
+    for (data->i = 0; data->i < data->max; data->i++) {
+        /* Queue up the other coroutine... */
+        aio_co_enter(ctx, data->other);
+
+        /* ...and give control to it */
+        qemu_coroutine_yield();
+    }
+}
+
+static void test_queue_chaining(void)
+{
+    /* This number of iterations hit stack exhaustion in the past: */
+    ChainData data_a = { .max = 25000 };
+    ChainData data_b = { .max = 25000 };
+
+    data_b.other = qemu_coroutine_create(chain, &data_a);
+    data_a.other = qemu_coroutine_create(chain, &data_b);
+
+    qemu_coroutine_enter(data_b.other);
+
+    g_assert_cmpint(data_a.i, ==, data_a.max);
+    g_assert_cmpint(data_b.i, ==, data_b.max - 1);
+
+    /* Allow the second coroutine to terminate */
+    qemu_coroutine_enter(data_a.other);
+
+    g_assert_cmpint(data_b.i, ==, data_b.max);
+}
 
 /* End of tests.  */
 
 int main(int argc, char **argv)
 {
-    Error *local_error = NULL;
-    GSource *src;
-
-    init_clocks(NULL);
-
-    ctx = aio_context_new(&local_error);
-    if (!ctx) {
-        error_reportf_err(local_error, "Failed to create AIO Context: ");
-        exit(1);
-    }
-    src = aio_get_g_source(ctx);
-    g_source_attach(src, NULL);
-    g_source_unref(src);
+    qemu_init_main_loop(&error_fatal);
+    ctx = qemu_get_aio_context();
 
     while (g_main_context_iteration(NULL, false));
 
@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv)
     g_test_add_func("/aio/external-client",         test_aio_external_client);
     g_test_add_func("/aio/timer/schedule",          test_timer_schedule);
 
+    g_test_add_func("/aio/coroutine/queue-chaining", test_queue_chaining);
+
     g_test_add_func("/aio-gsource/flush",                   test_source_flush);
     g_test_add_func("/aio-gsource/bh/schedule",             test_source_bh_schedule);
     g_test_add_func("/aio-gsource/bh/schedule10",           test_source_bh_schedule10);
-- 
2.14.3

The following changes since commit 6c769690ac845fa62642a5f93b4e4bd906adab95:

Merge remote-tracking branch 'remotes/vsementsov/tags/pull-simplebench-2021-05-04' into staging (2021-05-21 12:02:34 +0100)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 0a6f0c76a030710780ce10d6347a70f098024d21:

coroutine-sleep: introduce qemu_co_sleep (2021-05-21 18:22:33 +0100)

----------------------------------------------------------------
Pull request

----------------------------------------------------------------

Paolo Bonzini (6):
  coroutine-sleep: use a stack-allocated timer
  coroutine-sleep: disallow NULL QemuCoSleepState** argument
  coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing
  coroutine-sleep: move timer out of QemuCoSleepState
  coroutine-sleep: replace QemuCoSleepState pointer with struct in the
    API
  coroutine-sleep: introduce qemu_co_sleep

Philippe Mathieu-Daudé (1):
  bitops.h: Improve find_xxx_bit() documentation

Zenghui Yu (1):
  multi-process: Initialize variables declared with g_auto*

-- 
2.31.1

From: Zenghui Yu <yuzenghui@huawei.com>

Quote docs/devel/style.rst (section "Automatic memory deallocation"):

* Variables declared with g_auto* MUST always be initialized,
  otherwise the cleanup function will use uninitialized stack memory

Initialize @name properly to get rid of the compilation error (using
gcc-7.3.0 on CentOS):

../hw/remote/proxy.c: In function 'pci_proxy_dev_realize':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'name' may be used uninitialized in this function [-Werror=maybe-uninitialized]
   g_free (*pp);
   ^~~~~~~~~~~~
../hw/remote/proxy.c:350:30: note: 'name' was declared here
             g_autofree char *name;
                              ^~~~

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: 20210312112143.1369-1-yuzenghui@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/remote/memory.c | 5 ++---
 hw/remote/proxy.c  | 3 +--
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/hw/remote/memory.c b/hw/remote/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/memory.c
+++ b/hw/remote/memory.c
@@ -XXX,XX +XXX,XX @@ void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp)
 
     remote_sysmem_reset();
 
-    for (region = 0; region < msg->num_fds; region++) {
-        g_autofree char *name;
+    for (region = 0; region < msg->num_fds; region++, suffix++) {
+        g_autofree char *name = g_strdup_printf("remote-mem-%u", suffix);
         subregion = g_new(MemoryRegion, 1);
-        name = g_strdup_printf("remote-mem-%u", suffix++);
         memory_region_init_ram_from_fd(subregion, NULL,
                                        name, sysmem_info->sizes[region],
                                        true, msg->fds[region],
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@ static void probe_pci_info(PCIDevice *dev, Error **errp)
                    PCI_BASE_ADDRESS_SPACE_IO : PCI_BASE_ADDRESS_SPACE_MEMORY;
 
         if (size) {
-            g_autofree char *name;
+            g_autofree char *name = g_strdup_printf("bar-region-%d", i);
             pdev->region[i].dev = pdev;
             pdev->region[i].present = true;
             if (type == PCI_BASE_ADDRESS_SPACE_MEMORY) {
                 pdev->region[i].memory = true;
             }
-            name = g_strdup_printf("bar-region-%d", i);
             memory_region_init_io(&pdev->region[i].mr, OBJECT(pdev),
                                   &proxy_mr_ops, &pdev->region[i],
                                   name, size);
-- 
2.31.1