Series comparison

-[PULL 0/2] Block patches
+[PULL for-8.1 0/1] Block patches
-The following changes since commit 346ed3151f1c43e72c40cb55b392a1d4cface62c:
+The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637:
-  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20200206.0' into staging (2020-02-07 11:52:15 +0000)
+  Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100)
 are available in the Git repository at:
-  https://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 11a18c84db4a71497d3d40769688a01b6f64b2ad:
+for you to fetch changes up to 66547f416a61e0cb711dc76821890242432ba193:
-  hw/core: Allow setting 'virtio-blk-device.scsi' property on OSX host (2020-02-07 16:49:39 +0000)
+  block/nvme: invoke blk_io_plug_call() outside q->lock (2023-07-17 09:17:41 -0400)
 ----------------------------------------------------------------
 Pull request
+Fix the hang in the nvme:// block driver during startup.
 ----------------------------------------------------------------
-Philippe Mathieu-Daudé (1):
+Stefan Hajnoczi (1):
-  hw/core: Allow setting 'virtio-blk-device.scsi' property on OSX host
+  block/nvme: invoke blk_io_plug_call() outside q->lock
-Vladimir Sementsov-Ogievskiy (1):
+ block/nvme.c | 3 ++-
-  block: fix crash on zero-length unaligned write and read
+file changed, 2 insertions(+), 1 deletion(-)
  block/io.c        | 28 +++++++++++++++++++++++++++-
  hw/core/machine.c |  3 ++-
 files changed, 29 insertions(+), 2 deletions(-)
 --
-.24.1
+.40.1

-[PULL 1/2] block: fix crash on zero-length unaligned write and read
+Deleted patch
-From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Commit 7a3f542fbd "block/io: refactor padding" occasionally dropped
-aligning for zero-length request: bdrv_init_padding() blindly return
-false if bytes == 0, like there is nothing to align.
-This leads the following command to crash:
-./qemu-io --image-opts -c 'write 1 0' \
-  driver=blkdebug,align=512,image.driver=null-co,image.size=512
->> qemu-io: block/io.c:1955: bdrv_aligned_pwritev: Assertion
-    `(offset & (align - 1)) == 0' failed.
->> Aborted (core dumped)
-Prior to 7a3f542fbd we does aligning of such zero requests. Instead of
-recovering this behavior let's just do nothing on such requests as it
-is useless.
-Note that driver may have special meaning of zero-length reqeusts, like
-qcow2_co_pwritev_compressed_part, so we can't skip any zero-length
-operation. But for unaligned ones, we can't pass it to driver anyway.
-This commit also fixes crash in iotest 80 running with -nocache:
-./check -nocache -qcow2 80
-which crashes on same assertion due to trying to read empty extra data
-in qcow2_do_read_snapshots().
-Cc: qemu-stable@nongnu.org # v4.2
-Fixes: 7a3f542fbd
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Reviewed-by: Max Reitz <mreitz@redhat.com>
-Message-id: 20200206164245.17781-1-vsementsov@virtuozzo.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- block/io.c | 28 +++++++++++++++++++++++++++-
-file changed, 27 insertions(+), 1 deletion(-)
-diff --git a/block/io.c b/block/io.c
-index XXXXXXX..XXXXXXX 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -XXX,XX +XXX,XX @@ static bool bdrv_init_padding(BlockDriverState *bs,
-         pad->tail = align - pad->tail;
-     }
--    if ((!pad->head && !pad->tail) || !bytes) {
-+    if (!pad->head && !pad->tail) {
-         return false;
-     }
-+    assert(bytes); /* Nothing good in aligning zero-length requests */
-+
-     sum = pad->head + bytes + pad->tail;
-     pad->buf_len = (sum > align && pad->head && pad->tail) ? 2 * align : align;
-     pad->buf = qemu_blockalign(bs, pad->buf_len);
-@@ -XXX,XX +XXX,XX @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
-         return ret;
-     }
-+    if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) {
-+        /*
-+         * Aligning zero request is nonsense. Even if driver has special meaning
-+         * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass
-+         * it to driver due to request_alignment.
-+         *
-+         * Still, no reason to return an error if someone do unaligned
-+         * zero-length read occasionally.
-+         */
-+        return 0;
-+    }
-+
-     bdrv_inc_in_flight(bs);
-     /* Don't do copy-on-read if we read data before write operation */
-@@ -XXX,XX +XXX,XX @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
-         return -ENOTSUP;
-     }
-+    if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) {
-+        /*
-+         * Aligning zero request is nonsense. Even if driver has special meaning
-+         * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass
-+         * it to driver due to request_alignment.
-+         *
-+         * Still, no reason to return an error if someone do unaligned
-+         * zero-length write occasionally.
-+         */
-+        return 0;
-+    }
-+
-     bdrv_inc_in_flight(bs);
-     /*
-      * Align write if necessary by performing a read-modify-write cycle.
---
-.24.1

-[PULL 2/2] hw/core: Allow setting 'virtio-blk-device.scsi' property on OSX host
+[PULL for-8.1 1/1] block/nvme: invoke blk_io_plug_call() outside q->lock
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
+blk_io_plug_call() is invoked outside a blk_io_plug()/blk_io_unplug()
 section while opening the NVMe drive from:
-Commit ed65fd1a2750 ("virtio-blk: switch off scsi-passthrough by
+  nvme_file_open() ->
-default") changed the default value of the 'scsi' property of
+  nvme_init() ->
-virtio-blk, which is only available on Linux hosts. It also added
+  nvme_identify() ->
-an unconditional compat entry for 2.4 or earlier machines.
+  nvme_admin_cmd_sync() ->
   nvme_submit_command() ->
   blk_io_plug_call()
-Trying to set this property on a pre-2.5 machine on OSX, we get:
+blk_io_plug_call() immediately invokes the given callback when the
 current thread is not plugged, as is the case during nvme_file_open().
-   Unexpected error in object_property_find() at qom/object.c:1201:
+Unfortunately, nvme_submit_command() calls blk_io_plug_call() with
-   qemu-system-x86_64: -device virtio-blk-pci,id=scsi0,drive=drive0: can't apply global virtio-blk-device.scsi=true: Property '.scsi' not found
+q->lock still held:
-Fix this error by marking the property optional.
+    ...
     q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
     q->need_kick++;
     blk_io_plug_call(nvme_unplug_fn, q);
     qemu_mutex_unlock(&q->lock);
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Fixes: ed65fd1a27 ("virtio-blk: switch off scsi-passthrough by default")
+nvme_unplug_fn() deadlocks trying to acquire q->lock because the lock is
-Suggested-by: Cornelia Huck <cohuck@redhat.com>
+already acquired by the same thread. The symptom is that QEMU hangs
-Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+during startup while opening the NVMe drive.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Fix this by moving the blk_io_plug_call() outside q->lock. This is safe
-Message-id: 20200207001404.1739-1-philmd@redhat.com
+because no other thread runs code related to this queue and
 blk_io_plug_call()'s internal state is immune to thread safety issues
 since it is thread-local.
 Reported-by: Lukáš Doktor <ldoktor@redhat.com>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 Tested-by: Lukas Doktor <ldoktor@redhat.com>
 Message-id: 20230712191628.252806-1-stefanha@redhat.com
 Fixes: f2e590002bd6 ("block/nvme: convert to blk_io_plug_call() API")
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- hw/core/machine.c | 3 ++-
+ block/nvme.c | 3 ++-
 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/hw/core/machine.c b/hw/core/machine.c
+diff --git a/block/nvme.c b/block/nvme.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/core/machine.c
+--- a/block/nvme.c
-+++ b/hw/core/machine.c
++++ b/block/nvme.c
-@@ -XXX,XX +XXX,XX @@ GlobalProperty hw_compat_2_5[] = {
+@@ -XXX,XX +XXX,XX @@ static void nvme_submit_command(NVMeQueuePair *q, NVMeRequest *req,
- const size_t hw_compat_2_5_len = G_N_ELEMENTS(hw_compat_2_5);
+            q->sq.tail * NVME_SQ_ENTRY_BYTES, cmd, sizeof(*cmd));
+     q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
- GlobalProperty hw_compat_2_4[] = {
+     q->need_kick++;
--    { "virtio-blk-device", "scsi", "true" },
++    qemu_mutex_unlock(&q->lock);
-+    /* Optional because the 'scsi' property is Linux-only */
++
-+    { "virtio-blk-device", "scsi", "true", .optional = true },
+     blk_io_plug_call(nvme_unplug_fn, q);
-     { "e1000", "extra_mac_registers", "off" },
+-    qemu_mutex_unlock(&q->lock);
-     { "virtio-pci", "x-disable-pcie", "on" },
+ }
-     { "virtio-pci", "migrate-extra", "off" },
  static void nvme_admin_cmd_sync_cb(void *opaque, int ret)
 --
-.24.1
+.40.1

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Commit 7a3f542fbd "block/io: refactor padding" occasionally dropped
aligning for zero-length request: bdrv_init_padding() blindly return
false if bytes == 0, like there is nothing to align.

This leads the following command to crash:

./qemu-io --image-opts -c 'write 1 0' \
  driver=blkdebug,align=512,image.driver=null-co,image.size=512

>> qemu-io: block/io.c:1955: bdrv_aligned_pwritev: Assertion
    `(offset & (align - 1)) == 0' failed.
>> Aborted (core dumped)

Prior to 7a3f542fbd we does aligning of such zero requests. Instead of
recovering this behavior let's just do nothing on such requests as it
is useless.

Note that driver may have special meaning of zero-length reqeusts, like
qcow2_co_pwritev_compressed_part, so we can't skip any zero-length
operation. But for unaligned ones, we can't pass it to driver anyway.

This commit also fixes crash in iotest 80 running with -nocache:

./check -nocache -qcow2 80

which crashes on same assertion due to trying to read empty extra data
in qcow2_do_read_snapshots().

Cc: qemu-stable@nongnu.org # v4.2
Fixes: 7a3f542fbd
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 20200206164245.17781-1-vsementsov@virtuozzo.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/io.c | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ static bool bdrv_init_padding(BlockDriverState *bs,
         pad->tail = align - pad->tail;
     }
 
-    if ((!pad->head && !pad->tail) || !bytes) {
+    if (!pad->head && !pad->tail) {
         return false;
     }
 
+    assert(bytes); /* Nothing good in aligning zero-length requests */
+
     sum = pad->head + bytes + pad->tail;
     pad->buf_len = (sum > align && pad->head && pad->tail) ? 2 * align : align;
     pad->buf = qemu_blockalign(bs, pad->buf_len);
@@ -XXX,XX +XXX,XX @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
         return ret;
     }
 
+    if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) {
+        /*
+         * Aligning zero request is nonsense. Even if driver has special meaning
+         * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass
+         * it to driver due to request_alignment.
+         *
+         * Still, no reason to return an error if someone do unaligned
+         * zero-length read occasionally.
+         */
+        return 0;
+    }
+
     bdrv_inc_in_flight(bs);
 
     /* Don't do copy-on-read if we read data before write operation */
@@ -XXX,XX +XXX,XX @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
         return -ENOTSUP;
     }
 
+    if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) {
+        /*
+         * Aligning zero request is nonsense. Even if driver has special meaning
+         * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass
+         * it to driver due to request_alignment.
+         *
+         * Still, no reason to return an error if someone do unaligned
+         * zero-length write occasionally.
+         */
+        return 0;
+    }
+
     bdrv_inc_in_flight(bs);
     /*
      * Align write if necessary by performing a read-modify-write cycle.
-- 
2.24.1

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Commit ed65fd1a2750 ("virtio-blk: switch off scsi-passthrough by
default") changed the default value of the 'scsi' property of
virtio-blk, which is only available on Linux hosts. It also added
an unconditional compat entry for 2.4 or earlier machines.

Trying to set this property on a pre-2.5 machine on OSX, we get:

Unexpected error in object_property_find() at qom/object.c:1201:
   qemu-system-x86_64: -device virtio-blk-pci,id=scsi0,drive=drive0: can't apply global virtio-blk-device.scsi=true: Property '.scsi' not found

Fix this error by marking the property optional.

Fixes: ed65fd1a27 ("virtio-blk: switch off scsi-passthrough by default")
Suggested-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200207001404.1739-1-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/core/machine.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -XXX,XX +XXX,XX @@ GlobalProperty hw_compat_2_5[] = {
 const size_t hw_compat_2_5_len = G_N_ELEMENTS(hw_compat_2_5);
 
 GlobalProperty hw_compat_2_4[] = {
-    { "virtio-blk-device", "scsi", "true" },
+    /* Optional because the 'scsi' property is Linux-only */
+    { "virtio-blk-device", "scsi", "true", .optional = true },
     { "e1000", "extra_mac_registers", "off" },
     { "virtio-pci", "x-disable-pcie", "on" },
     { "virtio-pci", "migrate-extra", "off" },
-- 
2.24.1

blk_io_plug_call() is invoked outside a blk_io_plug()/blk_io_unplug()
section while opening the NVMe drive from:

nvme_file_open() ->
  nvme_init() ->
  nvme_identify() ->
  nvme_admin_cmd_sync() ->
  nvme_submit_command() ->
  blk_io_plug_call()

blk_io_plug_call() immediately invokes the given callback when the
current thread is not plugged, as is the case during nvme_file_open().

Unfortunately, nvme_submit_command() calls blk_io_plug_call() with
q->lock still held:

...
    q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
    q->need_kick++;
    blk_io_plug_call(nvme_unplug_fn, q);
    qemu_mutex_unlock(&q->lock);
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^

nvme_unplug_fn() deadlocks trying to acquire q->lock because the lock is
already acquired by the same thread. The symptom is that QEMU hangs
during startup while opening the NVMe drive.

Fix this by moving the blk_io_plug_call() outside q->lock. This is safe
because no other thread runs code related to this queue and
blk_io_plug_call()'s internal state is immune to thread safety issues
since it is thread-local.

Reported-by: Lukáš Doktor <ldoktor@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Lukas Doktor <ldoktor@redhat.com>
Message-id: 20230712191628.252806-1-stefanha@redhat.com
Fixes: f2e590002bd6 ("block/nvme: convert to blk_io_plug_call() API")
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/nvme.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/nvme.c b/block/nvme.c
index XXXXXXX..XXXXXXX 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -XXX,XX +XXX,XX @@ static void nvme_submit_command(NVMeQueuePair *q, NVMeRequest *req,
            q->sq.tail * NVME_SQ_ENTRY_BYTES, cmd, sizeof(*cmd));
     q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
     q->need_kick++;
+    qemu_mutex_unlock(&q->lock);
+
     blk_io_plug_call(nvme_unplug_fn, q);
-    qemu_mutex_unlock(&q->lock);
 }
 
 static void nvme_admin_cmd_sync_cb(void *opaque, int ret)
-- 
2.40.1