Series comparison

-[PULL 00/11] Block patches
+[PULL for-6.1 0/3] Block patches
-The following changes since commit 66234fee9c2d37bfbc523aa8d0ae5300a14cc10e:
+The following changes since commit 3521ade3510eb5cefb2e27a101667f25dad89935:
-  Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-202=
+  Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-07-29' into staging (2021-07-29 13:17:20 +0100)
 ' into staging (2020-06-04 11:38:48 +0100)
 are available in the Git repository at:
-  https://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 7d2410cea154bf915fb30179ebda3b17ac36e70e:
+for you to fetch changes up to cc8eecd7f105a1dff5876adeb238a14696061a4a:
-  block: Factor out bdrv_run_co() (2020-06-05 09:54:48 +0100)
+  MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver (2021-07-29 17:17:34 +0100)
 ----------------------------------------------------------------
 Pull request
+The main fix here is for io_uring. Spurious -EAGAIN errors can happen and the
+request needs to be resubmitted.
+The MAINTAINERS changes carry no risk and we might as well include them in QEMU
+.1.
 ----------------------------------------------------------------
-Alexander Bulekov (4):
+Fabian Ebner (1):
-  fuzz: add datadir for oss-fuzz compatability
+  block/io_uring: resubmit when result is -EAGAIN
   fuzz: fix typo in i440fx-qtest-reboot arguments
   fuzz: add mangled object name to linker script
   fuzz: run the main-loop in fork-server process
-Philippe Mathieu-Daud=C3=A9 (4):
+Philippe Mathieu-Daudé (1):
-  memory: Rename memory_region_do_writeback -> memory_region_writeback
+  MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver
   memory: Extract memory_region_msync() from memory_region_writeback()
   hw/block: Let the NVMe emulated device be target-agnostic
   exec: Rename qemu_ram_writeback() as qemu_ram_msync()
-Stefano Garzarella (2):
+Stefano Garzarella (1):
-  io_uring: retry io_uring_submit() if it fails with errno=3DEINTR
+  MAINTAINERS: add Stefano Garzarella as io_uring reviewer
   io_uring: use io_uring_cq_ready() to check for ready cqes
-Vladimir Sementsov-Ogievskiy (1):
+ MAINTAINERS      |  2 ++
-  block: Factor out bdrv_run_co()
+ block/io_uring.c | 16 +++++++++++++++-
 files changed, 17 insertions(+), 1 deletion(-)
- hw/block/Makefile.objs              |   2 +-
+--
- include/exec/memory.h               |  15 ++-
+.31.1
  include/exec/ram_addr.h             |   4 +-
  include/sysemu/sysemu.h             |   2 +
  block/io.c                          | 193 +++++++++++-----------------
  block/io_uring.c                    |  11 +-
  exec.c                              |   2 +-
  hw/block/nvme.c                     |   6 +-
  memory.c                            |  12 +-
  softmmu/vl.c                        |   2 +-
  target/arm/helper.c                 |   2 +-
  tests/qtest/fuzz/fuzz.c             |  15 +++
  tests/qtest/fuzz/i440fx_fuzz.c      |   3 +-
  tests/qtest/fuzz/virtio_net_fuzz.c  |   2 +
  tests/qtest/fuzz/virtio_scsi_fuzz.c |   2 +
  tests/qtest/fuzz/fork_fuzz.ld       |   5 +
 files changed, 134 insertions(+), 144 deletions(-)
---=20
-.25.4

-[PULL 02/11] io_uring: use io_uring_cq_ready() to check for ready cqes
+[PULL for-6.1 1/3] MAINTAINERS: add Stefano Garzarella as io_uring reviewer
 From: Stefano Garzarella <sgarzare@redhat.com>
-In qemu_luring_poll_cb() we are not using the cqe peeked from the
+I've been working with io_uring for a while so I'd like to help
-CQ ring. We are using io_uring_peek_cqe() only to see if there
+with reviews.
 are cqes ready, so we can replace it with io_uring_cq_ready().
 Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
-Message-id: 20200519134942.118178-1-sgarzare@redhat.com
+Message-Id: <20210728131515.131045-1-sgarzare@redhat.com>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- block/io_uring.c | 9 +++------
+ MAINTAINERS | 1 +
-file changed, 3 insertions(+), 6 deletions(-)
+file changed, 1 insertion(+)
-diff --git a/block/io_uring.c b/block/io_uring.c
+diff --git a/MAINTAINERS b/MAINTAINERS
 index XXXXXXX..XXXXXXX 100644
---- a/block/io_uring.c
+--- a/MAINTAINERS
-+++ b/block/io_uring.c
++++ b/MAINTAINERS
-@@ -XXX,XX +XXX,XX @@ static void qemu_luring_completion_cb(void *opaque)
+@@ -XXX,XX +XXX,XX @@ Linux io_uring
- static bool qemu_luring_poll_cb(void *opaque)
+ M: Aarushi Mehta <mehta.aaru20@gmail.com>
- {
+ M: Julia Suvorova <jusual@redhat.com>
-     LuringState *s = opaque;
+ M: Stefan Hajnoczi <stefanha@redhat.com>
--    struct io_uring_cqe *cqes;
++R: Stefano Garzarella <sgarzare@redhat.com>
+ L: qemu-block@nongnu.org
--    if (io_uring_peek_cqe(&s->ring, &cqes) == 0) {
+ S: Maintained
--        if (cqes) {
+ F: block/io_uring.c
 -            luring_process_completions_and_submit(s);
 -            return true;
 -        }
 +    if (io_uring_cq_ready(&s->ring)) {
 +        luring_process_completions_and_submit(s);
 +        return true;
      }
      return false;
 --
-.25.4
+.31.1

-[PULL 01/11] io_uring: retry io_uring_submit() if it fails with errno=EINTR
+[PULL for-6.1 2/3] block/io_uring: resubmit when result is -EAGAIN
-From: Stefano Garzarella <sgarzare@redhat.com>
+From: Fabian Ebner <f.ebner@proxmox.com>
-As recently documented [1], io_uring_enter(2) syscall can return an
+Linux SCSI can throw spurious -EAGAIN in some corner cases in its
-error (errno=EINTR) if the operation was interrupted by a delivery
+completion path, which will end up being the result in the completed
-of a signal before it could complete.
+io_uring request.
-This should happen when IORING_ENTER_GETEVENTS flag is used, for
+Resubmitting such requests should allow block jobs to complete, even
-example during io_uring_submit_and_wait() or during io_uring_submit()
+if such spurious errors are encountered.
 when IORING_SETUP_IOPOLL is enabled.
-We shouldn't have this problem for now, but it's better to prevent it.
+Co-authored-by: Stefan Hajnoczi <stefanha@gmail.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
-[1] https://github.com/axboe/liburing/commit/344355ec6619de8f4e64584c9736530b5346e4f4
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Message-id: 20210729091029.65369-1-f.ebner@proxmox.com
 Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
 Message-id: 20200519133041.112138-1-sgarzare@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- block/io_uring.c | 2 +-
+ block/io_uring.c | 16 +++++++++++++++-
-file changed, 1 insertion(+), 1 deletion(-)
+file changed, 15 insertions(+), 1 deletion(-)
 diff --git a/block/io_uring.c b/block/io_uring.c
 index XXXXXXX..XXXXXXX 100644
 --- a/block/io_uring.c
 +++ b/block/io_uring.c
-@@ -XXX,XX +XXX,XX @@ static int ioq_submit(LuringState *s)
+@@ -XXX,XX +XXX,XX @@ static void luring_process_completions(LuringState *s)
-         trace_luring_io_uring_submit(s, ret);
+         total_bytes = ret + luringcb->total_read;
-         /* Prevent infinite loop if submission is refused */
-         if (ret <= 0) {
+         if (ret < 0) {
--            if (ret == -EAGAIN) {
+-            if (ret == -EINTR) {
-+            if (ret == -EAGAIN || ret == -EINTR) {
++            /*
 +             * Only writev/readv/fsync requests on regular files or host block
 +             * devices are submitted. Therefore -EAGAIN is not expected but it's
 +             * known to happen sometimes with Linux SCSI. Submit again and hope
 +             * the request completes successfully.
 +             *
 +             * For more information, see:
 +             * https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
 +             *
 +             * If the code is changed to submit other types of requests in the
 +             * future, then this workaround may need to be extended to deal with
 +             * genuine -EAGAIN results that should not be resubmitted
 +             * immediately.
 +             */
 +            if (ret == -EINTR || ret == -EAGAIN) {
                  luring_resubmit(s, luringcb);
                  continue;
              }
-             break;
 --
-.25.4
+.31.1

-[PULL 03/11] fuzz: add datadir for oss-fuzz compatability
+Deleted patch
-From: Alexander Bulekov <alxndr@bu.edu>
-This allows us to keep pc-bios in executable_dir/pc-bios, rather than
-executable_dir/../pc-bios, which is incompatible with oss-fuzz' file
-structure.
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Message-id: 20200512030133.29896-2-alxndr@bu.edu
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/sysemu/sysemu.h |  2 ++
- softmmu/vl.c            |  2 +-
- tests/qtest/fuzz/fuzz.c | 15 +++++++++++++++
-files changed, 18 insertions(+), 1 deletion(-)
-diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/sysemu/sysemu.h
-+++ b/include/sysemu/sysemu.h
-@@ -XXX,XX +XXX,XX @@ extern const char *qemu_name;
- extern QemuUUID qemu_uuid;
- extern bool qemu_uuid_set;
-+void qemu_add_data_dir(const char *path);
-+
- void qemu_add_exit_notifier(Notifier *notify);
- void qemu_remove_exit_notifier(Notifier *notify);
-diff --git a/softmmu/vl.c b/softmmu/vl.c
-index XXXXXXX..XXXXXXX 100644
---- a/softmmu/vl.c
-+++ b/softmmu/vl.c
-@@ -XXX,XX +XXX,XX @@ char *qemu_find_file(int type, const char *name)
-     return NULL;
- }
--static void qemu_add_data_dir(const char *path)
-+void qemu_add_data_dir(const char *path)
- {
-     int i;
-diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/fuzz.c
-+++ b/tests/qtest/fuzz/fuzz.c
-@@ -XXX,XX +XXX,XX @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
- {
-     char *target_name;
-+    char *dir;
-     /* Initialize qgraph and modules */
-     qos_graph_init();
-@@ -XXX,XX +XXX,XX @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
-     target_name = strstr(**argv, "-target-");
-     if (target_name) {        /* The binary name specifies the target */
-         target_name += strlen("-target-");
-+        /*
-+         * With oss-fuzz, the executable is kept in the root of a directory (we
-+         * cannot assume the path). All data (including bios binaries) must be
-+         * in the same dir, or a subdir. Thus, we cannot place the pc-bios so
-+         * that it would be in exec_dir/../pc-bios.
-+         * As a workaround, oss-fuzz allows us to use argv[0] to get the
-+         * location of the executable. Using this we add exec_dir/pc-bios to
-+         * the datadirs.
-+         */
-+        dir = g_build_filename(g_path_get_dirname(**argv), "pc-bios", NULL);
-+        if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
-+            qemu_add_data_dir(dir);
-+        }
-+        g_free(dir);
-     } else if (*argc > 1) {  /* The target is specified as an argument */
-         target_name = (*argv)[1];
-         if (!strstr(target_name, "--fuzz-target=")) {
---
-.25.4

-[PULL 04/11] fuzz: fix typo in i440fx-qtest-reboot arguments
+Deleted patch
-From: Alexander Bulekov <alxndr@bu.edu>
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200512030133.29896-3-alxndr@bu.edu
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/i440fx_fuzz.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/i440fx_fuzz.c
-+++ b/tests/qtest/fuzz/i440fx_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qos_fork(QTestState *s,
- }
- static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest"
--                                       "-m 0 -display none";
-+                                       " -m 0 -display none";
- static const char *i440fx_argv(FuzzTarget *t)
- {
-     return i440fx_qtest_argv;
---
-.25.4

-[PULL 05/11] fuzz: add mangled object name to linker script
+Deleted patch
-From: Alexander Bulekov <alxndr@bu.edu>
-Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's
-fuzzer::TPC object into our contiguous shared-memory region. This does
-not work for some libfuzzer builds, so this addition identifies the
-region by its mangled name: *(.bss._ZN6fuzzer3TPCE);
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Message-id: 20200512030133.29896-4-alxndr@bu.edu
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/fork_fuzz.ld | 5 +++++
-file changed, 5 insertions(+)
-diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/fork_fuzz.ld
-+++ b/tests/qtest/fuzz/fork_fuzz.ld
-@@ -XXX,XX +XXX,XX @@ SECTIONS
-       /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */
-       FuzzerTracePC*(.bss*);
-+      /*
-+       * In case the above line fails, explicitly specify the (mangled) name of
-+       * the object we care about
-+       */
-+       *(.bss._ZN6fuzzer3TPCE);
-   }
-   .data.fuzz_end : ALIGN(4K)
-   {
---
-.25.4

-[PULL 06/11] fuzz: run the main-loop in fork-server process
+Deleted patch
-From: Alexander Bulekov <alxndr@bu.edu>
-Without this, the time since the last main-loop keeps increasing, as the
-fuzzer runs. The forked children need to handle all the "past-due"
-timers, slowing them down, over time. With this change, the
-parent/fork-server process runs the main-loop, while waiting on the
-child, ensuring that the timer events do not pile up, over time.
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Message-id: 20200512030133.29896-5-alxndr@bu.edu
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/i440fx_fuzz.c      | 1 +
- tests/qtest/fuzz/virtio_net_fuzz.c  | 2 ++
- tests/qtest/fuzz/virtio_scsi_fuzz.c | 2 ++
-files changed, 5 insertions(+)
-diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/i440fx_fuzz.c
-+++ b/tests/qtest/fuzz/i440fx_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qos_fork(QTestState *s,
-         i440fx_fuzz_qos(s, Data, Size);
-         _Exit(0);
-     } else {
-+        flush_events(s);
-         wait(NULL);
-     }
- }
-diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/virtio_net_fuzz.c
-+++ b/tests/qtest/fuzz/virtio_net_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void virtio_net_fork_fuzz(QTestState *s,
-         flush_events(s);
-         _Exit(0);
-     } else {
-+        flush_events(s);
-         wait(NULL);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ static void virtio_net_fork_fuzz_check_used(QTestState *s,
-         flush_events(s);
-         _Exit(0);
-     } else {
-+        flush_events(s);
-         wait(NULL);
-     }
- }
-diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/virtio_scsi_fuzz.c
-+++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void virtio_scsi_fork_fuzz(QTestState *s,
-         flush_events(s);
-         _Exit(0);
-     } else {
-+        flush_events(s);
-         wait(NULL);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ static void virtio_scsi_with_flag_fuzz(QTestState *s,
-         }
-         _Exit(0);
-     } else {
-+        flush_events(s);
-         wait(NULL);
-     }
- }
---
-.25.4

-[PULL 07/11] memory: Rename memory_region_do_writeback -> memory_region_writeback
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-We usually use '_do_' for internal functions. Rename
-memory_region_do_writeback() as memory_region_writeback().
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20200508062456.23344-2-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/exec/memory.h | 4 ++--
- memory.c              | 2 +-
- target/arm/helper.c   | 2 +-
-files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -XXX,XX +XXX,XX @@ void *memory_region_get_ram_ptr(MemoryRegion *mr);
- void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize,
-                               Error **errp);
- /**
-- * memory_region_do_writeback: Trigger cache writeback or msync for
-+ * memory_region_writeback: Trigger cache writeback or msync for
-  * selected address range
-  *
-  * @mr: the memory region to be updated
-  * @addr: the initial address of the range to be written back
-  * @size: the size of the range to be written back
-  */
--void memory_region_do_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size);
-+void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size);
- /**
-  * memory_region_set_log: Turn dirty logging on or off for a region.
-diff --git a/memory.c b/memory.c
-index XXXXXXX..XXXXXXX 100644
---- a/memory.c
-+++ b/memory.c
-@@ -XXX,XX +XXX,XX @@ void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp
- }
--void memory_region_do_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
-+void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
- {
-     /*
-      * Might be extended case needed to cover
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static void dccvap_writefn(CPUARMState *env, const ARMCPRegInfo *opaque,
-         mr = memory_region_from_host(haddr, &offset);
-         if (mr) {
--            memory_region_do_writeback(mr, offset, dline_size);
-+            memory_region_writeback(mr, offset, dline_size);
-         }
-     }
- }
---
-.25.4

-[PULL 08/11] memory: Extract memory_region_msync() from memory_region_writeback()
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20200508062456.23344-3-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/exec/memory.h | 13 ++++++++++++-
- memory.c              | 10 ++++++++--
-files changed, 20 insertions(+), 3 deletions(-)
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -XXX,XX +XXX,XX @@ void *memory_region_get_ram_ptr(MemoryRegion *mr);
-  */
- void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize,
-                               Error **errp);
-+
- /**
-- * memory_region_writeback: Trigger cache writeback or msync for
-+ * memory_region_msync: Synchronize selected address range of
-+ * a memory mapped region
-+ *
-+ * @mr: the memory region to be msync
-+ * @addr: the initial address of the range to be sync
-+ * @size: the size of the range to be sync
-+ */
-+void memory_region_msync(MemoryRegion *mr, hwaddr addr, hwaddr size);
-+
-+/**
-+ * memory_region_writeback: Trigger cache writeback for
-  * selected address range
-  *
-  * @mr: the memory region to be updated
-diff --git a/memory.c b/memory.c
-index XXXXXXX..XXXXXXX 100644
---- a/memory.c
-+++ b/memory.c
-@@ -XXX,XX +XXX,XX @@ void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp
-     qemu_ram_resize(mr->ram_block, newsize, errp);
- }
-+void memory_region_msync(MemoryRegion *mr, hwaddr addr, hwaddr size)
-+{
-+    if (mr->ram_block) {
-+        qemu_ram_writeback(mr->ram_block, addr, size);
-+    }
-+}
- void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
- {
-@@ -XXX,XX +XXX,XX @@ void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
-      * Might be extended case needed to cover
-      * different types of memory regions
-      */
--    if (mr->ram_block && mr->dirty_log_mask) {
--        qemu_ram_writeback(mr->ram_block, addr, size);
-+    if (mr->dirty_log_mask) {
-+        memory_region_msync(mr, addr, size);
-     }
- }
---
-.25.4

-[PULL 09/11] hw/block: Let the NVMe emulated device be target-agnostic
+[PULL for-6.1 3/3] MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver
 From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Now than the non-target specific memory_region_msync() function
+I'm interested in following the activity around the NVMe bdrv.
 is available, use it to make this device target-agnostic.
 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 20210728183340.2018313-1-philmd@redhat.com
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Acked-by: Paolo Bonzini <pbonzini@redhat.com>
 Message-id: 20200508062456.23344-4-philmd@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- hw/block/Makefile.objs | 2 +-
+ MAINTAINERS | 1 +
- hw/block/nvme.c        | 6 ++----
+file changed, 1 insertion(+)
 files changed, 3 insertions(+), 5 deletions(-)
-diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
+diff --git a/MAINTAINERS b/MAINTAINERS
 index XXXXXXX..XXXXXXX 100644
---- a/hw/block/Makefile.objs
+--- a/MAINTAINERS
-+++ b/hw/block/Makefile.objs
++++ b/MAINTAINERS
-@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_SH4) += tc58128.o
+@@ -XXX,XX +XXX,XX @@ F: block/null.c
+ NVMe Block Driver
- obj-$(CONFIG_VIRTIO_BLK) += virtio-blk.o
+ M: Stefan Hajnoczi <stefanha@redhat.com>
- obj-$(CONFIG_VHOST_USER_BLK) += vhost-user-blk.o
+ R: Fam Zheng <fam@euphon.net>
--obj-$(CONFIG_NVME_PCI) += nvme.o
++R: Philippe Mathieu-Daudé <philmd@redhat.com>
-+common-obj-$(CONFIG_NVME_PCI) += nvme.o
+ L: qemu-block@nongnu.org
+ S: Supported
- obj-y += dataplane/
+ F: block/nvme*
 diff --git a/hw/block/nvme.c b/hw/block/nvme.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/block/nvme.c
 +++ b/hw/block/nvme.c
@@ -XXX,XX +XXX,XX @@
  #include "qapi/visitor.h"
  #include "sysemu/hostmem.h"
  #include "sysemu/block-backend.h"
 -#include "exec/ram_addr.h"
 -
 +#include "exec/memory.h"
  #include "qemu/log.h"
  #include "qemu/module.h"
  #include "qemu/cutils.h"
@@ -XXX,XX +XXX,XX @@ static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size)
           */
          if (addr == 0xE08 &&
              (NVME_PMRCAP_PMRWBM(n->bar.pmrcap) & 0x02)) {
 -            qemu_ram_writeback(n->pmrdev->mr.ram_block,
 -                               0, n->pmrdev->size);
 +            memory_region_msync(&n->pmrdev->mr, 0, n->pmrdev->size);
          }
          memcpy(&val, ptr + addr, size);
      } else {
 --
-.25.4
+.31.1

-[PULL 10/11] exec: Rename qemu_ram_writeback() as qemu_ram_msync()
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Rename qemu_ram_writeback() as qemu_ram_msync() to better
-match what it does.
-Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20200508062456.23344-5-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/exec/ram_addr.h | 4 ++--
- exec.c                  | 2 +-
- memory.c                | 2 +-
-files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/ram_addr.h
-+++ b/include/exec/ram_addr.h
-@@ -XXX,XX +XXX,XX @@ void qemu_ram_free(RAMBlock *block);
- int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp);
--void qemu_ram_writeback(RAMBlock *block, ram_addr_t start, ram_addr_t length);
-+void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length);
- /* Clear whole block of mem */
- static inline void qemu_ram_block_writeback(RAMBlock *block)
- {
--    qemu_ram_writeback(block, 0, block->used_length);
-+    qemu_ram_msync(block, 0, block->used_length);
- }
- #define DIRTY_CLIENTS_ALL     ((1 << DIRTY_MEMORY_NUM) - 1)
-diff --git a/exec.c b/exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/exec.c
-+++ b/exec.c
-@@ -XXX,XX +XXX,XX @@ int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
-  * Otherwise no-op.
-  * @Note: this is supposed to be a synchronous op.
-  */
--void qemu_ram_writeback(RAMBlock *block, ram_addr_t start, ram_addr_t length)
-+void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length)
- {
-     /* The requested range should fit in within the block range */
-     g_assert((start + length) <= block->used_length);
-diff --git a/memory.c b/memory.c
-index XXXXXXX..XXXXXXX 100644
---- a/memory.c
-+++ b/memory.c
-@@ -XXX,XX +XXX,XX @@ void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp
- void memory_region_msync(MemoryRegion *mr, hwaddr addr, hwaddr size)
- {
-     if (mr->ram_block) {
--        qemu_ram_writeback(mr->ram_block, addr, size);
-+        qemu_ram_msync(mr->ram_block, addr, size);
-     }
- }
---
-.25.4

-[PULL 11/11] block: Factor out bdrv_run_co()
+Deleted patch
-From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-We have a few bdrv_*() functions that can either spawn a new coroutine
-and wait for it with BDRV_POLL_WHILE() or use a fastpath if they are
-alreeady running in a coroutine. All of them duplicate basically the
-same code.
-Factor the common code into a new function bdrv_run_co().
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Message-id: 20200520144901.16589-1-vsementsov@virtuozzo.com
-   [Factor out bdrv_run_co_entry too]
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- block/io.c | 193 ++++++++++++++++++++---------------------------------
-file changed, 72 insertions(+), 121 deletions(-)
-diff --git a/block/io.c b/block/io.c
-index XXXXXXX..XXXXXXX 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/main-loop.h"
- #include "sysemu/replay.h"
--#define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
--
- /* Maximum bounce buffer for copy-on-read and write zeroes, in bytes */
- #define MAX_BOUNCE_BUFFER (32768 << BDRV_SECTOR_BITS)
-@@ -XXX,XX +XXX,XX @@ static int bdrv_check_byte_request(BlockDriverState *bs, int64_t offset,
-     return 0;
- }
-+typedef int coroutine_fn BdrvRequestEntry(void *opaque);
-+typedef struct BdrvRunCo {
-+    BdrvRequestEntry *entry;
-+    void *opaque;
-+    int ret;
-+    bool done;
-+    Coroutine *co; /* Coroutine, running bdrv_run_co_entry, for debugging */
-+} BdrvRunCo;
-+
-+static void coroutine_fn bdrv_run_co_entry(void *opaque)
-+{
-+    BdrvRunCo *arg = opaque;
-+
-+    arg->ret = arg->entry(arg->opaque);
-+    arg->done = true;
-+    aio_wait_kick();
-+}
-+
-+static int bdrv_run_co(BlockDriverState *bs, BdrvRequestEntry *entry,
-+                       void *opaque)
-+{
-+    if (qemu_in_coroutine()) {
-+        /* Fast-path if already in coroutine context */
-+        return entry(opaque);
-+    } else {
-+        BdrvRunCo s = { .entry = entry, .opaque = opaque };
-+
-+        s.co = qemu_coroutine_create(bdrv_run_co_entry, &s);
-+        bdrv_coroutine_enter(bs, s.co);
-+
-+        BDRV_POLL_WHILE(bs, !s.done);
-+
-+        return s.ret;
-+    }
-+}
-+
- typedef struct RwCo {
-     BdrvChild *child;
-     int64_t offset;
-     QEMUIOVector *qiov;
-     bool is_write;
--    int ret;
-     BdrvRequestFlags flags;
- } RwCo;
--static void coroutine_fn bdrv_rw_co_entry(void *opaque)
-+static int coroutine_fn bdrv_rw_co_entry(void *opaque)
- {
-     RwCo *rwco = opaque;
-     if (!rwco->is_write) {
--        rwco->ret = bdrv_co_preadv(rwco->child, rwco->offset,
--                                   rwco->qiov->size, rwco->qiov,
--                                   rwco->flags);
-+        return bdrv_co_preadv(rwco->child, rwco->offset,
-+                              rwco->qiov->size, rwco->qiov,
-+                              rwco->flags);
-     } else {
--        rwco->ret = bdrv_co_pwritev(rwco->child, rwco->offset,
--                                    rwco->qiov->size, rwco->qiov,
--                                    rwco->flags);
-+        return bdrv_co_pwritev(rwco->child, rwco->offset,
-+                               rwco->qiov->size, rwco->qiov,
-+                               rwco->flags);
-     }
--    aio_wait_kick();
- }
- /*
-@@ -XXX,XX +XXX,XX @@ static int bdrv_prwv_co(BdrvChild *child, int64_t offset,
-                         QEMUIOVector *qiov, bool is_write,
-                         BdrvRequestFlags flags)
- {
--    Coroutine *co;
-     RwCo rwco = {
-         .child = child,
-         .offset = offset,
-         .qiov = qiov,
-         .is_write = is_write,
--        .ret = NOT_DONE,
-         .flags = flags,
-     };
--    if (qemu_in_coroutine()) {
--        /* Fast-path if already in coroutine context */
--        bdrv_rw_co_entry(&rwco);
--    } else {
--        co = qemu_coroutine_create(bdrv_rw_co_entry, &rwco);
--        bdrv_coroutine_enter(child->bs, co);
--        BDRV_POLL_WHILE(child->bs, rwco.ret == NOT_DONE);
--    }
--    return rwco.ret;
-+    return bdrv_run_co(child->bs, bdrv_rw_co_entry, &rwco);
- }
- int bdrv_pwrite_zeroes(BdrvChild *child, int64_t offset,
-@@ -XXX,XX +XXX,XX @@ typedef struct BdrvCoBlockStatusData {
-     int64_t *pnum;
-     int64_t *map;
-     BlockDriverState **file;
--    int ret;
--    bool done;
- } BdrvCoBlockStatusData;
- int coroutine_fn bdrv_co_block_status_from_file(BlockDriverState *bs,
-@@ -XXX,XX +XXX,XX @@ static int coroutine_fn bdrv_co_block_status_above(BlockDriverState *bs,
- }
- /* Coroutine wrapper for bdrv_block_status_above() */
--static void coroutine_fn bdrv_block_status_above_co_entry(void *opaque)
-+static int coroutine_fn bdrv_block_status_above_co_entry(void *opaque)
- {
-     BdrvCoBlockStatusData *data = opaque;
--    data->ret = bdrv_co_block_status_above(data->bs, data->base,
--                                           data->want_zero,
--                                           data->offset, data->bytes,
--                                           data->pnum, data->map, data->file);
--    data->done = true;
--    aio_wait_kick();
-+    return bdrv_co_block_status_above(data->bs, data->base,
-+                                      data->want_zero,
-+                                      data->offset, data->bytes,
-+                                      data->pnum, data->map, data->file);
- }
- /*
-@@ -XXX,XX +XXX,XX @@ static int bdrv_common_block_status_above(BlockDriverState *bs,
-                                           int64_t *map,
-                                           BlockDriverState **file)
- {
--    Coroutine *co;
-     BdrvCoBlockStatusData data = {
-         .bs = bs,
-         .base = base,
-@@ -XXX,XX +XXX,XX @@ static int bdrv_common_block_status_above(BlockDriverState *bs,
-         .pnum = pnum,
-         .map = map,
-         .file = file,
--        .done = false,
-     };
--    if (qemu_in_coroutine()) {
--        /* Fast-path if already in coroutine context */
--        bdrv_block_status_above_co_entry(&data);
--    } else {
--        co = qemu_coroutine_create(bdrv_block_status_above_co_entry, &data);
--        bdrv_coroutine_enter(bs, co);
--        BDRV_POLL_WHILE(bs, !data.done);
--    }
--    return data.ret;
-+    return bdrv_run_co(bs, bdrv_block_status_above_co_entry, &data);
- }
- int bdrv_block_status_above(BlockDriverState *bs, BlockDriverState *base,
-@@ -XXX,XX +XXX,XX @@ typedef struct BdrvVmstateCo {
-     QEMUIOVector        *qiov;
-     int64_t             pos;
-     bool                is_read;
--    int                 ret;
- } BdrvVmstateCo;
- static int coroutine_fn
-@@ -XXX,XX +XXX,XX @@ bdrv_co_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
-     return ret;
- }
--static void coroutine_fn bdrv_co_rw_vmstate_entry(void *opaque)
-+static int coroutine_fn bdrv_co_rw_vmstate_entry(void *opaque)
- {
-     BdrvVmstateCo *co = opaque;
--    co->ret = bdrv_co_rw_vmstate(co->bs, co->qiov, co->pos, co->is_read);
--    aio_wait_kick();
-+
-+    return bdrv_co_rw_vmstate(co->bs, co->qiov, co->pos, co->is_read);
- }
- static inline int
- bdrv_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
-                 bool is_read)
- {
--    if (qemu_in_coroutine()) {
--        return bdrv_co_rw_vmstate(bs, qiov, pos, is_read);
--    } else {
--        BdrvVmstateCo data = {
--            .bs         = bs,
--            .qiov       = qiov,
--            .pos        = pos,
--            .is_read    = is_read,
--            .ret        = -EINPROGRESS,
--        };
--        Coroutine *co = qemu_coroutine_create(bdrv_co_rw_vmstate_entry, &data);
-+    BdrvVmstateCo data = {
-+        .bs         = bs,
-+        .qiov       = qiov,
-+        .pos        = pos,
-+        .is_read    = is_read,
-+    };
--        bdrv_coroutine_enter(bs, co);
--        BDRV_POLL_WHILE(bs, data.ret == -EINPROGRESS);
--        return data.ret;
--    }
-+    return bdrv_run_co(bs, bdrv_co_rw_vmstate_entry, &data);
- }
- int bdrv_save_vmstate(BlockDriverState *bs, const uint8_t *buf,
-@@ -XXX,XX +XXX,XX @@ void bdrv_aio_cancel_async(BlockAIOCB *acb)
- /**************************************************************/
- /* Coroutine block device emulation */
--typedef struct FlushCo {
--    BlockDriverState *bs;
--    int ret;
--} FlushCo;
--
--
--static void coroutine_fn bdrv_flush_co_entry(void *opaque)
-+static int coroutine_fn bdrv_flush_co_entry(void *opaque)
- {
--    FlushCo *rwco = opaque;
--
--    rwco->ret = bdrv_co_flush(rwco->bs);
--    aio_wait_kick();
-+    return bdrv_co_flush(opaque);
- }
- int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
-@@ -XXX,XX +XXX,XX @@ early_exit:
- int bdrv_flush(BlockDriverState *bs)
- {
--    Coroutine *co;
--    FlushCo flush_co = {
--        .bs = bs,
--        .ret = NOT_DONE,
--    };
--
--    if (qemu_in_coroutine()) {
--        /* Fast-path if already in coroutine context */
--        bdrv_flush_co_entry(&flush_co);
--    } else {
--        co = qemu_coroutine_create(bdrv_flush_co_entry, &flush_co);
--        bdrv_coroutine_enter(bs, co);
--        BDRV_POLL_WHILE(bs, flush_co.ret == NOT_DONE);
--    }
--
--    return flush_co.ret;
-+    return bdrv_run_co(bs, bdrv_flush_co_entry, bs);
- }
- typedef struct DiscardCo {
-     BdrvChild *child;
-     int64_t offset;
-     int64_t bytes;
--    int ret;
- } DiscardCo;
--static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
-+
-+static int coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
- {
-     DiscardCo *rwco = opaque;
--    rwco->ret = bdrv_co_pdiscard(rwco->child, rwco->offset, rwco->bytes);
--    aio_wait_kick();
-+    return bdrv_co_pdiscard(rwco->child, rwco->offset, rwco->bytes);
- }
- int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
-@@ -XXX,XX +XXX,XX @@ out:
- int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
- {
--    Coroutine *co;
-     DiscardCo rwco = {
-         .child = child,
-         .offset = offset,
-         .bytes = bytes,
--        .ret = NOT_DONE,
-     };
--    if (qemu_in_coroutine()) {
--        /* Fast-path if already in coroutine context */
--        bdrv_pdiscard_co_entry(&rwco);
--    } else {
--        co = qemu_coroutine_create(bdrv_pdiscard_co_entry, &rwco);
--        bdrv_coroutine_enter(child->bs, co);
--        BDRV_POLL_WHILE(child->bs, rwco.ret == NOT_DONE);
--    }
--
--    return rwco.ret;
-+    return bdrv_run_co(child->bs, bdrv_pdiscard_co_entry, &rwco);
- }
- int bdrv_co_ioctl(BlockDriverState *bs, int req, void *buf)
-@@ -XXX,XX +XXX,XX @@ typedef struct TruncateCo {
-     PreallocMode prealloc;
-     BdrvRequestFlags flags;
-     Error **errp;
--    int ret;
- } TruncateCo;
--static void coroutine_fn bdrv_truncate_co_entry(void *opaque)
-+static int coroutine_fn bdrv_truncate_co_entry(void *opaque)
- {
-     TruncateCo *tco = opaque;
--    tco->ret = bdrv_co_truncate(tco->child, tco->offset, tco->exact,
--                                tco->prealloc, tco->flags, tco->errp);
--    aio_wait_kick();
-+
-+    return bdrv_co_truncate(tco->child, tco->offset, tco->exact,
-+                            tco->prealloc, tco->flags, tco->errp);
- }
- int bdrv_truncate(BdrvChild *child, int64_t offset, bool exact,
-                   PreallocMode prealloc, BdrvRequestFlags flags, Error **errp)
- {
--    Coroutine *co;
-     TruncateCo tco = {
-         .child      = child,
-         .offset     = offset,
-@@ -XXX,XX +XXX,XX @@ int bdrv_truncate(BdrvChild *child, int64_t offset, bool exact,
-         .prealloc   = prealloc,
-         .flags      = flags,
-         .errp       = errp,
--        .ret        = NOT_DONE,
-     };
--    if (qemu_in_coroutine()) {
--        /* Fast-path if already in coroutine context */
--        bdrv_truncate_co_entry(&tco);
--    } else {
--        co = qemu_coroutine_create(bdrv_truncate_co_entry, &tco);
--        bdrv_coroutine_enter(child->bs, co);
--        BDRV_POLL_WHILE(child->bs, tco.ret == NOT_DONE);
--    }
--
--    return tco.ret;
-+    return bdrv_run_co(child->bs, bdrv_truncate_co_entry, &tco);
- }
---
-.25.4

The following changes since commit 66234fee9c2d37bfbc523aa8d0ae5300a14cc10e:

Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-202=
00603' into staging (2020-06-04 11:38:48 +0100)

are available in the Git repository at:

https://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 7d2410cea154bf915fb30179ebda3b17ac36e70e:

block: Factor out bdrv_run_co() (2020-06-05 09:54:48 +0100)

----------------------------------------------------------------
Pull request

----------------------------------------------------------------

Alexander Bulekov (4):
  fuzz: add datadir for oss-fuzz compatability
  fuzz: fix typo in i440fx-qtest-reboot arguments
  fuzz: add mangled object name to linker script
  fuzz: run the main-loop in fork-server process

Philippe Mathieu-Daud=C3=A9 (4):
  memory: Rename memory_region_do_writeback -> memory_region_writeback
  memory: Extract memory_region_msync() from memory_region_writeback()
  hw/block: Let the NVMe emulated device be target-agnostic
  exec: Rename qemu_ram_writeback() as qemu_ram_msync()

Stefano Garzarella (2):
  io_uring: retry io_uring_submit() if it fails with errno=3DEINTR
  io_uring: use io_uring_cq_ready() to check for ready cqes

Vladimir Sementsov-Ogievskiy (1):
  block: Factor out bdrv_run_co()

--=20
2.25.4

From: Stefano Garzarella <sgarzare@redhat.com>

As recently documented [1], io_uring_enter(2) syscall can return an
error (errno=EINTR) if the operation was interrupted by a delivery
of a signal before it could complete.

This should happen when IORING_ENTER_GETEVENTS flag is used, for
example during io_uring_submit_and_wait() or during io_uring_submit()
when IORING_SETUP_IOPOLL is enabled.

We shouldn't have this problem for now, but it's better to prevent it.

[1] https://github.com/axboe/liburing/commit/344355ec6619de8f4e64584c9736530b5346e4f4

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20200519133041.112138-1-sgarzare@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/io_uring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/io_uring.c b/block/io_uring.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io_uring.c
+++ b/block/io_uring.c
@@ -XXX,XX +XXX,XX @@ static int ioq_submit(LuringState *s)
         trace_luring_io_uring_submit(s, ret);
         /* Prevent infinite loop if submission is refused */
         if (ret <= 0) {
-            if (ret == -EAGAIN) {
+            if (ret == -EAGAIN || ret == -EINTR) {
                 continue;
             }
             break;
-- 
2.25.4

From: Stefano Garzarella <sgarzare@redhat.com>

In qemu_luring_poll_cb() we are not using the cqe peeked from the
CQ ring. We are using io_uring_peek_cqe() only to see if there
are cqes ready, so we can replace it with io_uring_cq_ready().

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20200519134942.118178-1-sgarzare@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/io_uring.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/block/io_uring.c b/block/io_uring.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io_uring.c
+++ b/block/io_uring.c
@@ -XXX,XX +XXX,XX @@ static void qemu_luring_completion_cb(void *opaque)
 static bool qemu_luring_poll_cb(void *opaque)
 {
     LuringState *s = opaque;
-    struct io_uring_cqe *cqes;
 
-    if (io_uring_peek_cqe(&s->ring, &cqes) == 0) {
-        if (cqes) {
-            luring_process_completions_and_submit(s);
-            return true;
-        }
+    if (io_uring_cq_ready(&s->ring)) {
+        luring_process_completions_and_submit(s);
+        return true;
     }
 
     return false;
-- 
2.25.4

From: Alexander Bulekov <alxndr@bu.edu>

This allows us to keep pc-bios in executable_dir/pc-bios, rather than
executable_dir/../pc-bios, which is incompatible with oss-fuzz' file
structure.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-id: 20200512030133.29896-2-alxndr@bu.edu
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/sysemu/sysemu.h |  2 ++
 softmmu/vl.c            |  2 +-
 tests/qtest/fuzz/fuzz.c | 15 +++++++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -XXX,XX +XXX,XX @@ extern const char *qemu_name;
 extern QemuUUID qemu_uuid;
 extern bool qemu_uuid_set;
 
+void qemu_add_data_dir(const char *path);
+
 void qemu_add_exit_notifier(Notifier *notify);
 void qemu_remove_exit_notifier(Notifier *notify);
 
diff --git a/softmmu/vl.c b/softmmu/vl.c
index XXXXXXX..XXXXXXX 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -XXX,XX +XXX,XX @@ char *qemu_find_file(int type, const char *name)
     return NULL;
 }
 
-static void qemu_add_data_dir(const char *path)
+void qemu_add_data_dir(const char *path)
 {
     int i;
 
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -XXX,XX +XXX,XX @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
 {
 
     char *target_name;
+    char *dir;
 
     /* Initialize qgraph and modules */
     qos_graph_init();
@@ -XXX,XX +XXX,XX @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
     target_name = strstr(**argv, "-target-");
     if (target_name) {        /* The binary name specifies the target */
         target_name += strlen("-target-");
+        /*
+         * With oss-fuzz, the executable is kept in the root of a directory (we
+         * cannot assume the path). All data (including bios binaries) must be
+         * in the same dir, or a subdir. Thus, we cannot place the pc-bios so
+         * that it would be in exec_dir/../pc-bios.
+         * As a workaround, oss-fuzz allows us to use argv[0] to get the
+         * location of the executable. Using this we add exec_dir/pc-bios to
+         * the datadirs.
+         */
+        dir = g_build_filename(g_path_get_dirname(**argv), "pc-bios", NULL);
+        if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
+            qemu_add_data_dir(dir);
+        }
+        g_free(dir);
     } else if (*argc > 1) {  /* The target is specified as an argument */
         target_name = (*argv)[1];
         if (!strstr(target_name, "--fuzz-target=")) {
-- 
2.25.4

From: Alexander Bulekov <alxndr@bu.edu>

Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's
fuzzer::TPC object into our contiguous shared-memory region. This does
not work for some libfuzzer builds, so this addition identifies the
region by its mangled name: *(.bss._ZN6fuzzer3TPCE);

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-id: 20200512030133.29896-4-alxndr@bu.edu
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/qtest/fuzz/fork_fuzz.ld | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld
index XXXXXXX..XXXXXXX 100644
--- a/tests/qtest/fuzz/fork_fuzz.ld
+++ b/tests/qtest/fuzz/fork_fuzz.ld
@@ -XXX,XX +XXX,XX @@ SECTIONS
 
       /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */
       FuzzerTracePC*(.bss*);
+      /*
+       * In case the above line fails, explicitly specify the (mangled) name of
+       * the object we care about
+       */
+       *(.bss._ZN6fuzzer3TPCE);
   }
   .data.fuzz_end : ALIGN(4K)
   {
-- 
2.25.4

From: Alexander Bulekov <alxndr@bu.edu>

Without this, the time since the last main-loop keeps increasing, as the
fuzzer runs. The forked children need to handle all the "past-due"
timers, slowing them down, over time. With this change, the
parent/fork-server process runs the main-loop, while waiting on the
child, ensuring that the timer events do not pile up, over time.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-id: 20200512030133.29896-5-alxndr@bu.edu
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/qtest/fuzz/i440fx_fuzz.c      | 1 +
 tests/qtest/fuzz/virtio_net_fuzz.c  | 2 ++
 tests/qtest/fuzz/virtio_scsi_fuzz.c | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/qtest/fuzz/i440fx_fuzz.c
+++ b/tests/qtest/fuzz/i440fx_fuzz.c
@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qos_fork(QTestState *s,
         i440fx_fuzz_qos(s, Data, Size);
         _Exit(0);
     } else {
+        flush_events(s);
         wait(NULL);
     }
 }
diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/qtest/fuzz/virtio_net_fuzz.c
+++ b/tests/qtest/fuzz/virtio_net_fuzz.c
@@ -XXX,XX +XXX,XX @@ static void virtio_net_fork_fuzz(QTestState *s,
         flush_events(s);
         _Exit(0);
     } else {
+        flush_events(s);
         wait(NULL);
     }
 }
@@ -XXX,XX +XXX,XX @@ static void virtio_net_fork_fuzz_check_used(QTestState *s,
         flush_events(s);
         _Exit(0);
     } else {
+        flush_events(s);
         wait(NULL);
     }
 }
diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/qtest/fuzz/virtio_scsi_fuzz.c
+++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c
@@ -XXX,XX +XXX,XX @@ static void virtio_scsi_fork_fuzz(QTestState *s,
         flush_events(s);
         _Exit(0);
     } else {
+        flush_events(s);
         wait(NULL);
     }
 }
@@ -XXX,XX +XXX,XX @@ static void virtio_scsi_with_flag_fuzz(QTestState *s,
         }
         _Exit(0);
     } else {
+        flush_events(s);
         wait(NULL);
     }
 }
-- 
2.25.4

From: Philippe Mathieu-Daudé <philmd@redhat.com>

We usually use '_do_' for internal functions. Rename
memory_region_do_writeback() as memory_region_writeback().

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20200508062456.23344-2-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/exec/memory.h | 4 ++--
 memory.c              | 2 +-
 target/arm/helper.c   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -XXX,XX +XXX,XX @@ void *memory_region_get_ram_ptr(MemoryRegion *mr);
 void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize,
                               Error **errp);
 /**
- * memory_region_do_writeback: Trigger cache writeback or msync for
+ * memory_region_writeback: Trigger cache writeback or msync for
  * selected address range
  *
  * @mr: the memory region to be updated
  * @addr: the initial address of the range to be written back
  * @size: the size of the range to be written back
  */
-void memory_region_do_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size);
+void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size);
 
 /**
  * memory_region_set_log: Turn dirty logging on or off for a region.
diff --git a/memory.c b/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/memory.c
+++ b/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp
 }
 
 
-void memory_region_do_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
+void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
 {
     /*
      * Might be extended case needed to cover
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void dccvap_writefn(CPUARMState *env, const ARMCPRegInfo *opaque,
         mr = memory_region_from_host(haddr, &offset);
 
         if (mr) {
-            memory_region_do_writeback(mr, offset, dline_size);
+            memory_region_writeback(mr, offset, dline_size);
         }
     }
 }
-- 
2.25.4

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20200508062456.23344-3-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/exec/memory.h | 13 ++++++++++++-
 memory.c              | 10 ++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -XXX,XX +XXX,XX @@ void *memory_region_get_ram_ptr(MemoryRegion *mr);
  */
 void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize,
                               Error **errp);
+
 /**
- * memory_region_writeback: Trigger cache writeback or msync for
+ * memory_region_msync: Synchronize selected address range of
+ * a memory mapped region
+ *
+ * @mr: the memory region to be msync
+ * @addr: the initial address of the range to be sync
+ * @size: the size of the range to be sync
+ */
+void memory_region_msync(MemoryRegion *mr, hwaddr addr, hwaddr size);
+
+/**
+ * memory_region_writeback: Trigger cache writeback for
  * selected address range
  *
  * @mr: the memory region to be updated
diff --git a/memory.c b/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/memory.c
+++ b/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp
     qemu_ram_resize(mr->ram_block, newsize, errp);
 }
 
+void memory_region_msync(MemoryRegion *mr, hwaddr addr, hwaddr size)
+{
+    if (mr->ram_block) {
+        qemu_ram_writeback(mr->ram_block, addr, size);
+    }
+}
 
 void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
 {
@@ -XXX,XX +XXX,XX @@ void memory_region_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
      * Might be extended case needed to cover
      * different types of memory regions
      */
-    if (mr->ram_block && mr->dirty_log_mask) {
-        qemu_ram_writeback(mr->ram_block, addr, size);
+    if (mr->dirty_log_mask) {
+        memory_region_msync(mr, addr, size);
     }
 }
 
-- 
2.25.4

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Now than the non-target specific memory_region_msync() function
is available, use it to make this device target-agnostic.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20200508062456.23344-4-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/block/Makefile.objs | 2 +-
 hw/block/nvme.c        | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/Makefile.objs
+++ b/hw/block/Makefile.objs
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_SH4) += tc58128.o
 
 obj-$(CONFIG_VIRTIO_BLK) += virtio-blk.o
 obj-$(CONFIG_VHOST_USER_BLK) += vhost-user-blk.o
-obj-$(CONFIG_NVME_PCI) += nvme.o
+common-obj-$(CONFIG_NVME_PCI) += nvme.o
 
 obj-y += dataplane/
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/visitor.h"
 #include "sysemu/hostmem.h"
 #include "sysemu/block-backend.h"
-#include "exec/ram_addr.h"
-
+#include "exec/memory.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
 #include "qemu/cutils.h"
@@ -XXX,XX +XXX,XX @@ static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size)
          */
         if (addr == 0xE08 &&
             (NVME_PMRCAP_PMRWBM(n->bar.pmrcap) & 0x02)) {
-            qemu_ram_writeback(n->pmrdev->mr.ram_block,
-                               0, n->pmrdev->size);
+            memory_region_msync(&n->pmrdev->mr, 0, n->pmrdev->size);
         }
         memcpy(&val, ptr + addr, size);
     } else {
-- 
2.25.4

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Rename qemu_ram_writeback() as qemu_ram_msync() to better
match what it does.

Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20200508062456.23344-5-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/exec/ram_addr.h | 4 ++--
 exec.c                  | 2 +-
 memory.c                | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -XXX,XX +XXX,XX @@ void qemu_ram_free(RAMBlock *block);
 
 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp);
 
-void qemu_ram_writeback(RAMBlock *block, ram_addr_t start, ram_addr_t length);
+void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length);
 
 /* Clear whole block of mem */
 static inline void qemu_ram_block_writeback(RAMBlock *block)
 {
-    qemu_ram_writeback(block, 0, block->used_length);
+    qemu_ram_msync(block, 0, block->used_length);
 }
 
 #define DIRTY_CLIENTS_ALL     ((1 << DIRTY_MEMORY_NUM) - 1)
diff --git a/exec.c b/exec.c
index XXXXXXX..XXXXXXX 100644
--- a/exec.c
+++ b/exec.c
@@ -XXX,XX +XXX,XX @@ int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
  * Otherwise no-op.
  * @Note: this is supposed to be a synchronous op.
  */
-void qemu_ram_writeback(RAMBlock *block, ram_addr_t start, ram_addr_t length)
+void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length)
 {
     /* The requested range should fit in within the block range */
     g_assert((start + length) <= block->used_length);
diff --git a/memory.c b/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/memory.c
+++ b/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp
 void memory_region_msync(MemoryRegion *mr, hwaddr addr, hwaddr size)
 {
     if (mr->ram_block) {
-        qemu_ram_writeback(mr->ram_block, addr, size);
+        qemu_ram_msync(mr->ram_block, addr, size);
     }
 }
 
-- 
2.25.4

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

We have a few bdrv_*() functions that can either spawn a new coroutine
and wait for it with BDRV_POLL_WHILE() or use a fastpath if they are
alreeady running in a coroutine. All of them duplicate basically the
same code.

Factor the common code into a new function bdrv_run_co().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20200520144901.16589-1-vsementsov@virtuozzo.com
   [Factor out bdrv_run_co_entry too]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/io.c | 193 ++++++++++++++++++++---------------------------------
 1 file changed, 72 insertions(+), 121 deletions(-)

diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/main-loop.h"
 #include "sysemu/replay.h"
 
-#define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
-
 /* Maximum bounce buffer for copy-on-read and write zeroes, in bytes */
 #define MAX_BOUNCE_BUFFER (32768 << BDRV_SECTOR_BITS)
 
@@ -XXX,XX +XXX,XX @@ static int bdrv_check_byte_request(BlockDriverState *bs, int64_t offset,
     return 0;
 }
 
+typedef int coroutine_fn BdrvRequestEntry(void *opaque);
+typedef struct BdrvRunCo {
+    BdrvRequestEntry *entry;
+    void *opaque;
+    int ret;
+    bool done;
+    Coroutine *co; /* Coroutine, running bdrv_run_co_entry, for debugging */
+} BdrvRunCo;
+
+static void coroutine_fn bdrv_run_co_entry(void *opaque)
+{
+    BdrvRunCo *arg = opaque;
+
+    arg->ret = arg->entry(arg->opaque);
+    arg->done = true;
+    aio_wait_kick();
+}
+
+static int bdrv_run_co(BlockDriverState *bs, BdrvRequestEntry *entry,
+                       void *opaque)
+{
+    if (qemu_in_coroutine()) {
+        /* Fast-path if already in coroutine context */
+        return entry(opaque);
+    } else {
+        BdrvRunCo s = { .entry = entry, .opaque = opaque };
+
+        s.co = qemu_coroutine_create(bdrv_run_co_entry, &s);
+        bdrv_coroutine_enter(bs, s.co);
+
+        BDRV_POLL_WHILE(bs, !s.done);
+
+        return s.ret;
+    }
+}
+
 typedef struct RwCo {
     BdrvChild *child;
     int64_t offset;
     QEMUIOVector *qiov;
     bool is_write;
-    int ret;
     BdrvRequestFlags flags;
 } RwCo;
 
-static void coroutine_fn bdrv_rw_co_entry(void *opaque)
+static int coroutine_fn bdrv_rw_co_entry(void *opaque)
 {
     RwCo *rwco = opaque;
 
     if (!rwco->is_write) {
-        rwco->ret = bdrv_co_preadv(rwco->child, rwco->offset,
-                                   rwco->qiov->size, rwco->qiov,
-                                   rwco->flags);
+        return bdrv_co_preadv(rwco->child, rwco->offset,
+                              rwco->qiov->size, rwco->qiov,
+                              rwco->flags);
     } else {
-        rwco->ret = bdrv_co_pwritev(rwco->child, rwco->offset,
-                                    rwco->qiov->size, rwco->qiov,
-                                    rwco->flags);
+        return bdrv_co_pwritev(rwco->child, rwco->offset,
+                               rwco->qiov->size, rwco->qiov,
+                               rwco->flags);
     }
-    aio_wait_kick();
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ static int bdrv_prwv_co(BdrvChild *child, int64_t offset,
                         QEMUIOVector *qiov, bool is_write,
                         BdrvRequestFlags flags)
 {
-    Coroutine *co;
     RwCo rwco = {
         .child = child,
         .offset = offset,
         .qiov = qiov,
         .is_write = is_write,
-        .ret = NOT_DONE,
         .flags = flags,
     };
 
-    if (qemu_in_coroutine()) {
-        /* Fast-path if already in coroutine context */
-        bdrv_rw_co_entry(&rwco);
-    } else {
-        co = qemu_coroutine_create(bdrv_rw_co_entry, &rwco);
-        bdrv_coroutine_enter(child->bs, co);
-        BDRV_POLL_WHILE(child->bs, rwco.ret == NOT_DONE);
-    }
-    return rwco.ret;
+    return bdrv_run_co(child->bs, bdrv_rw_co_entry, &rwco);
 }
 
 int bdrv_pwrite_zeroes(BdrvChild *child, int64_t offset,
@@ -XXX,XX +XXX,XX @@ typedef struct BdrvCoBlockStatusData {
     int64_t *pnum;
     int64_t *map;
     BlockDriverState **file;
-    int ret;
-    bool done;
 } BdrvCoBlockStatusData;
 
 int coroutine_fn bdrv_co_block_status_from_file(BlockDriverState *bs,
@@ -XXX,XX +XXX,XX @@ static int coroutine_fn bdrv_co_block_status_above(BlockDriverState *bs,
 }
 
 /* Coroutine wrapper for bdrv_block_status_above() */
-static void coroutine_fn bdrv_block_status_above_co_entry(void *opaque)
+static int coroutine_fn bdrv_block_status_above_co_entry(void *opaque)
 {
     BdrvCoBlockStatusData *data = opaque;
 
-    data->ret = bdrv_co_block_status_above(data->bs, data->base,
-                                           data->want_zero,
-                                           data->offset, data->bytes,
-                                           data->pnum, data->map, data->file);
-    data->done = true;
-    aio_wait_kick();
+    return bdrv_co_block_status_above(data->bs, data->base,
+                                      data->want_zero,
+                                      data->offset, data->bytes,
+                                      data->pnum, data->map, data->file);
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ static int bdrv_common_block_status_above(BlockDriverState *bs,
                                           int64_t *map,
                                           BlockDriverState **file)
 {
-    Coroutine *co;
     BdrvCoBlockStatusData data = {
         .bs = bs,
         .base = base,
@@ -XXX,XX +XXX,XX @@ static int bdrv_common_block_status_above(BlockDriverState *bs,
         .pnum = pnum,
         .map = map,
         .file = file,
-        .done = false,
     };
 
-    if (qemu_in_coroutine()) {
-        /* Fast-path if already in coroutine context */
-        bdrv_block_status_above_co_entry(&data);
-    } else {
-        co = qemu_coroutine_create(bdrv_block_status_above_co_entry, &data);
-        bdrv_coroutine_enter(bs, co);
-        BDRV_POLL_WHILE(bs, !data.done);
-    }
-    return data.ret;
+    return bdrv_run_co(bs, bdrv_block_status_above_co_entry, &data);
 }
 
 int bdrv_block_status_above(BlockDriverState *bs, BlockDriverState *base,
@@ -XXX,XX +XXX,XX @@ typedef struct BdrvVmstateCo {
     QEMUIOVector        *qiov;
     int64_t             pos;
     bool                is_read;
-    int                 ret;
 } BdrvVmstateCo;
 
 static int coroutine_fn
@@ -XXX,XX +XXX,XX @@ bdrv_co_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
     return ret;
 }
 
-static void coroutine_fn bdrv_co_rw_vmstate_entry(void *opaque)
+static int coroutine_fn bdrv_co_rw_vmstate_entry(void *opaque)
 {
     BdrvVmstateCo *co = opaque;
-    co->ret = bdrv_co_rw_vmstate(co->bs, co->qiov, co->pos, co->is_read);
-    aio_wait_kick();
+
+    return bdrv_co_rw_vmstate(co->bs, co->qiov, co->pos, co->is_read);
 }
 
 static inline int
 bdrv_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
                 bool is_read)
 {
-    if (qemu_in_coroutine()) {
-        return bdrv_co_rw_vmstate(bs, qiov, pos, is_read);
-    } else {
-        BdrvVmstateCo data = {
-            .bs         = bs,
-            .qiov       = qiov,
-            .pos        = pos,
-            .is_read    = is_read,
-            .ret        = -EINPROGRESS,
-        };
-        Coroutine *co = qemu_coroutine_create(bdrv_co_rw_vmstate_entry, &data);
+    BdrvVmstateCo data = {
+        .bs         = bs,
+        .qiov       = qiov,
+        .pos        = pos,
+        .is_read    = is_read,
+    };
 
-        bdrv_coroutine_enter(bs, co);
-        BDRV_POLL_WHILE(bs, data.ret == -EINPROGRESS);
-        return data.ret;
-    }
+    return bdrv_run_co(bs, bdrv_co_rw_vmstate_entry, &data);
 }
 
 int bdrv_save_vmstate(BlockDriverState *bs, const uint8_t *buf,
@@ -XXX,XX +XXX,XX @@ void bdrv_aio_cancel_async(BlockAIOCB *acb)
 /**************************************************************/
 /* Coroutine block device emulation */
 
-typedef struct FlushCo {
-    BlockDriverState *bs;
-    int ret;
-} FlushCo;
-
-
-static void coroutine_fn bdrv_flush_co_entry(void *opaque)
+static int coroutine_fn bdrv_flush_co_entry(void *opaque)
 {
-    FlushCo *rwco = opaque;
-
-    rwco->ret = bdrv_co_flush(rwco->bs);
-    aio_wait_kick();
+    return bdrv_co_flush(opaque);
 }
 
 int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
@@ -XXX,XX +XXX,XX @@ early_exit:
 
 int bdrv_flush(BlockDriverState *bs)
 {
-    Coroutine *co;
-    FlushCo flush_co = {
-        .bs = bs,
-        .ret = NOT_DONE,
-    };
-
-    if (qemu_in_coroutine()) {
-        /* Fast-path if already in coroutine context */
-        bdrv_flush_co_entry(&flush_co);
-    } else {
-        co = qemu_coroutine_create(bdrv_flush_co_entry, &flush_co);
-        bdrv_coroutine_enter(bs, co);
-        BDRV_POLL_WHILE(bs, flush_co.ret == NOT_DONE);
-    }
-
-    return flush_co.ret;
+    return bdrv_run_co(bs, bdrv_flush_co_entry, bs);
 }
 
 typedef struct DiscardCo {
     BdrvChild *child;
     int64_t offset;
     int64_t bytes;
-    int ret;
 } DiscardCo;
-static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
+
+static int coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
 {
     DiscardCo *rwco = opaque;
 
-    rwco->ret = bdrv_co_pdiscard(rwco->child, rwco->offset, rwco->bytes);
-    aio_wait_kick();
+    return bdrv_co_pdiscard(rwco->child, rwco->offset, rwco->bytes);
 }
 
 int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
@@ -XXX,XX +XXX,XX @@ out:
 
 int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
 {
-    Coroutine *co;
     DiscardCo rwco = {
         .child = child,
         .offset = offset,
         .bytes = bytes,
-        .ret = NOT_DONE,
     };
 
-    if (qemu_in_coroutine()) {
-        /* Fast-path if already in coroutine context */
-        bdrv_pdiscard_co_entry(&rwco);
-    } else {
-        co = qemu_coroutine_create(bdrv_pdiscard_co_entry, &rwco);
-        bdrv_coroutine_enter(child->bs, co);
-        BDRV_POLL_WHILE(child->bs, rwco.ret == NOT_DONE);
-    }
-
-    return rwco.ret;
+    return bdrv_run_co(child->bs, bdrv_pdiscard_co_entry, &rwco);
 }
 
 int bdrv_co_ioctl(BlockDriverState *bs, int req, void *buf)
@@ -XXX,XX +XXX,XX @@ typedef struct TruncateCo {
     PreallocMode prealloc;
     BdrvRequestFlags flags;
     Error **errp;
-    int ret;
 } TruncateCo;
 
-static void coroutine_fn bdrv_truncate_co_entry(void *opaque)
+static int coroutine_fn bdrv_truncate_co_entry(void *opaque)
 {
     TruncateCo *tco = opaque;
-    tco->ret = bdrv_co_truncate(tco->child, tco->offset, tco->exact,
-                                tco->prealloc, tco->flags, tco->errp);
-    aio_wait_kick();
+
+    return bdrv_co_truncate(tco->child, tco->offset, tco->exact,
+                            tco->prealloc, tco->flags, tco->errp);
 }
 
 int bdrv_truncate(BdrvChild *child, int64_t offset, bool exact,
                   PreallocMode prealloc, BdrvRequestFlags flags, Error **errp)
 {
-    Coroutine *co;
     TruncateCo tco = {
         .child      = child,
         .offset     = offset,
@@ -XXX,XX +XXX,XX @@ int bdrv_truncate(BdrvChild *child, int64_t offset, bool exact,
         .prealloc   = prealloc,
         .flags      = flags,
         .errp       = errp,
-        .ret        = NOT_DONE,
     };
 
-    if (qemu_in_coroutine()) {
-        /* Fast-path if already in coroutine context */
-        bdrv_truncate_co_entry(&tco);
-    } else {
-        co = qemu_coroutine_create(bdrv_truncate_co_entry, &tco);
-        bdrv_coroutine_enter(child->bs, co);
-        BDRV_POLL_WHILE(child->bs, tco.ret == NOT_DONE);
-    }
-
-    return tco.ret;
+    return bdrv_run_co(child->bs, bdrv_truncate_co_entry, &tco);
 }
-- 
2.25.4

The following changes since commit 3521ade3510eb5cefb2e27a101667f25dad89935:

Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-07-29' into staging (2021-07-29 13:17:20 +0100)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to cc8eecd7f105a1dff5876adeb238a14696061a4a:

MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver (2021-07-29 17:17:34 +0100)

----------------------------------------------------------------
Pull request

The main fix here is for io_uring. Spurious -EAGAIN errors can happen and the
request needs to be resubmitted.

The MAINTAINERS changes carry no risk and we might as well include them in QEMU
6.1.

----------------------------------------------------------------

Fabian Ebner (1):
  block/io_uring: resubmit when result is -EAGAIN

Philippe Mathieu-Daudé (1):
  MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver

Stefano Garzarella (1):
  MAINTAINERS: add Stefano Garzarella as io_uring reviewer

MAINTAINERS      |  2 ++
 block/io_uring.c | 16 +++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

-- 
2.31.1

From: Fabian Ebner <f.ebner@proxmox.com>

Linux SCSI can throw spurious -EAGAIN in some corner cases in its
completion path, which will end up being the result in the completed
io_uring request.

Resubmitting such requests should allow block jobs to complete, even
if such spurious errors are encountered.

Co-authored-by: Stefan Hajnoczi <stefanha@gmail.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Message-id: 20210729091029.65369-1-f.ebner@proxmox.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/io_uring.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/block/io_uring.c b/block/io_uring.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io_uring.c
+++ b/block/io_uring.c
@@ -XXX,XX +XXX,XX @@ static void luring_process_completions(LuringState *s)
         total_bytes = ret + luringcb->total_read;
 
         if (ret < 0) {
-            if (ret == -EINTR) {
+            /*
+             * Only writev/readv/fsync requests on regular files or host block
+             * devices are submitted. Therefore -EAGAIN is not expected but it's
+             * known to happen sometimes with Linux SCSI. Submit again and hope
+             * the request completes successfully.
+             *
+             * For more information, see:
+             * https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
+             *
+             * If the code is changed to submit other types of requests in the
+             * future, then this workaround may need to be extended to deal with
+             * genuine -EAGAIN results that should not be resubmitted
+             * immediately.
+             */
+            if (ret == -EINTR || ret == -EAGAIN) {
                 luring_resubmit(s, luringcb);
                 continue;
             }
-- 
2.31.1