Series comparison

-[PULL 0/8] Block patches
+[PULL v2 0/4] Block patches
-The following changes since commit 6c769690ac845fa62642a5f93b4e4bd906adab95:
+The following changes since commit 9af638cc1f665712522608c5d6b8c03d8fa67666:
-  Merge remote-tracking branch 'remotes/vsementsov/tags/pull-simplebench-2021-05-04' into staging (2021-05-21 12:02:34 +0100)
+  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200504' into staging (2020-05-04 13:37:17 +0100)
 are available in the Git repository at:
-  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
+  https://github.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 0a6f0c76a030710780ce10d6347a70f098024d21:
+for you to fetch changes up to 08b689aa6b521964b8275dd7a2564aefa5d68129:
-  coroutine-sleep: introduce qemu_co_sleep (2021-05-21 18:22:33 +0100)
+  lockable: Replace locks with lock guard macros (2020-05-04 16:07:43 +0100)
 ----------------------------------------------------------------
 Pull request
-(Resent due to an email preparation mistake.)
+v2:
  * Fixed stray slirp submodule change [Peter]
 Fixes for the lock guard macros, code conversions to the lock guard macros, and
 support for selecting fuzzer targets with argv[0].
 ----------------------------------------------------------------
-Paolo Bonzini (6):
+Alexander Bulekov (1):
-  coroutine-sleep: use a stack-allocated timer
+  fuzz: select fuzz target using executable name
   coroutine-sleep: disallow NULL QemuCoSleepState** argument
   coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing
   coroutine-sleep: move timer out of QemuCoSleepState
   coroutine-sleep: replace QemuCoSleepState pointer with struct in the
     API
   coroutine-sleep: introduce qemu_co_sleep
-Philippe Mathieu-Daudé (1):
+Daniel Brodsky (2):
-  bitops.h: Improve find_xxx_bit() documentation
+  lockable: fix __COUNTER__ macro to be referenced properly
   lockable: replaced locks with lock guard macros where appropriate
-Zenghui Yu (1):
+Simran Singhal (1):
-  multi-process: Initialize variables declared with g_auto*
+  lockable: Replace locks with lock guard macros
- include/qemu/bitops.h       | 15 ++++++--
+ include/qemu/lockable.h |  7 +++---
- include/qemu/coroutine.h    | 27 ++++++++-----
+ include/qemu/rcu.h      |  2 +-
- block/block-copy.c          | 10 ++---
+ block/iscsi.c           |  7 ++----
- block/nbd.c                 | 14 +++----
+ block/nfs.c             | 51 +++++++++++++++++++----------------------
- hw/remote/memory.c          |  5 +--
+ cpus-common.c           | 14 ++++-------
- hw/remote/proxy.c           |  3 +-
+ hw/display/qxl.c        | 43 ++++++++++++++++------------------
- util/qemu-coroutine-sleep.c | 75 +++++++++++++++++++------------------
+ hw/hyperv/hyperv.c      | 15 ++++++------
-files changed, 79 insertions(+), 70 deletions(-)
+ hw/rdma/rdma_backend.c  | 50 ++++++++++++++++++++--------------------
  hw/rdma/rdma_rm.c       |  3 +--
  hw/vfio/platform.c      |  5 ++--
  migration/migration.c   |  3 +--
  migration/multifd.c     |  8 +++----
  migration/ram.c         |  3 +--
  monitor/misc.c          |  4 +---
  tests/qtest/fuzz/fuzz.c | 19 ++++++++-------
  ui/spice-display.c      | 14 +++++------
  util/log.c              |  4 ++--
  util/qemu-timer.c       | 17 +++++++-------
  util/rcu.c              |  8 +++----
  util/thread-pool.c      |  3 +--
  util/vfio-helpers.c     |  5 ++--
 files changed, 132 insertions(+), 153 deletions(-)
 --
-.31.1
+.25.3

-[PULL 1/8] multi-process: Initialize variables declared with g_auto*
+Deleted patch
-From: Zenghui Yu <yuzenghui@huawei.com>
-Quote docs/devel/style.rst (section "Automatic memory deallocation"):
-* Variables declared with g_auto* MUST always be initialized,
-  otherwise the cleanup function will use uninitialized stack memory
-Initialize @name properly to get rid of the compilation error (using
-gcc-7.3.0 on CentOS):
-../hw/remote/proxy.c: In function 'pci_proxy_dev_realize':
-/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'name' may be used uninitialized in this function [-Werror=maybe-uninitialized]
-   g_free (*pp);
-   ^~~~~~~~~~~~
-../hw/remote/proxy.c:350:30: note: 'name' was declared here
-             g_autofree char *name;
-                              ^~~~
-Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
-Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
-Message-id: 20210312112143.1369-1-yuzenghui@huawei.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- hw/remote/memory.c | 5 ++---
- hw/remote/proxy.c  | 3 +--
-files changed, 3 insertions(+), 5 deletions(-)
-diff --git a/hw/remote/memory.c b/hw/remote/memory.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/remote/memory.c
-+++ b/hw/remote/memory.c
-@@ -XXX,XX +XXX,XX @@ void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp)
-     remote_sysmem_reset();
--    for (region = 0; region < msg->num_fds; region++) {
--        g_autofree char *name;
-+    for (region = 0; region < msg->num_fds; region++, suffix++) {
-+        g_autofree char *name = g_strdup_printf("remote-mem-%u", suffix);
-         subregion = g_new(MemoryRegion, 1);
--        name = g_strdup_printf("remote-mem-%u", suffix++);
-         memory_region_init_ram_from_fd(subregion, NULL,
-                                        name, sysmem_info->sizes[region],
-                                        true, msg->fds[region],
-diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/remote/proxy.c
-+++ b/hw/remote/proxy.c
-@@ -XXX,XX +XXX,XX @@ static void probe_pci_info(PCIDevice *dev, Error **errp)
-                    PCI_BASE_ADDRESS_SPACE_IO : PCI_BASE_ADDRESS_SPACE_MEMORY;
-         if (size) {
--            g_autofree char *name;
-+            g_autofree char *name = g_strdup_printf("bar-region-%d", i);
-             pdev->region[i].dev = pdev;
-             pdev->region[i].present = true;
-             if (type == PCI_BASE_ADDRESS_SPACE_MEMORY) {
-                 pdev->region[i].memory = true;
-             }
--            name = g_strdup_printf("bar-region-%d", i);
-             memory_region_init_io(&pdev->region[i].mr, OBJECT(pdev),
-                                   &proxy_mr_ops, &pdev->region[i],
-                                   name, size);
---
-.31.1

-[PULL 2/8] bitops.h: Improve find_xxx_bit() documentation
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Document the following functions return the bitmap size
-if no matching bit is found:
-- find_first_bit
-- find_next_bit
-- find_last_bit
-- find_first_zero_bit
-- find_next_zero_bit
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-id: 20210510200758.2623154-2-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/qemu/bitops.h | 15 ++++++++++++---
-file changed, 12 insertions(+), 3 deletions(-)
-diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/bitops.h
-+++ b/include/qemu/bitops.h
-@@ -XXX,XX +XXX,XX @@ static inline int test_bit(long nr, const unsigned long *addr)
-  * @addr: The address to start the search at
-  * @size: The maximum size to search
-  *
-- * Returns the bit number of the first set bit, or size.
-+ * Returns the bit number of the last set bit,
-+ * or @size if there is no set bit in the bitmap.
-  */
- unsigned long find_last_bit(const unsigned long *addr,
-                             unsigned long size);
-@@ -XXX,XX +XXX,XX @@ unsigned long find_last_bit(const unsigned long *addr,
-  * @addr: The address to base the search on
-  * @offset: The bitnumber to start searching at
-  * @size: The bitmap size in bits
-+ *
-+ * Returns the bit number of the next set bit,
-+ * or @size if there are no further set bits in the bitmap.
-  */
- unsigned long find_next_bit(const unsigned long *addr,
-                             unsigned long size,
-@@ -XXX,XX +XXX,XX @@ unsigned long find_next_bit(const unsigned long *addr,
-  * @addr: The address to base the search on
-  * @offset: The bitnumber to start searching at
-  * @size: The bitmap size in bits
-+ *
-+ * Returns the bit number of the next cleared bit,
-+ * or @size if there are no further clear bits in the bitmap.
-  */
- unsigned long find_next_zero_bit(const unsigned long *addr,
-@@ -XXX,XX +XXX,XX @@ unsigned long find_next_zero_bit(const unsigned long *addr,
-  * @addr: The address to start the search at
-  * @size: The maximum size to search
-  *
-- * Returns the bit number of the first set bit.
-+ * Returns the bit number of the first set bit,
-+ * or @size if there is no set bit in the bitmap.
-  */
- static inline unsigned long find_first_bit(const unsigned long *addr,
-                                            unsigned long size)
-@@ -XXX,XX +XXX,XX @@ static inline unsigned long find_first_bit(const unsigned long *addr,
-  * @addr: The address to start the search at
-  * @size: The maximum size to search
-  *
-- * Returns the bit number of the first cleared bit.
-+ * Returns the bit number of the first cleared bit,
-+ * or @size if there is no clear bit in the bitmap.
-  */
- static inline unsigned long find_first_zero_bit(const unsigned long *addr,
-                                                 unsigned long size)
---
-.31.1

-[PULL 8/8] coroutine-sleep: introduce qemu_co_sleep
+[PULL v2 1/4] fuzz: select fuzz target using executable name
-From: Paolo Bonzini <pbonzini@redhat.com>
+From: Alexander Bulekov <alxndr@bu.edu>
-Allow using QemuCoSleep to sleep forever until woken by qemu_co_sleep_wake.
+The fuzzers are built into a binary (e.g. qemu-fuzz-i386). To select the
-This makes the logic of qemu_co_sleep_ns_wakeable easy to understand.
+device to fuzz/fuzz target, we usually use the --fuzz-target= argument.
 This commit allows the fuzz-target to be specified using the name of the
 executable. If the executable name ends with -target-FUZZ_TARGET, then
 we select the fuzz target based on this name, rather than the
 --fuzz-target argument. This is useful for systems such as oss-fuzz
 where we don't have control of the arguments passed to the fuzzer.
-In the future we will introduce an API that can work even if the
+[Fixed incorrect indentation.
-sleep and wake happen from different threads.  For now, initializing
+--Stefan]
 w->to_wake after timer_mod is fine because the timer can only fire in
 the same AioContext.
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Message-id: 20210517100548.28806-7-pbonzini@redhat.com
+Message-id: 20200421182230.6313-1-alxndr@bu.edu
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/qemu/coroutine.h    |  5 +++++
+ tests/qtest/fuzz/fuzz.c | 19 +++++++++++--------
- util/qemu-coroutine-sleep.c | 26 +++++++++++++++++++-------
+file changed, 11 insertions(+), 8 deletions(-)
 files changed, 24 insertions(+), 7 deletions(-)
-diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
+diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/coroutine.h
+--- a/tests/qtest/fuzz/fuzz.c
-+++ b/include/qemu/coroutine.h
++++ b/tests/qtest/fuzz/fuzz.c
-@@ -XXX,XX +XXX,XX @@ typedef struct QemuCoSleep {
+@@ -XXX,XX +XXX,XX @@ static void usage(char *path)
- void coroutine_fn qemu_co_sleep_ns_wakeable(QemuCoSleep *w,
+         printf(" * %s  : %s\n", tmp->target->name,
-                                             QEMUClockType type, int64_t ns);
+                 tmp->target->description);
+     }
-+/**
++    printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n");
-+ * Yield the coroutine until the next call to qemu_co_sleep_wake.
+     exit(0);
 + */
 +void coroutine_fn qemu_co_sleep(QemuCoSleep *w);
 +
  static inline void coroutine_fn qemu_co_sleep_ns(QEMUClockType type, int64_t ns)
  {
      QemuCoSleep w = { 0 };
 diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/qemu-coroutine-sleep.c
 +++ b/util/qemu-coroutine-sleep.c
@@ -XXX,XX +XXX,XX @@ static void co_sleep_cb(void *opaque)
      qemu_co_sleep_wake(w);
  }
--void coroutine_fn qemu_co_sleep_ns_wakeable(QemuCoSleep *w,
+@@ -XXX,XX +XXX,XX @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
--                                            QEMUClockType type, int64_t ns)
+     module_call_init(MODULE_INIT_QOM);
-+void coroutine_fn qemu_co_sleep(QemuCoSleep *w)
+     module_call_init(MODULE_INIT_LIBQOS);
- {
-     Coroutine *co = qemu_coroutine_self();
+-    if (*argc <= 1) {
--    AioContext *ctx = qemu_get_current_aio_context();
++    target_name = strstr(**argv, "-target-");
--    QEMUTimer ts;
++    if (target_name) {        /* The binary name specifies the target */
++        target_name += strlen("-target-");
-     const char *scheduled = qatomic_cmpxchg(&co->scheduled, NULL,
++    } else if (*argc > 1) {  /* The target is specified as an argument */
-                                             qemu_co_sleep_ns__scheduled);
++        target_name = (*argv)[1];
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QemuCoSleep *w,
++        if (!strstr(target_name, "--fuzz-target=")) {
 +            usage(**argv);
 +        }
 +        target_name += strlen("--fuzz-target=");
 +    } else {
          usage(**argv);
      }
-     w->to_wake = co;
+     /* Identify the fuzz target */
--    aio_timer_init(ctx, &ts, type, SCALE_NS, co_sleep_cb, w),
+-    target_name = (*argv)[1];
--    timer_mod(&ts, qemu_clock_get_ns(type) + ns);
+-    if (!strstr(target_name, "--fuzz-target=")) {
-     qemu_coroutine_yield();
+-        usage(**argv);
--    timer_del(&ts);
+-    }
+-
-     /* w->to_wake is cleared before resuming this coroutine.  */
+-    target_name += strlen("--fuzz-target=");
-     assert(w->to_wake == NULL);
+-
- }
+     fuzz_target = fuzz_get_target(target_name);
-+
+     if (!fuzz_target) {
-+void coroutine_fn qemu_co_sleep_ns_wakeable(QemuCoSleep *w,
+         usage(**argv);
 +                                            QEMUClockType type, int64_t ns)
 +{
 +    AioContext *ctx = qemu_get_current_aio_context();
 +    QEMUTimer ts;
 +
 +    aio_timer_init(ctx, &ts, type, SCALE_NS, co_sleep_cb, w);
 +    timer_mod(&ts, qemu_clock_get_ns(type) + ns);
 +
 +    /*
 +     * The timer will fire in the current AiOContext, so the callback
 +     * must happen after qemu_co_sleep yields and there is no race
 +     * between timer_mod and qemu_co_sleep.
 +     */
 +    qemu_co_sleep(w);
 +    timer_del(&ts);
 +}
 --
-.31.1
+.25.3

-[PULL 7/8] coroutine-sleep: replace QemuCoSleepState pointer with struct in the API
+[PULL v2 2/4] lockable: fix __COUNTER__ macro to be referenced properly
-From: Paolo Bonzini <pbonzini@redhat.com>
+From: Daniel Brodsky <dnbrdsky@gmail.com>
-Right now, users of qemu_co_sleep_ns_wakeable are simply passing
+- __COUNTER__ doesn't work with ## concat
-a pointer to QemuCoSleepState by reference to the function.  But
+- replaced ## with glue() macro so __COUNTER__ is evaluated
 QemuCoSleepState really is just a Coroutine*; making the
 content of the struct public is just as efficient and lets us
 skip the user_state_pointer indirection.
-Since the usage is changed, take the occasion to rename the
+Fixes: 3284c3ddc4
 struct to QemuCoSleep.
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Signed-off-by: Daniel Brodsky <dnbrdsky@gmail.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20200404042108.389635-2-dnbrdsky@gmail.com
 Message-id: 20210517100548.28806-6-pbonzini@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/qemu/coroutine.h    | 23 +++++++++++----------
+ include/qemu/lockable.h | 7 ++++---
- block/block-copy.c          |  8 ++++----
+ include/qemu/rcu.h      | 2 +-
- block/nbd.c                 | 10 ++++-----
+files changed, 5 insertions(+), 4 deletions(-)
  util/qemu-coroutine-sleep.c | 41 ++++++++++++++++---------------------
 files changed, 39 insertions(+), 43 deletions(-)
-diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
+diff --git a/include/qemu/lockable.h b/include/qemu/lockable.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/coroutine.h
+--- a/include/qemu/lockable.h
-+++ b/include/qemu/coroutine.h
++++ b/include/qemu/lockable.h
-@@ -XXX,XX +XXX,XX @@ void qemu_co_rwlock_wrlock(CoRwlock *lock);
+@@ -XXX,XX +XXX,XX @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuLockable, qemu_lockable_auto_unlock)
   *   }
   */
- void qemu_co_rwlock_unlock(CoRwlock *lock);
+ #define WITH_QEMU_LOCK_GUARD(x) \
+-    WITH_QEMU_LOCK_GUARD_((x), qemu_lockable_auto##__COUNTER__)
--typedef struct QemuCoSleepState QemuCoSleepState;
++    WITH_QEMU_LOCK_GUARD_((x), glue(qemu_lockable_auto, __COUNTER__))
 +typedef struct QemuCoSleep {
 +    Coroutine *to_wake;
 +} QemuCoSleep;
  /**
-- * Yield the coroutine for a given duration. During this yield, @sleep_state
+  * QEMU_LOCK_GUARD - Lock an object until the end of the scope
-- * is set to an opaque pointer, which may be used for
+@@ -XXX,XX +XXX,XX @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuLockable, qemu_lockable_auto_unlock)
-- * qemu_co_sleep_wake(). Be careful, the pointer is set back to zero when the
+  *       return; <-- mutex is automatically unlocked
-- * timer fires. Don't save the obtained value to other variables and don't call
+  *   }
 - * qemu_co_sleep_wake from another aio context.
 + * Yield the coroutine for a given duration. Initializes @w so that,
 + * during this yield, it can be passed to qemu_co_sleep_wake() to
 + * terminate the sleep.
   */
--void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
+-#define QEMU_LOCK_GUARD(x) \
--                                            QemuCoSleepState **sleep_state);
+-    g_autoptr(QemuLockable) qemu_lockable_auto##__COUNTER__ = \
-+void coroutine_fn qemu_co_sleep_ns_wakeable(QemuCoSleep *w,
++#define QEMU_LOCK_GUARD(x)                                       \
-+                                            QEMUClockType type, int64_t ns);
++    g_autoptr(QemuLockable)                                      \
-+
++    glue(qemu_lockable_auto, __COUNTER__) G_GNUC_UNUSED =        \
- static inline void coroutine_fn qemu_co_sleep_ns(QEMUClockType type, int64_t ns)
+             qemu_lockable_auto_lock(QEMU_MAKE_LOCKABLE((x)))
- {
--    QemuCoSleepState *unused = NULL;
+ #endif
--    qemu_co_sleep_ns_wakeable(type, ns, &unused);
+diff --git a/include/qemu/rcu.h b/include/qemu/rcu.h
 +    QemuCoSleep w = { 0 };
 +    qemu_co_sleep_ns_wakeable(&w, type, ns);
  }
  /**
@@ -XXX,XX +XXX,XX @@ static inline void coroutine_fn qemu_co_sleep_ns(QEMUClockType type, int64_t ns)
   * qemu_co_sleep_ns() and should be checked to be non-NULL before calling
   * qemu_co_sleep_wake().
   */
 -void qemu_co_sleep_wake(QemuCoSleepState *sleep_state);
 +void qemu_co_sleep_wake(QemuCoSleep *w);
  /**
   * Yield until a file descriptor becomes readable
 diff --git a/block/block-copy.c b/block/block-copy.c
 index XXXXXXX..XXXXXXX 100644
---- a/block/block-copy.c
+--- a/include/qemu/rcu.h
-+++ b/block/block-copy.c
++++ b/include/qemu/rcu.h
-@@ -XXX,XX +XXX,XX @@ typedef struct BlockCopyCallState {
+@@ -XXX,XX +XXX,XX @@ static inline void rcu_read_auto_unlock(RCUReadAuto *r)
-     /* State */
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(RCUReadAuto, rcu_read_auto_unlock)
-     int ret;
-     bool finished;
+ #define WITH_RCU_READ_LOCK_GUARD() \
--    QemuCoSleepState *sleep_state;
+-    WITH_RCU_READ_LOCK_GUARD_(_rcu_read_auto##__COUNTER__)
-+    QemuCoSleep sleep;
++    WITH_RCU_READ_LOCK_GUARD_(glue(_rcu_read_auto, __COUNTER__))
-     bool cancelled;
+ #define WITH_RCU_READ_LOCK_GUARD_(var) \
-     /* OUT parameters */
+     for (g_autoptr(RCUReadAuto) var = rcu_read_auto_lock(); \
@@ -XXX,XX +XXX,XX @@ block_copy_dirty_clusters(BlockCopyCallState *call_state)
                  if (ns > 0) {
                      block_copy_task_end(task, -EAGAIN);
                      g_free(task);
 -                    qemu_co_sleep_ns_wakeable(QEMU_CLOCK_REALTIME, ns,
 -                                              &call_state->sleep_state);
 +                    qemu_co_sleep_ns_wakeable(&call_state->sleep,
 +                                              QEMU_CLOCK_REALTIME, ns);
                      continue;
                  }
              }
@@ -XXX,XX +XXX,XX @@ out:
  void block_copy_kick(BlockCopyCallState *call_state)
  {
 -    qemu_co_sleep_wake(call_state->sleep_state);
 +    qemu_co_sleep_wake(&call_state->sleep);
  }
  /*
 diff --git a/block/nbd.c b/block/nbd.c
 index XXXXXXX..XXXXXXX 100644
 --- a/block/nbd.c
 +++ b/block/nbd.c
@@ -XXX,XX +XXX,XX @@ typedef struct BDRVNBDState {
      CoQueue free_sema;
      Coroutine *connection_co;
      Coroutine *teardown_co;
 -    QemuCoSleepState *connection_co_sleep_ns_state;
 +    QemuCoSleep reconnect_sleep;
      bool drained;
      bool wait_drained_end;
      int in_flight;
@@ -XXX,XX +XXX,XX @@ static void coroutine_fn nbd_client_co_drain_begin(BlockDriverState *bs)
      BDRVNBDState *s = (BDRVNBDState *)bs->opaque;
      s->drained = true;
 -    qemu_co_sleep_wake(s->connection_co_sleep_ns_state);
 +    qemu_co_sleep_wake(&s->reconnect_sleep);
      nbd_co_establish_connection_cancel(bs, false);
@@ -XXX,XX +XXX,XX @@ static void nbd_teardown_connection(BlockDriverState *bs)
      s->state = NBD_CLIENT_QUIT;
      if (s->connection_co) {
 -        qemu_co_sleep_wake(s->connection_co_sleep_ns_state);
 +        qemu_co_sleep_wake(&s->reconnect_sleep);
          nbd_co_establish_connection_cancel(bs, true);
      }
      if (qemu_in_coroutine()) {
@@ -XXX,XX +XXX,XX @@ static coroutine_fn void nbd_co_reconnect_loop(BDRVNBDState *s)
              }
              bdrv_inc_in_flight(s->bs);
          } else {
 -            qemu_co_sleep_ns_wakeable(QEMU_CLOCK_REALTIME, timeout,
 -                                      &s->connection_co_sleep_ns_state);
 +            qemu_co_sleep_ns_wakeable(&s->reconnect_sleep,
 +                                      QEMU_CLOCK_REALTIME, timeout);
              if (s->drained) {
                  continue;
              }
 diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/qemu-coroutine-sleep.c
 +++ b/util/qemu-coroutine-sleep.c
@@ -XXX,XX +XXX,XX @@
  static const char *qemu_co_sleep_ns__scheduled = "qemu_co_sleep_ns";
 -struct QemuCoSleepState {
 +void qemu_co_sleep_wake(QemuCoSleep *w)
 +{
      Coroutine *co;
 -    QemuCoSleepState **user_state_pointer;
 -};
 -void qemu_co_sleep_wake(QemuCoSleepState *sleep_state)
 -{
 -    if (sleep_state) {
 +    co = w->to_wake;
 +    w->to_wake = NULL;
 +    if (co) {
          /* Write of schedule protected by barrier write in aio_co_schedule */
 -        const char *scheduled = qatomic_cmpxchg(&sleep_state->co->scheduled,
 +        const char *scheduled = qatomic_cmpxchg(&co->scheduled,
                                                  qemu_co_sleep_ns__scheduled, NULL);
          assert(scheduled == qemu_co_sleep_ns__scheduled);
 -        *sleep_state->user_state_pointer = NULL;
 -        aio_co_wake(sleep_state->co);
 +        aio_co_wake(co);
      }
  }
  static void co_sleep_cb(void *opaque)
  {
 -    QemuCoSleepState **sleep_state = opaque;
 -    qemu_co_sleep_wake(*sleep_state);
 +    QemuCoSleep *w = opaque;
 +    qemu_co_sleep_wake(w);
  }
 -void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
 -                                            QemuCoSleepState **sleep_state)
 +void coroutine_fn qemu_co_sleep_ns_wakeable(QemuCoSleep *w,
 +                                            QEMUClockType type, int64_t ns)
  {
 +    Coroutine *co = qemu_coroutine_self();
      AioContext *ctx = qemu_get_current_aio_context();
      QEMUTimer ts;
 -    QemuCoSleepState state = {
 -        .co = qemu_coroutine_self(),
 -        .user_state_pointer = sleep_state,
 -    };
 -    const char *scheduled = qatomic_cmpxchg(&state.co->scheduled, NULL,
 -                                           qemu_co_sleep_ns__scheduled);
 +    const char *scheduled = qatomic_cmpxchg(&co->scheduled, NULL,
 +                                            qemu_co_sleep_ns__scheduled);
      if (scheduled) {
          fprintf(stderr,
                  "%s: Co-routine was already scheduled in '%s'\n",
@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
          abort();
      }
 -    aio_timer_init(ctx, &ts, type, SCALE_NS, co_sleep_cb, sleep_state);
 -    *sleep_state = &state;
 +    w->to_wake = co;
 +    aio_timer_init(ctx, &ts, type, SCALE_NS, co_sleep_cb, w),
      timer_mod(&ts, qemu_clock_get_ns(type) + ns);
      qemu_coroutine_yield();
      timer_del(&ts);
 -    /* qemu_co_sleep_wake clears *sleep_state before resuming this coroutine.  */
 -    assert(*sleep_state == NULL);
 +    /* w->to_wake is cleared before resuming this coroutine.  */
 +    assert(w->to_wake == NULL);
  }
 --
-.31.1
+.25.3

-[PULL 4/8] coroutine-sleep: disallow NULL QemuCoSleepState** argument
+[PULL v2 3/4] lockable: replaced locks with lock guard macros where appropriate
-From: Paolo Bonzini <pbonzini@redhat.com>
+From: Daniel Brodsky <dnbrdsky@gmail.com>
-Simplify the code by removing conditionals.  qemu_co_sleep_ns
+- ran regexp "qemu_mutex_lock\(.*\).*\n.*if" to find targets
-can simply point the argument to an on-stack temporary.
+- replaced result with QEMU_LOCK_GUARD if all unlocks at function end
 - replaced result with WITH_QEMU_LOCK_GUARD if unlock not at end
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Signed-off-by: Daniel Brodsky <dnbrdsky@gmail.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
-Message-id: 20210517100548.28806-3-pbonzini@redhat.com
+Message-id: 20200404042108.389635-3-dnbrdsky@gmail.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/qemu/coroutine.h    |  5 +++--
+ block/iscsi.c         |  7 ++----
- util/qemu-coroutine-sleep.c | 18 +++++-------------
+ block/nfs.c           | 51 ++++++++++++++++++++-----------------------
-files changed, 8 insertions(+), 15 deletions(-)
+ cpus-common.c         | 14 +++++-------
  hw/display/qxl.c      | 43 +++++++++++++++++-------------------
  hw/vfio/platform.c    |  5 ++---
  migration/migration.c |  3 +--
  migration/multifd.c   |  8 +++----
  migration/ram.c       |  3 +--
  monitor/misc.c        |  4 +---
  ui/spice-display.c    | 14 ++++++------
  util/log.c            |  4 ++--
  util/qemu-timer.c     | 17 +++++++--------
  util/rcu.c            |  8 +++----
  util/thread-pool.c    |  3 +--
  util/vfio-helpers.c   |  5 ++---
 files changed, 83 insertions(+), 106 deletions(-)
-diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
+diff --git a/block/iscsi.c b/block/iscsi.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/coroutine.h
+--- a/block/iscsi.c
-+++ b/include/qemu/coroutine.h
++++ b/block/iscsi.c
-@@ -XXX,XX +XXX,XX @@ typedef struct QemuCoSleepState QemuCoSleepState;
+@@ -XXX,XX +XXX,XX @@ static void iscsi_nop_timed_event(void *opaque)
  {
      IscsiLun *iscsilun = opaque;
 -    qemu_mutex_lock(&iscsilun->mutex);
 +    QEMU_LOCK_GUARD(&iscsilun->mutex);
      if (iscsi_get_nops_in_flight(iscsilun->iscsi) >= MAX_NOP_FAILURES) {
          error_report("iSCSI: NOP timeout. Reconnecting...");
          iscsilun->request_timed_out = true;
      } else if (iscsi_nop_out_async(iscsilun->iscsi, NULL, NULL, 0, NULL) != 0) {
          error_report("iSCSI: failed to sent NOP-Out. Disabling NOP messages.");
 -        goto out;
 +        return;
      }
      timer_mod(iscsilun->nop_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + NOP_INTERVAL);
      iscsi_set_events(iscsilun);
 -
 -out:
 -    qemu_mutex_unlock(&iscsilun->mutex);
  }
  static void iscsi_readcapacity_sync(IscsiLun *iscsilun, Error **errp)
 diff --git a/block/nfs.c b/block/nfs.c
 index XXXXXXX..XXXXXXX 100644
 --- a/block/nfs.c
 +++ b/block/nfs.c
@@ -XXX,XX +XXX,XX @@ static int coroutine_fn nfs_co_preadv(BlockDriverState *bs, uint64_t offset,
      nfs_co_init_task(bs, &task);
      task.iov = iov;
 -    qemu_mutex_lock(&client->mutex);
 -    if (nfs_pread_async(client->context, client->fh,
 -                        offset, bytes, nfs_co_generic_cb, &task) != 0) {
 -        qemu_mutex_unlock(&client->mutex);
 -        return -ENOMEM;
 -    }
 +    WITH_QEMU_LOCK_GUARD(&client->mutex) {
 +        if (nfs_pread_async(client->context, client->fh,
 +                            offset, bytes, nfs_co_generic_cb, &task) != 0) {
 +            return -ENOMEM;
 +        }
 -    nfs_set_events(client);
 -    qemu_mutex_unlock(&client->mutex);
 +        nfs_set_events(client);
 +    }
      while (!task.complete) {
          qemu_coroutine_yield();
      }
@@ -XXX,XX +XXX,XX @@ static int coroutine_fn nfs_co_pwritev(BlockDriverState *bs, uint64_t offset,
          buf = iov->iov[0].iov_base;
      }
 -    qemu_mutex_lock(&client->mutex);
 -    if (nfs_pwrite_async(client->context, client->fh,
 -                         offset, bytes, buf,
 -                         nfs_co_generic_cb, &task) != 0) {
 -        qemu_mutex_unlock(&client->mutex);
 -        if (my_buffer) {
 -            g_free(buf);
 +    WITH_QEMU_LOCK_GUARD(&client->mutex) {
 +        if (nfs_pwrite_async(client->context, client->fh,
 +                             offset, bytes, buf,
 +                             nfs_co_generic_cb, &task) != 0) {
 +            if (my_buffer) {
 +                g_free(buf);
 +            }
 +            return -ENOMEM;
          }
 -        return -ENOMEM;
 -    }
 -    nfs_set_events(client);
 -    qemu_mutex_unlock(&client->mutex);
 +        nfs_set_events(client);
 +    }
      while (!task.complete) {
          qemu_coroutine_yield();
      }
@@ -XXX,XX +XXX,XX @@ static int coroutine_fn nfs_co_flush(BlockDriverState *bs)
      nfs_co_init_task(bs, &task);
 -    qemu_mutex_lock(&client->mutex);
 -    if (nfs_fsync_async(client->context, client->fh, nfs_co_generic_cb,
 -                        &task) != 0) {
 -        qemu_mutex_unlock(&client->mutex);
 -        return -ENOMEM;
 -    }
 +    WITH_QEMU_LOCK_GUARD(&client->mutex) {
 +        if (nfs_fsync_async(client->context, client->fh, nfs_co_generic_cb,
 +                            &task) != 0) {
 +            return -ENOMEM;
 +        }
 -    nfs_set_events(client);
 -    qemu_mutex_unlock(&client->mutex);
 +        nfs_set_events(client);
 +    }
      while (!task.complete) {
          qemu_coroutine_yield();
      }
 diff --git a/cpus-common.c b/cpus-common.c
 index XXXXXXX..XXXXXXX 100644
 --- a/cpus-common.c
 +++ b/cpus-common.c
@@ -XXX,XX +XXX,XX @@
  #include "exec/cpu-common.h"
  #include "hw/core/cpu.h"
  #include "sysemu/cpus.h"
 +#include "qemu/lockable.h"
  static QemuMutex qemu_cpu_list_lock;
  static QemuCond exclusive_cond;
@@ -XXX,XX +XXX,XX @@ static int cpu_get_free_index(void)
  void cpu_list_add(CPUState *cpu)
  {
 -    qemu_mutex_lock(&qemu_cpu_list_lock);
 +    QEMU_LOCK_GUARD(&qemu_cpu_list_lock);
      if (cpu->cpu_index == UNASSIGNED_CPU_INDEX) {
          cpu->cpu_index = cpu_get_free_index();
          assert(cpu->cpu_index != UNASSIGNED_CPU_INDEX);
@@ -XXX,XX +XXX,XX @@ void cpu_list_add(CPUState *cpu)
          assert(!cpu_index_auto_assigned);
      }
      QTAILQ_INSERT_TAIL_RCU(&cpus, cpu, node);
 -    qemu_mutex_unlock(&qemu_cpu_list_lock);
  }
  void cpu_list_remove(CPUState *cpu)
  {
 -    qemu_mutex_lock(&qemu_cpu_list_lock);
 +    QEMU_LOCK_GUARD(&qemu_cpu_list_lock);
      if (!QTAILQ_IN_USE(cpu, node)) {
          /* there is nothing to undo since cpu_exec_init() hasn't been called */
 -        qemu_mutex_unlock(&qemu_cpu_list_lock);
          return;
      }
@@ -XXX,XX +XXX,XX @@ void cpu_list_remove(CPUState *cpu)
      QTAILQ_REMOVE_RCU(&cpus, cpu, node);
      cpu->cpu_index = UNASSIGNED_CPU_INDEX;
 -    qemu_mutex_unlock(&qemu_cpu_list_lock);
  }
  struct qemu_work_item {
@@ -XXX,XX +XXX,XX @@ void cpu_exec_start(CPUState *cpu)
       * see cpu->running == true, and it will kick the CPU.
       */
      if (unlikely(atomic_read(&pending_cpus))) {
 -        qemu_mutex_lock(&qemu_cpu_list_lock);
 +        QEMU_LOCK_GUARD(&qemu_cpu_list_lock);
          if (!cpu->has_waiter) {
              /* Not counted in pending_cpus, let the exclusive item
               * run.  Since we have the lock, just set cpu->running to true
@@ -XXX,XX +XXX,XX @@ void cpu_exec_start(CPUState *cpu)
               * waiter at cpu_exec_end.
               */
          }
 -        qemu_mutex_unlock(&qemu_cpu_list_lock);
      }
  }
@@ -XXX,XX +XXX,XX @@ void cpu_exec_end(CPUState *cpu)
       * next cpu_exec_start.
       */
      if (unlikely(atomic_read(&pending_cpus))) {
 -        qemu_mutex_lock(&qemu_cpu_list_lock);
 +        QEMU_LOCK_GUARD(&qemu_cpu_list_lock);
          if (cpu->has_waiter) {
              cpu->has_waiter = false;
              atomic_set(&pending_cpus, pending_cpus - 1);
@@ -XXX,XX +XXX,XX @@ void cpu_exec_end(CPUState *cpu)
                  qemu_cond_signal(&exclusive_cond);
              }
          }
 -        qemu_mutex_unlock(&qemu_cpu_list_lock);
      }
  }
 diff --git a/hw/display/qxl.c b/hw/display/qxl.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/display/qxl.c
 +++ b/hw/display/qxl.c
@@ -XXX,XX +XXX,XX @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
                                cmd->u.surface_create.stride);
              return 1;
          }
 -        qemu_mutex_lock(&qxl->track_lock);
 -        if (cmd->type == QXL_SURFACE_CMD_CREATE) {
 -            qxl->guest_surfaces.cmds[id] = ext->cmd.data;
 -            qxl->guest_surfaces.count++;
 -            if (qxl->guest_surfaces.max < qxl->guest_surfaces.count)
 -                qxl->guest_surfaces.max = qxl->guest_surfaces.count;
 +        WITH_QEMU_LOCK_GUARD(&qxl->track_lock) {
 +            if (cmd->type == QXL_SURFACE_CMD_CREATE) {
 +                qxl->guest_surfaces.cmds[id] = ext->cmd.data;
 +                qxl->guest_surfaces.count++;
 +                if (qxl->guest_surfaces.max < qxl->guest_surfaces.count) {
 +                    qxl->guest_surfaces.max = qxl->guest_surfaces.count;
 +                }
 +            }
 +            if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
 +                qxl->guest_surfaces.cmds[id] = 0;
 +                qxl->guest_surfaces.count--;
 +            }
          }
 -        if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
 -            qxl->guest_surfaces.cmds[id] = 0;
 -            qxl->guest_surfaces.count--;
 -        }
 -        qemu_mutex_unlock(&qxl->track_lock);
          break;
      }
      case QXL_CMD_CURSOR:
@@ -XXX,XX +XXX,XX @@ static void interface_update_area_complete(QXLInstance *sin,
      int i;
      int qxl_i;
 -    qemu_mutex_lock(&qxl->ssd.lock);
 +    QEMU_LOCK_GUARD(&qxl->ssd.lock);
      if (surface_id != 0 || !num_updated_rects ||
          !qxl->render_update_cookie_num) {
 -        qemu_mutex_unlock(&qxl->ssd.lock);
          return;
      }
      trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left,
@@ -XXX,XX +XXX,XX @@ static void interface_update_area_complete(QXLInstance *sin,
           * Don't bother copying or scheduling the bh since we will flip
           * the whole area anyway on completion of the update_area async call
           */
 -        qemu_mutex_unlock(&qxl->ssd.lock);
          return;
      }
      qxl_i = qxl->num_dirty_rects;
@@ -XXX,XX +XXX,XX @@ static void interface_update_area_complete(QXLInstance *sin,
      trace_qxl_interface_update_area_complete_schedule_bh(qxl->id,
                                                           qxl->num_dirty_rects);
      qemu_bh_schedule(qxl->update_area_bh);
 -    qemu_mutex_unlock(&qxl->ssd.lock);
  }
  /* called from spice server thread context only */
@@ -XXX,XX +XXX,XX @@ static void ioport_write(void *opaque, hwaddr addr,
      case QXL_IO_MONITORS_CONFIG_ASYNC:
  async_common:
          async = QXL_ASYNC;
 -        qemu_mutex_lock(&d->async_lock);
 -        if (d->current_async != QXL_UNDEFINED_IO) {
 -            qxl_set_guest_bug(d, "%d async started before last (%d) complete",
 -                io_port, d->current_async);
 -            qemu_mutex_unlock(&d->async_lock);
 -            return;
 +        WITH_QEMU_LOCK_GUARD(&d->async_lock) {
 +            if (d->current_async != QXL_UNDEFINED_IO) {
 +                qxl_set_guest_bug(d, "%d async started before last (%d) complete",
 +                    io_port, d->current_async);
 +                return;
 +            }
 +            d->current_async = orig_io_port;
          }
 -        d->current_async = orig_io_port;
 -        qemu_mutex_unlock(&d->async_lock);
          break;
      default:
          break;
 diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/vfio/platform.c
 +++ b/hw/vfio/platform.c
@@ -XXX,XX +XXX,XX @@
  #include "hw/vfio/vfio-platform.h"
  #include "migration/vmstate.h"
  #include "qemu/error-report.h"
 +#include "qemu/lockable.h"
  #include "qemu/main-loop.h"
  #include "qemu/module.h"
  #include "qemu/range.h"
@@ -XXX,XX +XXX,XX @@ static void vfio_intp_interrupt(VFIOINTp *intp)
      VFIOPlatformDevice *vdev = intp->vdev;
      bool delay_handling = false;
 -    qemu_mutex_lock(&vdev->intp_mutex);
 +    QEMU_LOCK_GUARD(&vdev->intp_mutex);
      if (intp->state == VFIO_IRQ_INACTIVE) {
          QLIST_FOREACH(tmp, &vdev->intp_list, next) {
              if (tmp->state == VFIO_IRQ_ACTIVE ||
@@ -XXX,XX +XXX,XX @@ static void vfio_intp_interrupt(VFIOINTp *intp)
          QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue,
                               intp, pqnext);
          ret = event_notifier_test_and_clear(intp->interrupt);
 -        qemu_mutex_unlock(&vdev->intp_mutex);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void vfio_intp_interrupt(VFIOINTp *intp)
                    qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
                        vdev->mmap_timeout);
      }
 -    qemu_mutex_unlock(&vdev->intp_mutex);
  }
  /**
-  * Yield the coroutine for a given duration. During this yield, @sleep_state
+diff --git a/migration/migration.c b/migration/migration.c
-- * (if not NULL) is set to an opaque pointer, which may be used for
+index XXXXXXX..XXXXXXX 100644
-+ * is set to an opaque pointer, which may be used for
+--- a/migration/migration.c
-  * qemu_co_sleep_wake(). Be careful, the pointer is set back to zero when the
++++ b/migration/migration.c
-  * timer fires. Don't save the obtained value to other variables and don't call
+@@ -XXX,XX +XXX,XX @@ static void migrate_fd_cleanup_bh(void *opaque)
-  * qemu_co_sleep_wake from another aio context.
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
+ void migrate_set_error(MigrationState *s, const Error *error)
                                              QemuCoSleepState **sleep_state);
  static inline void coroutine_fn qemu_co_sleep_ns(QEMUClockType type, int64_t ns)
  {
--    qemu_co_sleep_ns_wakeable(type, ns, NULL);
+-    qemu_mutex_lock(&s->error_mutex);
-+    QemuCoSleepState *unused = NULL;
++    QEMU_LOCK_GUARD(&s->error_mutex);
-+    qemu_co_sleep_ns_wakeable(type, ns, &unused);
+     if (!s->error) {
- }
+         s->error = error_copy(error);
+     }
- /**
+-    qemu_mutex_unlock(&s->error_mutex);
-diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
+ }
-index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine-sleep.c
+ void migrate_fd_error(MigrationState *s, const Error *error)
-+++ b/util/qemu-coroutine-sleep.c
+diff --git a/migration/multifd.c b/migration/multifd.c
-@@ -XXX,XX +XXX,XX @@ void qemu_co_sleep_wake(QemuCoSleepState *sleep_state)
+index XXXXXXX..XXXXXXX 100644
-                                            qemu_co_sleep_ns__scheduled, NULL);
+--- a/migration/multifd.c
++++ b/migration/multifd.c
-     assert(scheduled == qemu_co_sleep_ns__scheduled);
+@@ -XXX,XX +XXX,XX @@ void multifd_recv_sync_main(void)
--    if (sleep_state->user_state_pointer) {
+     for (i = 0; i < migrate_multifd_channels(); i++) {
--        *sleep_state->user_state_pointer = NULL;
+         MultiFDRecvParams *p = &multifd_recv_state->params[i];
--    }
-+    *sleep_state->user_state_pointer = NULL;
+-        qemu_mutex_lock(&p->mutex);
-     timer_del(&sleep_state->ts);
+-        if (multifd_recv_state->packet_num < p->packet_num) {
-     aio_co_wake(sleep_state->co);
+-            multifd_recv_state->packet_num = p->packet_num;
- }
++        WITH_QEMU_LOCK_GUARD(&p->mutex) {
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
++            if (multifd_recv_state->packet_num < p->packet_num) {
-     }
++                multifd_recv_state->packet_num = p->packet_num;
++            }
-     aio_timer_init(ctx, &state.ts, type, SCALE_NS, co_sleep_cb, &state);
+         }
--    if (sleep_state) {
+-        qemu_mutex_unlock(&p->mutex);
--        *sleep_state = &state;
+         trace_multifd_recv_sync_main_signal(p->id);
--    }
+         qemu_sem_post(&p->sem_sync);
-+    *sleep_state = &state;
+     }
-     timer_mod(&state.ts, qemu_clock_get_ns(type) + ns);
+diff --git a/migration/ram.c b/migration/ram.c
-     qemu_coroutine_yield();
+index XXXXXXX..XXXXXXX 100644
--    if (sleep_state) {
+--- a/migration/ram.c
--        /*
++++ b/migration/ram.c
--         * Note that *sleep_state is cleared during qemu_co_sleep_wake
+@@ -XXX,XX +XXX,XX @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset)
--         * before resuming this coroutine.
+         return NULL;
--         */
+     }
--        assert(*sleep_state == NULL);
--    }
+-    qemu_mutex_lock(&rs->src_page_req_mutex);
-+
++    QEMU_LOCK_GUARD(&rs->src_page_req_mutex);
-+    /* qemu_co_sleep_wake clears *sleep_state before resuming this coroutine.  */
+     if (!QSIMPLEQ_EMPTY(&rs->src_page_requests)) {
-+    assert(*sleep_state == NULL);
+         struct RAMSrcPageRequest *entry =
- }
+                                 QSIMPLEQ_FIRST(&rs->src_page_requests);
@@ -XXX,XX +XXX,XX @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset)
              migration_consume_urgent_request();
          }
      }
 -    qemu_mutex_unlock(&rs->src_page_req_mutex);
      return block;
  }
 diff --git a/monitor/misc.c b/monitor/misc.c
 index XXXXXXX..XXXXXXX 100644
 --- a/monitor/misc.c
 +++ b/monitor/misc.c
@@ -XXX,XX +XXX,XX @@ AddfdInfo *monitor_fdset_add_fd(int fd, bool has_fdset_id, int64_t fdset_id,
      MonFdsetFd *mon_fdset_fd;
      AddfdInfo *fdinfo;
 -    qemu_mutex_lock(&mon_fdsets_lock);
 +    QEMU_LOCK_GUARD(&mon_fdsets_lock);
      if (has_fdset_id) {
          QLIST_FOREACH(mon_fdset, &mon_fdsets, next) {
              /* Break if match found or match impossible due to ordering by ID */
@@ -XXX,XX +XXX,XX @@ AddfdInfo *monitor_fdset_add_fd(int fd, bool has_fdset_id, int64_t fdset_id,
              if (fdset_id < 0) {
                  error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "fdset-id",
                             "a non-negative value");
 -                qemu_mutex_unlock(&mon_fdsets_lock);
                  return NULL;
              }
              /* Use specified fdset ID */
@@ -XXX,XX +XXX,XX @@ AddfdInfo *monitor_fdset_add_fd(int fd, bool has_fdset_id, int64_t fdset_id,
      fdinfo->fdset_id = mon_fdset->id;
      fdinfo->fd = mon_fdset_fd->fd;
 -    qemu_mutex_unlock(&mon_fdsets_lock);
      return fdinfo;
  }
 diff --git a/ui/spice-display.c b/ui/spice-display.c
 index XXXXXXX..XXXXXXX 100644
 --- a/ui/spice-display.c
 +++ b/ui/spice-display.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/osdep.h"
  #include "ui/qemu-spice.h"
  #include "qemu/timer.h"
 +#include "qemu/lockable.h"
  #include "qemu/main-loop.h"
  #include "qemu/option.h"
  #include "qemu/queue.h"
@@ -XXX,XX +XXX,XX @@ void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd)
  {
      graphic_hw_update(ssd->dcl.con);
 -    qemu_mutex_lock(&ssd->lock);
 -    if (QTAILQ_EMPTY(&ssd->updates) && ssd->ds) {
 -        qemu_spice_create_update(ssd);
 -        ssd->notify++;
 +    WITH_QEMU_LOCK_GUARD(&ssd->lock) {
 +        if (QTAILQ_EMPTY(&ssd->updates) && ssd->ds) {
 +            qemu_spice_create_update(ssd);
 +            ssd->notify++;
 +        }
      }
 -    qemu_mutex_unlock(&ssd->lock);
      trace_qemu_spice_display_refresh(ssd->qxl.id, ssd->notify);
      if (ssd->notify) {
@@ -XXX,XX +XXX,XX @@ static int interface_get_cursor_command(QXLInstance *sin, QXLCommandExt *ext)
      SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
      int ret;
 -    qemu_mutex_lock(&ssd->lock);
 +    QEMU_LOCK_GUARD(&ssd->lock);
      if (ssd->ptr_define) {
          *ext = ssd->ptr_define->ext;
          ssd->ptr_define = NULL;
@@ -XXX,XX +XXX,XX @@ static int interface_get_cursor_command(QXLInstance *sin, QXLCommandExt *ext)
      } else {
          ret = false;
      }
 -    qemu_mutex_unlock(&ssd->lock);
      return ret;
  }
 diff --git a/util/log.c b/util/log.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/log.c
 +++ b/util/log.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/cutils.h"
  #include "trace/control.h"
  #include "qemu/thread.h"
 +#include "qemu/lockable.h"
  static char *logfilename;
  static QemuMutex qemu_logfile_mutex;
@@ -XXX,XX +XXX,XX @@ void qemu_set_log(int log_flags)
      if (qemu_loglevel && (!is_daemonized() || logfilename)) {
          need_to_open_file = true;
      }
 -    qemu_mutex_lock(&qemu_logfile_mutex);
 +    QEMU_LOCK_GUARD(&qemu_logfile_mutex);
      if (qemu_logfile && !need_to_open_file) {
          logfile = qemu_logfile;
          atomic_rcu_set(&qemu_logfile, NULL);
@@ -XXX,XX +XXX,XX @@ void qemu_set_log(int log_flags)
          }
          atomic_rcu_set(&qemu_logfile, logfile);
      }
 -    qemu_mutex_unlock(&qemu_logfile_mutex);
  }
  void qemu_log_needs_buffers(void)
 diff --git a/util/qemu-timer.c b/util/qemu-timer.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/qemu-timer.c
 +++ b/util/qemu-timer.c
@@ -XXX,XX +XXX,XX @@ void timer_mod_anticipate_ns(QEMUTimer *ts, int64_t expire_time)
      QEMUTimerList *timer_list = ts->timer_list;
      bool rearm;
 -    qemu_mutex_lock(&timer_list->active_timers_lock);
 -    if (ts->expire_time == -1 || ts->expire_time > expire_time) {
 -        if (ts->expire_time != -1) {
 -            timer_del_locked(timer_list, ts);
 +    WITH_QEMU_LOCK_GUARD(&timer_list->active_timers_lock) {
 +        if (ts->expire_time == -1 || ts->expire_time > expire_time) {
 +            if (ts->expire_time != -1) {
 +                timer_del_locked(timer_list, ts);
 +            }
 +            rearm = timer_mod_ns_locked(timer_list, ts, expire_time);
 +        } else {
 +            rearm = false;
          }
 -        rearm = timer_mod_ns_locked(timer_list, ts, expire_time);
 -    } else {
 -        rearm = false;
      }
 -    qemu_mutex_unlock(&timer_list->active_timers_lock);
 -
      if (rearm) {
          timerlist_rearm(timer_list);
      }
 diff --git a/util/rcu.c b/util/rcu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/rcu.c
 +++ b/util/rcu.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/atomic.h"
  #include "qemu/thread.h"
  #include "qemu/main-loop.h"
 +#include "qemu/lockable.h"
  #if defined(CONFIG_MALLOC_TRIM)
  #include <malloc.h>
  #endif
@@ -XXX,XX +XXX,XX @@ static void wait_for_readers(void)
  void synchronize_rcu(void)
  {
 -    qemu_mutex_lock(&rcu_sync_lock);
 +    QEMU_LOCK_GUARD(&rcu_sync_lock);
      /* Write RCU-protected pointers before reading p_rcu_reader->ctr.
       * Pairs with smp_mb_placeholder() in rcu_read_lock().
       */
      smp_mb_global();
 -    qemu_mutex_lock(&rcu_registry_lock);
 +    QEMU_LOCK_GUARD(&rcu_registry_lock);
      if (!QLIST_EMPTY(&registry)) {
          /* In either case, the atomic_mb_set below blocks stores that free
           * old RCU-protected pointers.
@@ -XXX,XX +XXX,XX @@ void synchronize_rcu(void)
          wait_for_readers();
      }
 -
 -    qemu_mutex_unlock(&rcu_registry_lock);
 -    qemu_mutex_unlock(&rcu_sync_lock);
  }
 diff --git a/util/thread-pool.c b/util/thread-pool.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/thread-pool.c
 +++ b/util/thread-pool.c
@@ -XXX,XX +XXX,XX @@ static void thread_pool_cancel(BlockAIOCB *acb)
      trace_thread_pool_cancel(elem, elem->common.opaque);
 -    qemu_mutex_lock(&pool->lock);
 +    QEMU_LOCK_GUARD(&pool->lock);
      if (elem->state == THREAD_QUEUED &&
          /* No thread has yet started working on elem. we can try to "steal"
           * the item from the worker if we can get a signal from the
@@ -XXX,XX +XXX,XX @@ static void thread_pool_cancel(BlockAIOCB *acb)
          elem->ret = -ECANCELED;
      }
 -    qemu_mutex_unlock(&pool->lock);
  }
  static AioContext *thread_pool_get_aio_context(BlockAIOCB *acb)
 diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/vfio-helpers.c
 +++ b/util/vfio-helpers.c
@@ -XXX,XX +XXX,XX @@
  #include "standard-headers/linux/pci_regs.h"
  #include "qemu/event_notifier.h"
  #include "qemu/vfio-helpers.h"
 +#include "qemu/lockable.h"
  #include "trace.h"
  #define QEMU_VFIO_DEBUG 0
@@ -XXX,XX +XXX,XX @@ int qemu_vfio_dma_reset_temporary(QEMUVFIOState *s)
          .size = QEMU_VFIO_IOVA_MAX - s->high_water_mark,
      };
      trace_qemu_vfio_dma_reset_temporary(s);
 -    qemu_mutex_lock(&s->lock);
 +    QEMU_LOCK_GUARD(&s->lock);
      if (ioctl(s->container, VFIO_IOMMU_UNMAP_DMA, &unmap)) {
          error_report("VFIO_UNMAP_DMA failed: %s", strerror(errno));
 -        qemu_mutex_unlock(&s->lock);
          return -errno;
      }
      s->high_water_mark = QEMU_VFIO_IOVA_MAX;
 -    qemu_mutex_unlock(&s->lock);
      return 0;
  }
 --
-.31.1
+.25.3

-[PULL 3/8] coroutine-sleep: use a stack-allocated timer
+[PULL v2 4/4] lockable: Replace locks with lock guard macros
-From: Paolo Bonzini <pbonzini@redhat.com>
+From: Simran Singhal <singhalsimran0@gmail.com>
-The lifetime of the timer is well-known (it cannot outlive
+Replace manual lock()/unlock() calls with lock guard macros
-qemu_co_sleep_ns_wakeable, because it's deleted by the time the
+(QEMU_LOCK_GUARD/WITH_QEMU_LOCK_GUARD).
 coroutine resumes), so it is not necessary to place it on the heap.
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
-Message-id: 20210517100548.28806-2-pbonzini@redhat.com
+Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
 Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
 Message-id: 20200402065035.GA15477@simran-Inspiron-5558
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- util/qemu-coroutine-sleep.c | 9 ++++-----
+ hw/hyperv/hyperv.c     | 15 ++++++-------
-file changed, 4 insertions(+), 5 deletions(-)
+ hw/rdma/rdma_backend.c | 50 +++++++++++++++++++++---------------------
  hw/rdma/rdma_rm.c      |  3 +--
 files changed, 33 insertions(+), 35 deletions(-)
-diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
+diff --git a/hw/hyperv/hyperv.c b/hw/hyperv/hyperv.c
 index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine-sleep.c
+--- a/hw/hyperv/hyperv.c
-+++ b/util/qemu-coroutine-sleep.c
++++ b/hw/hyperv/hyperv.c
-@@ -XXX,XX +XXX,XX @@ static const char *qemu_co_sleep_ns__scheduled = "qemu_co_sleep_ns";
+@@ -XXX,XX +XXX,XX @@
+ #include "sysemu/kvm.h"
- struct QemuCoSleepState {
+ #include "qemu/bitops.h"
-     Coroutine *co;
+ #include "qemu/error-report.h"
--    QEMUTimer *ts;
++#include "qemu/lockable.h"
-+    QEMUTimer ts;
+ #include "qemu/queue.h"
-     QemuCoSleepState **user_state_pointer;
+ #include "qemu/rcu.h"
- };
+ #include "qemu/rcu_queue.h"
+@@ -XXX,XX +XXX,XX @@ int hyperv_set_msg_handler(uint32_t conn_id, HvMsgHandler handler, void *data)
-@@ -XXX,XX +XXX,XX @@ void qemu_co_sleep_wake(QemuCoSleepState *sleep_state)
+     int ret;
-     if (sleep_state->user_state_pointer) {
+     MsgHandler *mh;
-         *sleep_state->user_state_pointer = NULL;
 -    qemu_mutex_lock(&handlers_mutex);
 +    QEMU_LOCK_GUARD(&handlers_mutex);
      QLIST_FOREACH(mh, &msg_handlers, link) {
          if (mh->conn_id == conn_id) {
              if (handler) {
@@ -XXX,XX +XXX,XX @@ int hyperv_set_msg_handler(uint32_t conn_id, HvMsgHandler handler, void *data)
                  g_free_rcu(mh, rcu);
                  ret = 0;
              }
 -            goto unlock;
 +            return ret;
          }
      }
--    timer_del(sleep_state->ts);
-+    timer_del(&sleep_state->ts);
+@@ -XXX,XX +XXX,XX @@ int hyperv_set_msg_handler(uint32_t conn_id, HvMsgHandler handler, void *data)
-     aio_co_wake(sleep_state->co);
+     } else {
          ret = -ENOENT;
      }
 -unlock:
 -    qemu_mutex_unlock(&handlers_mutex);
 +
      return ret;
  }
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
+@@ -XXX,XX +XXX,XX @@ static int set_event_flag_handler(uint32_t conn_id, EventNotifier *notifier)
-     AioContext *ctx = qemu_get_current_aio_context();
+     int ret;
-     QemuCoSleepState state = {
+     EventFlagHandler *handler;
-         .co = qemu_coroutine_self(),
--        .ts = aio_timer_new(ctx, type, SCALE_NS, co_sleep_cb, &state),
+-    qemu_mutex_lock(&handlers_mutex);
-         .user_state_pointer = sleep_state,
++    QEMU_LOCK_GUARD(&handlers_mutex);
-     };
+     QLIST_FOREACH(handler, &event_flag_handlers, link) {
+         if (handler->conn_id == conn_id) {
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
+             if (notifier) {
-         abort();
+@@ -XXX,XX +XXX,XX @@ static int set_event_flag_handler(uint32_t conn_id, EventNotifier *notifier)
                  g_free_rcu(handler, rcu);
                  ret = 0;
              }
 -            goto unlock;
 +            return ret;
          }
      }
-+    aio_timer_init(ctx, &state.ts, type, SCALE_NS, co_sleep_cb, &state);
+@@ -XXX,XX +XXX,XX @@ static int set_event_flag_handler(uint32_t conn_id, EventNotifier *notifier)
-     if (sleep_state) {
+     } else {
-         *sleep_state = &state;
+         ret = -ENOENT;
      }
--    timer_mod(state.ts, qemu_clock_get_ns(type) + ns);
+-unlock:
-+    timer_mod(&state.ts, qemu_clock_get_ns(type) + ns);
+-    qemu_mutex_unlock(&handlers_mutex);
-     qemu_coroutine_yield();
++
-     if (sleep_state) {
+     return ret;
-         /*
+ }
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
-          */
+diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
-         assert(*sleep_state == NULL);
+index XXXXXXX..XXXXXXX 100644
 --- a/hw/rdma/rdma_backend.c
 +++ b/hw/rdma/rdma_backend.c
@@ -XXX,XX +XXX,XX @@ static int rdma_poll_cq(RdmaDeviceResources *rdma_dev_res, struct ibv_cq *ibcq)
      struct ibv_wc wc[2];
      RdmaProtectedGSList *cqe_ctx_list;
 -    qemu_mutex_lock(&rdma_dev_res->lock);
 -    do {
 -        ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
 +    WITH_QEMU_LOCK_GUARD(&rdma_dev_res->lock) {
 +        do {
 +            ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
 -        trace_rdma_poll_cq(ne, ibcq);
 +            trace_rdma_poll_cq(ne, ibcq);
 -        for (i = 0; i < ne; i++) {
 -            bctx = rdma_rm_get_cqe_ctx(rdma_dev_res, wc[i].wr_id);
 -            if (unlikely(!bctx)) {
 -                rdma_error_report("No matching ctx for req %"PRId64,
 -                                  wc[i].wr_id);
 -                continue;
 -            }
 +            for (i = 0; i < ne; i++) {
 +                bctx = rdma_rm_get_cqe_ctx(rdma_dev_res, wc[i].wr_id);
 +                if (unlikely(!bctx)) {
 +                    rdma_error_report("No matching ctx for req %"PRId64,
 +                                      wc[i].wr_id);
 +                    continue;
 +                }
 -            comp_handler(bctx->up_ctx, &wc[i]);
 +                comp_handler(bctx->up_ctx, &wc[i]);
 -            if (bctx->backend_qp) {
 -                cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;
 -            } else {
 -                cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;
 -            }
 +                if (bctx->backend_qp) {
 +                    cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;
 +                } else {
 +                    cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;
 +                }
 -            rdma_protected_gslist_remove_int32(cqe_ctx_list, wc[i].wr_id);
 -            rdma_rm_dealloc_cqe_ctx(rdma_dev_res, wc[i].wr_id);
 -            g_free(bctx);
 -        }
 -        total_ne += ne;
 -    } while (ne > 0);
 -    atomic_sub(&rdma_dev_res->stats.missing_cqe, total_ne);
 -    qemu_mutex_unlock(&rdma_dev_res->lock);
 +                rdma_protected_gslist_remove_int32(cqe_ctx_list, wc[i].wr_id);
 +                rdma_rm_dealloc_cqe_ctx(rdma_dev_res, wc[i].wr_id);
 +                g_free(bctx);
 +            }
 +            total_ne += ne;
 +        } while (ne > 0);
 +        atomic_sub(&rdma_dev_res->stats.missing_cqe, total_ne);
 +    }
      if (ne < 0) {
          rdma_error_report("ibv_poll_cq fail, rc=%d, errno=%d", ne, errno);
 diff --git a/hw/rdma/rdma_rm.c b/hw/rdma/rdma_rm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/rdma/rdma_rm.c
 +++ b/hw/rdma/rdma_rm.c
@@ -XXX,XX +XXX,XX @@ static inline void rdma_res_tbl_dealloc(RdmaRmResTbl *tbl, uint32_t handle)
  {
      trace_rdma_res_tbl_dealloc(tbl->name, handle);
 -    qemu_mutex_lock(&tbl->lock);
 +    QEMU_LOCK_GUARD(&tbl->lock);
      if (handle < tbl->tbl_sz) {
          clear_bit(handle, tbl->bitmap);
          tbl->used--;
      }
--    timer_free(state.ts);
 -    qemu_mutex_unlock(&tbl->lock);
  }
+ int rdma_rm_alloc_pd(RdmaDeviceResources *dev_res, RdmaBackendDev *backend_dev,
 --
-.31.1
+.25.3

-[PULL 5/8] coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-All callers of qemu_co_sleep_wake are checking whether they are passing
-a NULL argument inside the pointer-to-pointer: do the check in
-qemu_co_sleep_wake itself.
-As a side effect, qemu_co_sleep_wake can be called more than once and
-it will only wake the coroutine once; after the first time, the argument
-will be set to NULL via *sleep_state->user_state_pointer.  However, this
-would not be safe unless co_sleep_cb keeps using the QemuCoSleepState*
-directly, so make it go through the pointer-to-pointer instead.
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20210517100548.28806-4-pbonzini@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- block/block-copy.c          |  4 +---
- block/nbd.c                 |  8 ++------
- util/qemu-coroutine-sleep.c | 21 ++++++++++++---------
-files changed, 15 insertions(+), 18 deletions(-)
-diff --git a/block/block-copy.c b/block/block-copy.c
-index XXXXXXX..XXXXXXX 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -XXX,XX +XXX,XX @@ out:
- void block_copy_kick(BlockCopyCallState *call_state)
- {
--    if (call_state->sleep_state) {
--        qemu_co_sleep_wake(call_state->sleep_state);
--    }
-+    qemu_co_sleep_wake(call_state->sleep_state);
- }
- /*
-diff --git a/block/nbd.c b/block/nbd.c
-index XXXXXXX..XXXXXXX 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -XXX,XX +XXX,XX @@ static void coroutine_fn nbd_client_co_drain_begin(BlockDriverState *bs)
-     BDRVNBDState *s = (BDRVNBDState *)bs->opaque;
-     s->drained = true;
--    if (s->connection_co_sleep_ns_state) {
--        qemu_co_sleep_wake(s->connection_co_sleep_ns_state);
--    }
-+    qemu_co_sleep_wake(s->connection_co_sleep_ns_state);
-     nbd_co_establish_connection_cancel(bs, false);
-@@ -XXX,XX +XXX,XX @@ static void nbd_teardown_connection(BlockDriverState *bs)
-     s->state = NBD_CLIENT_QUIT;
-     if (s->connection_co) {
--        if (s->connection_co_sleep_ns_state) {
--            qemu_co_sleep_wake(s->connection_co_sleep_ns_state);
--        }
-+        qemu_co_sleep_wake(s->connection_co_sleep_ns_state);
-         nbd_co_establish_connection_cancel(bs, true);
-     }
-     if (qemu_in_coroutine()) {
-diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine-sleep.c
-+++ b/util/qemu-coroutine-sleep.c
-@@ -XXX,XX +XXX,XX @@ struct QemuCoSleepState {
- void qemu_co_sleep_wake(QemuCoSleepState *sleep_state)
- {
--    /* Write of schedule protected by barrier write in aio_co_schedule */
--    const char *scheduled = qatomic_cmpxchg(&sleep_state->co->scheduled,
--                                           qemu_co_sleep_ns__scheduled, NULL);
-+    if (sleep_state) {
-+        /* Write of schedule protected by barrier write in aio_co_schedule */
-+        const char *scheduled = qatomic_cmpxchg(&sleep_state->co->scheduled,
-+                                                qemu_co_sleep_ns__scheduled, NULL);
--    assert(scheduled == qemu_co_sleep_ns__scheduled);
--    *sleep_state->user_state_pointer = NULL;
--    timer_del(&sleep_state->ts);
--    aio_co_wake(sleep_state->co);
-+        assert(scheduled == qemu_co_sleep_ns__scheduled);
-+        *sleep_state->user_state_pointer = NULL;
-+        timer_del(&sleep_state->ts);
-+        aio_co_wake(sleep_state->co);
-+    }
- }
- static void co_sleep_cb(void *opaque)
- {
--    qemu_co_sleep_wake(opaque);
-+    QemuCoSleepState **sleep_state = opaque;
-+    qemu_co_sleep_wake(*sleep_state);
- }
- void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
-         abort();
-     }
--    aio_timer_init(ctx, &state.ts, type, SCALE_NS, co_sleep_cb, &state);
-+    aio_timer_init(ctx, &state.ts, type, SCALE_NS, co_sleep_cb, sleep_state);
-     *sleep_state = &state;
-     timer_mod(&state.ts, qemu_clock_get_ns(type) + ns);
-     qemu_coroutine_yield();
---
-.31.1

-[PULL 6/8] coroutine-sleep: move timer out of QemuCoSleepState
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-This simplification is enabled by the previous patch.  Now aio_co_wake
-will only be called once, therefore we do not care about a spurious
-firing of the timer after a qemu_co_sleep_wake.
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20210517100548.28806-5-pbonzini@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- util/qemu-coroutine-sleep.c | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine-sleep.c
-+++ b/util/qemu-coroutine-sleep.c
-@@ -XXX,XX +XXX,XX @@ static const char *qemu_co_sleep_ns__scheduled = "qemu_co_sleep_ns";
- struct QemuCoSleepState {
-     Coroutine *co;
--    QEMUTimer ts;
-     QemuCoSleepState **user_state_pointer;
- };
-@@ -XXX,XX +XXX,XX @@ void qemu_co_sleep_wake(QemuCoSleepState *sleep_state)
-         assert(scheduled == qemu_co_sleep_ns__scheduled);
-         *sleep_state->user_state_pointer = NULL;
--        timer_del(&sleep_state->ts);
-         aio_co_wake(sleep_state->co);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
-                                             QemuCoSleepState **sleep_state)
- {
-     AioContext *ctx = qemu_get_current_aio_context();
-+    QEMUTimer ts;
-     QemuCoSleepState state = {
-         .co = qemu_coroutine_self(),
-         .user_state_pointer = sleep_state,
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType type, int64_t ns,
-         abort();
-     }
--    aio_timer_init(ctx, &state.ts, type, SCALE_NS, co_sleep_cb, sleep_state);
-+    aio_timer_init(ctx, &ts, type, SCALE_NS, co_sleep_cb, sleep_state);
-     *sleep_state = &state;
--    timer_mod(&state.ts, qemu_clock_get_ns(type) + ns);
-+    timer_mod(&ts, qemu_clock_get_ns(type) + ns);
-     qemu_coroutine_yield();
-+    timer_del(&ts);
-     /* qemu_co_sleep_wake clears *sleep_state before resuming this coroutine.  */
-     assert(*sleep_state == NULL);
---
-.31.1

The following changes since commit 6c769690ac845fa62642a5f93b4e4bd906adab95:

Merge remote-tracking branch 'remotes/vsementsov/tags/pull-simplebench-2021-05-04' into staging (2021-05-21 12:02:34 +0100)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 0a6f0c76a030710780ce10d6347a70f098024d21:

coroutine-sleep: introduce qemu_co_sleep (2021-05-21 18:22:33 +0100)

----------------------------------------------------------------
Pull request

(Resent due to an email preparation mistake.)

----------------------------------------------------------------

Paolo Bonzini (6):
  coroutine-sleep: use a stack-allocated timer
  coroutine-sleep: disallow NULL QemuCoSleepState** argument
  coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing
  coroutine-sleep: move timer out of QemuCoSleepState
  coroutine-sleep: replace QemuCoSleepState pointer with struct in the
    API
  coroutine-sleep: introduce qemu_co_sleep

Philippe Mathieu-Daudé (1):
  bitops.h: Improve find_xxx_bit() documentation

Zenghui Yu (1):
  multi-process: Initialize variables declared with g_auto*

-- 
2.31.1

From: Zenghui Yu <yuzenghui@huawei.com>

Quote docs/devel/style.rst (section "Automatic memory deallocation"):

* Variables declared with g_auto* MUST always be initialized,
  otherwise the cleanup function will use uninitialized stack memory

Initialize @name properly to get rid of the compilation error (using
gcc-7.3.0 on CentOS):

../hw/remote/proxy.c: In function 'pci_proxy_dev_realize':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'name' may be used uninitialized in this function [-Werror=maybe-uninitialized]
   g_free (*pp);
   ^~~~~~~~~~~~
../hw/remote/proxy.c:350:30: note: 'name' was declared here
             g_autofree char *name;
                              ^~~~

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: 20210312112143.1369-1-yuzenghui@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/remote/memory.c | 5 ++---
 hw/remote/proxy.c  | 3 +--
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/hw/remote/memory.c b/hw/remote/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/memory.c
+++ b/hw/remote/memory.c
@@ -XXX,XX +XXX,XX @@ void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp)
 
     remote_sysmem_reset();
 
-    for (region = 0; region < msg->num_fds; region++) {
-        g_autofree char *name;
+    for (region = 0; region < msg->num_fds; region++, suffix++) {
+        g_autofree char *name = g_strdup_printf("remote-mem-%u", suffix);
         subregion = g_new(MemoryRegion, 1);
-        name = g_strdup_printf("remote-mem-%u", suffix++);
         memory_region_init_ram_from_fd(subregion, NULL,
                                        name, sysmem_info->sizes[region],
                                        true, msg->fds[region],
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@ static void probe_pci_info(PCIDevice *dev, Error **errp)
                    PCI_BASE_ADDRESS_SPACE_IO : PCI_BASE_ADDRESS_SPACE_MEMORY;
 
         if (size) {
-            g_autofree char *name;
+            g_autofree char *name = g_strdup_printf("bar-region-%d", i);
             pdev->region[i].dev = pdev;
             pdev->region[i].present = true;
             if (type == PCI_BASE_ADDRESS_SPACE_MEMORY) {
                 pdev->region[i].memory = true;
             }
-            name = g_strdup_printf("bar-region-%d", i);
             memory_region_init_io(&pdev->region[i].mr, OBJECT(pdev),
                                   &proxy_mr_ops, &pdev->region[i],
                                   name, size);
-- 
2.31.1

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Document the following functions return the bitmap size
if no matching bit is found:

- find_first_bit
- find_next_bit
- find_last_bit
- find_first_zero_bit
- find_next_zero_bit

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20210510200758.2623154-2-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/bitops.h | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -XXX,XX +XXX,XX @@ static inline int test_bit(long nr, const unsigned long *addr)
  * @addr: The address to start the search at
  * @size: The maximum size to search
  *
- * Returns the bit number of the first set bit, or size.
+ * Returns the bit number of the last set bit,
+ * or @size if there is no set bit in the bitmap.
  */
 unsigned long find_last_bit(const unsigned long *addr,
                             unsigned long size);
@@ -XXX,XX +XXX,XX @@ unsigned long find_last_bit(const unsigned long *addr,
  * @addr: The address to base the search on
  * @offset: The bitnumber to start searching at
  * @size: The bitmap size in bits
+ *
+ * Returns the bit number of the next set bit,
+ * or @size if there are no further set bits in the bitmap.
  */
 unsigned long find_next_bit(const unsigned long *addr,
                             unsigned long size,
@@ -XXX,XX +XXX,XX @@ unsigned long find_next_bit(const unsigned long *addr,
  * @addr: The address to base the search on
  * @offset: The bitnumber to start searching at
  * @size: The bitmap size in bits
+ *
+ * Returns the bit number of the next cleared bit,
+ * or @size if there are no further clear bits in the bitmap.
  */
 
 unsigned long find_next_zero_bit(const unsigned long *addr,
@@ -XXX,XX +XXX,XX @@ unsigned long find_next_zero_bit(const unsigned long *addr,
  * @addr: The address to start the search at
  * @size: The maximum size to search
  *
- * Returns the bit number of the first set bit.
+ * Returns the bit number of the first set bit,
+ * or @size if there is no set bit in the bitmap.
  */
 static inline unsigned long find_first_bit(const unsigned long *addr,
                                            unsigned long size)
@@ -XXX,XX +XXX,XX @@ static inline unsigned long find_first_bit(const unsigned long *addr,
  * @addr: The address to start the search at
  * @size: The maximum size to search
  *
- * Returns the bit number of the first cleared bit.
+ * Returns the bit number of the first cleared bit,
+ * or @size if there is no clear bit in the bitmap.
  */
 static inline unsigned long find_first_zero_bit(const unsigned long *addr,
                                                 unsigned long size)
-- 
2.31.1