Series comparison

 [PULL 0/1] Block patches
-The following changes since commit 887cba855bb6ff4775256f7968409281350b568c:
+The following changes since commit da1034094d375afe9e3d8ec8980550ea0f06f7e0:
-  configure: Fix cross-building for RISCV host (v5) (2023-07-11 17:56:09 +0100)
+  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2023-10-03 07:43:44 -0400)
 are available in the Git repository at:
   https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 75dcb4d790bbe5327169fd72b185960ca58e2fa6:
+for you to fetch changes up to 9afa888ce0f816d0f2cfc95eebe4f49244c518af:
-  virtio-blk: fix host notifier issues during dataplane start/stop (2023-07-12 15:20:32 -0400)
+  osdep: set _FORTIFY_SOURCE=2 when optimization is enabled (2023-10-04 09:52:06 -0400)
 ----------------------------------------------------------------
 Pull request
 ----------------------------------------------------------------
-Stefan Hajnoczi (1):
+Daniel P. Berrangé (1):
-  virtio-blk: fix host notifier issues during dataplane start/stop
+  osdep: set _FORTIFY_SOURCE=2 when optimization is enabled
- hw/block/dataplane/virtio-blk.c | 67 +++++++++++++++++++--------------
+ meson.build                  | 10 ----------
-file changed, 38 insertions(+), 29 deletions(-)
+ include/qemu/osdep.h         |  4 ++++
  util/coroutine-sigaltstack.c |  4 ++--
  util/coroutine-ucontext.c    |  4 ++--
 files changed, 8 insertions(+), 14 deletions(-)
 --
-.40.1
+.41.0

-[PULL 1/1] virtio-blk: fix host notifier issues during dataplane start/stop
+[PULL 1/1] osdep: set _FORTIFY_SOURCE=2 when optimization is enabled
-The main loop thread can consume 100% CPU when using --device
+From: Daniel P. Berrangé <berrange@redhat.com>
 virtio-blk-pci,iothread=<iothread>. ppoll() constantly returns but
 reading virtqueue host notifiers fails with EAGAIN. The file descriptors
 are stale and remain registered with the AioContext because of bugs in
 the virtio-blk dataplane start/stop code.
-The problem is that the dataplane start/stop code involves drain
+Currently we set _FORTIFY_SOURCE=2 as a compiler argument when the
-operations, which call virtio_blk_drained_begin() and
+meson 'optimization' setting is non-zero, the compiler is GCC and
-virtio_blk_drained_end() at points where the host notifier is not
+the target is Linux.
 operational:
 - In virtio_blk_data_plane_start(), blk_set_aio_context() drains after
   vblk->dataplane_started has been set to true but the host notifier has
   not been attached yet.
 - In virtio_blk_data_plane_stop(), blk_drain() and blk_set_aio_context()
   drain after the host notifier has already been detached but with
   vblk->dataplane_started still set to true.
-I would like to simplify ->ioeventfd_start/stop() to avoid interactions
+While the default QEMU optimization level is 2, user could override
-with drain entirely, but couldn't find a way to do that. Instead, this
+this by setting CFLAGS="-O0" or --extra-cflags="-O0" when running
-patch accepts the fragile nature of the code and reorders it so that
+configure and this won't be reflected in the meson 'optimization'
-vblk->dataplane_started is false during drain operations. This way the
+setting. As a result we try to enable _FORTIFY_SOURCE=2 and then the
-virtio_blk_drained_begin() and virtio_blk_drained_end() calls don't
+user gets compile errors as it only works with optimization.
 touch the host notifier. The result is that
 virtio_blk_data_plane_start() and virtio_blk_data_plane_stop() have
 complete control over the host notifier and stale file descriptors are
 no longer left in the AioContext.
-This patch fixes the 100% CPU consumption in the main loop thread and
+Rather than trying to improve detection in meson, it is simpler to
-correctly moves host notifier processing to the IOThread.
+just check the __OPTIMIZE__ define from osdep.h.
-Fixes: 1665d9326fd2 ("virtio-blk: implement BlockDevOps->drained_begin()")
+The comment about being incompatible with clang appears to be
-Reported-by: Lukáš Doktor <ldoktor@redhat.com>
+outdated, as compilation works fine without excluding clang.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Tested-by: Lukas Doktor <ldoktor@redhat.com>
+In the coroutine code we must set _FORTIFY_SOURCE=0 to stop the
-Message-id: 20230704151527.193586-1-stefanha@redhat.com
+logic in osdep.h then enabling it.
 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 Message-id: 20231003091549.223020-1-berrange@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- hw/block/dataplane/virtio-blk.c | 67 +++++++++++++++++++--------------
+ meson.build                  | 10 ----------
-file changed, 38 insertions(+), 29 deletions(-)
+ include/qemu/osdep.h         |  4 ++++
  util/coroutine-sigaltstack.c |  4 ++--
  util/coroutine-ucontext.c    |  4 ++--
 files changed, 8 insertions(+), 14 deletions(-)
-diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
+diff --git a/meson.build b/meson.build
 index XXXXXXX..XXXXXXX 100644
---- a/hw/block/dataplane/virtio-blk.c
+--- a/meson.build
-+++ b/hw/block/dataplane/virtio-blk.c
++++ b/meson.build
-@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
+@@ -XXX,XX +XXX,XX @@ if 'cpp' in all_languages
+   qemu_cxxflags = ['-D__STDC_LIMIT_MACROS', '-D__STDC_CONSTANT_MACROS', '-D__STDC_FORMAT_MACROS'] + qemu_cflags
-     memory_region_transaction_commit();
+ endif
--    /*
+-# clang does not support glibc + FORTIFY_SOURCE (is it still true?)
--     * These fields are visible to the IOThread so we rely on implicit barriers
+-if get_option('optimization') != '0' and targetos == 'linux'
--     * in aio_context_acquire() on the write side and aio_notify_accept() on
+-  if cc.get_id() == 'gcc'
--     * the read side.
+-    qemu_cflags += ['-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=2']
--     */
+-  endif
--    s->starting = false;
+-  if 'cpp' in all_languages and cxx.get_id() == 'gcc'
--    vblk->dataplane_started = true;
+-    qemu_cxxflags += ['-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=2']
-     trace_virtio_blk_data_plane_start(s);
+-  endif
+-endif
-     old_context = blk_get_aio_context(s->conf->conf.blk);
+-
-@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
+ add_project_arguments(qemu_cflags, native: false, language: 'c')
-         event_notifier_set(virtio_queue_get_host_notifier(vq));
+ add_project_arguments(cc.get_supported_arguments(warn_flags), native: false, language: 'c')
-     }
+ if 'cpp' in all_languages
+diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
-+    /*
+index XXXXXXX..XXXXXXX 100644
-+     * These fields must be visible to the IOThread when it processes the
+--- a/include/qemu/osdep.h
-+     * virtqueue, otherwise it will think dataplane has not started yet.
++++ b/include/qemu/osdep.h
-+     *
+@@ -XXX,XX +XXX,XX @@
-+     * Make sure ->dataplane_started is false when blk_set_aio_context() is
+ #ifndef QEMU_OSDEP_H
-+     * called above so that draining does not cause the host notifier to be
+ #define QEMU_OSDEP_H
-+     * detached/attached prematurely.
-+     */
++#if !defined _FORTIFY_SOURCE && defined __OPTIMIZE__ && __OPTIMIZE__ && defined __linux__
-+    s->starting = false;
++# define _FORTIFY_SOURCE 2
-+    vblk->dataplane_started = true;
++#endif
 +    smp_wmb(); /* paired with aio_notify_accept() on the read side */
 +
-     /* Get this show started by hooking up our callbacks */
+ #include "config-host.h"
-     if (!blk_in_drain(s->conf->conf.blk)) {
+ #ifdef NEED_CPU_H
-         aio_context_acquire(s->ctx);
+ #include CONFIG_TARGET
-@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
+diff --git a/util/coroutine-sigaltstack.c b/util/coroutine-sigaltstack.c
-   fail_guest_notifiers:
+index XXXXXXX..XXXXXXX 100644
-     vblk->dataplane_disabled = true;
+--- a/util/coroutine-sigaltstack.c
-     s->starting = false;
++++ b/util/coroutine-sigaltstack.c
--    vblk->dataplane_started = true;
+@@ -XXX,XX +XXX,XX @@
-     return -ENOSYS;
+  */
- }
+ /* XXX Is there a nicer way to disable glibc's stack check for longjmp? */
-@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
+-#ifdef _FORTIFY_SOURCE
-         aio_wait_bh_oneshot(s->ctx, virtio_blk_data_plane_stop_bh, s);
+ #undef _FORTIFY_SOURCE
-     }
+-#endif
++#define _FORTIFY_SOURCE 0
 +    /*
 +     * Batch all the host notifiers in a single transaction to avoid
 +     * quadratic time complexity in address_space_update_ioeventfds().
 +     */
 +    memory_region_transaction_begin();
 +
-+    for (i = 0; i < nvqs; i++) {
+ #include "qemu/osdep.h"
-+        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
+ #include <pthread.h>
-+    }
+ #include "qemu/coroutine_int.h"
 diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/coroutine-ucontext.c
 +++ b/util/coroutine-ucontext.c
@@ -XXX,XX +XXX,XX @@
   */
  /* XXX Is there a nicer way to disable glibc's stack check for longjmp? */
 -#ifdef _FORTIFY_SOURCE
  #undef _FORTIFY_SOURCE
 -#endif
 +#define _FORTIFY_SOURCE 0
 +
-+    /*
+ #include "qemu/osdep.h"
-+     * The transaction expects the ioeventfds to be open when it
+ #include <ucontext.h>
-+     * commits. Do it now, before the cleanup loop.
+ #include "qemu/coroutine_int.h"
 +     */
 +    memory_region_transaction_commit();
 +
 +    for (i = 0; i < nvqs; i++) {
 +        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
 +    }
 +
 +    /*
 +     * Set ->dataplane_started to false before draining so that host notifiers
 +     * are not detached/attached anymore.
 +     */
 +    vblk->dataplane_started = false;
 +
      aio_context_acquire(s->ctx);
      /* Wait for virtio_blk_dma_restart_bh() and in flight I/O to complete */
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
      aio_context_release(s->ctx);
 -    /*
 -     * Batch all the host notifiers in a single transaction to avoid
 -     * quadratic time complexity in address_space_update_ioeventfds().
 -     */
 -    memory_region_transaction_begin();
 -
 -    for (i = 0; i < nvqs; i++) {
 -        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
 -    }
 -
 -    /*
 -     * The transaction expects the ioeventfds to be open when it
 -     * commits. Do it now, before the cleanup loop.
 -     */
 -    memory_region_transaction_commit();
 -
 -    for (i = 0; i < nvqs; i++) {
 -        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
 -    }
 -
      qemu_bh_cancel(s->bh);
      notify_guest_bh(s); /* final chance to notify guest */
      /* Clean up guest notifier (irq) */
      k->set_guest_notifiers(qbus->parent, nvqs, false);
 -    vblk->dataplane_started = false;
      s->stopping = false;
  }
 --
-.40.1
+.41.0

The main loop thread can consume 100% CPU when using --device
virtio-blk-pci,iothread=<iothread>. ppoll() constantly returns but
reading virtqueue host notifiers fails with EAGAIN. The file descriptors
are stale and remain registered with the AioContext because of bugs in
the virtio-blk dataplane start/stop code.

The problem is that the dataplane start/stop code involves drain
operations, which call virtio_blk_drained_begin() and
virtio_blk_drained_end() at points where the host notifier is not
operational:
- In virtio_blk_data_plane_start(), blk_set_aio_context() drains after
  vblk->dataplane_started has been set to true but the host notifier has
  not been attached yet.
- In virtio_blk_data_plane_stop(), blk_drain() and blk_set_aio_context()
  drain after the host notifier has already been detached but with
  vblk->dataplane_started still set to true.

I would like to simplify ->ioeventfd_start/stop() to avoid interactions
with drain entirely, but couldn't find a way to do that. Instead, this
patch accepts the fragile nature of the code and reorders it so that
vblk->dataplane_started is false during drain operations. This way the
virtio_blk_drained_begin() and virtio_blk_drained_end() calls don't
touch the host notifier. The result is that
virtio_blk_data_plane_start() and virtio_blk_data_plane_stop() have
complete control over the host notifier and stale file descriptors are
no longer left in the AioContext.

This patch fixes the 100% CPU consumption in the main loop thread and
correctly moves host notifier processing to the IOThread.

Fixes: 1665d9326fd2 ("virtio-blk: implement BlockDevOps->drained_begin()")
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Lukas Doktor <ldoktor@redhat.com>
Message-id: 20230704151527.193586-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/block/dataplane/virtio-blk.c | 67 +++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 29 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
 
     memory_region_transaction_commit();
 
-    /*
-     * These fields are visible to the IOThread so we rely on implicit barriers
-     * in aio_context_acquire() on the write side and aio_notify_accept() on
-     * the read side.
-     */
-    s->starting = false;
-    vblk->dataplane_started = true;
     trace_virtio_blk_data_plane_start(s);
 
     old_context = blk_get_aio_context(s->conf->conf.blk);
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
         event_notifier_set(virtio_queue_get_host_notifier(vq));
     }
 
+    /*
+     * These fields must be visible to the IOThread when it processes the
+     * virtqueue, otherwise it will think dataplane has not started yet.
+     *
+     * Make sure ->dataplane_started is false when blk_set_aio_context() is
+     * called above so that draining does not cause the host notifier to be
+     * detached/attached prematurely.
+     */
+    s->starting = false;
+    vblk->dataplane_started = true;
+    smp_wmb(); /* paired with aio_notify_accept() on the read side */
+
     /* Get this show started by hooking up our callbacks */
     if (!blk_in_drain(s->conf->conf.blk)) {
         aio_context_acquire(s->ctx);
@@ -XXX,XX +XXX,XX @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
   fail_guest_notifiers:
     vblk->dataplane_disabled = true;
     s->starting = false;
-    vblk->dataplane_started = true;
     return -ENOSYS;
 }
 
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
         aio_wait_bh_oneshot(s->ctx, virtio_blk_data_plane_stop_bh, s);
     }
 
+    /*
+     * Batch all the host notifiers in a single transaction to avoid
+     * quadratic time complexity in address_space_update_ioeventfds().
+     */
+    memory_region_transaction_begin();
+
+    for (i = 0; i < nvqs; i++) {
+        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
+    }
+
+    /*
+     * The transaction expects the ioeventfds to be open when it
+     * commits. Do it now, before the cleanup loop.
+     */
+    memory_region_transaction_commit();
+
+    for (i = 0; i < nvqs; i++) {
+        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
+    }
+
+    /*
+     * Set ->dataplane_started to false before draining so that host notifiers
+     * are not detached/attached anymore.
+     */
+    vblk->dataplane_started = false;
+
     aio_context_acquire(s->ctx);
 
     /* Wait for virtio_blk_dma_restart_bh() and in flight I/O to complete */
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
 
     aio_context_release(s->ctx);
 
-    /*
-     * Batch all the host notifiers in a single transaction to avoid
-     * quadratic time complexity in address_space_update_ioeventfds().
-     */
-    memory_region_transaction_begin();
-
-    for (i = 0; i < nvqs; i++) {
-        virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
-    }
-
-    /*
-     * The transaction expects the ioeventfds to be open when it
-     * commits. Do it now, before the cleanup loop.
-     */
-    memory_region_transaction_commit();
-
-    for (i = 0; i < nvqs; i++) {
-        virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
-    }
-
     qemu_bh_cancel(s->bh);
     notify_guest_bh(s); /* final chance to notify guest */
 
     /* Clean up guest notifier (irq) */
     k->set_guest_notifiers(qbus->parent, nvqs, false);
 
-    vblk->dataplane_started = false;
     s->stopping = false;
 }
-- 
2.40.1

From: Daniel P. Berrangé <berrange@redhat.com>

Currently we set _FORTIFY_SOURCE=2 as a compiler argument when the
meson 'optimization' setting is non-zero, the compiler is GCC and
the target is Linux.

While the default QEMU optimization level is 2, user could override
this by setting CFLAGS="-O0" or --extra-cflags="-O0" when running
configure and this won't be reflected in the meson 'optimization'
setting. As a result we try to enable _FORTIFY_SOURCE=2 and then the
user gets compile errors as it only works with optimization.

Rather than trying to improve detection in meson, it is simpler to
just check the __OPTIMIZE__ define from osdep.h.

The comment about being incompatible with clang appears to be
outdated, as compilation works fine without excluding clang.

In the coroutine code we must set _FORTIFY_SOURCE=0 to stop the
logic in osdep.h then enabling it.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20231003091549.223020-1-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 meson.build                  | 10 ----------
 include/qemu/osdep.h         |  4 ++++
 util/coroutine-sigaltstack.c |  4 ++--
 util/coroutine-ucontext.c    |  4 ++--
 4 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/meson.build b/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/meson.build
+++ b/meson.build
@@ -XXX,XX +XXX,XX @@ if 'cpp' in all_languages
   qemu_cxxflags = ['-D__STDC_LIMIT_MACROS', '-D__STDC_CONSTANT_MACROS', '-D__STDC_FORMAT_MACROS'] + qemu_cflags
 endif
 
-# clang does not support glibc + FORTIFY_SOURCE (is it still true?)
-if get_option('optimization') != '0' and targetos == 'linux'
-  if cc.get_id() == 'gcc'
-    qemu_cflags += ['-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=2']
-  endif
-  if 'cpp' in all_languages and cxx.get_id() == 'gcc'
-    qemu_cxxflags += ['-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=2']
-  endif
-endif
-
 add_project_arguments(qemu_cflags, native: false, language: 'c')
 add_project_arguments(cc.get_supported_arguments(warn_flags), native: false, language: 'c')
 if 'cpp' in all_languages
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -XXX,XX +XXX,XX @@
 #ifndef QEMU_OSDEP_H
 #define QEMU_OSDEP_H
 
+#if !defined _FORTIFY_SOURCE && defined __OPTIMIZE__ && __OPTIMIZE__ && defined __linux__
+# define _FORTIFY_SOURCE 2
+#endif
+
 #include "config-host.h"
 #ifdef NEED_CPU_H
 #include CONFIG_TARGET
diff --git a/util/coroutine-sigaltstack.c b/util/coroutine-sigaltstack.c
index XXXXXXX..XXXXXXX 100644
--- a/util/coroutine-sigaltstack.c
+++ b/util/coroutine-sigaltstack.c
@@ -XXX,XX +XXX,XX @@
  */
 
 /* XXX Is there a nicer way to disable glibc's stack check for longjmp? */
-#ifdef _FORTIFY_SOURCE
 #undef _FORTIFY_SOURCE
-#endif
+#define _FORTIFY_SOURCE 0
+
 #include "qemu/osdep.h"
 #include <pthread.h>
 #include "qemu/coroutine_int.h"
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index XXXXXXX..XXXXXXX 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -XXX,XX +XXX,XX @@
  */
 
 /* XXX Is there a nicer way to disable glibc's stack check for longjmp? */
-#ifdef _FORTIFY_SOURCE
 #undef _FORTIFY_SOURCE
-#endif
+#define _FORTIFY_SOURCE 0
+
 #include "qemu/osdep.h"
 #include <ucontext.h>
 #include "qemu/coroutine_int.h"
-- 
2.41.0