 7887f6201f
			
		
	
	
		7887f6201f
		
	
	
	
	
		
			
			Without this, qemu segfaults when a BH handler first deletes its BH and then calls another function which involves a nested qemu_bh_poll() call. This can be reproduced by generating an I/O error (e.g. with blkdebug) on an IDE device and using rerror/werror=stop to stop the VM. When continuing the VM, qemu segfaults. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
		
			
				
	
	
		
			218 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			218 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * QEMU System Emulator
 | |
|  *
 | |
|  * Copyright (c) 2003-2008 Fabrice Bellard
 | |
|  *
 | |
|  * Permission is hereby granted, free of charge, to any person obtaining a copy
 | |
|  * of this software and associated documentation files (the "Software"), to deal
 | |
|  * in the Software without restriction, including without limitation the rights
 | |
|  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 | |
|  * copies of the Software, and to permit persons to whom the Software is
 | |
|  * furnished to do so, subject to the following conditions:
 | |
|  *
 | |
|  * The above copyright notice and this permission notice shall be included in
 | |
|  * all copies or substantial portions of the Software.
 | |
|  *
 | |
|  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 | |
|  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 | |
|  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 | |
|  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 | |
|  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 | |
|  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 | |
|  * THE SOFTWARE.
 | |
|  */
 | |
| 
 | |
| #include "qemu-common.h"
 | |
| #include "qemu-aio.h"
 | |
| 
 | |
| /*
 | |
|  * An AsyncContext protects the callbacks of AIO requests and Bottom Halves
 | |
|  * against interfering with each other. A typical example is qcow2 that accepts
 | |
|  * asynchronous requests, but relies for manipulation of its metadata on
 | |
|  * synchronous bdrv_read/write that doesn't trigger any callbacks.
 | |
|  *
 | |
|  * However, these functions are often emulated using AIO which means that AIO
 | |
|  * callbacks must be run - but at the same time we must not run callbacks of
 | |
|  * other requests as they might start to modify metadata and corrupt the
 | |
|  * internal state of the caller of bdrv_read/write.
 | |
|  *
 | |
|  * To achieve the desired semantics we switch into a new AsyncContext.
 | |
|  * Callbacks must only be run if they belong to the current AsyncContext.
 | |
|  * Otherwise they need to be queued until their own context is active again.
 | |
|  * This is how you can make qemu_aio_wait() wait only for your own callbacks.
 | |
|  *
 | |
|  * The AsyncContexts form a stack. When you leave a AsyncContexts, you always
 | |
|  * return to the old ("parent") context.
 | |
|  */
 | |
| struct AsyncContext {
 | |
|     /* Consecutive number of the AsyncContext (position in the stack) */
 | |
|     int id;
 | |
| 
 | |
|     /* Anchor of the list of Bottom Halves belonging to the context */
 | |
|     struct QEMUBH *first_bh;
 | |
| 
 | |
|     /* Link to parent context */
 | |
|     struct AsyncContext *parent;
 | |
| };
 | |
| 
 | |
| /* The currently active AsyncContext */
 | |
| static struct AsyncContext *async_context = &(struct AsyncContext) { 0 };
 | |
| 
 | |
| /*
 | |
|  * Enter a new AsyncContext. Already scheduled Bottom Halves and AIO callbacks
 | |
|  * won't be called until this context is left again.
 | |
|  */
 | |
| void async_context_push(void)
 | |
| {
 | |
|     struct AsyncContext *new = qemu_mallocz(sizeof(*new));
 | |
|     new->parent = async_context;
 | |
|     new->id = async_context->id + 1;
 | |
|     async_context = new;
 | |
| }
 | |
| 
 | |
| /* Run queued AIO completions and destroy Bottom Half */
 | |
| static void bh_run_aio_completions(void *opaque)
 | |
| {
 | |
|     QEMUBH **bh = opaque;
 | |
|     qemu_bh_delete(*bh);
 | |
|     qemu_free(bh);
 | |
|     qemu_aio_process_queue();
 | |
| }
 | |
| /*
 | |
|  * Leave the currently active AsyncContext. All Bottom Halves belonging to the
 | |
|  * old context are executed before changing the context.
 | |
|  */
 | |
| void async_context_pop(void)
 | |
| {
 | |
|     struct AsyncContext *old = async_context;
 | |
|     QEMUBH **bh;
 | |
| 
 | |
|     /* Flush the bottom halves, we don't want to lose them */
 | |
|     while (qemu_bh_poll());
 | |
| 
 | |
|     /* Switch back to the parent context */
 | |
|     async_context = async_context->parent;
 | |
|     qemu_free(old);
 | |
| 
 | |
|     if (async_context == NULL) {
 | |
|         abort();
 | |
|     }
 | |
| 
 | |
|     /* Schedule BH to run any queued AIO completions as soon as possible */
 | |
|     bh = qemu_malloc(sizeof(*bh));
 | |
|     *bh = qemu_bh_new(bh_run_aio_completions, bh);
 | |
|     qemu_bh_schedule(*bh);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Returns the ID of the currently active AsyncContext
 | |
|  */
 | |
| int get_async_context_id(void)
 | |
| {
 | |
|     return async_context->id;
 | |
| }
 | |
| 
 | |
| /***********************************************************/
 | |
| /* bottom halves (can be seen as timers which expire ASAP) */
 | |
| 
 | |
| struct QEMUBH {
 | |
|     QEMUBHFunc *cb;
 | |
|     void *opaque;
 | |
|     int scheduled;
 | |
|     int idle;
 | |
|     int deleted;
 | |
|     QEMUBH *next;
 | |
| };
 | |
| 
 | |
| QEMUBH *qemu_bh_new(QEMUBHFunc *cb, void *opaque)
 | |
| {
 | |
|     QEMUBH *bh;
 | |
|     bh = qemu_mallocz(sizeof(QEMUBH));
 | |
|     bh->cb = cb;
 | |
|     bh->opaque = opaque;
 | |
|     bh->next = async_context->first_bh;
 | |
|     async_context->first_bh = bh;
 | |
|     return bh;
 | |
| }
 | |
| 
 | |
| int qemu_bh_poll(void)
 | |
| {
 | |
|     QEMUBH *bh, **bhp, *next;
 | |
|     int ret;
 | |
| 
 | |
|     ret = 0;
 | |
|     for (bh = async_context->first_bh; bh; bh = next) {
 | |
|         next = bh->next;
 | |
|         if (!bh->deleted && bh->scheduled) {
 | |
|             bh->scheduled = 0;
 | |
|             if (!bh->idle)
 | |
|                 ret = 1;
 | |
|             bh->idle = 0;
 | |
|             bh->cb(bh->opaque);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /* remove deleted bhs */
 | |
|     bhp = &async_context->first_bh;
 | |
|     while (*bhp) {
 | |
|         bh = *bhp;
 | |
|         if (bh->deleted) {
 | |
|             *bhp = bh->next;
 | |
|             qemu_free(bh);
 | |
|         } else
 | |
|             bhp = &bh->next;
 | |
|     }
 | |
| 
 | |
|     return ret;
 | |
| }
 | |
| 
 | |
| void qemu_bh_schedule_idle(QEMUBH *bh)
 | |
| {
 | |
|     if (bh->scheduled)
 | |
|         return;
 | |
|     bh->scheduled = 1;
 | |
|     bh->idle = 1;
 | |
| }
 | |
| 
 | |
| void qemu_bh_schedule(QEMUBH *bh)
 | |
| {
 | |
|     if (bh->scheduled)
 | |
|         return;
 | |
|     bh->scheduled = 1;
 | |
|     bh->idle = 0;
 | |
|     /* stop the currently executing CPU to execute the BH ASAP */
 | |
|     qemu_notify_event();
 | |
| }
 | |
| 
 | |
| void qemu_bh_cancel(QEMUBH *bh)
 | |
| {
 | |
|     bh->scheduled = 0;
 | |
| }
 | |
| 
 | |
| void qemu_bh_delete(QEMUBH *bh)
 | |
| {
 | |
|     bh->scheduled = 0;
 | |
|     bh->deleted = 1;
 | |
| }
 | |
| 
 | |
| void qemu_bh_update_timeout(int *timeout)
 | |
| {
 | |
|     QEMUBH *bh;
 | |
| 
 | |
|     for (bh = async_context->first_bh; bh; bh = bh->next) {
 | |
|         if (!bh->deleted && bh->scheduled) {
 | |
|             if (bh->idle) {
 | |
|                 /* idle bottom halves will be polled at least
 | |
|                  * every 10ms */
 | |
|                 *timeout = MIN(10, *timeout);
 | |
|             } else {
 | |
|                 /* non-idle bottom halves will be executed
 | |
|                  * immediately */
 | |
|                 *timeout = 0;
 | |
|                 break;
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| }
 | |
| 
 |