On 27/10/2015 15:09, Denis V. Lunev wrote:
> aio_context should be locked in the similar way as was done in QMP
> snapshot creation in the other case there are a lot of possible
> troubles if native AIO mode is enabled for disk.
>
> - the command can hang (HMP thread) with missed wakeup (the operation is
> actually complete)
> io_submit
> ioq_submit
> laio_submit
> raw_aio_submit
> raw_aio_readv
> bdrv_co_io_em
> bdrv_co_readv_em
> bdrv_aligned_preadv
> bdrv_co_do_preadv
> bdrv_co_do_readv
> bdrv_co_readv
> qcow2_co_readv
> bdrv_aligned_preadv
> bdrv_co_do_pwritev
> bdrv_rw_co_entry
>
> - QEMU can assert in coroutine re-enter
> __GI_abort
> qemu_coroutine_enter
> bdrv_co_io_em_complete
> qemu_laio_process_completion
> qemu_laio_completion_bh
> aio_bh_poll
> aio_dispatch
> aio_poll
> iothread_run
>
> AioContext lock is reqursive. Thus nested locking should not be a problem.
>
> Signed-off-by: Denis V. Lunev <[email protected]>
> CC: Stefan Hajnoczi <[email protected]>
> CC: Paolo Bonzini <[email protected]>
> CC: Juan Quintela <[email protected]>
> CC: Amit Shah <[email protected]>
> ---
> block/snapshot.c | 5 +++++
> migration/savevm.c | 7 +++++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/block/snapshot.c b/block/snapshot.c
> index 89500f2..f6fa17a 100644
> --- a/block/snapshot.c
> +++ b/block/snapshot.c
> @@ -259,6 +259,9 @@ void bdrv_snapshot_delete_by_id_or_name(BlockDriverState
> *bs,
> {
> int ret;
> Error *local_err = NULL;
> + AioContext *aio_context = bdrv_get_aio_context(bs);
> +
> + aio_context_acquire(aio_context);
>
> ret = bdrv_snapshot_delete(bs, id_or_name, NULL, &local_err);
> if (ret == -ENOENT || ret == -EINVAL) {
> @@ -267,6 +270,8 @@ void bdrv_snapshot_delete_by_id_or_name(BlockDriverState
> *bs,
> ret = bdrv_snapshot_delete(bs, NULL, id_or_name, &local_err);
> }
>
> + aio_context_release(aio_context);
Why here and not in hmp_delvm, for consistency?
The call from hmp_savevm is already protected.
Thanks for fixing the bug!
Paolo
> if (ret < 0) {
> error_propagate(errp, local_err);
> }
> diff --git a/migration/savevm.c b/migration/savevm.c
> index dbcc39a..83d2efa 100644
> --- a/migration/savevm.c
> +++ b/migration/savevm.c
> @@ -1289,6 +1289,7 @@ void hmp_savevm(Monitor *mon, const QDict *qdict)
> struct tm tm;
> const char *name = qdict_get_try_str(qdict, "name");
> Error *local_err = NULL;
> + AioContext *aio_context;
>
> /* Verify if there is a device that doesn't support snapshots and is
> writable */
> bs = NULL;
> @@ -1320,6 +1321,9 @@ void hmp_savevm(Monitor *mon, const QDict *qdict)
> }
> vm_stop(RUN_STATE_SAVE_VM);
>
> + aio_context = bdrv_get_aio_context(bs);
> + aio_context_acquire(aio_context);
> +
> memset(sn, 0, sizeof(*sn));
>
> /* fill auxiliary fields */
> @@ -1378,6 +1382,8 @@ void hmp_savevm(Monitor *mon, const QDict *qdict)
> }
>
> the_end:
> + aio_context_release(aio_context);
> +
> if (saved_vm_running) {
> vm_start();
> }
>
>
