packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/ide-Increment-BB-in-flight-counter-for-TRIM-BH.patch
Jiabo Feng c4dab45526 QEMU update to version 6.2.0-76(master) 
- qga/win32: Use rundll for VSS installation
- qga/win32: Remove change action from MSI installer
- ide: Increment BB in-flight counter for TRIM BH
- hw/pci-bridge/pxb: Fix missing swizzle
- host-vdpa: make notifiers _init()/_uninit() symmetric
- hw/virtio: vdpa: Fix leak of host-notifier memory-region
- accel/tcg/cpu-exec: Fix precise single-stepping after interrupt
- Allow setting up to 8 bytes with the generic loader
- hw/net/virtio-net: make some VirtIONet const
- accel/tcg: Optimize jump cache flush during tlb range flush
- 9pfs: prevent opening special files (CVE-2023-2861)
- tcg: Reduce tcg_assert_listed_vecop() scope
- gitlab: Disable plugins for cross-i386-tci
- vfio/pci: Fix a segfault in vfio_realize
- block/iscsi: fix double-free on BUSY or similar statuses
- tests/tcg: fix unused variable in linux-test
- hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value
- qga/vss-win32: fix warning for clang++-15
- vnc: avoid underflow when accessing user-provided address
- block/monitor: Fix crash when executing HMP commit
- virtio-gpu: add a FIXME for virtio_gpu_load()
- hw/ppc/Kconfig: MAC_NEWWORLD should always select USB_OHCI_PCI
- migration: report compress thread pid to libvirt

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
2023-08-07 16:46:33 +08:00

88 lines
3.3 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 31ae365f6c13d1bdad9d4eefe6e9f00928e5dd64 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Wed, 26 Jul 2023 02:50:59 +0000
Subject: [PATCH] ide: Increment BB in-flight counter for TRIM BH mainline
inclusion commit 7e5cdb345f77d76cb4877fe6230c4e17a7d0d0ca category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
When we still have an AIOCB registered for DMA operations, we try to
settle the respective operation by draining the BlockBackend associated
with the IDE device.
However, this assumes that every DMA operation is associated with an
increment of the BlockBackends in-flight counter (e.g. through some
ongoing I/O operation), so that draining the BB until its in-flight
counter reaches 0 will settle all DMA operations. That is not the case:
For TRIM, the guest can issue a zero-length operation that will not
result in any I/O operation forwarded to the BlockBackend, and also not
increment the in-flight counter in any other way. In such a case,
blk_drain() will be a no-op if no other operations are in flight.
It is clear that if blk_drain() is a no-op, the value of
s->bus->dma->aiocb will not change between checking it in the `if`
condition and asserting that it is NULL after blk_drain().
The particular problem is that ide_issue_trim() creates a BH
(ide_trim_bh_cb()) to settle the TRIM request: iocb->common.cb() is
ide_dma_cb(), which will either create a new request, or find the
transfer to be done and call ide_set_inactive(), which clears
s->bus->dma->aiocb. Therefore, the blk_drain() must wait for
ide_trim_bh_cb() to run, which currently it will not always do.
To fix this issue, we increment the BlockBackend's in-flight counter
when the TRIM operation begins (in ide_issue_trim(), when the
ide_trim_bh_cb() BH is created) and decrement it when ide_trim_bh_cb()
is done.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2029980
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220120142259.120189-1-hreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Tested-by: John Snow <jsnow@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
hw/ide/core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index e28f8aad61..15138225be 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -433,12 +433,16 @@ static const AIOCBInfo trim_aiocb_info = {
static void ide_trim_bh_cb(void *opaque)
{
TrimAIOCB *iocb = opaque;
+ BlockBackend *blk = iocb->s->blk;
iocb->common.cb(iocb->common.opaque, iocb->ret);
qemu_bh_delete(iocb->bh);
iocb->bh = NULL;
qemu_aio_unref(iocb);
+
+ /* Paired with an increment in ide_issue_trim() */
+ blk_dec_in_flight(blk);
}
static void ide_issue_trim_cb(void *opaque, int ret)
@@ -508,6 +512,9 @@ BlockAIOCB *ide_issue_trim(
IDEState *s = opaque;
TrimAIOCB *iocb;
+ /* Paired with a decrement in ide_trim_bh_cb() */
+ blk_inc_in_flight(s->blk);
+
iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
iocb->s = s;
iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
--
2.41.0.windows.1
Reference in New Issue View Git Blame Copy Permalink