From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, hreitz@redhat.com, jsnow@redhat.com,
qemu-devel@nongnu.org, qemu-stable@nongnu.org
Subject: [PATCH 4/7] ide: Minimal fix for deadlock between TRIM and drain
Date: Tue, 21 Apr 2026 18:11:29 +0200 [thread overview]
Message-ID: <20260421161132.99878-5-kwolf@redhat.com> (raw)
In-Reply-To: <20260421161132.99878-1-kwolf@redhat.com>
The implementation of TRIM in IDE can chain multiple discard requests
and uses blk_inc/dec_in_flight() to make sure that the whole TRIM
operation has completed when the device needs to be quiescent (e.g. for
the drain when performing an IDE reset, it would be bad if an IDE
request like TRIM were still in flight).
The problem is that each drain request calls blk_wait_while_drained()
and when draining, it waits until the drained section ends. At the same
time, drain_begin can only return if the whole TRIM operation has
completed. This is a classic deadlock.
Use blk_co_start/end_request() and BDRV_REQ_NO_QUEUE to avoid the
problem. This requires moving the TRIM state machine to a coroutine.
This commit does the minimal conversion so that we do have a coroutine
that works for the fix, but it still looks much like a callback-based
implementation. This will be cleaned up in the next patch.
Cc: qemu-stable@nongnu.org
Fixes: 7e5cdb345f77 ('ide: Increment BB in-flight counter for TRIM BH')
Buglink: https://redhat.atlassian.net/browse/RHEL-121686
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/ide/core.c | 37 ++++++++++++++++++-------------------
1 file changed, 18 insertions(+), 19 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 7a15d6cac9b..48359c934c1 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -420,7 +420,6 @@ typedef struct TrimAIOCB {
QEMUBH *bh;
int ret;
QEMUIOVector *qiov;
- BlockAIOCB *aiocb;
int i, j;
} TrimAIOCB;
@@ -433,11 +432,6 @@ static void trim_aio_cancel(BlockAIOCB *acb)
iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
iocb->ret = -ECANCELED;
-
- if (iocb->aiocb) {
- blk_aio_cancel_async(iocb->aiocb);
- iocb->aiocb = NULL;
- }
}
static const AIOCBInfo trim_aiocb_info = {
@@ -456,15 +450,20 @@ static void ide_trim_bh_cb(void *opaque)
iocb->bh = NULL;
qemu_aio_unref(iocb);
- /* Paired with an increment in ide_issue_trim() */
- blk_dec_in_flight(blk);
+ /* Paired with blk_co_start_request in ide_trim_co_entry() */
+ blk_end_request(blk);
}
-static void ide_issue_trim_cb(void *opaque, int ret)
+static void coroutine_fn ide_trim_co_entry(void *opaque)
{
TrimAIOCB *iocb = opaque;
IDEState *s = iocb->s;
+ int ret = 0;
+
+ /* Paired with blk_end_request in ide_trim_bh_cb() */
+ blk_co_start_request(s->blk);
+loop:
if (iocb->i >= 0) {
if (ret >= 0) {
block_acct_done(blk_get_stats(s->blk), &s->acct);
@@ -499,11 +498,11 @@ static void ide_issue_trim_cb(void *opaque, int ret)
count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP);
/* Got an entry! Submit and exit. */
- iocb->aiocb = blk_aio_pdiscard(s->blk,
- sector << BDRV_SECTOR_BITS,
- count << BDRV_SECTOR_BITS,
- ide_issue_trim_cb, opaque);
- return;
+ ret = blk_co_pdiscard(s->blk,
+ sector << BDRV_SECTOR_BITS,
+ count << BDRV_SECTOR_BITS,
+ BDRV_REQ_NO_QUEUE);
+ goto loop;
}
iocb->j++;
@@ -514,7 +513,6 @@ static void ide_issue_trim_cb(void *opaque, int ret)
}
done:
- iocb->aiocb = NULL;
if (iocb->bh) {
replay_bh_schedule_event(iocb->bh);
}
@@ -527,9 +525,7 @@ BlockAIOCB *ide_issue_trim(
IDEState *s = opaque;
IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
TrimAIOCB *iocb;
-
- /* Paired with a decrement in ide_trim_bh_cb() */
- blk_inc_in_flight(s->blk);
+ Coroutine *co;
iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
iocb->s = s;
@@ -539,7 +535,10 @@ BlockAIOCB *ide_issue_trim(
iocb->qiov = qiov;
iocb->i = -1;
iocb->j = 0;
- ide_issue_trim_cb(iocb, 0);
+
+ co = qemu_coroutine_create(ide_trim_co_entry, iocb);
+ aio_co_enter(qemu_get_current_aio_context(), co);
+
return &iocb->common;
}
--
2.53.0
next prev parent reply other threads:[~2026-04-21 16:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-21 16:11 [PATCH 0/7] ide: Fix deadlock between TRIM and drain Kevin Wolf
2026-04-21 16:11 ` [PATCH 1/7] blkdebug: Add 'delay-ns' option Kevin Wolf
2026-04-21 16:11 ` [PATCH 2/7] block: Add blk_co_start/end_request() and BDRV_REQ_NO_QUEUE Kevin Wolf
2026-04-21 16:11 ` [PATCH 3/7] block: Add flags parameter to blk_*_pdiscard() Kevin Wolf
2026-04-21 16:11 ` Kevin Wolf [this message]
2026-04-21 16:11 ` [PATCH 5/7] ide: Clean up ide_trim_co_entry() to be idiomatic coroutine code Kevin Wolf
2026-04-21 16:11 ` [PATCH 6/7] ide-test: Factor out wait_dma_completion() Kevin Wolf
2026-04-21 16:11 ` [PATCH 7/7] ide-test: Test reset during TRIM Kevin Wolf
2026-05-12 11:58 ` [PATCH 0/7] ide: Fix deadlock between TRIM and drain Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260421161132.99878-5-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=hreitz@redhat.com \
--cc=jsnow@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.