[Qemu-devel] [PATCH 0/2] Fix immediate error handling on synthetic aios

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH 0/2] Fix immediate error handling on synthetic aios
@ 2009-03-27 13:30 Avi Kivity
  2009-03-27 13:30 ` [Qemu-devel] [PATCH 1/2] Fix vectored aio bounce handling immediate errors Avi Kivity
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Avi Kivity @ 2009-03-27 13:30 UTC (permalink / raw)
  To: Anthony Liguori; +Cc: qemu-devel

The block layer can signal aio errors in two ways: by calling the completion
function with a negative status code, or by returning a NULL aiocb.  Two of
the synthetic aio implementations (the DMA API and the vectored aio bouncing)
fail to handle the second case correctly, resulting in crashes when
cancellation of a timed out request is attempted.

I think the long term fix is to have the block layer signal errors in just
one way -- by invoking the completion handler with a negative return code --
but in the meanwhile, here are patches that add the required error checking.

Avi Kivity (2):
  Fix vectored aio bounce handling immediate errors
  Fix DMA API when handling an immediate error from block layer

 block.c       |    5 +++++
 dma-helpers.c |   27 +++++++++++++++++++++------
 2 files changed, 26 insertions(+), 6 deletions(-)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Qemu-devel] [PATCH 1/2] Fix vectored aio bounce handling immediate errors
  2009-03-27 13:30 [Qemu-devel] [PATCH 0/2] Fix immediate error handling on synthetic aios Avi Kivity
@ 2009-03-27 13:30 ` Avi Kivity
  2009-03-27 13:30 ` [Qemu-devel] [PATCH 2/2] Fix DMA API when handling an immediate error from block layer Avi Kivity
  2009-03-28 16:11 ` [Qemu-devel] Re: [PATCH 0/2] Fix immediate error handling on synthetic aios Anthony Liguori
  2 siblings, 0 replies; 4+ messages in thread
From: Avi Kivity @ 2009-03-27 13:30 UTC (permalink / raw)
  To: Anthony Liguori; +Cc: qemu-devel

If a bounced vectored aio fails immediately (the inner aio submission
returning NULL) then the bounce handler erronously returns an aio
request which will never be completed (and which crashes when cancelled).

Fix by detecting that the inner request has failed and propagating the
error.

Signed-off-by: Avi Kivity <avi@redhat.com>
---
 block.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/block.c b/block.c
index fd09dff..6479072 100644
--- a/block.c
+++ b/block.c
@@ -1306,6 +1306,11 @@ static BlockDriverAIOCB *bdrv_aio_rw_vector(BlockDriverState *bs,
         s->aiocb = bdrv_aio_read(bs, sector_num, s->bounce, nb_sectors,
                                  bdrv_aio_rw_vector_cb, s);
     }
+    if (!s->aiocb) {
+        qemu_vfree(s->bounce);
+        qemu_aio_release(s);
+        return NULL;
+    }
     return &s->common;
 }
 
-- 
1.6.1.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Qemu-devel] [PATCH 2/2] Fix DMA API when handling an immediate error from block layer
  2009-03-27 13:30 [Qemu-devel] [PATCH 0/2] Fix immediate error handling on synthetic aios Avi Kivity
  2009-03-27 13:30 ` [Qemu-devel] [PATCH 1/2] Fix vectored aio bounce handling immediate errors Avi Kivity
@ 2009-03-27 13:30 ` Avi Kivity
  2009-03-28 16:11 ` [Qemu-devel] Re: [PATCH 0/2] Fix immediate error handling on synthetic aios Anthony Liguori
  2 siblings, 0 replies; 4+ messages in thread
From: Avi Kivity @ 2009-03-27 13:30 UTC (permalink / raw)
  To: Anthony Liguori; +Cc: qemu-devel

The block layer may signal an immediate error on an asynchronous request
by returning NULL.  The DMA API did not handle this correctly, returning
an AIO request which would never complete (and which would crash if
cancelled).

Fix by detecting the failure and propagating it.

Signed-off-by: Avi Kivity <avi@redhat.com>
---
 dma-helpers.c |   27 +++++++++++++++++++++------
 1 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/dma-helpers.c b/dma-helpers.c
index 96a120c..1469e34 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -70,20 +70,26 @@ static void continue_after_map_failure(void *opaque)
     qemu_bh_schedule(dbs->bh);
 }
 
-static void dma_bdrv_cb(void *opaque, int ret)
+static void dma_bdrv_unmap(DMAAIOCB *dbs)
 {
-    DMAAIOCB *dbs = (DMAAIOCB *)opaque;
-    target_phys_addr_t cur_addr, cur_len;
-    void *mem;
     int i;
 
-    dbs->acb = NULL;
-    dbs->sector_num += dbs->iov.size / 512;
     for (i = 0; i < dbs->iov.niov; ++i) {
         cpu_physical_memory_unmap(dbs->iov.iov[i].iov_base,
                                   dbs->iov.iov[i].iov_len, !dbs->is_write,
                                   dbs->iov.iov[i].iov_len);
     }
+}
+
+void dma_bdrv_cb(void *opaque, int ret)
+{
+    DMAAIOCB *dbs = (DMAAIOCB *)opaque;
+    target_phys_addr_t cur_addr, cur_len;
+    void *mem;
+
+    dbs->acb = NULL;
+    dbs->sector_num += dbs->iov.size / 512;
+    dma_bdrv_unmap(dbs);
     qemu_iovec_reset(&dbs->iov);
 
     if (dbs->sg_cur_index == dbs->sg->nsg || ret < 0) {
@@ -119,6 +125,11 @@ static void dma_bdrv_cb(void *opaque, int ret)
         dbs->acb = bdrv_aio_readv(dbs->bs, dbs->sector_num, &dbs->iov,
                                   dbs->iov.size / 512, dma_bdrv_cb, dbs);
     }
+    if (!dbs->acb) {
+        dma_bdrv_unmap(dbs);
+        qemu_iovec_destroy(&dbs->iov);
+        return;
+    }
 }
 
 static BlockDriverAIOCB *dma_bdrv_io(
@@ -138,6 +149,10 @@ static BlockDriverAIOCB *dma_bdrv_io(
     dbs->bh = NULL;
     qemu_iovec_init(&dbs->iov, sg->nsg);
     dma_bdrv_cb(dbs, 0);
+    if (!dbs->acb) {
+        qemu_aio_release(dbs);
+        return NULL;
+    }
     return &dbs->common;
 }
 
-- 
1.6.1.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Qemu-devel] Re: [PATCH 0/2] Fix immediate error handling on synthetic aios
  2009-03-27 13:30 [Qemu-devel] [PATCH 0/2] Fix immediate error handling on synthetic aios Avi Kivity
  2009-03-27 13:30 ` [Qemu-devel] [PATCH 1/2] Fix vectored aio bounce handling immediate errors Avi Kivity
  2009-03-27 13:30 ` [Qemu-devel] [PATCH 2/2] Fix DMA API when handling an immediate error from block layer Avi Kivity
@ 2009-03-28 16:11 ` Anthony Liguori
  2 siblings, 0 replies; 4+ messages in thread
From: Anthony Liguori @ 2009-03-28 16:11 UTC (permalink / raw)
  To: Avi Kivity; +Cc: qemu-devel

Avi Kivity wrote:
> The block layer can signal aio errors in two ways: by calling the completion
> function with a negative status code, or by returning a NULL aiocb.  Two of
> the synthetic aio implementations (the DMA API and the vectored aio bouncing)
> fail to handle the second case correctly, resulting in crashes when
> cancellation of a timed out request is attempted.
>
> I think the long term fix is to have the block layer signal errors in just
> one way -- by invoking the completion handler with a negative return code --
> but in the meanwhile, here are patches that add the required error checking.
>
> Avi Kivity (2):
>   Fix vectored aio bounce handling immediate errors
>   Fix DMA API when handling an immediate error from block layer
>
>  block.c       |    5 +++++
>  dma-helpers.c |   27 +++++++++++++++++++++------
>  2 files changed, 26 insertions(+), 6 deletions(-)
>   

Applied all.  Thanks.

Regards,

Anthony Liguori

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-03-28 16:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-27 13:30 [Qemu-devel] [PATCH 0/2] Fix immediate error handling on synthetic aios Avi Kivity
2009-03-27 13:30 ` [Qemu-devel] [PATCH 1/2] Fix vectored aio bounce handling immediate errors Avi Kivity
2009-03-27 13:30 ` [Qemu-devel] [PATCH 2/2] Fix DMA API when handling an immediate error from block layer Avi Kivity
2009-03-28 16:11 ` [Qemu-devel] Re: [PATCH 0/2] Fix immediate error handling on synthetic aios Anthony Liguori

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).