From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33079)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YSNHe-0001UV-08
	for qemu-devel@nongnu.org; Mon, 02 Mar 2015 05:09:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YSNHc-0007jn-Ia
	for qemu-devel@nongnu.org; Mon, 02 Mar 2015 05:09:05 -0500
Received: from mail-wi0-x233.google.com ([2a00:1450:400c:c05::233]:38889)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YSNHc-0007jj-BI
	for qemu-devel@nongnu.org; Mon, 02 Mar 2015 05:09:04 -0500
Received: by wiwh11 with SMTP id h11so13501835wiw.3
	for <qemu-devel@nongnu.org>; Mon, 02 Mar 2015 02:09:03 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon,  2 Mar 2015 11:08:41 +0100
Message-Id: <1425290934-60872-3-git-send-email-pbonzini@redhat.com>
In-Reply-To: <1425290934-60872-1-git-send-email-pbonzini@redhat.com>
References: <1425290934-60872-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PULL 02/15] block: Forbid bdrv_set_aio_context
	outside BQL
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Fam Zheng <famz@redhat.com>

From: Fam Zheng <famz@redhat.com>

Even if the caller has both the old and the new AioContext's, there can
be a deadlock, due to the leading bdrv_drain_all.

Suppose there are four io threads (A, B, A0, B0) with A and B owning a
BDS for each (bs_a, bs_b); Now A wants to move bs_a to iothread A0, and
B wants to move bs_b to B0, at the same time:

  iothread A                           iothread B
--------------------------------------------------------------------------
  aio_context_acquire(A0) /* OK */     aio_context_acquire(B0) /* OK */
  bdrv_set_aio_context(bs_a, A0)       bdrv_set_aio_context(bs_b, B0)
  -> bdrv_drain_all()                  -> bdrv_drain_all()
     -> acquire A /* OK */               -> acquire A /* blocked */
     -> acquire B /* blocked */          -> acquire B
     ...                                 ...

Deadlock happens because A is waiting for B, and B is waiting for A.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1423969591-23646-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 include/block/block.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index 471d11d..649c269 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -547,8 +547,7 @@ AioContext *bdrv_get_aio_context(BlockDriverState *bs);
  * Changes the #AioContext used for fd handlers, timers, and BHs by this
  * BlockDriverState and all its children.
  *
- * This function must be called from the old #AioContext or with a lock held so
- * the old #AioContext is not executing.
+ * This function must be called with iothread lock held.
  */
 void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context);
 
-- 
2.3.0