From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60951) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d0Qlu-000597-Nm for qemu-devel@nongnu.org; Tue, 18 Apr 2017 06:54:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d0Qlt-0002cm-JH for qemu-devel@nongnu.org; Tue, 18 Apr 2017 06:54:10 -0400 Date: Tue, 18 Apr 2017 12:53:55 +0200 From: Kevin Wolf Message-ID: <20170418105355.GB9236@noname.redhat.com> References: <20170418103948.13965-1-famz@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170418103948.13965-1-famz@redhat.com> Subject: Re: [Qemu-devel] [PATCH for-2.9-rc5 v3] block: Drain BH in bdrv_drained_begin List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Fam Zheng Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org, pbonzini@redhat.com, jcody@redhat.com, Stefan Hajnoczi , Max Reitz Am 18.04.2017 um 12:39 hat Fam Zheng geschrieben: > During block job completion, nothing is preventing > block_job_defer_to_main_loop_bh from being called in a nested > aio_poll(), which is a trouble, such as in this code path: > > qmp_block_commit > commit_active_start > bdrv_reopen > bdrv_reopen_multiple > bdrv_reopen_prepare > bdrv_flush > aio_poll > aio_bh_poll > aio_bh_call > block_job_defer_to_main_loop_bh > stream_complete > bdrv_reopen > > block_job_defer_to_main_loop_bh is the last step of the stream job, > which should have been "paused" by the bdrv_drained_begin/end in > bdrv_reopen_multiple, but it is not done because it's in the form of a > main loop BH. > > Similar to why block jobs should be paused between drained_begin and > drained_end, BHs they schedule must be excluded as well. To achieve > this, this patch forces draining the BH in BDRV_POLL_WHILE. > > Also because the BH in question can do bdrv_unref and child replacing, > protect @bs carefully to avoid use-after-free. > > As a side effect this fixes a hang in block_job_detach_aio_context > during system_reset when a block job is ready: > > #0 0x0000555555aa79f3 in bdrv_drain_recurse > #1 0x0000555555aa825d in bdrv_drained_begin > #2 0x0000555555aa8449 in bdrv_drain > #3 0x0000555555a9c356 in blk_drain > #4 0x0000555555aa3cfd in mirror_drain > #5 0x0000555555a66e11 in block_job_detach_aio_context > #6 0x0000555555a62f4d in bdrv_detach_aio_context > #7 0x0000555555a63116 in bdrv_set_aio_context > #8 0x0000555555a9d326 in blk_set_aio_context > #9 0x00005555557e38da in virtio_blk_data_plane_stop > #10 0x00005555559f9d5f in virtio_bus_stop_ioeventfd > #11 0x00005555559fa49b in virtio_bus_stop_ioeventfd > #12 0x00005555559f6a18 in virtio_pci_stop_ioeventfd > #13 0x00005555559f6a18 in virtio_pci_reset > #14 0x00005555559139a9 in qdev_reset_one > #15 0x0000555555916738 in qbus_walk_children > #16 0x0000555555913318 in qdev_walk_children > #17 0x0000555555916738 in qbus_walk_children > #18 0x00005555559168ca in qemu_devices_reset > #19 0x000055555581fcbb in pc_machine_reset > #20 0x00005555558a4d96 in qemu_system_reset > #21 0x000055555577157a in main_loop_should_exit > #22 0x000055555577157a in main_loop > #23 0x000055555577157a in main > > The rationale is that the loop in block_job_detach_aio_context cannot > make any progress in pausing/completing the job, because bs->in_flight > is 0, so bdrv_drain doesn't process the block_job_defer_to_main_loop > BH. With this patch, it does. > > Reported-by: Jeff Cody > Signed-off-by: Fam Zheng Reviewed-by: Kevin Wolf