[Qemu-devel] [RFC] scsi: restart dma after vm change state handlers

[Stefan Hajnoczi <stefanha@redhat.com>]

Various components register vm change state handlers to restart device
emulation when the guest is unpaused.  These handlers run in an
arbitrary order since there is no way to specific explicit dependencies
or priorities.

Each SCSIDevice has a vm change state handler to restart failed I/O
requests when the guest is unpaused.  It schedules a BH in the
AioContext of the BlockBackend.

When virtio-scsi is used with an iothread, the BH may execute in the
iothread while the main loop thread is invoking the remaining vm change
state handlers.  In this case virtio-scsi iothread may not be fully
started yet, leading to problems.

One symptom is that I/O request completion is processed in the iothread
before virtio-scsi iothread is fully started and the MSI notify code
path takes the BQL.  This violates QEMU's lock order and causes a
deadlock.

This patch defers restarting SCSIDevice requests until after all vm
change state handlers have completed.  It's an ugly fix because we're
taking advantage of side-effects instead of explicitly introducing
dependencies that are visible in the source code, but I haven't found a
cleaner solution that isn't also complex and hard to understand.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
This is RFC because I am waiting for a test result on the system where
the bug was originally discovered.  I'm also open to nicer solutions!

 hw/scsi/scsi-bus.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index c480553083..13b3823752 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -134,13 +134,10 @@ void scsi_req_retry(SCSIRequest *req)
     req->retry = true;
 }
 
-static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
+static void scsi_device_retry_reqs_bh(void *opaque)
 {
     SCSIDevice *s = opaque;
 
-    if (!running) {
-        return;
-    }
     if (!s->bh) {
         AioContext *ctx = blk_get_aio_context(s->conf.blk);
         s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s);
@@ -148,6 +145,22 @@ static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
     }
 }
 
+static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
+{
+    SCSIDevice *s = opaque;
+
+    if (!running) {
+        return;
+    }
+
+    /* Defer to a main loop BH since other vm change state handlers may need to
+     * run before the bus is ready for I/O activity (e.g. virtio-scsi's
+     * iothread setup).
+     */
+    aio_bh_schedule_oneshot(qemu_get_aio_context(),
+                            scsi_device_retry_reqs_bh, s);
+}
+
 static void scsi_qdev_realize(DeviceState *qdev, Error **errp)
 {
     SCSIDevice *dev = SCSI_DEVICE(qdev);
-- 
2.21.0