mirror of
https://github.com/qemu/qemu.git
synced 2025-10-31 04:06:46 +00:00
f7795e4096
Description copied from Linux kernel commit from Gustavo A. R. Silva
(see [3]):
--v-- description start --v--
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to
declare variable-length types such as these ones is a flexible
array member [1], introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler
warning in case the flexible array does not occur last in the
structure, which will help us prevent some kind of undefined
behavior bugs from being unadvertenly introduced [2] to the
Linux codebase from now on.
--^-- description end --^--
Do the similar housekeeping in the QEMU codebase (which uses
C99 since commit 7be41675f7).
All these instances of code were found with the help of the
following Coccinelle script:
@@
identifier s, m, a;
type t, T;
@@
struct s {
...
t m;
- T a[0];
+ T a[];
};
@@
identifier s, m, a;
type t, T;
@@
struct s {
...
t m;
- T a[0];
+ T a[];
} QEMU_PACKED;
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76497732932f
[3] https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=17642a2fbd2c1
Inspired-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
460 lines
12 KiB
C
460 lines
12 KiB
C
/*
|
|
* Linux native AIO support.
|
|
*
|
|
* Copyright (C) 2009 IBM, Corp.
|
|
* Copyright (C) 2009 Red Hat, Inc.
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
* See the COPYING file in the top-level directory.
|
|
*/
|
|
#include "qemu/osdep.h"
|
|
#include "block/aio.h"
|
|
#include "qemu/queue.h"
|
|
#include "block/block.h"
|
|
#include "block/raw-aio.h"
|
|
#include "qemu/event_notifier.h"
|
|
#include "qemu/coroutine.h"
|
|
#include "qapi/error.h"
|
|
|
|
#include <libaio.h>
|
|
|
|
/*
|
|
* Queue size (per-device).
|
|
*
|
|
* XXX: eventually we need to communicate this to the guest and/or make it
|
|
* tunable by the guest. If we get more outstanding requests at a time
|
|
* than this we will get EAGAIN from io_submit which is communicated to
|
|
* the guest as an I/O error.
|
|
*/
|
|
#define MAX_EVENTS 1024
|
|
|
|
struct qemu_laiocb {
|
|
Coroutine *co;
|
|
LinuxAioState *ctx;
|
|
struct iocb iocb;
|
|
ssize_t ret;
|
|
size_t nbytes;
|
|
QEMUIOVector *qiov;
|
|
bool is_read;
|
|
QSIMPLEQ_ENTRY(qemu_laiocb) next;
|
|
};
|
|
|
|
typedef struct {
|
|
int plugged;
|
|
unsigned int in_queue;
|
|
unsigned int in_flight;
|
|
bool blocked;
|
|
QSIMPLEQ_HEAD(, qemu_laiocb) pending;
|
|
} LaioQueue;
|
|
|
|
struct LinuxAioState {
|
|
AioContext *aio_context;
|
|
|
|
io_context_t ctx;
|
|
EventNotifier e;
|
|
|
|
/* io queue for submit at batch. Protected by AioContext lock. */
|
|
LaioQueue io_q;
|
|
|
|
/* I/O completion processing. Only runs in I/O thread. */
|
|
QEMUBH *completion_bh;
|
|
int event_idx;
|
|
int event_max;
|
|
};
|
|
|
|
static void ioq_submit(LinuxAioState *s);
|
|
|
|
static inline ssize_t io_event_ret(struct io_event *ev)
|
|
{
|
|
return (ssize_t)(((uint64_t)ev->res2 << 32) | ev->res);
|
|
}
|
|
|
|
/*
|
|
* Completes an AIO request.
|
|
*/
|
|
static void qemu_laio_process_completion(struct qemu_laiocb *laiocb)
|
|
{
|
|
int ret;
|
|
|
|
ret = laiocb->ret;
|
|
if (ret != -ECANCELED) {
|
|
if (ret == laiocb->nbytes) {
|
|
ret = 0;
|
|
} else if (ret >= 0) {
|
|
/* Short reads mean EOF, pad with zeros. */
|
|
if (laiocb->is_read) {
|
|
qemu_iovec_memset(laiocb->qiov, ret, 0,
|
|
laiocb->qiov->size - ret);
|
|
} else {
|
|
ret = -ENOSPC;
|
|
}
|
|
}
|
|
}
|
|
|
|
laiocb->ret = ret;
|
|
|
|
/*
|
|
* If the coroutine is already entered it must be in ioq_submit() and
|
|
* will notice laio->ret has been filled in when it eventually runs
|
|
* later. Coroutines cannot be entered recursively so avoid doing
|
|
* that!
|
|
*/
|
|
if (!qemu_coroutine_entered(laiocb->co)) {
|
|
aio_co_wake(laiocb->co);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* aio_ring buffer which is shared between userspace and kernel.
|
|
*
|
|
* This copied from linux/fs/aio.c, common header does not exist
|
|
* but AIO exists for ages so we assume ABI is stable.
|
|
*/
|
|
struct aio_ring {
|
|
unsigned id; /* kernel internal index number */
|
|
unsigned nr; /* number of io_events */
|
|
unsigned head; /* Written to by userland or by kernel. */
|
|
unsigned tail;
|
|
|
|
unsigned magic;
|
|
unsigned compat_features;
|
|
unsigned incompat_features;
|
|
unsigned header_length; /* size of aio_ring */
|
|
|
|
struct io_event io_events[];
|
|
};
|
|
|
|
/**
|
|
* io_getevents_peek:
|
|
* @ctx: AIO context
|
|
* @events: pointer on events array, output value
|
|
|
|
* Returns the number of completed events and sets a pointer
|
|
* on events array. This function does not update the internal
|
|
* ring buffer, only reads head and tail. When @events has been
|
|
* processed io_getevents_commit() must be called.
|
|
*/
|
|
static inline unsigned int io_getevents_peek(io_context_t ctx,
|
|
struct io_event **events)
|
|
{
|
|
struct aio_ring *ring = (struct aio_ring *)ctx;
|
|
unsigned int head = ring->head, tail = ring->tail;
|
|
unsigned int nr;
|
|
|
|
nr = tail >= head ? tail - head : ring->nr - head;
|
|
*events = ring->io_events + head;
|
|
/* To avoid speculative loads of s->events[i] before observing tail.
|
|
Paired with smp_wmb() inside linux/fs/aio.c: aio_complete(). */
|
|
smp_rmb();
|
|
|
|
return nr;
|
|
}
|
|
|
|
/**
|
|
* io_getevents_commit:
|
|
* @ctx: AIO context
|
|
* @nr: the number of events on which head should be advanced
|
|
*
|
|
* Advances head of a ring buffer.
|
|
*/
|
|
static inline void io_getevents_commit(io_context_t ctx, unsigned int nr)
|
|
{
|
|
struct aio_ring *ring = (struct aio_ring *)ctx;
|
|
|
|
if (nr) {
|
|
ring->head = (ring->head + nr) % ring->nr;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* io_getevents_advance_and_peek:
|
|
* @ctx: AIO context
|
|
* @events: pointer on events array, output value
|
|
* @nr: the number of events on which head should be advanced
|
|
*
|
|
* Advances head of a ring buffer and returns number of elements left.
|
|
*/
|
|
static inline unsigned int
|
|
io_getevents_advance_and_peek(io_context_t ctx,
|
|
struct io_event **events,
|
|
unsigned int nr)
|
|
{
|
|
io_getevents_commit(ctx, nr);
|
|
return io_getevents_peek(ctx, events);
|
|
}
|
|
|
|
/**
|
|
* qemu_laio_process_completions:
|
|
* @s: AIO state
|
|
*
|
|
* Fetches completed I/O requests and invokes their callbacks.
|
|
*
|
|
* The function is somewhat tricky because it supports nested event loops, for
|
|
* example when a request callback invokes aio_poll(). In order to do this,
|
|
* indices are kept in LinuxAioState. Function schedules BH completion so it
|
|
* can be called again in a nested event loop. When there are no events left
|
|
* to complete the BH is being canceled.
|
|
*/
|
|
static void qemu_laio_process_completions(LinuxAioState *s)
|
|
{
|
|
struct io_event *events;
|
|
|
|
/* Reschedule so nested event loops see currently pending completions */
|
|
qemu_bh_schedule(s->completion_bh);
|
|
|
|
while ((s->event_max = io_getevents_advance_and_peek(s->ctx, &events,
|
|
s->event_idx))) {
|
|
for (s->event_idx = 0; s->event_idx < s->event_max; ) {
|
|
struct iocb *iocb = events[s->event_idx].obj;
|
|
struct qemu_laiocb *laiocb =
|
|
container_of(iocb, struct qemu_laiocb, iocb);
|
|
|
|
laiocb->ret = io_event_ret(&events[s->event_idx]);
|
|
|
|
/* Change counters one-by-one because we can be nested. */
|
|
s->io_q.in_flight--;
|
|
s->event_idx++;
|
|
qemu_laio_process_completion(laiocb);
|
|
}
|
|
}
|
|
|
|
qemu_bh_cancel(s->completion_bh);
|
|
|
|
/* If we are nested we have to notify the level above that we are done
|
|
* by setting event_max to zero, upper level will then jump out of it's
|
|
* own `for` loop. If we are the last all counters droped to zero. */
|
|
s->event_max = 0;
|
|
s->event_idx = 0;
|
|
}
|
|
|
|
static void qemu_laio_process_completions_and_submit(LinuxAioState *s)
|
|
{
|
|
aio_context_acquire(s->aio_context);
|
|
qemu_laio_process_completions(s);
|
|
|
|
if (!s->io_q.plugged && !QSIMPLEQ_EMPTY(&s->io_q.pending)) {
|
|
ioq_submit(s);
|
|
}
|
|
aio_context_release(s->aio_context);
|
|
}
|
|
|
|
static void qemu_laio_completion_bh(void *opaque)
|
|
{
|
|
LinuxAioState *s = opaque;
|
|
|
|
qemu_laio_process_completions_and_submit(s);
|
|
}
|
|
|
|
static void qemu_laio_completion_cb(EventNotifier *e)
|
|
{
|
|
LinuxAioState *s = container_of(e, LinuxAioState, e);
|
|
|
|
if (event_notifier_test_and_clear(&s->e)) {
|
|
qemu_laio_process_completions_and_submit(s);
|
|
}
|
|
}
|
|
|
|
static bool qemu_laio_poll_cb(void *opaque)
|
|
{
|
|
EventNotifier *e = opaque;
|
|
LinuxAioState *s = container_of(e, LinuxAioState, e);
|
|
struct io_event *events;
|
|
|
|
if (!io_getevents_peek(s->ctx, &events)) {
|
|
return false;
|
|
}
|
|
|
|
qemu_laio_process_completions_and_submit(s);
|
|
return true;
|
|
}
|
|
|
|
static void ioq_init(LaioQueue *io_q)
|
|
{
|
|
QSIMPLEQ_INIT(&io_q->pending);
|
|
io_q->plugged = 0;
|
|
io_q->in_queue = 0;
|
|
io_q->in_flight = 0;
|
|
io_q->blocked = false;
|
|
}
|
|
|
|
static void ioq_submit(LinuxAioState *s)
|
|
{
|
|
int ret, len;
|
|
struct qemu_laiocb *aiocb;
|
|
struct iocb *iocbs[MAX_EVENTS];
|
|
QSIMPLEQ_HEAD(, qemu_laiocb) completed;
|
|
|
|
do {
|
|
if (s->io_q.in_flight >= MAX_EVENTS) {
|
|
break;
|
|
}
|
|
len = 0;
|
|
QSIMPLEQ_FOREACH(aiocb, &s->io_q.pending, next) {
|
|
iocbs[len++] = &aiocb->iocb;
|
|
if (s->io_q.in_flight + len >= MAX_EVENTS) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
ret = io_submit(s->ctx, len, iocbs);
|
|
if (ret == -EAGAIN) {
|
|
break;
|
|
}
|
|
if (ret < 0) {
|
|
/* Fail the first request, retry the rest */
|
|
aiocb = QSIMPLEQ_FIRST(&s->io_q.pending);
|
|
QSIMPLEQ_REMOVE_HEAD(&s->io_q.pending, next);
|
|
s->io_q.in_queue--;
|
|
aiocb->ret = ret;
|
|
qemu_laio_process_completion(aiocb);
|
|
continue;
|
|
}
|
|
|
|
s->io_q.in_flight += ret;
|
|
s->io_q.in_queue -= ret;
|
|
aiocb = container_of(iocbs[ret - 1], struct qemu_laiocb, iocb);
|
|
QSIMPLEQ_SPLIT_AFTER(&s->io_q.pending, aiocb, next, &completed);
|
|
} while (ret == len && !QSIMPLEQ_EMPTY(&s->io_q.pending));
|
|
s->io_q.blocked = (s->io_q.in_queue > 0);
|
|
|
|
if (s->io_q.in_flight) {
|
|
/* We can try to complete something just right away if there are
|
|
* still requests in-flight. */
|
|
qemu_laio_process_completions(s);
|
|
/*
|
|
* Even we have completed everything (in_flight == 0), the queue can
|
|
* have still pended requests (in_queue > 0). We do not attempt to
|
|
* repeat submission to avoid IO hang. The reason is simple: s->e is
|
|
* still set and completion callback will be called shortly and all
|
|
* pended requests will be submitted from there.
|
|
*/
|
|
}
|
|
}
|
|
|
|
void laio_io_plug(BlockDriverState *bs, LinuxAioState *s)
|
|
{
|
|
s->io_q.plugged++;
|
|
}
|
|
|
|
void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s)
|
|
{
|
|
assert(s->io_q.plugged);
|
|
if (--s->io_q.plugged == 0 &&
|
|
!s->io_q.blocked && !QSIMPLEQ_EMPTY(&s->io_q.pending)) {
|
|
ioq_submit(s);
|
|
}
|
|
}
|
|
|
|
static int laio_do_submit(int fd, struct qemu_laiocb *laiocb, off_t offset,
|
|
int type)
|
|
{
|
|
LinuxAioState *s = laiocb->ctx;
|
|
struct iocb *iocbs = &laiocb->iocb;
|
|
QEMUIOVector *qiov = laiocb->qiov;
|
|
|
|
switch (type) {
|
|
case QEMU_AIO_WRITE:
|
|
io_prep_pwritev(iocbs, fd, qiov->iov, qiov->niov, offset);
|
|
break;
|
|
case QEMU_AIO_READ:
|
|
io_prep_preadv(iocbs, fd, qiov->iov, qiov->niov, offset);
|
|
break;
|
|
/* Currently Linux kernel does not support other operations */
|
|
default:
|
|
fprintf(stderr, "%s: invalid AIO request type 0x%x.\n",
|
|
__func__, type);
|
|
return -EIO;
|
|
}
|
|
io_set_eventfd(&laiocb->iocb, event_notifier_get_fd(&s->e));
|
|
|
|
QSIMPLEQ_INSERT_TAIL(&s->io_q.pending, laiocb, next);
|
|
s->io_q.in_queue++;
|
|
if (!s->io_q.blocked &&
|
|
(!s->io_q.plugged ||
|
|
s->io_q.in_flight + s->io_q.in_queue >= MAX_EVENTS)) {
|
|
ioq_submit(s);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int coroutine_fn laio_co_submit(BlockDriverState *bs, LinuxAioState *s, int fd,
|
|
uint64_t offset, QEMUIOVector *qiov, int type)
|
|
{
|
|
int ret;
|
|
struct qemu_laiocb laiocb = {
|
|
.co = qemu_coroutine_self(),
|
|
.nbytes = qiov->size,
|
|
.ctx = s,
|
|
.ret = -EINPROGRESS,
|
|
.is_read = (type == QEMU_AIO_READ),
|
|
.qiov = qiov,
|
|
};
|
|
|
|
ret = laio_do_submit(fd, &laiocb, offset, type);
|
|
if (ret < 0) {
|
|
return ret;
|
|
}
|
|
|
|
if (laiocb.ret == -EINPROGRESS) {
|
|
qemu_coroutine_yield();
|
|
}
|
|
return laiocb.ret;
|
|
}
|
|
|
|
void laio_detach_aio_context(LinuxAioState *s, AioContext *old_context)
|
|
{
|
|
aio_set_event_notifier(old_context, &s->e, false, NULL, NULL);
|
|
qemu_bh_delete(s->completion_bh);
|
|
s->aio_context = NULL;
|
|
}
|
|
|
|
void laio_attach_aio_context(LinuxAioState *s, AioContext *new_context)
|
|
{
|
|
s->aio_context = new_context;
|
|
s->completion_bh = aio_bh_new(new_context, qemu_laio_completion_bh, s);
|
|
aio_set_event_notifier(new_context, &s->e, false,
|
|
qemu_laio_completion_cb,
|
|
qemu_laio_poll_cb);
|
|
}
|
|
|
|
LinuxAioState *laio_init(Error **errp)
|
|
{
|
|
int rc;
|
|
LinuxAioState *s;
|
|
|
|
s = g_malloc0(sizeof(*s));
|
|
rc = event_notifier_init(&s->e, false);
|
|
if (rc < 0) {
|
|
error_setg_errno(errp, -rc, "failed to to initialize event notifier");
|
|
goto out_free_state;
|
|
}
|
|
|
|
rc = io_setup(MAX_EVENTS, &s->ctx);
|
|
if (rc < 0) {
|
|
error_setg_errno(errp, -rc, "failed to create linux AIO context");
|
|
goto out_close_efd;
|
|
}
|
|
|
|
ioq_init(&s->io_q);
|
|
|
|
return s;
|
|
|
|
out_close_efd:
|
|
event_notifier_cleanup(&s->e);
|
|
out_free_state:
|
|
g_free(s);
|
|
return NULL;
|
|
}
|
|
|
|
void laio_cleanup(LinuxAioState *s)
|
|
{
|
|
event_notifier_cleanup(&s->e);
|
|
|
|
if (io_destroy(s->ctx) != 0) {
|
|
fprintf(stderr, "%s: destroy AIO context %p failed\n",
|
|
__func__, &s->ctx);
|
|
}
|
|
g_free(s);
|
|
}
|