Am 03.03.2022 um 16:15 hat Emanuele Giuseppe Esposito geschrieben: > Currently, block layer APIs like block.h contain a mix of > functions that are either running in the main loop and under the > BQL, or are thread-safe functions and run in iothreads performing I/O. > The functions running under BQL also take care of modifying the > block graph, by using drain and/or aio_context_acquire/release. > This makes it very confusing to understand where each function > runs, and what assumptions it provided with regards to thread > safety. > > We call the functions running under BQL "global state (GS) API", and > distinguish them from the thread-safe "I/O API". > > The aim of this series is to split the relevant block headers in > global state and I/O sub-headers. The division will be done in > this way: > header.h will be split in header-global-state.h, header-io.h and > header-common.h. The latter will just contain the data structures > needed by header-global-state and header-io, and common helpers > that are neither in GS nor in I/O. header.h will remain for > legacy and to avoid changing all includes in all QEMU c files, > but will only include the two new headers. No function shall be > added in header.c . > Once we split all relevant headers, it will be much easier to see what > uses the AioContext lock and remove it, which is the overall main > goal of this and other series that I posted/will post. > > In addition to splitting the relevant headers shown in this series, > it is also very helpful splitting the function pointers in some > block structures, to understand what runs under AioContext lock and > what doesn't. This is what patches 21-27 do. > > Each function in the GS API will have an assertion, checking > that it is always running under BQL. > I/O functions are instead thread safe (or so should be), meaning > that they *can* run under BQL, but also in an iothread in another > AioContext. Therefore they do not provide any assertion, and > need to be audited manually to verify the correctness. > > Adding assetions has helped finding 2 bugs already, as shown in > my series "Migration: fix missing iothread locking". > > Tested this series by running unit tests, qemu-iotests and qtests > (x86_64). > Some functions in the GS API are used everywhere but not > properly tested. Therefore their assertion is never actually run in > the tests, so despite my very careful auditing, it is not impossible > to exclude that some will trigger while actually using QEMU. > > Patch 1 introduces qemu_in_main_thread(), the function used in > all assertions. This had to be introduced otherwise all unit tests > would fail, since they run in the main loop but use the code in > stubs/iothread.c > Patches 2-27 (with the exception of patch 9-10, that are an additional > assert) are all structured in the same way: first we split the header > and in the next (or same, if small) patch we add assertions. > Patch 28-31 take care instead of the block layer permission API, > fixing some bugs where they are used in I/O functions. > > This serie depends on my previous serie "block layer: permission API > refactoring in preparation to the API split" > > Based-on: <20220209105452.1694545-1-eespo...@redhat.com> > > Signed-off-by: Emanuele Giuseppe Esposito <eespo...@redhat.com> > --- > v8: > bdrv_get_full_backing_filename to GLOBAL_STATE_CODE > blk_iostatus_is_enabled in IO_CODE > blk_iostatus_set_err in IO_CODE > bdrv_apply_auto_read_only in IO_CODE > bdrv_can_set_read_only in IO_CODE > blk_drain to GLOBAL_STATE_CODE
Thanks, fixed up the unintentional changes to bdrv_op_blocker_is_empty() and bdrv_op_unblock_all() as discussed on IRC, and applied to the block branch. Kevin