qemu/util
Sergio Lopez ef6dada8b4 util/async: use atomic_mb_set in qemu_bh_cancel
Commit b7a745d added a qemu_bh_cancel call to the completion function
as an optimization to prevent it from unnecessarily rescheduling itself.

This completion function is scheduled from worker_thread, after setting
the state of a ThreadPoolElement to THREAD_DONE.

This was considered to be safe, as the completion function restarts the
loop just after the call to qemu_bh_cancel. But, as this loop lacks a HW
memory barrier, the read of req->state may actually happen _before_ the
call, seeing it still as THREAD_QUEUED, and ending the completion
function without having processed a pending TPE linked at pool->head:

         worker thread             |            I/O thread
------------------------------------------------------------------------
                                   | speculatively read req->state
req->state = THREAD_DONE;          |
qemu_bh_schedule(p->completion_bh) |
  bh->scheduled = 1;               |
                                   | qemu_bh_cancel(p->completion_bh)
                                   |   bh->scheduled = 0;
                                   | if (req->state == THREAD_DONE)
                                   |   // sees THREAD_QUEUED

The source of the misunderstanding was that qemu_bh_cancel is now being
used by the _consumer_ rather than the producer, and therefore now needs
to have acquire semantics just like e.g. aio_bh_poll.

In some situations, if there are no other independent requests in the
same aio context that could eventually trigger the scheduling of the
completion function, the omitted TPE and all operations pending on it
will get stuck forever.

[Added Sergio's updated wording about the HW memory barrier.
--Stefan]

Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-id: 20171108063447.2842-1-slp@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-08 19:09:15 +00:00
..
acl.c
aio-posix.c aio-posix: drop QEMU_AIO_POLL_MAX_NS env var 2017-11-06 11:04:38 +00:00
aio-win32.c util/aio-win32: Only select on what we are actually waiting for 2017-07-17 15:58:37 +01:00
aiocb.c
async.c util/async: use atomic_mb_set in qemu_bh_cancel 2017-11-08 19:09:15 +00:00
base64.c
bitmap.c bitmap: provide to_le/from_le helpers 2017-09-22 14:11:25 +02:00
bitops.c bitmap: remove BITOP_WORD() 2017-09-22 14:11:23 +02:00
buffer.c
bufferiszero.c util: Introduce include/qemu/cpuid.h 2017-07-24 12:42:55 +01:00
cacheinfo.c configure: Drop AIX host support 2017-09-07 19:02:30 +01:00
compatfd.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
crc32c.c
cutils.c Convert remaining single line fprintf() to warn_report() 2017-09-19 16:20:49 +02:00
envlist.c util: Use g_malloc/g_free in envlist.c 2017-05-07 09:57:51 +03:00
error.c error: Implement the warn and free Error functions 2017-07-13 13:50:19 +02:00
event_notifier-posix.c Remove/replace sysemu/char.h inclusion 2017-06-02 11:33:52 +04:00
event_notifier-win32.c
fifo8.c
getauxval.c
hbitmap.c hbitmap: Rename serialization_granularity to serialization_align 2017-10-06 16:28:58 +02:00
hexdump.c
host-utils.c
id.c
iohandler.c
iov.c
keyval.c qapi: Generate FOO_str() macro for QAPI enum FOO 2017-09-04 13:09:13 +02:00
lockcnt.c
log.c
main-loop.c Convert multi-line fprintf() to warn_report() 2017-09-19 14:09:34 +02:00
Makefile.objs util: move qemu_real_host_page_size/mask to osdep.h 2017-10-10 09:45:00 -07:00
memfd.c
mmap-alloc.c
module.c
notify.c
osdep.c osdep: introduce qemu_mprotect_rwx/none 2017-10-24 13:53:42 -07:00
oslib-posix.c oslib-posix: Use sysctl(2) call to resolve exec_dir on NetBSD 2017-11-02 16:19:34 +00:00
oslib-win32.c block: rip out all traces of password prompting 2017-07-11 17:44:56 +02:00
pagesize.c util: move qemu_real_host_page_size/mask to osdep.h 2017-10-10 09:45:00 -07:00
path.c
qdist.c
qemu-config.c config: qemu_config_parse() return number of config groups 2017-10-09 23:21:52 -03:00
qemu-coroutine-io.c
qemu-coroutine-lock.c coroutine-lock: add qemu_co_rwlock_downgrade and qemu_co_rwlock_upgrade 2017-07-17 11:28:15 +08:00
qemu-coroutine-sleep.c
qemu-coroutine.c coroutine-lock: do not touch coroutine after another one has been entered 2017-06-07 14:39:00 +01:00
qemu-error.c error: Revert unwanted change of warning messages 2017-07-24 14:16:29 +02:00
qemu-openpty.c
qemu-option.c qapi: merge QInt and QFloat in QNum 2017-06-20 14:31:31 +02:00
qemu-progress.c progress: Show current progress on SIGINFO 2017-04-28 18:48:11 +02:00
qemu-sockets.c sockets: avoid leak of listen file descriptor 2017-11-07 14:10:20 +00:00
qemu-thread-posix.c util/qemu-thread-posix.c: Replace OS ifdefs with CONFIG_HAVE_SEM_TIMEDWAIT 2017-09-26 09:06:02 +03:00
qemu-thread-win32.c qemu-thread: Assert locks are initialized before using 2017-07-04 14:39:28 +02:00
qemu-timer-common.c
qemu-timer.c
qht.c
range.c
rcu.c Revert "rcu: do not create thread in pthread_atfork callback" 2017-08-08 10:40:19 +02:00
readline.c
stats64.c util: add stats64 module 2017-06-16 07:55:00 +08:00
systemd.c
thread-pool.c
throttle.c throttle: Assert that bkt->max is valid in throttle_compute_wait() 2017-09-26 14:46:23 +02:00
timed-average.c
trace-events docs: fix broken paths to docs/devel/tracing.txt 2017-07-31 13:12:53 +03:00
unicode.c
uri.c
uuid.c