From 6bc0bcc89f847839cf3d459a55290dda8801d9d3 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 15 Nov 2023 18:20:10 +0100 Subject: block: Fix deadlocks in bdrv_graph_wrunlock() bdrv_graph_wrunlock() calls aio_poll(), which may run callbacks that have a nested event loop. Nested event loops can depend on other iothreads making progress, so in order to allow them to make progress it must not hold the AioContext lock of another thread while calling aio_poll(). This introduces a @bs parameter to bdrv_graph_wrunlock() whose AioContext is temporarily dropped (which matches bdrv_graph_wrlock()), and a bdrv_graph_wrunlock_ctx() that can be used if the BlockDriverState doesn't necessarily exist any more when unlocking. This also requires a change to bdrv_schedule_unref(), which was relying on the incorrectly taken lock. It needs to take the lock itself now. While this is a separate bug, it can't be fixed a separate patch because otherwise the intermediate state would either deadlock or try to release a lock that we don't even hold. Signed-off-by: Kevin Wolf Message-ID: <20231115172012.112727-3-kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi [kwolf: Fixed up bdrv_schedule_unref()] Signed-off-by: Kevin Wolf --- tests/unit/test-bdrv-drain.c | 20 ++++++++++---------- tests/unit/test-bdrv-graph-mod.c | 10 +++++----- 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'tests') diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c index 8d05538bf6..704d1a3f36 100644 --- a/tests/unit/test-bdrv-drain.c +++ b/tests/unit/test-bdrv-drain.c @@ -809,7 +809,7 @@ static void test_blockjob_common_drain_node(enum drain_type drain_type, bdrv_graph_wrlock(target); block_job_add_bdrv(job, "target", target, 0, BLK_PERM_ALL, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(target); switch (result) { case TEST_JOB_SUCCESS: @@ -995,7 +995,7 @@ static void bdrv_test_top_close(BlockDriverState *bs) QLIST_FOREACH_SAFE(c, &bs->children, next, next_c) { bdrv_unref_child(bs, c); } - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); } static int coroutine_fn GRAPH_RDLOCK @@ -1088,7 +1088,7 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, bdrv_graph_wrlock(NULL); bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, BDRV_CHILD_DATA, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); /* This child will be the one to pass to requests through to, and * it will stall until a drain occurs */ @@ -1101,7 +1101,7 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, &child_of_bds, BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); /* This child is just there to be deleted * (for detach_instead_of_delete == true) */ @@ -1110,7 +1110,7 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, bdrv_graph_wrlock(NULL); bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, BDRV_CHILD_DATA, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); blk = blk_new(qemu_get_aio_context(), BLK_PERM_ALL, BLK_PERM_ALL); blk_insert_bs(blk, bs, &error_abort); @@ -1200,7 +1200,7 @@ static void no_coroutine_fn detach_indirect_bh(void *opaque) data->child_c = bdrv_attach_child(data->parent_b, data->c, "PB-C", &child_of_bds, BDRV_CHILD_DATA, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); } static void coroutine_mixed_fn detach_by_parent_aio_cb(void *opaque, int ret) @@ -1308,7 +1308,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb) bdrv_attach_child(parent_a, a, "PA-A", by_parent_cb ? &child_of_bds : &detach_by_driver_cb_class, BDRV_CHILD_DATA, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); g_assert_cmpint(parent_a->refcnt, ==, 1); g_assert_cmpint(parent_b->refcnt, ==, 1); @@ -1735,7 +1735,7 @@ static void test_drop_intermediate_poll(void) &chain_child_class, BDRV_CHILD_COW, &error_abort); } } - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); job = block_job_create("job", &test_simple_job_driver, NULL, job_node, 0, BLK_PERM_ALL, 0, 0, NULL, NULL, &error_abort); @@ -1985,7 +1985,7 @@ static void do_test_replace_child_mid_drain(int old_drain_count, bdrv_graph_wrlock(NULL); bdrv_attach_child(parent_bs, old_child_bs, "child", &child_of_bds, BDRV_CHILD_COW, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); parent_s->setup_completed = true; for (i = 0; i < old_drain_count; i++) { @@ -2018,7 +2018,7 @@ static void do_test_replace_child_mid_drain(int old_drain_count, bdrv_drained_begin(new_child_bs); bdrv_graph_wrlock(NULL); bdrv_replace_node(old_child_bs, new_child_bs, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); bdrv_drained_end(new_child_bs); bdrv_drained_end(old_child_bs); g_assert(parent_bs->quiesce_counter == new_drain_count); diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c index 878544dbd5..074adcbb93 100644 --- a/tests/unit/test-bdrv-graph-mod.c +++ b/tests/unit/test-bdrv-graph-mod.c @@ -140,7 +140,7 @@ static void test_update_perm_tree(void) bdrv_graph_wrlock(NULL); bdrv_attach_child(filter, bs, "child", &child_of_bds, BDRV_CHILD_DATA, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); aio_context_acquire(qemu_get_aio_context()); ret = bdrv_append(filter, bs, NULL); @@ -210,7 +210,7 @@ static void test_should_update_child(void) g_assert(target->backing->bs == bs); bdrv_attach_child(filter, target, "target", &child_of_bds, BDRV_CHILD_DATA, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); aio_context_acquire(qemu_get_aio_context()); bdrv_append(filter, bs, &error_abort); aio_context_release(qemu_get_aio_context()); @@ -260,7 +260,7 @@ static void test_parallel_exclusive_write(void) &error_abort); bdrv_replace_node(fl1, fl2, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); bdrv_drained_end(fl2); bdrv_drained_end(fl1); @@ -380,7 +380,7 @@ static void test_parallel_perm_update(void) bdrv_attach_child(fl2, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); /* Select fl1 as first child to be active */ s->selected = c_fl1; @@ -438,7 +438,7 @@ static void test_append_greedy_filter(void) bdrv_attach_child(top, base, "backing", &child_of_bds, BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, &error_abort); - bdrv_graph_wrunlock(); + bdrv_graph_wrunlock(NULL); aio_context_acquire(qemu_get_aio_context()); bdrv_append(fl, base, &error_abort); -- cgit v1.2.3