From 539343c0a47e19d5dd64d846d64d084d9793681f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 29 Jul 2019 23:34:16 +0200 Subject: [PATCH 1/3] dma-helpers: ensure AIO callback is invoked after cancellation dma_aio_cancel unschedules the BH if there is one, which corresponds to the reschedule_dma case of dma_blk_cb. This can stall the DMA permanently, because dma_complete will never get invoked and therefore nobody will ever invoke the original AIO callback in dbs->common.cb. Fix this by invoking the callback (which is ensured to happen after a bdrv_aio_cancel_async, or done manually in the dbs->bh case), and add assertions to check that the DMA state machine is indeed waiting for dma_complete or reschedule_dma, but never both. Reported-by: John Snow Signed-off-by: Paolo Bonzini Message-id: 20190729213416.1972-1-pbonzini@redhat.com Signed-off-by: John Snow --- dma-helpers.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/dma-helpers.c b/dma-helpers.c index 2d7e02d35e..d3871dc61e 100644 --- a/dma-helpers.c +++ b/dma-helpers.c @@ -90,6 +90,7 @@ static void reschedule_dma(void *opaque) { DMAAIOCB *dbs = (DMAAIOCB *)opaque; + assert(!dbs->acb && dbs->bh); qemu_bh_delete(dbs->bh); dbs->bh = NULL; dma_blk_cb(dbs, 0); @@ -111,15 +112,12 @@ static void dma_complete(DMAAIOCB *dbs, int ret) { trace_dma_complete(dbs, ret, dbs->common.cb); + assert(!dbs->acb && !dbs->bh); dma_blk_unmap(dbs); if (dbs->common.cb) { dbs->common.cb(dbs->common.opaque, ret); } qemu_iovec_destroy(&dbs->iov); - if (dbs->bh) { - qemu_bh_delete(dbs->bh); - dbs->bh = NULL; - } qemu_aio_unref(dbs); } @@ -179,14 +177,21 @@ static void dma_aio_cancel(BlockAIOCB *acb) trace_dma_aio_cancel(dbs); + assert(!(dbs->acb && dbs->bh)); if (dbs->acb) { + /* This will invoke dma_blk_cb. */ blk_aio_cancel_async(dbs->acb); + return; } + if (dbs->bh) { cpu_unregister_map_client(dbs->bh); qemu_bh_delete(dbs->bh); dbs->bh = NULL; } + if (dbs->common.cb) { + dbs->common.cb(dbs->common.opaque, -ECANCELED); + } } static AioContext *dma_get_aio_context(BlockAIOCB *acb) From 8ec41c4265714255d5a138f8b538faf3583dcff6 Mon Sep 17 00:00:00 2001 From: John Snow Date: Mon, 29 Jul 2019 18:36:05 -0400 Subject: [PATCH 2/3] Revert "ide/ahci: Check for -ECANCELED in aio callbacks" This reverts commit 0d910cfeaf2076b116b4517166d5deb0fea76394. It's not correct to just ignore an error code in a callback; we need to handle that error and possible report failure to the guest so that they don't wait indefinitely for an operation that will now never finish. This ought to help cases reported by Nutanix where iSCSI returns a legitimate -ECANCELED for certain operations which should be propagated normally. Reported-by: Shaju Abraham Signed-off-by: John Snow Message-id: 20190729223605.7163-1-jsnow@redhat.com Signed-off-by: John Snow --- hw/ide/ahci.c | 3 --- hw/ide/core.c | 14 -------------- 2 files changed, 17 deletions(-) diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index d72da85605..d45393c019 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1025,9 +1025,6 @@ static void ncq_cb(void *opaque, int ret) IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; ncq_tfs->aiocb = NULL; - if (ret == -ECANCELED) { - return; - } if (ret < 0) { bool is_read = ncq_tfs->cmd == READ_FPDMA_QUEUED; diff --git a/hw/ide/core.c b/hw/ide/core.c index 38b6cdac87..e6e54c6c9a 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -723,9 +723,6 @@ static void ide_sector_read_cb(void *opaque, int ret) s->pio_aiocb = NULL; s->status &= ~BUSY_STAT; - if (ret == -ECANCELED) { - return; - } if (ret != 0) { if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO | IDE_RETRY_READ)) { @@ -841,10 +838,6 @@ static void ide_dma_cb(void *opaque, int ret) uint64_t offset; bool stay_active = false; - if (ret == -ECANCELED) { - return; - } - if (ret == -EINVAL) { ide_dma_error(s); return; @@ -976,10 +969,6 @@ static void ide_sector_write_cb(void *opaque, int ret) IDEState *s = opaque; int n; - if (ret == -ECANCELED) { - return; - } - s->pio_aiocb = NULL; s->status &= ~BUSY_STAT; @@ -1059,9 +1048,6 @@ static void ide_flush_cb(void *opaque, int ret) s->pio_aiocb = NULL; - if (ret == -ECANCELED) { - return; - } if (ret < 0) { /* XXX: What sector number to set here? */ if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) { From 614ab7d127536655ef105d4153ea264c88e855c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 8 Aug 2019 15:04:54 +0200 Subject: [PATCH 3/3] hw/ide/atapi: Use the ldst API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The big-endian load/store functions are already provided by "qemu/bswap.h". Avoid code duplication, use the generic API. Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190808130454.9930-1-philmd@redhat.com Signed-off-by: John Snow --- hw/ide/atapi.c | 80 ++++++++++++++++++-------------------------------- 1 file changed, 28 insertions(+), 52 deletions(-) diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c index 1b0f66cc08..17a9d635d8 100644 --- a/hw/ide/atapi.c +++ b/hw/ide/atapi.c @@ -45,30 +45,6 @@ static void padstr8(uint8_t *buf, int buf_size, const char *src) } } -static inline void cpu_to_ube16(uint8_t *buf, int val) -{ - buf[0] = val >> 8; - buf[1] = val & 0xff; -} - -static inline void cpu_to_ube32(uint8_t *buf, unsigned int val) -{ - buf[0] = val >> 24; - buf[1] = val >> 16; - buf[2] = val >> 8; - buf[3] = val & 0xff; -} - -static inline int ube16_to_cpu(const uint8_t *buf) -{ - return (buf[0] << 8) | buf[1]; -} - -static inline int ube32_to_cpu(const uint8_t *buf) -{ - return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; -} - static void lba_to_msf(uint8_t *buf, int lba) { lba += 150; @@ -485,7 +461,7 @@ static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index, uint8_t *buf_profile = buf + 12; /* start of profiles */ buf_profile += ((*index) * 4); /* start of indexed profile */ - cpu_to_ube16 (buf_profile, profile); + stw_be_p(buf_profile, profile); buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7])); /* each profile adds 4 bytes to the response */ @@ -518,9 +494,9 @@ static int ide_dvd_read_structure(IDEState *s, int format, buf[7] = 0; /* default densities */ /* FIXME: 0x30000 per spec? */ - cpu_to_ube32(buf + 8, 0); /* start sector */ - cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */ - cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */ + stl_be_p(buf + 8, 0); /* start sector */ + stl_be_p(buf + 12, total_sectors - 1); /* end sector */ + stl_be_p(buf + 16, total_sectors - 1); /* l0 end sector */ /* Size of buffer, not including 2 byte size field */ stw_be_p(buf, 2048 + 2); @@ -839,7 +815,7 @@ static void cmd_get_configuration(IDEState *s, uint8_t *buf) } /* XXX: could result in alignment problems in some architectures */ - max_len = ube16_to_cpu(buf + 7); + max_len = lduw_be_p(buf + 7); /* * XXX: avoid overflow for io_buffer if max_len is bigger than @@ -859,16 +835,16 @@ static void cmd_get_configuration(IDEState *s, uint8_t *buf) * to use as current. 0 means there is no media */ if (media_is_dvd(s)) { - cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM); + stw_be_p(buf + 6, MMC_PROFILE_DVD_ROM); } else if (media_is_cd(s)) { - cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM); + stw_be_p(buf + 6, MMC_PROFILE_CD_ROM); } buf[10] = 0x02 | 0x01; /* persistent and current */ len = 12; /* headers: 8 + 4 */ len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM); len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM); - cpu_to_ube32(buf, len - 4); /* data length */ + stl_be_p(buf, len - 4); /* data length */ ide_atapi_cmd_reply(s, len, max_len); } @@ -878,7 +854,7 @@ static void cmd_mode_sense(IDEState *s, uint8_t *buf) int action, code; int max_len; - max_len = ube16_to_cpu(buf + 7); + max_len = lduw_be_p(buf + 7); action = buf[2] >> 6; code = buf[2] & 0x3f; @@ -886,7 +862,7 @@ static void cmd_mode_sense(IDEState *s, uint8_t *buf) case 0: /* current values */ switch(code) { case MODE_PAGE_R_W_ERROR: /* error recovery */ - cpu_to_ube16(&buf[0], 16 - 2); + stw_be_p(&buf[0], 16 - 2); buf[2] = 0x70; buf[3] = 0; buf[4] = 0; @@ -905,7 +881,7 @@ static void cmd_mode_sense(IDEState *s, uint8_t *buf) ide_atapi_cmd_reply(s, 16, max_len); break; case MODE_PAGE_AUDIO_CTL: - cpu_to_ube16(&buf[0], 24 - 2); + stw_be_p(&buf[0], 24 - 2); buf[2] = 0x70; buf[3] = 0; buf[4] = 0; @@ -924,7 +900,7 @@ static void cmd_mode_sense(IDEState *s, uint8_t *buf) ide_atapi_cmd_reply(s, 24, max_len); break; case MODE_PAGE_CAPABILITIES: - cpu_to_ube16(&buf[0], 30 - 2); + stw_be_p(&buf[0], 30 - 2); buf[2] = 0x70; buf[3] = 0; buf[4] = 0; @@ -946,11 +922,11 @@ static void cmd_mode_sense(IDEState *s, uint8_t *buf) buf[14] |= 1 << 1; } buf[15] = 0x00; /* No volume & mute control, no changer */ - cpu_to_ube16(&buf[16], 704); /* 4x read speed */ + stw_be_p(&buf[16], 704); /* 4x read speed */ buf[18] = 0; /* Two volume levels */ buf[19] = 2; - cpu_to_ube16(&buf[20], 512); /* 512k buffer */ - cpu_to_ube16(&buf[22], 704); /* 4x read speed current */ + stw_be_p(&buf[20], 512); /* 512k buffer */ + stw_be_p(&buf[22], 704); /* 4x read speed current */ buf[24] = 0; buf[25] = 0; buf[26] = 0; @@ -998,12 +974,12 @@ static void cmd_read(IDEState *s, uint8_t* buf) int nb_sectors, lba; if (buf[0] == GPCMD_READ_10) { - nb_sectors = ube16_to_cpu(buf + 7); + nb_sectors = lduw_be_p(buf + 7); } else { - nb_sectors = ube32_to_cpu(buf + 6); + nb_sectors = ldl_be_p(buf + 6); } - lba = ube32_to_cpu(buf + 2); + lba = ldl_be_p(buf + 2); if (nb_sectors == 0) { ide_atapi_cmd_ok(s); return; @@ -1017,7 +993,7 @@ static void cmd_read_cd(IDEState *s, uint8_t* buf) int nb_sectors, lba, transfer_request; nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8]; - lba = ube32_to_cpu(buf + 2); + lba = ldl_be_p(buf + 2); if (nb_sectors == 0) { ide_atapi_cmd_ok(s); @@ -1057,7 +1033,7 @@ static void cmd_seek(IDEState *s, uint8_t* buf) unsigned int lba; uint64_t total_sectors = s->nb_sectors >> 2; - lba = ube32_to_cpu(buf + 2); + lba = ldl_be_p(buf + 2); if (lba >= total_sectors) { ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR); return; @@ -1098,15 +1074,15 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf) static void cmd_mechanism_status(IDEState *s, uint8_t* buf) { - int max_len = ube16_to_cpu(buf + 8); + int max_len = lduw_be_p(buf + 8); - cpu_to_ube16(buf, 0); + stw_be_p(buf, 0); /* no current LBA */ buf[2] = 0; buf[3] = 0; buf[4] = 0; buf[5] = 1; - cpu_to_ube16(buf + 6, 0); + stw_be_p(buf + 6, 0); ide_atapi_cmd_reply(s, 8, max_len); } @@ -1116,7 +1092,7 @@ static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* buf) int max_len; uint64_t total_sectors = s->nb_sectors >> 2; - max_len = ube16_to_cpu(buf + 7); + max_len = lduw_be_p(buf + 7); format = buf[9] >> 6; msf = (buf[1] >> 1) & 1; start_track = buf[6]; @@ -1154,15 +1130,15 @@ static void cmd_read_cdvd_capacity(IDEState *s, uint8_t* buf) uint64_t total_sectors = s->nb_sectors >> 2; /* NOTE: it is really the number of sectors minus 1 */ - cpu_to_ube32(buf, total_sectors - 1); - cpu_to_ube32(buf + 4, 2048); + stl_be_p(buf, total_sectors - 1); + stl_be_p(buf + 4, 2048); ide_atapi_cmd_reply(s, 8, 8); } static void cmd_read_disc_information(IDEState *s, uint8_t* buf) { uint8_t type = buf[1] & 7; - uint32_t max_len = ube16_to_cpu(buf + 7); + uint32_t max_len = lduw_be_p(buf + 7); /* Types 1/2 are only defined for Blu-Ray. */ if (type != 0) { @@ -1196,7 +1172,7 @@ static void cmd_read_dvd_structure(IDEState *s, uint8_t* buf) int format = buf[7]; int ret; - max_len = ube16_to_cpu(buf + 8); + max_len = lduw_be_p(buf + 8); if (format < 0xff) { if (media_is_cd(s)) {