xref: /openbmc/qemu/block/io_uring.c (revision 6c1e3906)
1 /*
2  * Linux io_uring support.
3  *
4  * Copyright (C) 2009 IBM, Corp.
5  * Copyright (C) 2009 Red Hat, Inc.
6  * Copyright (C) 2019 Aarushi Mehta
7  *
8  * This work is licensed under the terms of the GNU GPL, version 2 or later.
9  * See the COPYING file in the top-level directory.
10  */
11 #include "qemu/osdep.h"
12 #include <liburing.h>
13 #include "block/aio.h"
14 #include "qemu/queue.h"
15 #include "block/block.h"
16 #include "block/raw-aio.h"
17 #include "qemu/coroutine.h"
18 #include "qapi/error.h"
19 #include "trace.h"
20 
21 /* Only used for assertions.  */
22 #include "qemu/coroutine_int.h"
23 
24 /* io_uring ring size */
25 #define MAX_ENTRIES 128
26 
27 typedef struct LuringAIOCB {
28     Coroutine *co;
29     struct io_uring_sqe sqeq;
30     ssize_t ret;
31     QEMUIOVector *qiov;
32     bool is_read;
33     QSIMPLEQ_ENTRY(LuringAIOCB) next;
34 
35     /*
36      * Buffered reads may require resubmission, see
37      * luring_resubmit_short_read().
38      */
39     int total_read;
40     QEMUIOVector resubmit_qiov;
41 } LuringAIOCB;
42 
43 typedef struct LuringQueue {
44     int plugged;
45     unsigned int in_queue;
46     unsigned int in_flight;
47     bool blocked;
48     QSIMPLEQ_HEAD(, LuringAIOCB) submit_queue;
49 } LuringQueue;
50 
51 typedef struct LuringState {
52     AioContext *aio_context;
53 
54     struct io_uring ring;
55 
56     /* No locking required, only accessed from AioContext home thread */
57     LuringQueue io_q;
58 
59     QEMUBH *completion_bh;
60 } LuringState;
61 
62 /**
63  * luring_resubmit:
64  *
65  * Resubmit a request by appending it to submit_queue.  The caller must ensure
66  * that ioq_submit() is called later so that submit_queue requests are started.
67  */
68 static void luring_resubmit(LuringState *s, LuringAIOCB *luringcb)
69 {
70     QSIMPLEQ_INSERT_TAIL(&s->io_q.submit_queue, luringcb, next);
71     s->io_q.in_queue++;
72 }
73 
74 /**
75  * luring_resubmit_short_read:
76  *
77  * Short reads are rare but may occur. The remaining read request needs to be
78  * resubmitted.
79  */
80 static void luring_resubmit_short_read(LuringState *s, LuringAIOCB *luringcb,
81                                        int nread)
82 {
83     QEMUIOVector *resubmit_qiov;
84     size_t remaining;
85 
86     trace_luring_resubmit_short_read(s, luringcb, nread);
87 
88     /* Update read position */
89     luringcb->total_read += nread;
90     remaining = luringcb->qiov->size - luringcb->total_read;
91 
92     /* Shorten qiov */
93     resubmit_qiov = &luringcb->resubmit_qiov;
94     if (resubmit_qiov->iov == NULL) {
95         qemu_iovec_init(resubmit_qiov, luringcb->qiov->niov);
96     } else {
97         qemu_iovec_reset(resubmit_qiov);
98     }
99     qemu_iovec_concat(resubmit_qiov, luringcb->qiov, luringcb->total_read,
100                       remaining);
101 
102     /* Update sqe */
103     luringcb->sqeq.off += nread;
104     luringcb->sqeq.addr = (__u64)(uintptr_t)luringcb->resubmit_qiov.iov;
105     luringcb->sqeq.len = luringcb->resubmit_qiov.niov;
106 
107     luring_resubmit(s, luringcb);
108 }
109 
110 /**
111  * luring_process_completions:
112  * @s: AIO state
113  *
114  * Fetches completed I/O requests, consumes cqes and invokes their callbacks
115  * The function is somewhat tricky because it supports nested event loops, for
116  * example when a request callback invokes aio_poll().
117  *
118  * Function schedules BH completion so it  can be called again in a nested
119  * event loop.  When there are no events left  to complete the BH is being
120  * canceled.
121  *
122  */
123 static void luring_process_completions(LuringState *s)
124 {
125     struct io_uring_cqe *cqes;
126     int total_bytes;
127     /*
128      * Request completion callbacks can run the nested event loop.
129      * Schedule ourselves so the nested event loop will "see" remaining
130      * completed requests and process them.  Without this, completion
131      * callbacks that wait for other requests using a nested event loop
132      * would hang forever.
133      *
134      * This workaround is needed because io_uring uses poll_wait, which
135      * is woken up when new events are added to the uring, thus polling on
136      * the same uring fd will block unless more events are received.
137      *
138      * Other leaf block drivers (drivers that access the data themselves)
139      * are networking based, so they poll sockets for data and run the
140      * correct coroutine.
141      */
142     qemu_bh_schedule(s->completion_bh);
143 
144     while (io_uring_peek_cqe(&s->ring, &cqes) == 0) {
145         LuringAIOCB *luringcb;
146         int ret;
147 
148         if (!cqes) {
149             break;
150         }
151 
152         luringcb = io_uring_cqe_get_data(cqes);
153         ret = cqes->res;
154         io_uring_cqe_seen(&s->ring, cqes);
155         cqes = NULL;
156 
157         /* Change counters one-by-one because we can be nested. */
158         s->io_q.in_flight--;
159         trace_luring_process_completion(s, luringcb, ret);
160 
161         /* total_read is non-zero only for resubmitted read requests */
162         total_bytes = ret + luringcb->total_read;
163 
164         if (ret < 0) {
165             /*
166              * Only writev/readv/fsync requests on regular files or host block
167              * devices are submitted. Therefore -EAGAIN is not expected but it's
168              * known to happen sometimes with Linux SCSI. Submit again and hope
169              * the request completes successfully.
170              *
171              * For more information, see:
172              * https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
173              *
174              * If the code is changed to submit other types of requests in the
175              * future, then this workaround may need to be extended to deal with
176              * genuine -EAGAIN results that should not be resubmitted
177              * immediately.
178              */
179             if (ret == -EINTR || ret == -EAGAIN) {
180                 luring_resubmit(s, luringcb);
181                 continue;
182             }
183         } else if (!luringcb->qiov) {
184             goto end;
185         } else if (total_bytes == luringcb->qiov->size) {
186             ret = 0;
187         /* Only read/write */
188         } else {
189             /* Short Read/Write */
190             if (luringcb->is_read) {
191                 if (ret > 0) {
192                     luring_resubmit_short_read(s, luringcb, ret);
193                     continue;
194                 } else {
195                     /* Pad with zeroes */
196                     qemu_iovec_memset(luringcb->qiov, total_bytes, 0,
197                                       luringcb->qiov->size - total_bytes);
198                     ret = 0;
199                 }
200             } else {
201                 ret = -ENOSPC;
202             }
203         }
204 end:
205         luringcb->ret = ret;
206         qemu_iovec_destroy(&luringcb->resubmit_qiov);
207 
208         /*
209          * If the coroutine is already entered it must be in ioq_submit()
210          * and will notice luringcb->ret has been filled in when it
211          * eventually runs later. Coroutines cannot be entered recursively
212          * so avoid doing that!
213          */
214         assert(luringcb->co->ctx == s->aio_context);
215         if (!qemu_coroutine_entered(luringcb->co)) {
216             aio_co_wake(luringcb->co);
217         }
218     }
219     qemu_bh_cancel(s->completion_bh);
220 }
221 
222 static int ioq_submit(LuringState *s)
223 {
224     int ret = 0;
225     LuringAIOCB *luringcb, *luringcb_next;
226 
227     while (s->io_q.in_queue > 0) {
228         /*
229          * Try to fetch sqes from the ring for requests waiting in
230          * the overflow queue
231          */
232         QSIMPLEQ_FOREACH_SAFE(luringcb, &s->io_q.submit_queue, next,
233                               luringcb_next) {
234             struct io_uring_sqe *sqes = io_uring_get_sqe(&s->ring);
235             if (!sqes) {
236                 break;
237             }
238             /* Prep sqe for submission */
239             *sqes = luringcb->sqeq;
240             QSIMPLEQ_REMOVE_HEAD(&s->io_q.submit_queue, next);
241         }
242         ret = io_uring_submit(&s->ring);
243         trace_luring_io_uring_submit(s, ret);
244         /* Prevent infinite loop if submission is refused */
245         if (ret <= 0) {
246             if (ret == -EAGAIN || ret == -EINTR) {
247                 continue;
248             }
249             break;
250         }
251         s->io_q.in_flight += ret;
252         s->io_q.in_queue  -= ret;
253     }
254     s->io_q.blocked = (s->io_q.in_queue > 0);
255 
256     if (s->io_q.in_flight) {
257         /*
258          * We can try to complete something just right away if there are
259          * still requests in-flight.
260          */
261         luring_process_completions(s);
262     }
263     return ret;
264 }
265 
266 static void luring_process_completions_and_submit(LuringState *s)
267 {
268     luring_process_completions(s);
269 
270     if (!s->io_q.plugged && s->io_q.in_queue > 0) {
271         ioq_submit(s);
272     }
273 }
274 
275 static void qemu_luring_completion_bh(void *opaque)
276 {
277     LuringState *s = opaque;
278     luring_process_completions_and_submit(s);
279 }
280 
281 static void qemu_luring_completion_cb(void *opaque)
282 {
283     LuringState *s = opaque;
284     luring_process_completions_and_submit(s);
285 }
286 
287 static bool qemu_luring_poll_cb(void *opaque)
288 {
289     LuringState *s = opaque;
290 
291     return io_uring_cq_ready(&s->ring);
292 }
293 
294 static void qemu_luring_poll_ready(void *opaque)
295 {
296     LuringState *s = opaque;
297 
298     luring_process_completions_and_submit(s);
299 }
300 
301 static void ioq_init(LuringQueue *io_q)
302 {
303     QSIMPLEQ_INIT(&io_q->submit_queue);
304     io_q->plugged = 0;
305     io_q->in_queue = 0;
306     io_q->in_flight = 0;
307     io_q->blocked = false;
308 }
309 
310 void luring_io_plug(void)
311 {
312     AioContext *ctx = qemu_get_current_aio_context();
313     LuringState *s = aio_get_linux_io_uring(ctx);
314     trace_luring_io_plug(s);
315     s->io_q.plugged++;
316 }
317 
318 void luring_io_unplug(void)
319 {
320     AioContext *ctx = qemu_get_current_aio_context();
321     LuringState *s = aio_get_linux_io_uring(ctx);
322     assert(s->io_q.plugged);
323     trace_luring_io_unplug(s, s->io_q.blocked, s->io_q.plugged,
324                            s->io_q.in_queue, s->io_q.in_flight);
325     if (--s->io_q.plugged == 0 &&
326         !s->io_q.blocked && s->io_q.in_queue > 0) {
327         ioq_submit(s);
328     }
329 }
330 
331 /**
332  * luring_do_submit:
333  * @fd: file descriptor for I/O
334  * @luringcb: AIO control block
335  * @s: AIO state
336  * @offset: offset for request
337  * @type: type of request
338  *
339  * Fetches sqes from ring, adds to pending queue and preps them
340  *
341  */
342 static int luring_do_submit(int fd, LuringAIOCB *luringcb, LuringState *s,
343                             uint64_t offset, int type)
344 {
345     int ret;
346     struct io_uring_sqe *sqes = &luringcb->sqeq;
347 
348     switch (type) {
349     case QEMU_AIO_WRITE:
350         io_uring_prep_writev(sqes, fd, luringcb->qiov->iov,
351                              luringcb->qiov->niov, offset);
352         break;
353     case QEMU_AIO_ZONE_APPEND:
354         io_uring_prep_writev(sqes, fd, luringcb->qiov->iov,
355                              luringcb->qiov->niov, offset);
356         break;
357     case QEMU_AIO_READ:
358         io_uring_prep_readv(sqes, fd, luringcb->qiov->iov,
359                             luringcb->qiov->niov, offset);
360         break;
361     case QEMU_AIO_FLUSH:
362         io_uring_prep_fsync(sqes, fd, IORING_FSYNC_DATASYNC);
363         break;
364     default:
365         fprintf(stderr, "%s: invalid AIO request type, aborting 0x%x.\n",
366                         __func__, type);
367         abort();
368     }
369     io_uring_sqe_set_data(sqes, luringcb);
370 
371     QSIMPLEQ_INSERT_TAIL(&s->io_q.submit_queue, luringcb, next);
372     s->io_q.in_queue++;
373     trace_luring_do_submit(s, s->io_q.blocked, s->io_q.plugged,
374                            s->io_q.in_queue, s->io_q.in_flight);
375     if (!s->io_q.blocked &&
376         (!s->io_q.plugged ||
377          s->io_q.in_flight + s->io_q.in_queue >= MAX_ENTRIES)) {
378         ret = ioq_submit(s);
379         trace_luring_do_submit_done(s, ret);
380         return ret;
381     }
382     return 0;
383 }
384 
385 int coroutine_fn luring_co_submit(BlockDriverState *bs, int fd, uint64_t offset,
386                                   QEMUIOVector *qiov, int type)
387 {
388     int ret;
389     AioContext *ctx = qemu_get_current_aio_context();
390     LuringState *s = aio_get_linux_io_uring(ctx);
391     LuringAIOCB luringcb = {
392         .co         = qemu_coroutine_self(),
393         .ret        = -EINPROGRESS,
394         .qiov       = qiov,
395         .is_read    = (type == QEMU_AIO_READ),
396     };
397     trace_luring_co_submit(bs, s, &luringcb, fd, offset, qiov ? qiov->size : 0,
398                            type);
399     ret = luring_do_submit(fd, &luringcb, s, offset, type);
400 
401     if (ret < 0) {
402         return ret;
403     }
404 
405     if (luringcb.ret == -EINPROGRESS) {
406         qemu_coroutine_yield();
407     }
408     return luringcb.ret;
409 }
410 
411 void luring_detach_aio_context(LuringState *s, AioContext *old_context)
412 {
413     aio_set_fd_handler(old_context, s->ring.ring_fd, false,
414                        NULL, NULL, NULL, NULL, s);
415     qemu_bh_delete(s->completion_bh);
416     s->aio_context = NULL;
417 }
418 
419 void luring_attach_aio_context(LuringState *s, AioContext *new_context)
420 {
421     s->aio_context = new_context;
422     s->completion_bh = aio_bh_new(new_context, qemu_luring_completion_bh, s);
423     aio_set_fd_handler(s->aio_context, s->ring.ring_fd, false,
424                        qemu_luring_completion_cb, NULL,
425                        qemu_luring_poll_cb, qemu_luring_poll_ready, s);
426 }
427 
428 LuringState *luring_init(Error **errp)
429 {
430     int rc;
431     LuringState *s = g_new0(LuringState, 1);
432     struct io_uring *ring = &s->ring;
433 
434     trace_luring_init_state(s, sizeof(*s));
435 
436     rc = io_uring_queue_init(MAX_ENTRIES, ring, 0);
437     if (rc < 0) {
438         error_setg_errno(errp, errno, "failed to init linux io_uring ring");
439         g_free(s);
440         return NULL;
441     }
442 
443     ioq_init(&s->io_q);
444     return s;
445 
446 }
447 
448 void luring_cleanup(LuringState *s)
449 {
450     io_uring_queue_exit(&s->ring);
451     trace_luring_cleanup_state(s);
452     g_free(s);
453 }
454