1 /* 2 * Linux io_uring support. 3 * 4 * Copyright (C) 2009 IBM, Corp. 5 * Copyright (C) 2009 Red Hat, Inc. 6 * Copyright (C) 2019 Aarushi Mehta 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or later. 9 * See the COPYING file in the top-level directory. 10 */ 11 #include "qemu/osdep.h" 12 #include <liburing.h> 13 #include "block/aio.h" 14 #include "qemu/queue.h" 15 #include "block/block.h" 16 #include "block/raw-aio.h" 17 #include "qemu/coroutine.h" 18 #include "qapi/error.h" 19 #include "trace.h" 20 21 /* Only used for assertions. */ 22 #include "qemu/coroutine_int.h" 23 24 /* io_uring ring size */ 25 #define MAX_ENTRIES 128 26 27 typedef struct LuringAIOCB { 28 Coroutine *co; 29 struct io_uring_sqe sqeq; 30 ssize_t ret; 31 QEMUIOVector *qiov; 32 bool is_read; 33 QSIMPLEQ_ENTRY(LuringAIOCB) next; 34 35 /* 36 * Buffered reads may require resubmission, see 37 * luring_resubmit_short_read(). 38 */ 39 int total_read; 40 QEMUIOVector resubmit_qiov; 41 } LuringAIOCB; 42 43 typedef struct LuringQueue { 44 int plugged; 45 unsigned int in_queue; 46 unsigned int in_flight; 47 bool blocked; 48 QSIMPLEQ_HEAD(, LuringAIOCB) submit_queue; 49 } LuringQueue; 50 51 typedef struct LuringState { 52 AioContext *aio_context; 53 54 struct io_uring ring; 55 56 /* No locking required, only accessed from AioContext home thread */ 57 LuringQueue io_q; 58 59 QEMUBH *completion_bh; 60 } LuringState; 61 62 /** 63 * luring_resubmit: 64 * 65 * Resubmit a request by appending it to submit_queue. The caller must ensure 66 * that ioq_submit() is called later so that submit_queue requests are started. 67 */ 68 static void luring_resubmit(LuringState *s, LuringAIOCB *luringcb) 69 { 70 QSIMPLEQ_INSERT_TAIL(&s->io_q.submit_queue, luringcb, next); 71 s->io_q.in_queue++; 72 } 73 74 /** 75 * luring_resubmit_short_read: 76 * 77 * Short reads are rare but may occur. The remaining read request needs to be 78 * resubmitted. 79 */ 80 static void luring_resubmit_short_read(LuringState *s, LuringAIOCB *luringcb, 81 int nread) 82 { 83 QEMUIOVector *resubmit_qiov; 84 size_t remaining; 85 86 trace_luring_resubmit_short_read(s, luringcb, nread); 87 88 /* Update read position */ 89 luringcb->total_read += nread; 90 remaining = luringcb->qiov->size - luringcb->total_read; 91 92 /* Shorten qiov */ 93 resubmit_qiov = &luringcb->resubmit_qiov; 94 if (resubmit_qiov->iov == NULL) { 95 qemu_iovec_init(resubmit_qiov, luringcb->qiov->niov); 96 } else { 97 qemu_iovec_reset(resubmit_qiov); 98 } 99 qemu_iovec_concat(resubmit_qiov, luringcb->qiov, luringcb->total_read, 100 remaining); 101 102 /* Update sqe */ 103 luringcb->sqeq.off += nread; 104 luringcb->sqeq.addr = (__u64)(uintptr_t)luringcb->resubmit_qiov.iov; 105 luringcb->sqeq.len = luringcb->resubmit_qiov.niov; 106 107 luring_resubmit(s, luringcb); 108 } 109 110 /** 111 * luring_process_completions: 112 * @s: AIO state 113 * 114 * Fetches completed I/O requests, consumes cqes and invokes their callbacks 115 * The function is somewhat tricky because it supports nested event loops, for 116 * example when a request callback invokes aio_poll(). 117 * 118 * Function schedules BH completion so it can be called again in a nested 119 * event loop. When there are no events left to complete the BH is being 120 * canceled. 121 * 122 */ 123 static void luring_process_completions(LuringState *s) 124 { 125 struct io_uring_cqe *cqes; 126 int total_bytes; 127 /* 128 * Request completion callbacks can run the nested event loop. 129 * Schedule ourselves so the nested event loop will "see" remaining 130 * completed requests and process them. Without this, completion 131 * callbacks that wait for other requests using a nested event loop 132 * would hang forever. 133 * 134 * This workaround is needed because io_uring uses poll_wait, which 135 * is woken up when new events are added to the uring, thus polling on 136 * the same uring fd will block unless more events are received. 137 * 138 * Other leaf block drivers (drivers that access the data themselves) 139 * are networking based, so they poll sockets for data and run the 140 * correct coroutine. 141 */ 142 qemu_bh_schedule(s->completion_bh); 143 144 while (io_uring_peek_cqe(&s->ring, &cqes) == 0) { 145 LuringAIOCB *luringcb; 146 int ret; 147 148 if (!cqes) { 149 break; 150 } 151 152 luringcb = io_uring_cqe_get_data(cqes); 153 ret = cqes->res; 154 io_uring_cqe_seen(&s->ring, cqes); 155 cqes = NULL; 156 157 /* Change counters one-by-one because we can be nested. */ 158 s->io_q.in_flight--; 159 trace_luring_process_completion(s, luringcb, ret); 160 161 /* total_read is non-zero only for resubmitted read requests */ 162 total_bytes = ret + luringcb->total_read; 163 164 if (ret < 0) { 165 /* 166 * Only writev/readv/fsync requests on regular files or host block 167 * devices are submitted. Therefore -EAGAIN is not expected but it's 168 * known to happen sometimes with Linux SCSI. Submit again and hope 169 * the request completes successfully. 170 * 171 * For more information, see: 172 * https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u 173 * 174 * If the code is changed to submit other types of requests in the 175 * future, then this workaround may need to be extended to deal with 176 * genuine -EAGAIN results that should not be resubmitted 177 * immediately. 178 */ 179 if (ret == -EINTR || ret == -EAGAIN) { 180 luring_resubmit(s, luringcb); 181 continue; 182 } 183 } else if (!luringcb->qiov) { 184 goto end; 185 } else if (total_bytes == luringcb->qiov->size) { 186 ret = 0; 187 /* Only read/write */ 188 } else { 189 /* Short Read/Write */ 190 if (luringcb->is_read) { 191 if (ret > 0) { 192 luring_resubmit_short_read(s, luringcb, ret); 193 continue; 194 } else { 195 /* Pad with zeroes */ 196 qemu_iovec_memset(luringcb->qiov, total_bytes, 0, 197 luringcb->qiov->size - total_bytes); 198 ret = 0; 199 } 200 } else { 201 ret = -ENOSPC; 202 } 203 } 204 end: 205 luringcb->ret = ret; 206 qemu_iovec_destroy(&luringcb->resubmit_qiov); 207 208 /* 209 * If the coroutine is already entered it must be in ioq_submit() 210 * and will notice luringcb->ret has been filled in when it 211 * eventually runs later. Coroutines cannot be entered recursively 212 * so avoid doing that! 213 */ 214 assert(luringcb->co->ctx == s->aio_context); 215 if (!qemu_coroutine_entered(luringcb->co)) { 216 aio_co_wake(luringcb->co); 217 } 218 } 219 qemu_bh_cancel(s->completion_bh); 220 } 221 222 static int ioq_submit(LuringState *s) 223 { 224 int ret = 0; 225 LuringAIOCB *luringcb, *luringcb_next; 226 227 while (s->io_q.in_queue > 0) { 228 /* 229 * Try to fetch sqes from the ring for requests waiting in 230 * the overflow queue 231 */ 232 QSIMPLEQ_FOREACH_SAFE(luringcb, &s->io_q.submit_queue, next, 233 luringcb_next) { 234 struct io_uring_sqe *sqes = io_uring_get_sqe(&s->ring); 235 if (!sqes) { 236 break; 237 } 238 /* Prep sqe for submission */ 239 *sqes = luringcb->sqeq; 240 QSIMPLEQ_REMOVE_HEAD(&s->io_q.submit_queue, next); 241 } 242 ret = io_uring_submit(&s->ring); 243 trace_luring_io_uring_submit(s, ret); 244 /* Prevent infinite loop if submission is refused */ 245 if (ret <= 0) { 246 if (ret == -EAGAIN || ret == -EINTR) { 247 continue; 248 } 249 break; 250 } 251 s->io_q.in_flight += ret; 252 s->io_q.in_queue -= ret; 253 } 254 s->io_q.blocked = (s->io_q.in_queue > 0); 255 256 if (s->io_q.in_flight) { 257 /* 258 * We can try to complete something just right away if there are 259 * still requests in-flight. 260 */ 261 luring_process_completions(s); 262 } 263 return ret; 264 } 265 266 static void luring_process_completions_and_submit(LuringState *s) 267 { 268 luring_process_completions(s); 269 270 if (!s->io_q.plugged && s->io_q.in_queue > 0) { 271 ioq_submit(s); 272 } 273 } 274 275 static void qemu_luring_completion_bh(void *opaque) 276 { 277 LuringState *s = opaque; 278 luring_process_completions_and_submit(s); 279 } 280 281 static void qemu_luring_completion_cb(void *opaque) 282 { 283 LuringState *s = opaque; 284 luring_process_completions_and_submit(s); 285 } 286 287 static bool qemu_luring_poll_cb(void *opaque) 288 { 289 LuringState *s = opaque; 290 291 return io_uring_cq_ready(&s->ring); 292 } 293 294 static void qemu_luring_poll_ready(void *opaque) 295 { 296 LuringState *s = opaque; 297 298 luring_process_completions_and_submit(s); 299 } 300 301 static void ioq_init(LuringQueue *io_q) 302 { 303 QSIMPLEQ_INIT(&io_q->submit_queue); 304 io_q->plugged = 0; 305 io_q->in_queue = 0; 306 io_q->in_flight = 0; 307 io_q->blocked = false; 308 } 309 310 void luring_io_plug(void) 311 { 312 AioContext *ctx = qemu_get_current_aio_context(); 313 LuringState *s = aio_get_linux_io_uring(ctx); 314 trace_luring_io_plug(s); 315 s->io_q.plugged++; 316 } 317 318 void luring_io_unplug(void) 319 { 320 AioContext *ctx = qemu_get_current_aio_context(); 321 LuringState *s = aio_get_linux_io_uring(ctx); 322 assert(s->io_q.plugged); 323 trace_luring_io_unplug(s, s->io_q.blocked, s->io_q.plugged, 324 s->io_q.in_queue, s->io_q.in_flight); 325 if (--s->io_q.plugged == 0 && 326 !s->io_q.blocked && s->io_q.in_queue > 0) { 327 ioq_submit(s); 328 } 329 } 330 331 /** 332 * luring_do_submit: 333 * @fd: file descriptor for I/O 334 * @luringcb: AIO control block 335 * @s: AIO state 336 * @offset: offset for request 337 * @type: type of request 338 * 339 * Fetches sqes from ring, adds to pending queue and preps them 340 * 341 */ 342 static int luring_do_submit(int fd, LuringAIOCB *luringcb, LuringState *s, 343 uint64_t offset, int type) 344 { 345 int ret; 346 struct io_uring_sqe *sqes = &luringcb->sqeq; 347 348 switch (type) { 349 case QEMU_AIO_WRITE: 350 io_uring_prep_writev(sqes, fd, luringcb->qiov->iov, 351 luringcb->qiov->niov, offset); 352 break; 353 case QEMU_AIO_ZONE_APPEND: 354 io_uring_prep_writev(sqes, fd, luringcb->qiov->iov, 355 luringcb->qiov->niov, offset); 356 break; 357 case QEMU_AIO_READ: 358 io_uring_prep_readv(sqes, fd, luringcb->qiov->iov, 359 luringcb->qiov->niov, offset); 360 break; 361 case QEMU_AIO_FLUSH: 362 io_uring_prep_fsync(sqes, fd, IORING_FSYNC_DATASYNC); 363 break; 364 default: 365 fprintf(stderr, "%s: invalid AIO request type, aborting 0x%x.\n", 366 __func__, type); 367 abort(); 368 } 369 io_uring_sqe_set_data(sqes, luringcb); 370 371 QSIMPLEQ_INSERT_TAIL(&s->io_q.submit_queue, luringcb, next); 372 s->io_q.in_queue++; 373 trace_luring_do_submit(s, s->io_q.blocked, s->io_q.plugged, 374 s->io_q.in_queue, s->io_q.in_flight); 375 if (!s->io_q.blocked && 376 (!s->io_q.plugged || 377 s->io_q.in_flight + s->io_q.in_queue >= MAX_ENTRIES)) { 378 ret = ioq_submit(s); 379 trace_luring_do_submit_done(s, ret); 380 return ret; 381 } 382 return 0; 383 } 384 385 int coroutine_fn luring_co_submit(BlockDriverState *bs, int fd, uint64_t offset, 386 QEMUIOVector *qiov, int type) 387 { 388 int ret; 389 AioContext *ctx = qemu_get_current_aio_context(); 390 LuringState *s = aio_get_linux_io_uring(ctx); 391 LuringAIOCB luringcb = { 392 .co = qemu_coroutine_self(), 393 .ret = -EINPROGRESS, 394 .qiov = qiov, 395 .is_read = (type == QEMU_AIO_READ), 396 }; 397 trace_luring_co_submit(bs, s, &luringcb, fd, offset, qiov ? qiov->size : 0, 398 type); 399 ret = luring_do_submit(fd, &luringcb, s, offset, type); 400 401 if (ret < 0) { 402 return ret; 403 } 404 405 if (luringcb.ret == -EINPROGRESS) { 406 qemu_coroutine_yield(); 407 } 408 return luringcb.ret; 409 } 410 411 void luring_detach_aio_context(LuringState *s, AioContext *old_context) 412 { 413 aio_set_fd_handler(old_context, s->ring.ring_fd, false, 414 NULL, NULL, NULL, NULL, s); 415 qemu_bh_delete(s->completion_bh); 416 s->aio_context = NULL; 417 } 418 419 void luring_attach_aio_context(LuringState *s, AioContext *new_context) 420 { 421 s->aio_context = new_context; 422 s->completion_bh = aio_bh_new(new_context, qemu_luring_completion_bh, s); 423 aio_set_fd_handler(s->aio_context, s->ring.ring_fd, false, 424 qemu_luring_completion_cb, NULL, 425 qemu_luring_poll_cb, qemu_luring_poll_ready, s); 426 } 427 428 LuringState *luring_init(Error **errp) 429 { 430 int rc; 431 LuringState *s = g_new0(LuringState, 1); 432 struct io_uring *ring = &s->ring; 433 434 trace_luring_init_state(s, sizeof(*s)); 435 436 rc = io_uring_queue_init(MAX_ENTRIES, ring, 0); 437 if (rc < 0) { 438 error_setg_errno(errp, errno, "failed to init linux io_uring ring"); 439 g_free(s); 440 return NULL; 441 } 442 443 ioq_init(&s->io_q); 444 return s; 445 446 } 447 448 void luring_cleanup(LuringState *s) 449 { 450 io_uring_queue_exit(&s->ring); 451 trace_luring_cleanup_state(s); 452 g_free(s); 453 } 454