xref: /openbmc/qemu/block/io_uring.c (revision c8c89a6a)
1 /*
2  * Linux io_uring support.
3  *
4  * Copyright (C) 2009 IBM, Corp.
5  * Copyright (C) 2009 Red Hat, Inc.
6  * Copyright (C) 2019 Aarushi Mehta
7  *
8  * This work is licensed under the terms of the GNU GPL, version 2 or later.
9  * See the COPYING file in the top-level directory.
10  */
11 #include "qemu/osdep.h"
12 #include <liburing.h>
13 #include "qemu-common.h"
14 #include "block/aio.h"
15 #include "qemu/queue.h"
16 #include "block/block.h"
17 #include "block/raw-aio.h"
18 #include "qemu/coroutine.h"
19 #include "qapi/error.h"
20 #include "trace.h"
21 
22 /* io_uring ring size */
23 #define MAX_ENTRIES 128
24 
25 typedef struct LuringAIOCB {
26     Coroutine *co;
27     struct io_uring_sqe sqeq;
28     ssize_t ret;
29     QEMUIOVector *qiov;
30     bool is_read;
31     QSIMPLEQ_ENTRY(LuringAIOCB) next;
32 
33     /*
34      * Buffered reads may require resubmission, see
35      * luring_resubmit_short_read().
36      */
37     int total_read;
38     QEMUIOVector resubmit_qiov;
39 } LuringAIOCB;
40 
41 typedef struct LuringQueue {
42     int plugged;
43     unsigned int in_queue;
44     unsigned int in_flight;
45     bool blocked;
46     QSIMPLEQ_HEAD(, LuringAIOCB) submit_queue;
47 } LuringQueue;
48 
49 typedef struct LuringState {
50     AioContext *aio_context;
51 
52     struct io_uring ring;
53 
54     /* io queue for submit at batch.  Protected by AioContext lock. */
55     LuringQueue io_q;
56 
57     /* I/O completion processing.  Only runs in I/O thread.  */
58     QEMUBH *completion_bh;
59 } LuringState;
60 
61 /**
62  * luring_resubmit:
63  *
64  * Resubmit a request by appending it to submit_queue.  The caller must ensure
65  * that ioq_submit() is called later so that submit_queue requests are started.
66  */
67 static void luring_resubmit(LuringState *s, LuringAIOCB *luringcb)
68 {
69     QSIMPLEQ_INSERT_TAIL(&s->io_q.submit_queue, luringcb, next);
70     s->io_q.in_queue++;
71 }
72 
73 /**
74  * luring_resubmit_short_read:
75  *
76  * Before Linux commit 9d93a3f5a0c ("io_uring: punt short reads to async
77  * context") a buffered I/O request with the start of the file range in the
78  * page cache could result in a short read.  Applications need to resubmit the
79  * remaining read request.
80  *
81  * This is a slow path but recent kernels never take it.
82  */
83 static void luring_resubmit_short_read(LuringState *s, LuringAIOCB *luringcb,
84                                        int nread)
85 {
86     QEMUIOVector *resubmit_qiov;
87     size_t remaining;
88 
89     trace_luring_resubmit_short_read(s, luringcb, nread);
90 
91     /* Update read position */
92     luringcb->total_read = nread;
93     remaining = luringcb->qiov->size - luringcb->total_read;
94 
95     /* Shorten qiov */
96     resubmit_qiov = &luringcb->resubmit_qiov;
97     if (resubmit_qiov->iov == NULL) {
98         qemu_iovec_init(resubmit_qiov, luringcb->qiov->niov);
99     } else {
100         qemu_iovec_reset(resubmit_qiov);
101     }
102     qemu_iovec_concat(resubmit_qiov, luringcb->qiov, luringcb->total_read,
103                       remaining);
104 
105     /* Update sqe */
106     luringcb->sqeq.off = nread;
107     luringcb->sqeq.addr = (__u64)(uintptr_t)luringcb->resubmit_qiov.iov;
108     luringcb->sqeq.len = luringcb->resubmit_qiov.niov;
109 
110     luring_resubmit(s, luringcb);
111 }
112 
113 /**
114  * luring_process_completions:
115  * @s: AIO state
116  *
117  * Fetches completed I/O requests, consumes cqes and invokes their callbacks
118  * The function is somewhat tricky because it supports nested event loops, for
119  * example when a request callback invokes aio_poll().
120  *
121  * Function schedules BH completion so it  can be called again in a nested
122  * event loop.  When there are no events left  to complete the BH is being
123  * canceled.
124  *
125  */
126 static void luring_process_completions(LuringState *s)
127 {
128     struct io_uring_cqe *cqes;
129     int total_bytes;
130     /*
131      * Request completion callbacks can run the nested event loop.
132      * Schedule ourselves so the nested event loop will "see" remaining
133      * completed requests and process them.  Without this, completion
134      * callbacks that wait for other requests using a nested event loop
135      * would hang forever.
136      *
137      * This workaround is needed because io_uring uses poll_wait, which
138      * is woken up when new events are added to the uring, thus polling on
139      * the same uring fd will block unless more events are received.
140      *
141      * Other leaf block drivers (drivers that access the data themselves)
142      * are networking based, so they poll sockets for data and run the
143      * correct coroutine.
144      */
145     qemu_bh_schedule(s->completion_bh);
146 
147     while (io_uring_peek_cqe(&s->ring, &cqes) == 0) {
148         LuringAIOCB *luringcb;
149         int ret;
150 
151         if (!cqes) {
152             break;
153         }
154 
155         luringcb = io_uring_cqe_get_data(cqes);
156         ret = cqes->res;
157         io_uring_cqe_seen(&s->ring, cqes);
158         cqes = NULL;
159 
160         /* Change counters one-by-one because we can be nested. */
161         s->io_q.in_flight--;
162         trace_luring_process_completion(s, luringcb, ret);
163 
164         /* total_read is non-zero only for resubmitted read requests */
165         total_bytes = ret + luringcb->total_read;
166 
167         if (ret < 0) {
168             /*
169              * Only writev/readv/fsync requests on regular files or host block
170              * devices are submitted. Therefore -EAGAIN is not expected but it's
171              * known to happen sometimes with Linux SCSI. Submit again and hope
172              * the request completes successfully.
173              *
174              * For more information, see:
175              * https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
176              *
177              * If the code is changed to submit other types of requests in the
178              * future, then this workaround may need to be extended to deal with
179              * genuine -EAGAIN results that should not be resubmitted
180              * immediately.
181              */
182             if (ret == -EINTR || ret == -EAGAIN) {
183                 luring_resubmit(s, luringcb);
184                 continue;
185             }
186         } else if (!luringcb->qiov) {
187             goto end;
188         } else if (total_bytes == luringcb->qiov->size) {
189             ret = 0;
190         /* Only read/write */
191         } else {
192             /* Short Read/Write */
193             if (luringcb->is_read) {
194                 if (ret > 0) {
195                     luring_resubmit_short_read(s, luringcb, ret);
196                     continue;
197                 } else {
198                     /* Pad with zeroes */
199                     qemu_iovec_memset(luringcb->qiov, total_bytes, 0,
200                                       luringcb->qiov->size - total_bytes);
201                     ret = 0;
202                 }
203             } else {
204                 ret = -ENOSPC;
205             }
206         }
207 end:
208         luringcb->ret = ret;
209         qemu_iovec_destroy(&luringcb->resubmit_qiov);
210 
211         /*
212          * If the coroutine is already entered it must be in ioq_submit()
213          * and will notice luringcb->ret has been filled in when it
214          * eventually runs later. Coroutines cannot be entered recursively
215          * so avoid doing that!
216          */
217         if (!qemu_coroutine_entered(luringcb->co)) {
218             aio_co_wake(luringcb->co);
219         }
220     }
221     qemu_bh_cancel(s->completion_bh);
222 }
223 
224 static int ioq_submit(LuringState *s)
225 {
226     int ret = 0;
227     LuringAIOCB *luringcb, *luringcb_next;
228 
229     while (s->io_q.in_queue > 0) {
230         /*
231          * Try to fetch sqes from the ring for requests waiting in
232          * the overflow queue
233          */
234         QSIMPLEQ_FOREACH_SAFE(luringcb, &s->io_q.submit_queue, next,
235                               luringcb_next) {
236             struct io_uring_sqe *sqes = io_uring_get_sqe(&s->ring);
237             if (!sqes) {
238                 break;
239             }
240             /* Prep sqe for submission */
241             *sqes = luringcb->sqeq;
242             QSIMPLEQ_REMOVE_HEAD(&s->io_q.submit_queue, next);
243         }
244         ret = io_uring_submit(&s->ring);
245         trace_luring_io_uring_submit(s, ret);
246         /* Prevent infinite loop if submission is refused */
247         if (ret <= 0) {
248             if (ret == -EAGAIN || ret == -EINTR) {
249                 continue;
250             }
251             break;
252         }
253         s->io_q.in_flight += ret;
254         s->io_q.in_queue  -= ret;
255     }
256     s->io_q.blocked = (s->io_q.in_queue > 0);
257 
258     if (s->io_q.in_flight) {
259         /*
260          * We can try to complete something just right away if there are
261          * still requests in-flight.
262          */
263         luring_process_completions(s);
264     }
265     return ret;
266 }
267 
268 static void luring_process_completions_and_submit(LuringState *s)
269 {
270     aio_context_acquire(s->aio_context);
271     luring_process_completions(s);
272 
273     if (!s->io_q.plugged && s->io_q.in_queue > 0) {
274         ioq_submit(s);
275     }
276     aio_context_release(s->aio_context);
277 }
278 
279 static void qemu_luring_completion_bh(void *opaque)
280 {
281     LuringState *s = opaque;
282     luring_process_completions_and_submit(s);
283 }
284 
285 static void qemu_luring_completion_cb(void *opaque)
286 {
287     LuringState *s = opaque;
288     luring_process_completions_and_submit(s);
289 }
290 
291 static bool qemu_luring_poll_cb(void *opaque)
292 {
293     LuringState *s = opaque;
294 
295     return io_uring_cq_ready(&s->ring);
296 }
297 
298 static void qemu_luring_poll_ready(void *opaque)
299 {
300     LuringState *s = opaque;
301 
302     luring_process_completions_and_submit(s);
303 }
304 
305 static void ioq_init(LuringQueue *io_q)
306 {
307     QSIMPLEQ_INIT(&io_q->submit_queue);
308     io_q->plugged = 0;
309     io_q->in_queue = 0;
310     io_q->in_flight = 0;
311     io_q->blocked = false;
312 }
313 
314 void luring_io_plug(BlockDriverState *bs, LuringState *s)
315 {
316     trace_luring_io_plug(s);
317     s->io_q.plugged++;
318 }
319 
320 void luring_io_unplug(BlockDriverState *bs, LuringState *s)
321 {
322     assert(s->io_q.plugged);
323     trace_luring_io_unplug(s, s->io_q.blocked, s->io_q.plugged,
324                            s->io_q.in_queue, s->io_q.in_flight);
325     if (--s->io_q.plugged == 0 &&
326         !s->io_q.blocked && s->io_q.in_queue > 0) {
327         ioq_submit(s);
328     }
329 }
330 
331 /**
332  * luring_do_submit:
333  * @fd: file descriptor for I/O
334  * @luringcb: AIO control block
335  * @s: AIO state
336  * @offset: offset for request
337  * @type: type of request
338  *
339  * Fetches sqes from ring, adds to pending queue and preps them
340  *
341  */
342 static int luring_do_submit(int fd, LuringAIOCB *luringcb, LuringState *s,
343                             uint64_t offset, int type)
344 {
345     int ret;
346     struct io_uring_sqe *sqes = &luringcb->sqeq;
347 
348     switch (type) {
349     case QEMU_AIO_WRITE:
350         io_uring_prep_writev(sqes, fd, luringcb->qiov->iov,
351                              luringcb->qiov->niov, offset);
352         break;
353     case QEMU_AIO_READ:
354         io_uring_prep_readv(sqes, fd, luringcb->qiov->iov,
355                             luringcb->qiov->niov, offset);
356         break;
357     case QEMU_AIO_FLUSH:
358         io_uring_prep_fsync(sqes, fd, IORING_FSYNC_DATASYNC);
359         break;
360     default:
361         fprintf(stderr, "%s: invalid AIO request type, aborting 0x%x.\n",
362                         __func__, type);
363         abort();
364     }
365     io_uring_sqe_set_data(sqes, luringcb);
366 
367     QSIMPLEQ_INSERT_TAIL(&s->io_q.submit_queue, luringcb, next);
368     s->io_q.in_queue++;
369     trace_luring_do_submit(s, s->io_q.blocked, s->io_q.plugged,
370                            s->io_q.in_queue, s->io_q.in_flight);
371     if (!s->io_q.blocked &&
372         (!s->io_q.plugged ||
373          s->io_q.in_flight + s->io_q.in_queue >= MAX_ENTRIES)) {
374         ret = ioq_submit(s);
375         trace_luring_do_submit_done(s, ret);
376         return ret;
377     }
378     return 0;
379 }
380 
381 int coroutine_fn luring_co_submit(BlockDriverState *bs, LuringState *s, int fd,
382                                   uint64_t offset, QEMUIOVector *qiov, int type)
383 {
384     int ret;
385     LuringAIOCB luringcb = {
386         .co         = qemu_coroutine_self(),
387         .ret        = -EINPROGRESS,
388         .qiov       = qiov,
389         .is_read    = (type == QEMU_AIO_READ),
390     };
391     trace_luring_co_submit(bs, s, &luringcb, fd, offset, qiov ? qiov->size : 0,
392                            type);
393     ret = luring_do_submit(fd, &luringcb, s, offset, type);
394 
395     if (ret < 0) {
396         return ret;
397     }
398 
399     if (luringcb.ret == -EINPROGRESS) {
400         qemu_coroutine_yield();
401     }
402     return luringcb.ret;
403 }
404 
405 void luring_detach_aio_context(LuringState *s, AioContext *old_context)
406 {
407     aio_set_fd_handler(old_context, s->ring.ring_fd, false,
408                        NULL, NULL, NULL, NULL, s);
409     qemu_bh_delete(s->completion_bh);
410     s->aio_context = NULL;
411 }
412 
413 void luring_attach_aio_context(LuringState *s, AioContext *new_context)
414 {
415     s->aio_context = new_context;
416     s->completion_bh = aio_bh_new(new_context, qemu_luring_completion_bh, s);
417     aio_set_fd_handler(s->aio_context, s->ring.ring_fd, false,
418                        qemu_luring_completion_cb, NULL,
419                        qemu_luring_poll_cb, qemu_luring_poll_ready, s);
420 }
421 
422 LuringState *luring_init(Error **errp)
423 {
424     int rc;
425     LuringState *s = g_new0(LuringState, 1);
426     struct io_uring *ring = &s->ring;
427 
428     trace_luring_init_state(s, sizeof(*s));
429 
430     rc = io_uring_queue_init(MAX_ENTRIES, ring, 0);
431     if (rc < 0) {
432         error_setg_errno(errp, errno, "failed to init linux io_uring ring");
433         g_free(s);
434         return NULL;
435     }
436 
437     ioq_init(&s->io_q);
438     return s;
439 
440 }
441 
442 void luring_cleanup(LuringState *s)
443 {
444     io_uring_queue_exit(&s->ring);
445     trace_luring_cleanup_state(s);
446     g_free(s);
447 }
448