xref: /openbmc/qemu/block/linux-aio.c (revision 7f709ce7)
1 /*
2  * Linux native AIO support.
3  *
4  * Copyright (C) 2009 IBM, Corp.
5  * Copyright (C) 2009 Red Hat, Inc.
6  *
7  * This work is licensed under the terms of the GNU GPL, version 2 or later.
8  * See the COPYING file in the top-level directory.
9  */
10 #include "qemu/osdep.h"
11 #include "qemu-common.h"
12 #include "block/aio.h"
13 #include "qemu/queue.h"
14 #include "block/block.h"
15 #include "block/raw-aio.h"
16 #include "qemu/event_notifier.h"
17 #include "qemu/coroutine.h"
18 
19 #include <libaio.h>
20 
21 /*
22  * Queue size (per-device).
23  *
24  * XXX: eventually we need to communicate this to the guest and/or make it
25  *      tunable by the guest.  If we get more outstanding requests at a time
26  *      than this we will get EAGAIN from io_submit which is communicated to
27  *      the guest as an I/O error.
28  */
29 #define MAX_EVENTS 128
30 
31 struct qemu_laiocb {
32     BlockAIOCB common;
33     Coroutine *co;
34     LinuxAioState *ctx;
35     struct iocb iocb;
36     ssize_t ret;
37     size_t nbytes;
38     QEMUIOVector *qiov;
39     bool is_read;
40     QSIMPLEQ_ENTRY(qemu_laiocb) next;
41 };
42 
43 typedef struct {
44     int plugged;
45     unsigned int in_queue;
46     unsigned int in_flight;
47     bool blocked;
48     QSIMPLEQ_HEAD(, qemu_laiocb) pending;
49 } LaioQueue;
50 
51 struct LinuxAioState {
52     AioContext *aio_context;
53 
54     io_context_t ctx;
55     EventNotifier e;
56 
57     /* io queue for submit at batch.  Protected by AioContext lock. */
58     LaioQueue io_q;
59 
60     /* I/O completion processing.  Only runs in I/O thread.  */
61     QEMUBH *completion_bh;
62     int event_idx;
63     int event_max;
64 };
65 
66 static void ioq_submit(LinuxAioState *s);
67 
68 static inline ssize_t io_event_ret(struct io_event *ev)
69 {
70     return (ssize_t)(((uint64_t)ev->res2 << 32) | ev->res);
71 }
72 
73 /*
74  * Completes an AIO request (calls the callback and frees the ACB).
75  */
76 static void qemu_laio_process_completion(struct qemu_laiocb *laiocb)
77 {
78     int ret;
79 
80     ret = laiocb->ret;
81     if (ret != -ECANCELED) {
82         if (ret == laiocb->nbytes) {
83             ret = 0;
84         } else if (ret >= 0) {
85             /* Short reads mean EOF, pad with zeros. */
86             if (laiocb->is_read) {
87                 qemu_iovec_memset(laiocb->qiov, ret, 0,
88                     laiocb->qiov->size - ret);
89             } else {
90                 ret = -ENOSPC;
91             }
92         }
93     }
94 
95     laiocb->ret = ret;
96     if (laiocb->co) {
97         /* If the coroutine is already entered it must be in ioq_submit() and
98          * will notice laio->ret has been filled in when it eventually runs
99          * later.  Coroutines cannot be entered recursively so avoid doing
100          * that!
101          */
102         if (!qemu_coroutine_entered(laiocb->co)) {
103             aio_co_wake(laiocb->co);
104         }
105     } else {
106         laiocb->common.cb(laiocb->common.opaque, ret);
107         qemu_aio_unref(laiocb);
108     }
109 }
110 
111 /**
112  * aio_ring buffer which is shared between userspace and kernel.
113  *
114  * This copied from linux/fs/aio.c, common header does not exist
115  * but AIO exists for ages so we assume ABI is stable.
116  */
117 struct aio_ring {
118     unsigned    id;    /* kernel internal index number */
119     unsigned    nr;    /* number of io_events */
120     unsigned    head;  /* Written to by userland or by kernel. */
121     unsigned    tail;
122 
123     unsigned    magic;
124     unsigned    compat_features;
125     unsigned    incompat_features;
126     unsigned    header_length;  /* size of aio_ring */
127 
128     struct io_event io_events[0];
129 };
130 
131 /**
132  * io_getevents_peek:
133  * @ctx: AIO context
134  * @events: pointer on events array, output value
135 
136  * Returns the number of completed events and sets a pointer
137  * on events array.  This function does not update the internal
138  * ring buffer, only reads head and tail.  When @events has been
139  * processed io_getevents_commit() must be called.
140  */
141 static inline unsigned int io_getevents_peek(io_context_t ctx,
142                                              struct io_event **events)
143 {
144     struct aio_ring *ring = (struct aio_ring *)ctx;
145     unsigned int head = ring->head, tail = ring->tail;
146     unsigned int nr;
147 
148     nr = tail >= head ? tail - head : ring->nr - head;
149     *events = ring->io_events + head;
150     /* To avoid speculative loads of s->events[i] before observing tail.
151        Paired with smp_wmb() inside linux/fs/aio.c: aio_complete(). */
152     smp_rmb();
153 
154     return nr;
155 }
156 
157 /**
158  * io_getevents_commit:
159  * @ctx: AIO context
160  * @nr: the number of events on which head should be advanced
161  *
162  * Advances head of a ring buffer.
163  */
164 static inline void io_getevents_commit(io_context_t ctx, unsigned int nr)
165 {
166     struct aio_ring *ring = (struct aio_ring *)ctx;
167 
168     if (nr) {
169         ring->head = (ring->head + nr) % ring->nr;
170     }
171 }
172 
173 /**
174  * io_getevents_advance_and_peek:
175  * @ctx: AIO context
176  * @events: pointer on events array, output value
177  * @nr: the number of events on which head should be advanced
178  *
179  * Advances head of a ring buffer and returns number of elements left.
180  */
181 static inline unsigned int
182 io_getevents_advance_and_peek(io_context_t ctx,
183                               struct io_event **events,
184                               unsigned int nr)
185 {
186     io_getevents_commit(ctx, nr);
187     return io_getevents_peek(ctx, events);
188 }
189 
190 /**
191  * qemu_laio_process_completions:
192  * @s: AIO state
193  *
194  * Fetches completed I/O requests and invokes their callbacks.
195  *
196  * The function is somewhat tricky because it supports nested event loops, for
197  * example when a request callback invokes aio_poll().  In order to do this,
198  * indices are kept in LinuxAioState.  Function schedules BH completion so it
199  * can be called again in a nested event loop.  When there are no events left
200  * to complete the BH is being canceled.
201  */
202 static void qemu_laio_process_completions(LinuxAioState *s)
203 {
204     struct io_event *events;
205 
206     /* Reschedule so nested event loops see currently pending completions */
207     qemu_bh_schedule(s->completion_bh);
208 
209     while ((s->event_max = io_getevents_advance_and_peek(s->ctx, &events,
210                                                          s->event_idx))) {
211         for (s->event_idx = 0; s->event_idx < s->event_max; ) {
212             struct iocb *iocb = events[s->event_idx].obj;
213             struct qemu_laiocb *laiocb =
214                 container_of(iocb, struct qemu_laiocb, iocb);
215 
216             laiocb->ret = io_event_ret(&events[s->event_idx]);
217 
218             /* Change counters one-by-one because we can be nested. */
219             s->io_q.in_flight--;
220             s->event_idx++;
221             qemu_laio_process_completion(laiocb);
222         }
223     }
224 
225     qemu_bh_cancel(s->completion_bh);
226 
227     /* If we are nested we have to notify the level above that we are done
228      * by setting event_max to zero, upper level will then jump out of it's
229      * own `for` loop.  If we are the last all counters droped to zero. */
230     s->event_max = 0;
231     s->event_idx = 0;
232 }
233 
234 static void qemu_laio_process_completions_and_submit(LinuxAioState *s)
235 {
236     qemu_laio_process_completions(s);
237 
238     aio_context_acquire(s->aio_context);
239     if (!s->io_q.plugged && !QSIMPLEQ_EMPTY(&s->io_q.pending)) {
240         ioq_submit(s);
241     }
242     aio_context_release(s->aio_context);
243 }
244 
245 static void qemu_laio_completion_bh(void *opaque)
246 {
247     LinuxAioState *s = opaque;
248 
249     qemu_laio_process_completions_and_submit(s);
250 }
251 
252 static void qemu_laio_completion_cb(EventNotifier *e)
253 {
254     LinuxAioState *s = container_of(e, LinuxAioState, e);
255 
256     if (event_notifier_test_and_clear(&s->e)) {
257         qemu_laio_process_completions_and_submit(s);
258     }
259 }
260 
261 static bool qemu_laio_poll_cb(void *opaque)
262 {
263     EventNotifier *e = opaque;
264     LinuxAioState *s = container_of(e, LinuxAioState, e);
265     struct io_event *events;
266 
267     if (!io_getevents_peek(s->ctx, &events)) {
268         return false;
269     }
270 
271     qemu_laio_process_completions_and_submit(s);
272     return true;
273 }
274 
275 static void laio_cancel(BlockAIOCB *blockacb)
276 {
277     struct qemu_laiocb *laiocb = (struct qemu_laiocb *)blockacb;
278     struct io_event event;
279     int ret;
280 
281     if (laiocb->ret != -EINPROGRESS) {
282         return;
283     }
284     ret = io_cancel(laiocb->ctx->ctx, &laiocb->iocb, &event);
285     laiocb->ret = -ECANCELED;
286     if (ret != 0) {
287         /* iocb is not cancelled, cb will be called by the event loop later */
288         return;
289     }
290 
291     laiocb->common.cb(laiocb->common.opaque, laiocb->ret);
292 }
293 
294 static const AIOCBInfo laio_aiocb_info = {
295     .aiocb_size         = sizeof(struct qemu_laiocb),
296     .cancel_async       = laio_cancel,
297 };
298 
299 static void ioq_init(LaioQueue *io_q)
300 {
301     QSIMPLEQ_INIT(&io_q->pending);
302     io_q->plugged = 0;
303     io_q->in_queue = 0;
304     io_q->in_flight = 0;
305     io_q->blocked = false;
306 }
307 
308 static void ioq_submit(LinuxAioState *s)
309 {
310     int ret, len;
311     struct qemu_laiocb *aiocb;
312     struct iocb *iocbs[MAX_EVENTS];
313     QSIMPLEQ_HEAD(, qemu_laiocb) completed;
314 
315     do {
316         if (s->io_q.in_flight >= MAX_EVENTS) {
317             break;
318         }
319         len = 0;
320         QSIMPLEQ_FOREACH(aiocb, &s->io_q.pending, next) {
321             iocbs[len++] = &aiocb->iocb;
322             if (s->io_q.in_flight + len >= MAX_EVENTS) {
323                 break;
324             }
325         }
326 
327         ret = io_submit(s->ctx, len, iocbs);
328         if (ret == -EAGAIN) {
329             break;
330         }
331         if (ret < 0) {
332             /* Fail the first request, retry the rest */
333             aiocb = QSIMPLEQ_FIRST(&s->io_q.pending);
334             QSIMPLEQ_REMOVE_HEAD(&s->io_q.pending, next);
335             s->io_q.in_queue--;
336             aiocb->ret = ret;
337             qemu_laio_process_completion(aiocb);
338             continue;
339         }
340 
341         s->io_q.in_flight += ret;
342         s->io_q.in_queue  -= ret;
343         aiocb = container_of(iocbs[ret - 1], struct qemu_laiocb, iocb);
344         QSIMPLEQ_SPLIT_AFTER(&s->io_q.pending, aiocb, next, &completed);
345     } while (ret == len && !QSIMPLEQ_EMPTY(&s->io_q.pending));
346     s->io_q.blocked = (s->io_q.in_queue > 0);
347 
348     if (s->io_q.in_flight) {
349         /* We can try to complete something just right away if there are
350          * still requests in-flight. */
351         qemu_laio_process_completions(s);
352         /*
353          * Even we have completed everything (in_flight == 0), the queue can
354          * have still pended requests (in_queue > 0).  We do not attempt to
355          * repeat submission to avoid IO hang.  The reason is simple: s->e is
356          * still set and completion callback will be called shortly and all
357          * pended requests will be submitted from there.
358          */
359     }
360 }
361 
362 void laio_io_plug(BlockDriverState *bs, LinuxAioState *s)
363 {
364     s->io_q.plugged++;
365 }
366 
367 void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s)
368 {
369     assert(s->io_q.plugged);
370     if (--s->io_q.plugged == 0 &&
371         !s->io_q.blocked && !QSIMPLEQ_EMPTY(&s->io_q.pending)) {
372         ioq_submit(s);
373     }
374 }
375 
376 static int laio_do_submit(int fd, struct qemu_laiocb *laiocb, off_t offset,
377                           int type)
378 {
379     LinuxAioState *s = laiocb->ctx;
380     struct iocb *iocbs = &laiocb->iocb;
381     QEMUIOVector *qiov = laiocb->qiov;
382 
383     switch (type) {
384     case QEMU_AIO_WRITE:
385         io_prep_pwritev(iocbs, fd, qiov->iov, qiov->niov, offset);
386 	break;
387     case QEMU_AIO_READ:
388         io_prep_preadv(iocbs, fd, qiov->iov, qiov->niov, offset);
389 	break;
390     /* Currently Linux kernel does not support other operations */
391     default:
392         fprintf(stderr, "%s: invalid AIO request type 0x%x.\n",
393                         __func__, type);
394         return -EIO;
395     }
396     io_set_eventfd(&laiocb->iocb, event_notifier_get_fd(&s->e));
397 
398     QSIMPLEQ_INSERT_TAIL(&s->io_q.pending, laiocb, next);
399     s->io_q.in_queue++;
400     if (!s->io_q.blocked &&
401         (!s->io_q.plugged ||
402          s->io_q.in_flight + s->io_q.in_queue >= MAX_EVENTS)) {
403         ioq_submit(s);
404     }
405 
406     return 0;
407 }
408 
409 int coroutine_fn laio_co_submit(BlockDriverState *bs, LinuxAioState *s, int fd,
410                                 uint64_t offset, QEMUIOVector *qiov, int type)
411 {
412     int ret;
413     struct qemu_laiocb laiocb = {
414         .co         = qemu_coroutine_self(),
415         .nbytes     = qiov->size,
416         .ctx        = s,
417         .ret        = -EINPROGRESS,
418         .is_read    = (type == QEMU_AIO_READ),
419         .qiov       = qiov,
420     };
421 
422     ret = laio_do_submit(fd, &laiocb, offset, type);
423     if (ret < 0) {
424         return ret;
425     }
426 
427     if (laiocb.ret == -EINPROGRESS) {
428         qemu_coroutine_yield();
429     }
430     return laiocb.ret;
431 }
432 
433 BlockAIOCB *laio_submit(BlockDriverState *bs, LinuxAioState *s, int fd,
434         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
435         BlockCompletionFunc *cb, void *opaque, int type)
436 {
437     struct qemu_laiocb *laiocb;
438     off_t offset = sector_num * BDRV_SECTOR_SIZE;
439     int ret;
440 
441     laiocb = qemu_aio_get(&laio_aiocb_info, bs, cb, opaque);
442     laiocb->nbytes = nb_sectors * BDRV_SECTOR_SIZE;
443     laiocb->ctx = s;
444     laiocb->ret = -EINPROGRESS;
445     laiocb->is_read = (type == QEMU_AIO_READ);
446     laiocb->qiov = qiov;
447 
448     ret = laio_do_submit(fd, laiocb, offset, type);
449     if (ret < 0) {
450         qemu_aio_unref(laiocb);
451         return NULL;
452     }
453 
454     return &laiocb->common;
455 }
456 
457 void laio_detach_aio_context(LinuxAioState *s, AioContext *old_context)
458 {
459     aio_set_event_notifier(old_context, &s->e, false, NULL, NULL);
460     qemu_bh_delete(s->completion_bh);
461     s->aio_context = NULL;
462 }
463 
464 void laio_attach_aio_context(LinuxAioState *s, AioContext *new_context)
465 {
466     s->aio_context = new_context;
467     s->completion_bh = aio_bh_new(new_context, qemu_laio_completion_bh, s);
468     aio_set_event_notifier(new_context, &s->e, false,
469                            qemu_laio_completion_cb,
470                            qemu_laio_poll_cb);
471 }
472 
473 LinuxAioState *laio_init(void)
474 {
475     LinuxAioState *s;
476 
477     s = g_malloc0(sizeof(*s));
478     if (event_notifier_init(&s->e, false) < 0) {
479         goto out_free_state;
480     }
481 
482     if (io_setup(MAX_EVENTS, &s->ctx) != 0) {
483         goto out_close_efd;
484     }
485 
486     ioq_init(&s->io_q);
487 
488     return s;
489 
490 out_close_efd:
491     event_notifier_cleanup(&s->e);
492 out_free_state:
493     g_free(s);
494     return NULL;
495 }
496 
497 void laio_cleanup(LinuxAioState *s)
498 {
499     event_notifier_cleanup(&s->e);
500 
501     if (io_destroy(s->ctx) != 0) {
502         fprintf(stderr, "%s: destroy AIO context %p failed\n",
503                         __func__, &s->ctx);
504     }
505     g_free(s);
506 }
507