xref: /openbmc/qemu/job.c (revision b83a80e8)
1 /*
2  * Background jobs (long-running operations)
3  *
4  * Copyright (c) 2011 IBM Corp.
5  * Copyright (c) 2012, 2018 Red Hat, Inc.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qapi/error.h"
28 #include "qemu/job.h"
29 #include "qemu/id.h"
30 #include "qemu/main-loop.h"
31 #include "block/aio-wait.h"
32 #include "trace/trace-root.h"
33 #include "qapi/qapi-events-job.h"
34 
35 static QLIST_HEAD(, Job) jobs = QLIST_HEAD_INITIALIZER(jobs);
36 
37 /* Job State Transition Table */
38 bool JobSTT[JOB_STATUS__MAX][JOB_STATUS__MAX] = {
39                                     /* U, C, R, P, Y, S, W, D, X, E, N */
40     /* U: */ [JOB_STATUS_UNDEFINED] = {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
41     /* C: */ [JOB_STATUS_CREATED]   = {0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1},
42     /* R: */ [JOB_STATUS_RUNNING]   = {0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0},
43     /* P: */ [JOB_STATUS_PAUSED]    = {0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
44     /* Y: */ [JOB_STATUS_READY]     = {0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0},
45     /* S: */ [JOB_STATUS_STANDBY]   = {0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
46     /* W: */ [JOB_STATUS_WAITING]   = {0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0},
47     /* D: */ [JOB_STATUS_PENDING]   = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0},
48     /* X: */ [JOB_STATUS_ABORTING]  = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0},
49     /* E: */ [JOB_STATUS_CONCLUDED] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1},
50     /* N: */ [JOB_STATUS_NULL]      = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
51 };
52 
53 bool JobVerbTable[JOB_VERB__MAX][JOB_STATUS__MAX] = {
54                                     /* U, C, R, P, Y, S, W, D, X, E, N */
55     [JOB_VERB_CANCEL]               = {0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0},
56     [JOB_VERB_PAUSE]                = {0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0},
57     [JOB_VERB_RESUME]               = {0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0},
58     [JOB_VERB_SET_SPEED]            = {0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0},
59     [JOB_VERB_COMPLETE]             = {0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0},
60     [JOB_VERB_FINALIZE]             = {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
61     [JOB_VERB_DISMISS]              = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0},
62 };
63 
64 /* Transactional group of jobs */
65 struct JobTxn {
66 
67     /* Is this txn being cancelled? */
68     bool aborting;
69 
70     /* List of jobs */
71     QLIST_HEAD(, Job) jobs;
72 
73     /* Reference count */
74     int refcnt;
75 };
76 
77 /* Right now, this mutex is only needed to synchronize accesses to job->busy
78  * and job->sleep_timer, such as concurrent calls to job_do_yield and
79  * job_enter. */
80 static QemuMutex job_mutex;
81 
82 static void job_lock(void)
83 {
84     qemu_mutex_lock(&job_mutex);
85 }
86 
87 static void job_unlock(void)
88 {
89     qemu_mutex_unlock(&job_mutex);
90 }
91 
92 static void __attribute__((__constructor__)) job_init(void)
93 {
94     qemu_mutex_init(&job_mutex);
95 }
96 
97 JobTxn *job_txn_new(void)
98 {
99     JobTxn *txn = g_new0(JobTxn, 1);
100     QLIST_INIT(&txn->jobs);
101     txn->refcnt = 1;
102     return txn;
103 }
104 
105 static void job_txn_ref(JobTxn *txn)
106 {
107     txn->refcnt++;
108 }
109 
110 void job_txn_unref(JobTxn *txn)
111 {
112     if (txn && --txn->refcnt == 0) {
113         g_free(txn);
114     }
115 }
116 
117 void job_txn_add_job(JobTxn *txn, Job *job)
118 {
119     if (!txn) {
120         return;
121     }
122 
123     assert(!job->txn);
124     job->txn = txn;
125 
126     QLIST_INSERT_HEAD(&txn->jobs, job, txn_list);
127     job_txn_ref(txn);
128 }
129 
130 static void job_txn_del_job(Job *job)
131 {
132     if (job->txn) {
133         QLIST_REMOVE(job, txn_list);
134         job_txn_unref(job->txn);
135         job->txn = NULL;
136     }
137 }
138 
139 static int job_txn_apply(Job *job, int fn(Job *))
140 {
141     AioContext *inner_ctx;
142     Job *other_job, *next;
143     JobTxn *txn = job->txn;
144     int rc = 0;
145 
146     /*
147      * Similar to job_completed_txn_abort, we take each job's lock before
148      * applying fn, but since we assume that outer_ctx is held by the caller,
149      * we need to release it here to avoid holding the lock twice - which would
150      * break AIO_WAIT_WHILE from within fn.
151      */
152     job_ref(job);
153     aio_context_release(job->aio_context);
154 
155     QLIST_FOREACH_SAFE(other_job, &txn->jobs, txn_list, next) {
156         inner_ctx = other_job->aio_context;
157         aio_context_acquire(inner_ctx);
158         rc = fn(other_job);
159         aio_context_release(inner_ctx);
160         if (rc) {
161             break;
162         }
163     }
164 
165     /*
166      * Note that job->aio_context might have been changed by calling fn, so we
167      * can't use a local variable to cache it.
168      */
169     aio_context_acquire(job->aio_context);
170     job_unref(job);
171     return rc;
172 }
173 
174 bool job_is_internal(Job *job)
175 {
176     return (job->id == NULL);
177 }
178 
179 static void job_state_transition(Job *job, JobStatus s1)
180 {
181     JobStatus s0 = job->status;
182     assert(s1 >= 0 && s1 < JOB_STATUS__MAX);
183     trace_job_state_transition(job, job->ret,
184                                JobSTT[s0][s1] ? "allowed" : "disallowed",
185                                JobStatus_str(s0), JobStatus_str(s1));
186     assert(JobSTT[s0][s1]);
187     job->status = s1;
188 
189     if (!job_is_internal(job) && s1 != s0) {
190         qapi_event_send_job_status_change(job->id, job->status);
191     }
192 }
193 
194 int job_apply_verb(Job *job, JobVerb verb, Error **errp)
195 {
196     JobStatus s0 = job->status;
197     assert(verb >= 0 && verb < JOB_VERB__MAX);
198     trace_job_apply_verb(job, JobStatus_str(s0), JobVerb_str(verb),
199                          JobVerbTable[verb][s0] ? "allowed" : "prohibited");
200     if (JobVerbTable[verb][s0]) {
201         return 0;
202     }
203     error_setg(errp, "Job '%s' in state '%s' cannot accept command verb '%s'",
204                job->id, JobStatus_str(s0), JobVerb_str(verb));
205     return -EPERM;
206 }
207 
208 JobType job_type(const Job *job)
209 {
210     return job->driver->job_type;
211 }
212 
213 const char *job_type_str(const Job *job)
214 {
215     return JobType_str(job_type(job));
216 }
217 
218 bool job_is_cancelled(Job *job)
219 {
220     /* force_cancel may be true only if cancelled is true, too */
221     assert(job->cancelled || !job->force_cancel);
222     return job->force_cancel;
223 }
224 
225 bool job_cancel_requested(Job *job)
226 {
227     return job->cancelled;
228 }
229 
230 bool job_is_ready(Job *job)
231 {
232     switch (job->status) {
233     case JOB_STATUS_UNDEFINED:
234     case JOB_STATUS_CREATED:
235     case JOB_STATUS_RUNNING:
236     case JOB_STATUS_PAUSED:
237     case JOB_STATUS_WAITING:
238     case JOB_STATUS_PENDING:
239     case JOB_STATUS_ABORTING:
240     case JOB_STATUS_CONCLUDED:
241     case JOB_STATUS_NULL:
242         return false;
243     case JOB_STATUS_READY:
244     case JOB_STATUS_STANDBY:
245         return true;
246     default:
247         g_assert_not_reached();
248     }
249     return false;
250 }
251 
252 bool job_is_completed(Job *job)
253 {
254     switch (job->status) {
255     case JOB_STATUS_UNDEFINED:
256     case JOB_STATUS_CREATED:
257     case JOB_STATUS_RUNNING:
258     case JOB_STATUS_PAUSED:
259     case JOB_STATUS_READY:
260     case JOB_STATUS_STANDBY:
261         return false;
262     case JOB_STATUS_WAITING:
263     case JOB_STATUS_PENDING:
264     case JOB_STATUS_ABORTING:
265     case JOB_STATUS_CONCLUDED:
266     case JOB_STATUS_NULL:
267         return true;
268     default:
269         g_assert_not_reached();
270     }
271     return false;
272 }
273 
274 static bool job_started(Job *job)
275 {
276     return job->co;
277 }
278 
279 static bool job_should_pause(Job *job)
280 {
281     return job->pause_count > 0;
282 }
283 
284 Job *job_next(Job *job)
285 {
286     if (!job) {
287         return QLIST_FIRST(&jobs);
288     }
289     return QLIST_NEXT(job, job_list);
290 }
291 
292 Job *job_get(const char *id)
293 {
294     Job *job;
295 
296     QLIST_FOREACH(job, &jobs, job_list) {
297         if (job->id && !strcmp(id, job->id)) {
298             return job;
299         }
300     }
301 
302     return NULL;
303 }
304 
305 static void job_sleep_timer_cb(void *opaque)
306 {
307     Job *job = opaque;
308 
309     job_enter(job);
310 }
311 
312 void *job_create(const char *job_id, const JobDriver *driver, JobTxn *txn,
313                  AioContext *ctx, int flags, BlockCompletionFunc *cb,
314                  void *opaque, Error **errp)
315 {
316     Job *job;
317 
318     if (job_id) {
319         if (flags & JOB_INTERNAL) {
320             error_setg(errp, "Cannot specify job ID for internal job");
321             return NULL;
322         }
323         if (!id_wellformed(job_id)) {
324             error_setg(errp, "Invalid job ID '%s'", job_id);
325             return NULL;
326         }
327         if (job_get(job_id)) {
328             error_setg(errp, "Job ID '%s' already in use", job_id);
329             return NULL;
330         }
331     } else if (!(flags & JOB_INTERNAL)) {
332         error_setg(errp, "An explicit job ID is required");
333         return NULL;
334     }
335 
336     job = g_malloc0(driver->instance_size);
337     job->driver        = driver;
338     job->id            = g_strdup(job_id);
339     job->refcnt        = 1;
340     job->aio_context   = ctx;
341     job->busy          = false;
342     job->paused        = true;
343     job->pause_count   = 1;
344     job->auto_finalize = !(flags & JOB_MANUAL_FINALIZE);
345     job->auto_dismiss  = !(flags & JOB_MANUAL_DISMISS);
346     job->cb            = cb;
347     job->opaque        = opaque;
348 
349     progress_init(&job->progress);
350 
351     notifier_list_init(&job->on_finalize_cancelled);
352     notifier_list_init(&job->on_finalize_completed);
353     notifier_list_init(&job->on_pending);
354     notifier_list_init(&job->on_ready);
355     notifier_list_init(&job->on_idle);
356 
357     job_state_transition(job, JOB_STATUS_CREATED);
358     aio_timer_init(qemu_get_aio_context(), &job->sleep_timer,
359                    QEMU_CLOCK_REALTIME, SCALE_NS,
360                    job_sleep_timer_cb, job);
361 
362     QLIST_INSERT_HEAD(&jobs, job, job_list);
363 
364     /* Single jobs are modeled as single-job transactions for sake of
365      * consolidating the job management logic */
366     if (!txn) {
367         txn = job_txn_new();
368         job_txn_add_job(txn, job);
369         job_txn_unref(txn);
370     } else {
371         job_txn_add_job(txn, job);
372     }
373 
374     return job;
375 }
376 
377 void job_ref(Job *job)
378 {
379     ++job->refcnt;
380 }
381 
382 void job_unref(Job *job)
383 {
384     if (--job->refcnt == 0) {
385         assert(job->status == JOB_STATUS_NULL);
386         assert(!timer_pending(&job->sleep_timer));
387         assert(!job->txn);
388 
389         if (job->driver->free) {
390             job->driver->free(job);
391         }
392 
393         QLIST_REMOVE(job, job_list);
394 
395         progress_destroy(&job->progress);
396         error_free(job->err);
397         g_free(job->id);
398         g_free(job);
399     }
400 }
401 
402 void job_progress_update(Job *job, uint64_t done)
403 {
404     progress_work_done(&job->progress, done);
405 }
406 
407 void job_progress_set_remaining(Job *job, uint64_t remaining)
408 {
409     progress_set_remaining(&job->progress, remaining);
410 }
411 
412 void job_progress_increase_remaining(Job *job, uint64_t delta)
413 {
414     progress_increase_remaining(&job->progress, delta);
415 }
416 
417 void job_event_cancelled(Job *job)
418 {
419     notifier_list_notify(&job->on_finalize_cancelled, job);
420 }
421 
422 void job_event_completed(Job *job)
423 {
424     notifier_list_notify(&job->on_finalize_completed, job);
425 }
426 
427 static void job_event_pending(Job *job)
428 {
429     notifier_list_notify(&job->on_pending, job);
430 }
431 
432 static void job_event_ready(Job *job)
433 {
434     notifier_list_notify(&job->on_ready, job);
435 }
436 
437 static void job_event_idle(Job *job)
438 {
439     notifier_list_notify(&job->on_idle, job);
440 }
441 
442 void job_enter_cond(Job *job, bool(*fn)(Job *job))
443 {
444     if (!job_started(job)) {
445         return;
446     }
447     if (job->deferred_to_main_loop) {
448         return;
449     }
450 
451     job_lock();
452     if (job->busy) {
453         job_unlock();
454         return;
455     }
456 
457     if (fn && !fn(job)) {
458         job_unlock();
459         return;
460     }
461 
462     assert(!job->deferred_to_main_loop);
463     timer_del(&job->sleep_timer);
464     job->busy = true;
465     job_unlock();
466     aio_co_enter(job->aio_context, job->co);
467 }
468 
469 void job_enter(Job *job)
470 {
471     job_enter_cond(job, NULL);
472 }
473 
474 /* Yield, and schedule a timer to reenter the coroutine after @ns nanoseconds.
475  * Reentering the job coroutine with job_enter() before the timer has expired
476  * is allowed and cancels the timer.
477  *
478  * If @ns is (uint64_t) -1, no timer is scheduled and job_enter() must be
479  * called explicitly. */
480 static void coroutine_fn job_do_yield(Job *job, uint64_t ns)
481 {
482     job_lock();
483     if (ns != -1) {
484         timer_mod(&job->sleep_timer, ns);
485     }
486     job->busy = false;
487     job_event_idle(job);
488     job_unlock();
489     qemu_coroutine_yield();
490 
491     /* Set by job_enter_cond() before re-entering the coroutine.  */
492     assert(job->busy);
493 }
494 
495 void coroutine_fn job_pause_point(Job *job)
496 {
497     assert(job && job_started(job));
498 
499     if (!job_should_pause(job)) {
500         return;
501     }
502     if (job_is_cancelled(job)) {
503         return;
504     }
505 
506     if (job->driver->pause) {
507         job->driver->pause(job);
508     }
509 
510     if (job_should_pause(job) && !job_is_cancelled(job)) {
511         JobStatus status = job->status;
512         job_state_transition(job, status == JOB_STATUS_READY
513                                   ? JOB_STATUS_STANDBY
514                                   : JOB_STATUS_PAUSED);
515         job->paused = true;
516         job_do_yield(job, -1);
517         job->paused = false;
518         job_state_transition(job, status);
519     }
520 
521     if (job->driver->resume) {
522         job->driver->resume(job);
523     }
524 }
525 
526 void job_yield(Job *job)
527 {
528     assert(job->busy);
529 
530     /* Check cancellation *before* setting busy = false, too!  */
531     if (job_is_cancelled(job)) {
532         return;
533     }
534 
535     if (!job_should_pause(job)) {
536         job_do_yield(job, -1);
537     }
538 
539     job_pause_point(job);
540 }
541 
542 void coroutine_fn job_sleep_ns(Job *job, int64_t ns)
543 {
544     assert(job->busy);
545 
546     /* Check cancellation *before* setting busy = false, too!  */
547     if (job_is_cancelled(job)) {
548         return;
549     }
550 
551     if (!job_should_pause(job)) {
552         job_do_yield(job, qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + ns);
553     }
554 
555     job_pause_point(job);
556 }
557 
558 /* Assumes the block_job_mutex is held */
559 static bool job_timer_not_pending(Job *job)
560 {
561     return !timer_pending(&job->sleep_timer);
562 }
563 
564 void job_pause(Job *job)
565 {
566     job->pause_count++;
567     if (!job->paused) {
568         job_enter(job);
569     }
570 }
571 
572 void job_resume(Job *job)
573 {
574     assert(job->pause_count > 0);
575     job->pause_count--;
576     if (job->pause_count) {
577         return;
578     }
579 
580     /* kick only if no timer is pending */
581     job_enter_cond(job, job_timer_not_pending);
582 }
583 
584 void job_user_pause(Job *job, Error **errp)
585 {
586     if (job_apply_verb(job, JOB_VERB_PAUSE, errp)) {
587         return;
588     }
589     if (job->user_paused) {
590         error_setg(errp, "Job is already paused");
591         return;
592     }
593     job->user_paused = true;
594     job_pause(job);
595 }
596 
597 bool job_user_paused(Job *job)
598 {
599     return job->user_paused;
600 }
601 
602 void job_user_resume(Job *job, Error **errp)
603 {
604     assert(job);
605     if (!job->user_paused || job->pause_count <= 0) {
606         error_setg(errp, "Can't resume a job that was not paused");
607         return;
608     }
609     if (job_apply_verb(job, JOB_VERB_RESUME, errp)) {
610         return;
611     }
612     if (job->driver->user_resume) {
613         job->driver->user_resume(job);
614     }
615     job->user_paused = false;
616     job_resume(job);
617 }
618 
619 static void job_do_dismiss(Job *job)
620 {
621     assert(job);
622     job->busy = false;
623     job->paused = false;
624     job->deferred_to_main_loop = true;
625 
626     job_txn_del_job(job);
627 
628     job_state_transition(job, JOB_STATUS_NULL);
629     job_unref(job);
630 }
631 
632 void job_dismiss(Job **jobptr, Error **errp)
633 {
634     Job *job = *jobptr;
635     /* similarly to _complete, this is QMP-interface only. */
636     assert(job->id);
637     if (job_apply_verb(job, JOB_VERB_DISMISS, errp)) {
638         return;
639     }
640 
641     job_do_dismiss(job);
642     *jobptr = NULL;
643 }
644 
645 void job_early_fail(Job *job)
646 {
647     assert(job->status == JOB_STATUS_CREATED);
648     job_do_dismiss(job);
649 }
650 
651 static void job_conclude(Job *job)
652 {
653     job_state_transition(job, JOB_STATUS_CONCLUDED);
654     if (job->auto_dismiss || !job_started(job)) {
655         job_do_dismiss(job);
656     }
657 }
658 
659 static void job_update_rc(Job *job)
660 {
661     if (!job->ret && job_is_cancelled(job)) {
662         job->ret = -ECANCELED;
663     }
664     if (job->ret) {
665         if (!job->err) {
666             error_setg(&job->err, "%s", strerror(-job->ret));
667         }
668         job_state_transition(job, JOB_STATUS_ABORTING);
669     }
670 }
671 
672 static void job_commit(Job *job)
673 {
674     assert(!job->ret);
675     if (job->driver->commit) {
676         job->driver->commit(job);
677     }
678 }
679 
680 static void job_abort(Job *job)
681 {
682     assert(job->ret);
683     if (job->driver->abort) {
684         job->driver->abort(job);
685     }
686 }
687 
688 static void job_clean(Job *job)
689 {
690     if (job->driver->clean) {
691         job->driver->clean(job);
692     }
693 }
694 
695 static int job_finalize_single(Job *job)
696 {
697     assert(job_is_completed(job));
698 
699     /* Ensure abort is called for late-transactional failures */
700     job_update_rc(job);
701 
702     if (!job->ret) {
703         job_commit(job);
704     } else {
705         job_abort(job);
706     }
707     job_clean(job);
708 
709     if (job->cb) {
710         job->cb(job->opaque, job->ret);
711     }
712 
713     /* Emit events only if we actually started */
714     if (job_started(job)) {
715         if (job_is_cancelled(job)) {
716             job_event_cancelled(job);
717         } else {
718             job_event_completed(job);
719         }
720     }
721 
722     job_txn_del_job(job);
723     job_conclude(job);
724     return 0;
725 }
726 
727 static void job_cancel_async(Job *job, bool force)
728 {
729     if (job->driver->cancel) {
730         force = job->driver->cancel(job, force);
731     } else {
732         /* No .cancel() means the job will behave as if force-cancelled */
733         force = true;
734     }
735 
736     if (job->user_paused) {
737         /* Do not call job_enter here, the caller will handle it.  */
738         if (job->driver->user_resume) {
739             job->driver->user_resume(job);
740         }
741         job->user_paused = false;
742         assert(job->pause_count > 0);
743         job->pause_count--;
744     }
745 
746     /*
747      * Ignore soft cancel requests after the job is already done
748      * (We will still invoke job->driver->cancel() above, but if the
749      * job driver supports soft cancelling and the job is done, that
750      * should be a no-op, too.  We still call it so it can override
751      * @force.)
752      */
753     if (force || !job->deferred_to_main_loop) {
754         job->cancelled = true;
755         /* To prevent 'force == false' overriding a previous 'force == true' */
756         job->force_cancel |= force;
757     }
758 }
759 
760 static void job_completed_txn_abort(Job *job)
761 {
762     AioContext *ctx;
763     JobTxn *txn = job->txn;
764     Job *other_job;
765 
766     if (txn->aborting) {
767         /*
768          * We are cancelled by another job, which will handle everything.
769          */
770         return;
771     }
772     txn->aborting = true;
773     job_txn_ref(txn);
774 
775     /*
776      * We can only hold the single job's AioContext lock while calling
777      * job_finalize_single() because the finalization callbacks can involve
778      * calls of AIO_WAIT_WHILE(), which could deadlock otherwise.
779      * Note that the job's AioContext may change when it is finalized.
780      */
781     job_ref(job);
782     aio_context_release(job->aio_context);
783 
784     /* Other jobs are effectively cancelled by us, set the status for
785      * them; this job, however, may or may not be cancelled, depending
786      * on the caller, so leave it. */
787     QLIST_FOREACH(other_job, &txn->jobs, txn_list) {
788         if (other_job != job) {
789             ctx = other_job->aio_context;
790             aio_context_acquire(ctx);
791             /*
792              * This is a transaction: If one job failed, no result will matter.
793              * Therefore, pass force=true to terminate all other jobs as quickly
794              * as possible.
795              */
796             job_cancel_async(other_job, true);
797             aio_context_release(ctx);
798         }
799     }
800     while (!QLIST_EMPTY(&txn->jobs)) {
801         other_job = QLIST_FIRST(&txn->jobs);
802         /*
803          * The job's AioContext may change, so store it in @ctx so we
804          * release the same context that we have acquired before.
805          */
806         ctx = other_job->aio_context;
807         aio_context_acquire(ctx);
808         if (!job_is_completed(other_job)) {
809             assert(job_cancel_requested(other_job));
810             job_finish_sync(other_job, NULL, NULL);
811         }
812         job_finalize_single(other_job);
813         aio_context_release(ctx);
814     }
815 
816     /*
817      * Use job_ref()/job_unref() so we can read the AioContext here
818      * even if the job went away during job_finalize_single().
819      */
820     aio_context_acquire(job->aio_context);
821     job_unref(job);
822 
823     job_txn_unref(txn);
824 }
825 
826 static int job_prepare(Job *job)
827 {
828     if (job->ret == 0 && job->driver->prepare) {
829         job->ret = job->driver->prepare(job);
830         job_update_rc(job);
831     }
832     return job->ret;
833 }
834 
835 static int job_needs_finalize(Job *job)
836 {
837     return !job->auto_finalize;
838 }
839 
840 static void job_do_finalize(Job *job)
841 {
842     int rc;
843     assert(job && job->txn);
844 
845     /* prepare the transaction to complete */
846     rc = job_txn_apply(job, job_prepare);
847     if (rc) {
848         job_completed_txn_abort(job);
849     } else {
850         job_txn_apply(job, job_finalize_single);
851     }
852 }
853 
854 void job_finalize(Job *job, Error **errp)
855 {
856     assert(job && job->id);
857     if (job_apply_verb(job, JOB_VERB_FINALIZE, errp)) {
858         return;
859     }
860     job_do_finalize(job);
861 }
862 
863 static int job_transition_to_pending(Job *job)
864 {
865     job_state_transition(job, JOB_STATUS_PENDING);
866     if (!job->auto_finalize) {
867         job_event_pending(job);
868     }
869     return 0;
870 }
871 
872 void job_transition_to_ready(Job *job)
873 {
874     job_state_transition(job, JOB_STATUS_READY);
875     job_event_ready(job);
876 }
877 
878 static void job_completed_txn_success(Job *job)
879 {
880     JobTxn *txn = job->txn;
881     Job *other_job;
882 
883     job_state_transition(job, JOB_STATUS_WAITING);
884 
885     /*
886      * Successful completion, see if there are other running jobs in this
887      * txn.
888      */
889     QLIST_FOREACH(other_job, &txn->jobs, txn_list) {
890         if (!job_is_completed(other_job)) {
891             return;
892         }
893         assert(other_job->ret == 0);
894     }
895 
896     job_txn_apply(job, job_transition_to_pending);
897 
898     /* If no jobs need manual finalization, automatically do so */
899     if (job_txn_apply(job, job_needs_finalize) == 0) {
900         job_do_finalize(job);
901     }
902 }
903 
904 static void job_completed(Job *job)
905 {
906     assert(job && job->txn && !job_is_completed(job));
907 
908     job_update_rc(job);
909     trace_job_completed(job, job->ret);
910     if (job->ret) {
911         job_completed_txn_abort(job);
912     } else {
913         job_completed_txn_success(job);
914     }
915 }
916 
917 /** Useful only as a type shim for aio_bh_schedule_oneshot. */
918 static void job_exit(void *opaque)
919 {
920     Job *job = (Job *)opaque;
921     AioContext *ctx;
922 
923     job_ref(job);
924     aio_context_acquire(job->aio_context);
925 
926     /* This is a lie, we're not quiescent, but still doing the completion
927      * callbacks. However, completion callbacks tend to involve operations that
928      * drain block nodes, and if .drained_poll still returned true, we would
929      * deadlock. */
930     job->busy = false;
931     job_event_idle(job);
932 
933     job_completed(job);
934 
935     /*
936      * Note that calling job_completed can move the job to a different
937      * aio_context, so we cannot cache from above. job_txn_apply takes care of
938      * acquiring the new lock, and we ref/unref to avoid job_completed freeing
939      * the job underneath us.
940      */
941     ctx = job->aio_context;
942     job_unref(job);
943     aio_context_release(ctx);
944 }
945 
946 /**
947  * All jobs must allow a pause point before entering their job proper. This
948  * ensures that jobs can be paused prior to being started, then resumed later.
949  */
950 static void coroutine_fn job_co_entry(void *opaque)
951 {
952     Job *job = opaque;
953 
954     assert(job && job->driver && job->driver->run);
955     job_pause_point(job);
956     job->ret = job->driver->run(job, &job->err);
957     job->deferred_to_main_loop = true;
958     job->busy = true;
959     aio_bh_schedule_oneshot(qemu_get_aio_context(), job_exit, job);
960 }
961 
962 void job_start(Job *job)
963 {
964     assert(job && !job_started(job) && job->paused &&
965            job->driver && job->driver->run);
966     job->co = qemu_coroutine_create(job_co_entry, job);
967     job->pause_count--;
968     job->busy = true;
969     job->paused = false;
970     job_state_transition(job, JOB_STATUS_RUNNING);
971     aio_co_enter(job->aio_context, job->co);
972 }
973 
974 void job_cancel(Job *job, bool force)
975 {
976     if (job->status == JOB_STATUS_CONCLUDED) {
977         job_do_dismiss(job);
978         return;
979     }
980     job_cancel_async(job, force);
981     if (!job_started(job)) {
982         job_completed(job);
983     } else if (job->deferred_to_main_loop) {
984         /*
985          * job_cancel_async() ignores soft-cancel requests for jobs
986          * that are already done (i.e. deferred to the main loop).  We
987          * have to check again whether the job is really cancelled.
988          * (job_cancel_requested() and job_is_cancelled() are equivalent
989          * here, because job_cancel_async() will make soft-cancel
990          * requests no-ops when deferred_to_main_loop is true.  We
991          * choose to call job_is_cancelled() to show that we invoke
992          * job_completed_txn_abort() only for force-cancelled jobs.)
993          */
994         if (job_is_cancelled(job)) {
995             job_completed_txn_abort(job);
996         }
997     } else {
998         job_enter(job);
999     }
1000 }
1001 
1002 void job_user_cancel(Job *job, bool force, Error **errp)
1003 {
1004     if (job_apply_verb(job, JOB_VERB_CANCEL, errp)) {
1005         return;
1006     }
1007     job_cancel(job, force);
1008 }
1009 
1010 /* A wrapper around job_cancel() taking an Error ** parameter so it may be
1011  * used with job_finish_sync() without the need for (rather nasty) function
1012  * pointer casts there. */
1013 static void job_cancel_err(Job *job, Error **errp)
1014 {
1015     job_cancel(job, false);
1016 }
1017 
1018 /**
1019  * Same as job_cancel_err(), but force-cancel.
1020  */
1021 static void job_force_cancel_err(Job *job, Error **errp)
1022 {
1023     job_cancel(job, true);
1024 }
1025 
1026 int job_cancel_sync(Job *job, bool force)
1027 {
1028     if (force) {
1029         return job_finish_sync(job, &job_force_cancel_err, NULL);
1030     } else {
1031         return job_finish_sync(job, &job_cancel_err, NULL);
1032     }
1033 }
1034 
1035 void job_cancel_sync_all(void)
1036 {
1037     Job *job;
1038     AioContext *aio_context;
1039 
1040     while ((job = job_next(NULL))) {
1041         aio_context = job->aio_context;
1042         aio_context_acquire(aio_context);
1043         job_cancel_sync(job, true);
1044         aio_context_release(aio_context);
1045     }
1046 }
1047 
1048 int job_complete_sync(Job *job, Error **errp)
1049 {
1050     return job_finish_sync(job, job_complete, errp);
1051 }
1052 
1053 void job_complete(Job *job, Error **errp)
1054 {
1055     /* Should not be reachable via external interface for internal jobs */
1056     assert(job->id);
1057     if (job_apply_verb(job, JOB_VERB_COMPLETE, errp)) {
1058         return;
1059     }
1060     if (job_cancel_requested(job) || !job->driver->complete) {
1061         error_setg(errp, "The active block job '%s' cannot be completed",
1062                    job->id);
1063         return;
1064     }
1065 
1066     job->driver->complete(job, errp);
1067 }
1068 
1069 int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
1070 {
1071     Error *local_err = NULL;
1072     int ret;
1073 
1074     job_ref(job);
1075 
1076     if (finish) {
1077         finish(job, &local_err);
1078     }
1079     if (local_err) {
1080         error_propagate(errp, local_err);
1081         job_unref(job);
1082         return -EBUSY;
1083     }
1084 
1085     AIO_WAIT_WHILE(job->aio_context,
1086                    (job_enter(job), !job_is_completed(job)));
1087 
1088     ret = (job_is_cancelled(job) && job->ret == 0) ? -ECANCELED : job->ret;
1089     job_unref(job);
1090     return ret;
1091 }
1092