jcs.org / qemu
qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio
fork atom

aio-posix: don't duplicate fd handler deletion in fdmon_io_uring_destroy()

The io_uring file descriptor monitoring implementation has an internal
list of fd handlers that are pending submission to io_uring.
fdmon_io_uring_destroy() deletes all fd handlers on the list.

Don't delete fd handlers directly in fdmon_io_uring_destroy() for two
reasons:
1. This duplicates the aio-posix.c AioHandler deletion code and could
become outdated if the struct changes.
2. Only handlers with the FDMON_IO_URING_REMOVE flag set are safe to
remove. If the flag is not set then something still has a pointer to
the fd handler. Let aio-posix.c and its user worry about that. In
practice this isn't an issue because fdmon_io_uring_destroy() is only
called when shutting down so all users have removed their fd
handlers, but the next patch will need this!

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Oleksandr Natalenko <oleksandr@redhat.com>
Message-id: 20200511183630.279750-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Stefan Hajnoczi de137e44 6fb5f084

+11 -3
+1
util/aio-posix.c
··· 679 679 { 680 680 fdmon_io_uring_destroy(ctx); 681 681 fdmon_epoll_disable(ctx); 682 + aio_free_deleted_handlers(ctx); 682 683 } 683 684 684 685 void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
+10 -3
util/fdmon-io_uring.c
··· 342 342 343 343 io_uring_queue_exit(&ctx->fdmon_io_uring); 344 344 345 - /* No need to submit these anymore, just free them. */ 345 + /* Move handlers due to be removed onto the deleted list */ 346 346 while ((node = QSLIST_FIRST_RCU(&ctx->submit_list))) { 347 + unsigned flags = atomic_fetch_and(&node->flags, 348 + ~(FDMON_IO_URING_PENDING | 349 + FDMON_IO_URING_ADD | 350 + FDMON_IO_URING_REMOVE)); 351 + 352 + if (flags & FDMON_IO_URING_REMOVE) { 353 + QLIST_INSERT_HEAD_RCU(&ctx->deleted_aio_handlers, node, node_deleted); 354 + } 355 + 347 356 QSLIST_REMOVE_HEAD_RCU(&ctx->submit_list, node_submitted); 348 - QLIST_REMOVE(node, node); 349 - g_free(node); 350 357 } 351 358 352 359 ctx->fdmon_ops = &fdmon_poll_ops;