{"id":2227934,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2227934/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260424-gpu-v2-1-9fd2fc0dd1bd@rsg.ci.i.u-tokyo.ac.jp/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.1/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260424-gpu-v2-1-9fd2fc0dd1bd@rsg.ci.i.u-tokyo.ac.jp>","date":"2026-04-24T14:06:41","name":"[v2,1/2] virtio-gpu: Run reset cleanup in the same BH","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"1426eda1b08701576a01174398d29d5d4ce1ed4b","submitter":{"id":90980,"url":"http://patchwork.ozlabs.org/api/1.1/people/90980/?format=json","name":"Akihiko Odaki","email":"odaki@rsg.ci.i.u-tokyo.ac.jp"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260424-gpu-v2-1-9fd2fc0dd1bd@rsg.ci.i.u-tokyo.ac.jp/mbox/","series":[{"id":501374,"url":"http://patchwork.ozlabs.org/api/1.1/series/501374/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=501374","date":"2026-04-24T14:06:40","name":"[v2,1/2] virtio-gpu: Run reset cleanup in the same BH","version":2,"mbox":"http://patchwork.ozlabs.org/series/501374/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2227934/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2227934/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"key not found in DNS\" header.d=rsg.ci.i.u-tokyo.ac.jp\n header.i=@rsg.ci.i.u-tokyo.ac.jp header.a=rsa-sha256 header.s=rs20250326\n header.b=iKjWpbs5;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2FCj2KWfz1yD5\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 25 Apr 2026 00:07:45 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wGHBb-0002Ze-Ko; Fri, 24 Apr 2026 10:07:15 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <odaki@rsg.ci.i.u-tokyo.ac.jp>)\n id 1wGHBZ-0002Yo-BG\n for qemu-devel@nongnu.org; Fri, 24 Apr 2026 10:07:13 -0400","from www3579.sakura.ne.jp ([49.212.243.89])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <odaki@rsg.ci.i.u-tokyo.ac.jp>)\n id 1wGHBU-0007OZ-RW\n for qemu-devel@nongnu.org; Fri, 24 Apr 2026 10:07:13 -0400","from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp\n [133.11.54.205]) (authenticated bits=0)\n by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 63OE6rPb008037\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);\n Fri, 24 Apr 2026 23:06:54 +0900 (JST)\n (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp)"],"DKIM-Signature":"a=rsa-sha256; bh=3PTC2WsTND6RCdsl4wWJ5P+BEs7aCKUgDSNSWQzTsg0=;\n c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp;\n h=From:Message-Id:To:Subject:Date;\n s=rs20250326; t=1777039614; v=1;\n b=iKjWpbs58fhJZtKgFUahjFl//B4Zjdu/HFXfrZeL0bKOArFo4/RDFjW3vTh7qUik\n zqyXqxLPysdbhXr90zViIWGqZXsR34UlOjX8y56xSW/BbX20ZyjKnq3sR+Mc7Cnn\n dQiOAd8Q9HguIQuzn4EuVunjR5nfpsgIzMK/fbsg/DY7P028hIyO9syWY7GYycvl\n C6lnbbA4eOPK+V3hftrw5aEC/TVbK8K0+83FHP7bSUC0sUNu1889V8zpPHezQ2c2\n lqpz7S1M4vHVCr9EuAbQyUV6AtEf1aLBjKKlDmopQiDa8QRMKibmm7Tw/Kd2rePB\n M5ojADkC/x3X1dtZYjJhNA==","From":"Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>","Date":"Fri, 24 Apr 2026 23:06:41 +0900","Subject":"[PATCH v2 1/2] virtio-gpu: Run reset cleanup in the same BH","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"7bit","Message-Id":"<20260424-gpu-v2-1-9fd2fc0dd1bd@rsg.ci.i.u-tokyo.ac.jp>","References":"<20260424-gpu-v2-0-9fd2fc0dd1bd@rsg.ci.i.u-tokyo.ac.jp>","In-Reply-To":"<20260424-gpu-v2-0-9fd2fc0dd1bd@rsg.ci.i.u-tokyo.ac.jp>","To":"qemu-devel@nongnu.org","Cc":"=?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>,\n Dmitry Osipenko <dmitry.osipenko@collabora.com>,\n \"Michael S. Tsirkin\" <mst@redhat.com>,\n Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>","X-Mailer":"b4 0.16-dev-16047","Received-SPF":"pass client-ip=49.212.243.89;\n envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp","X-Spam_score_int":"-16","X-Spam_score":"-1.7","X-Spam_bar":"-","X-Spam_report":"(-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,\n DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=no autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"Commit a41e2d97f92b (\"virtio-gpu: reset gfx resources in main thread\")\nmade resource destruction run in the main thread, but left command and\nfence queue cleanup in virtio_gpu_reset(). When reset is initiated from\na vCPU thread, virtio_gpu_reset() schedules reset_bh and then waits with\nqemu_cond_wait_bql(), which releases the BQL while the BH is running.\n\nThat split leaves a window after reset_bh has destroyed resources and\nbefore virtio_gpu_reset() drains cmdq/fenceq. Other virtio-gpu BHs can\nrun in that window, so commands may be observed on the wrong side of the\nreset boundary:\n\n1.  vCPU thread A: Enter virtio_gpu_reset()\n2.  vCPU thread A: Schedule reset_bh\n3.  vCPU thread A: Wait in qemu_cond_wait_bql(&g->reset_cond)\n4.  vCPU thread A: Drop the BQL while waiting\n5.  vCPU thread B: Take the BQL\n6.  vCPU thread B: Queue a command\n7.  vCPU thread B: Drop the BQL\n8.  Main thread:   Take the BQL\n9.  Main thread:   Run virtio_gpu_reset_bh()\n10. Main thread:   Destroy resources\n11. Main thread:   Signal g->reset_cond\n12. Main thread:   Process the queued command\n13. Main thread:   Drop the BQL\n14. vCPU thread B: Take the BQL\n15. vCPU thread B: Queue another command\n16. vCPU thread B: Drop the BQL\n17. vCPU thread A: Take the BQL\n18. vCPU thread A: Leave qemu_cond_wait_bql(&g->reset_cond)\n19. vCPU thread A: Delete the second command from cmdq\n\nThe first command is processed as if it happened after reset, while the\nsecond command is discarded as if it happened before reset.\n\nMove cmdq/fenceq cleanup and virtio_gpu_base_reset() into reset_bh so\nall virtio-gpu reset state is updated in the same main-thread callback.\nThis keeps command processing from interleaving with a partially\ncompleted reset.\n\nSigned-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>\n---\n hw/display/virtio-gpu.c | 32 ++++++++++++++++----------------\n 1 file changed, 16 insertions(+), 16 deletions(-)","diff":"diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c\nindex b998ce8324d6..d514b548efd9 100644\n--- a/hw/display/virtio-gpu.c\n+++ b/hw/display/virtio-gpu.c\n@@ -1582,6 +1582,7 @@ static void virtio_gpu_reset_bh(void *opaque)\n {\n     VirtIOGPU *g = VIRTIO_GPU(opaque);\n     VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);\n+    struct virtio_gpu_ctrl_command *cmd;\n     struct virtio_gpu_simple_resource *res, *tmp;\n     uint32_t resource_id;\n     Error *local_err = NULL;\n@@ -1601,10 +1602,25 @@ static void virtio_gpu_reset_bh(void *opaque)\n         }\n     }\n \n+    while (!QTAILQ_EMPTY(&g->cmdq)) {\n+        cmd = QTAILQ_FIRST(&g->cmdq);\n+        QTAILQ_REMOVE(&g->cmdq, cmd, next);\n+        g_free(cmd);\n+    }\n+\n+    while (!QTAILQ_EMPTY(&g->fenceq)) {\n+        cmd = QTAILQ_FIRST(&g->fenceq);\n+        QTAILQ_REMOVE(&g->fenceq, cmd, next);\n+        g->inflight--;\n+        g_free(cmd);\n+    }\n+\n     for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {\n         dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL);\n     }\n \n+    virtio_gpu_base_reset(VIRTIO_GPU_BASE(g));\n+\n     g->reset_finished = true;\n     qemu_cond_signal(&g->reset_cond);\n }\n@@ -1612,7 +1628,6 @@ static void virtio_gpu_reset_bh(void *opaque)\n void virtio_gpu_reset(VirtIODevice *vdev)\n {\n     VirtIOGPU *g = VIRTIO_GPU(vdev);\n-    struct virtio_gpu_ctrl_command *cmd;\n \n     if (qemu_in_vcpu_thread()) {\n         g->reset_finished = false;\n@@ -1623,21 +1638,6 @@ void virtio_gpu_reset(VirtIODevice *vdev)\n     } else {\n         aio_bh_call(g->reset_bh);\n     }\n-\n-    while (!QTAILQ_EMPTY(&g->cmdq)) {\n-        cmd = QTAILQ_FIRST(&g->cmdq);\n-        QTAILQ_REMOVE(&g->cmdq, cmd, next);\n-        g_free(cmd);\n-    }\n-\n-    while (!QTAILQ_EMPTY(&g->fenceq)) {\n-        cmd = QTAILQ_FIRST(&g->fenceq);\n-        QTAILQ_REMOVE(&g->fenceq, cmd, next);\n-        g->inflight--;\n-        g_free(cmd);\n-    }\n-\n-    virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));\n }\n \n static void\n","prefixes":["v2","1/2"]}