{"id":2227839,"url":"http://patchwork.ozlabs.org/api/patches/2227839/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260424103917.248668-3-den@openvz.org/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260424103917.248668-3-den@openvz.org>","list_archive_url":null,"date":"2026-04-24T10:39:17","name":"[2/2] block/qcow2: fix hangup in cache_clean_timer cancellation","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"4b0c8d96ac7596c5e430fe75720a016111b7eb9c","submitter":{"id":71296,"url":"http://patchwork.ozlabs.org/api/people/71296/?format=json","name":"Denis V. Lunev\" via qemu development","email":"qemu-devel@nongnu.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260424103917.248668-3-den@openvz.org/mbox/","series":[{"id":501343,"url":"http://patchwork.ozlabs.org/api/series/501343/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=501343","date":"2026-04-24T10:39:16","name":"block: fix two missed-wakeup hangs on shutdown path","version":1,"mbox":"http://patchwork.ozlabs.org/series/501343/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2227839/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2227839/checks/","tags":{},"related":[],"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n secure) header.d=virtuozzo.com header.i=@virtuozzo.com header.a=rsa-sha256\n header.s=relay header.b=SR4mYlt8;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g28bj1sKTz1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 24 Apr 2026 20:39:45 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wGDwW-0002eS-W1; Fri, 24 Apr 2026 06:39:29 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <den@openvz.org>)\n id 1wGDwU-0002bB-AP; Fri, 24 Apr 2026 06:39:26 -0400","from relay.virtuozzo.com ([130.117.225.111])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <den@openvz.org>)\n id 1wGDwR-000201-AZ; Fri, 24 Apr 2026 06:39:26 -0400","from ch-demo-asa.virtuozzo.com ([130.117.225.8] helo=iris.sw.ru)\n by relay.virtuozzo.com with esmtp (Exim 4.96)\n (envelope-from <den@openvz.org>) id 1wGDtf-00F3Ps-2L;\n Fri, 24 Apr 2026 12:39:15 +0200"],"DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n d=virtuozzo.com; s=relay; h=MIME-Version:Message-ID:Date:Subject:From:\n Content-Type; bh=uNSdOJEhtNrcgxDuLoQOyJZjT8cwzLWmaavcB1WJkGU=; b=SR4mYlt8Juoe\n IYaRkuOOH2WVVDHdqA/tOgLy0KGLut6PTzMqkxI8jwE6MWpUujtiFMromHzfCWU6aJeqi8OHUK0wp\n e9gs1eRL/R5DiQ4W2MLSsVR0jzqecxLrhAaedURl9mXg06UyPjQBVx5wEiaSV0sUU4HEQLUhqeD2V\n qIWGzQSmAnOUC1FxbCxc1KH/gHtJGARY6ZOdttROTCqcxo/aqAczbcF3Gx+bFfDA+9aQ9SqrK5bG0\n 0nerrFqoTBc36H17sGlU5eUrNZSJ9tXRqpSlXJDrdmxyccoPC4sOB8g13XeZOQ1jzUQlj2oqp3mvK\n CazAkI0JQX57IOTQuBDqmw==;","To":"qemu-devel@nongnu.org","Cc":"qemu-block@nongnu.org, qemu-stable@nongnu.org,\n \"Denis V. Lunev\" <den@openvz.org>, Hanna Czenczek <hreitz@redhat.com>,\n Kevin Wolf <kwolf@redhat.com>","Subject":"[PATCH 2/2] block/qcow2: fix hangup in cache_clean_timer cancellation","Date":"Fri, 24 Apr 2026 12:39:17 +0200","Message-ID":"<20260424103917.248668-3-den@openvz.org>","X-Mailer":"git-send-email 2.51.0","In-Reply-To":"<20260424103917.248668-1-den@openvz.org>","References":"<20260424103917.248668-1-den@openvz.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Received-SPF":"softfail client-ip=130.117.225.111;\n envelope-from=den@openvz.org;\n helo=relay.virtuozzo.com","X-Spam_score_int":"-34","X-Spam_score":"-3.5","X-Spam_bar":"---","X-Spam_report":"(-3.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001,\n SPF_SOFTFAIL=0.665 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Reply-to":"\"Denis V. Lunev\" <den@openvz.org>","From":"\"Denis V. Lunev\" via qemu development <qemu-devel@nongnu.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"cache_clean_timer_del_and_wait() cancels the cache-cleaner coroutine\nby setting s->cache_clean_interval = 0 and calling qemu_co_sleep_wake()\nto cut short its qemu_co_sleep_ns_wakeable(). qemu_co_sleep_wake() is\nfire-and-forget: it reads w->to_wake and silently returns when it is\nNULL. A sleeper that is between two iterations -- has just released\ns->lock but has not yet set w->to_wake inside qemu_co_sleep() -- loses\nthe wake:\n\n  iothread0 timer coroutine           main thread (qcow2 close)\n  -------------------------           -------------------------\n  while-body (holding s->lock):\n    read interval = 600\n    wait_ns = 600 * NS\n    release s->lock\n                                      take s->lock\n                                      interval = 0\n                                      qemu_co_sleep_wake(w):\n                                        w->to_wake == NULL -> skip\n                                        return\n                                      qemu_co_queue_wait(exit, s->lock):\n                                        release s->lock\n                                        yield\n  qemu_co_sleep_ns_wakeable:\n    aio_timer_init(+600 s)\n    qemu_co_sleep:\n      cas scheduled NULL -> \"qsns\"\n      w->to_wake = co\n      yield  [sleeps 600 s]\n\ncache_clean_timer_del_and_wait() is now stuck waiting for\ncache_clean_timer_exit; the timer will not signal it until its\noriginal 600 s expiry fires. qcow2_close() is on the main thread\nholding BQL, so RCU, VCPUs and every iothread path that needs BQL\nstall behind it.\n\nqemu_co_sleep_wake() has always been a hint: it has no way to\nrendezvous with a sleeper still arming. Rather than mutate it (which\nwould change semantics for every other user -- mirror, stream,\nbackup), fix the caller.\n\nSplit the sleep in cache_clean_timer() into steps of at most one\nsecond and move the s->cache_clean_interval check to the top of the\nloop so it is re-evaluated under s->lock between steps. The\nloop/wait structure itself is unchanged. The stop decision is now\nmade under the same lock that the teardown caller holds to set\ncache_clean_interval = 0, so it cannot be missed.\nqemu_co_sleep_wake() is still called opportunistically to cut short\nthe current step; if it misses, the next 1 s tick catches the change.\nWorst-case cancellation latency is bounded at 1 s, independent of\ncache_clean_interval.\n\nFixes: f86dde9a15 (\"qcow2: Fix cache_clean_timer\")\nSigned-off-by: Denis V. Lunev <den@openvz.org>\nCc: Hanna Czenczek <hreitz@redhat.com>\nCc: Kevin Wolf <kwolf@redhat.com>\n---\n block/qcow2.c | 28 +++++++++++++++++-----------\n 1 file changed, 17 insertions(+), 11 deletions(-)","diff":"diff --git a/block/qcow2.c b/block/qcow2.c\nindex f6461743d2..3e249970d6 100644\n--- a/block/qcow2.c\n+++ b/block/qcow2.c\n@@ -838,24 +838,30 @@ static const char *overlap_bool_option_names[QCOW2_OL_MAX_BITNR] = {\n static void coroutine_fn cache_clean_timer(void *opaque)\n {\n     BDRVQcow2State *s = opaque;\n-    uint64_t wait_ns;\n+    uint64_t remaining_ns = 0;\n \n-    WITH_QEMU_LOCK_GUARD(&s->lock) {\n-        wait_ns = s->cache_clean_interval * NANOSECONDS_PER_SECOND;\n-    }\n-\n-    while (wait_ns > 0) {\n-        qemu_co_sleep_ns_wakeable(&s->cache_clean_timer_wake,\n-                                  QEMU_CLOCK_REALTIME, wait_ns);\n+    for (;;) {\n+        bool stop = false;\n+        uint64_t step;\n \n         WITH_QEMU_LOCK_GUARD(&s->lock) {\n-            if (s->cache_clean_interval > 0) {\n+            if (s->cache_clean_interval == 0) {\n+                stop = true;\n+            } else if (remaining_ns == 0) {\n                 qcow2_cache_clean_unused(s->l2_table_cache);\n                 qcow2_cache_clean_unused(s->refcount_block_cache);\n+                remaining_ns = s->cache_clean_interval\n+                               * (uint64_t)NANOSECONDS_PER_SECOND;\n             }\n-\n-            wait_ns = s->cache_clean_interval * NANOSECONDS_PER_SECOND;\n         }\n+        if (stop) {\n+            break;\n+        }\n+\n+        step = MIN(remaining_ns, (uint64_t)NANOSECONDS_PER_SECOND);\n+        qemu_co_sleep_ns_wakeable(&s->cache_clean_timer_wake,\n+                                  QEMU_CLOCK_REALTIME, step);\n+        remaining_ns -= step;\n     }\n \n     WITH_QEMU_LOCK_GUARD(&s->lock) {\n","prefixes":["2/2"]}