block: Forbid bdrv_set_aio_context outside BQL

Even if the caller has both the old and the new AioContext's, there can
be a deadlock, due to the leading bdrv_drain_all.

Suppose there are four io threads (A, B, A0, B0) with A and B owning a
BDS for each (bs_a, bs_b); Now A wants to move bs_a to iothread A0, and
B wants to move bs_b to B0, at the same time:

  iothread A                           iothread B
--------------------------------------------------------------------------
  aio_context_acquire(A0) /* OK */     aio_context_acquire(B0) /* OK */
  bdrv_set_aio_context(bs_a, A0)       bdrv_set_aio_context(bs_b, B0)
  -> bdrv_drain_all()                  -> bdrv_drain_all()
     -> acquire A /* OK */               -> acquire A /* blocked */
     -> acquire B /* blocked */          -> acquire B
     ...                                 ...

Deadlock happens because A is waiting for B, and B is waiting for A.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1423969591-23646-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/include/block/block.h b/include/block/block.h
index 471d11d..649c269 100644 (file)
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -547,8 +547,7 @@ AioContext *bdrv_get_aio_context(BlockDriverState *bs);
  * Changes the #AioContext used for fd handlers, timers, and BHs by this
  * BlockDriverState and all its children.
  *
- * This function must be called from the old #AioContext or with a lock held so
- * the old #AioContext is not executing.
+ * This function must be called with iothread lock held.
  */
 void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context);