@@ -111,9 +111,8 @@ static void *worker_thread(void *opaque)
ret = req->func(req->arg);
req->ret = ret;
- /* Write ret before state. */
- smp_wmb();
- req->state = THREAD_DONE;
+ /* Atomically update state after setting ret. */
+ qatomic_store_release(&req->state, THREAD_DONE);
qemu_bh_schedule(pool->completion_bh);
qemu_mutex_lock(&pool->lock);
@@ -180,7 +179,10 @@ static void thread_pool_completion_bh(void *opaque)
restart:
QLIST_FOREACH_SAFE(elem, &pool->head, all, next) {
- if (elem->state != THREAD_DONE) {
+ /* Atomically access the state field to synchronize with the
+ * worker_thread and thread_pool_cancel.
+ */
+ if (qatomic_load_acquire(&elem->state) != THREAD_DONE) {
continue;
}
@@ -189,9 +191,6 @@ restart:
QLIST_REMOVE(elem, all);
if (elem->common.cb) {
- /* Read state before ret. */
- smp_rmb();
-
/* Schedule ourselves in case elem->common.cb() calls aio_poll() to
* wait for another request that completed at the same time.
*/
@@ -223,12 +222,13 @@ static void thread_pool_cancel(BlockAIOCB *acb)
trace_thread_pool_cancel(elem, elem->common.opaque);
QEMU_LOCK_GUARD(&pool->lock);
- if (elem->state == THREAD_QUEUED) {
+ if (qatomic_read(&elem->state) == THREAD_QUEUED) {
QTAILQ_REMOVE(&pool->request_list, elem, reqs);
qemu_bh_schedule(pool->completion_bh);
- elem->state = THREAD_DONE;
elem->ret = -ECANCELED;
+ /* Atomically update state after setting ret. */
+ qatomic_store_release(&elem->state, THREAD_DONE);
}
}
TSAN reports a potential data race on the state field of ThreadPoolElement. This is fixed by using atomic access to the field. Fixes: d354c7eccf ("aio: add generic thread-pool facility") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2822 Signed-off-by: Vitalii Mordan <mordan@ispras.ru> --- v2: Addressed the Paolo Bonzini comments. util/thread-pool.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)