From 96faf869b9109de54761b0b6c9a29716803f01fb Mon Sep 17 00:00:00 2001
From: wangfuqiang49 <wangfuqiang49.jd.com>
Date: Wed, 19 Feb 2025 21:34:43 -0600
Subject: [PATCH] linux-aio: fix unbalanced plugged counter in laio_io_unplug()

When the io_submit() in the execution flow of laio_do_submit ->
ioq_submit -> io_submit returns an error, such as returning -EAGAIN,
s->io_q.blocked will set to 1. Consequently, s->io_q.in_queue may grow
to laio_max_batch(), which prevents laio_io_unplug() from decrementing
s->io_q.plugged. This situation can cause laio_do_submit() and
laio_io_unplug to stop submitting AIO requests unless the number of
requests in the queue reaches laio_max_batch().

upstream commit:

commit 18bcfa0ebb39146cc4f7dad0dd989a24c74677d9
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date:   Thu Jun 9 17:47:11 2022 +0100

    linux-aio: fix unbalanced plugged counter in laio_io_unplug()

    Every laio_io_plug() call has a matching laio_io_unplug() call. There is
    a plugged counter that tracks the number of levels of plugging and
    allows for nesting.

    The plugged counter must reflect the balance between laio_io_plug() and
    laio_io_unplug() calls accurately. Otherwise I/O stalls occur since
    io_submit(2) calls are skipped while plugged.

    Reported-by: Nikolay Tenev <nt@storpool.com>
    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
    Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
    Message-id: 20220609164712.1539045-2-stefanha@redhat.com
    Cc: Stefano Garzarella <sgarzare@redhat.com>
    Fixes: 68d7946648 ("linux-aio: add `dev_max_batch` parameter to laio_io_unplug()")
    [Stefano Garzarella suggested adding a Fixes tag.
    --Stefan]
    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/linux-aio.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/block/linux-aio.c b/block/linux-aio.c
index f53ae72e21..77f17ad596 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
@@ -360,8 +360,10 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
                     uint64_t dev_max_batch)
 {
     assert(s->io_q.plugged);
+    s->io_q.plugged--;
+
     if (s->io_q.in_queue >= laio_max_batch(s, dev_max_batch) ||
-        (--s->io_q.plugged == 0 &&
+        (!s->io_q.plugged &&
          !s->io_q.blocked && !QSIMPLEQ_EMPTY(&s->io_q.pending))) {
         ioq_submit(s);
     }
-- 
Gitee