From: Jan Kiszka <jan.kiszka@siemens.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>, Liu Ping Fan <qemulist@gmail.com>
Subject: Re: [Qemu-devel] [PATCH v7 0/7] push mmio dispatch out of big lock
Date: Mon, 06 May 2013 12:56:11 +0200 [thread overview]
Message-ID: <51878C4B.7050700@siemens.com> (raw)
In-Reply-To: <5187859C.5020305@redhat.com>
On 2013-05-06 12:27, Paolo Bonzini wrote:
> Il 06/05/2013 10:40, Jan Kiszka ha scritto:
>
>>>
>>> [*] The "subscriber link" mechanism allows an LWN.net
>>> subscriber to generate a special URL for a
>>> subscription-only article. That URL can then be given to
>>> others, who will be able to access the article regardless
>>> of whether they are subscribed. This feature is made
>>> available as a service to LWN subscribers, and in the hope
>>> that they will use it to spread the word about their
>>> favorite LWN articles.
>>>
>>>> And memory_region_find should likely always increment a reference
>>>> if the target region has an owner. We should convert its users to
>>>> properly dereference the region once done with it.
>>>
>>> Yes. But this is what requires you to have an owner for all regions.
>>
>> You don't need an owner for regions that are protect by the BQL (the
>> majority in the foreseeable future). For those regions, reference
>> counting can remain a nop, internally.
>
> The problem is that even if I/O for a region is supposed to happen
> within the BQL, lookup can happen outside the BQL. Lookup will use the
> region even if it is just to discard it:
>
> VCPU thread (under BQL) device thread
> --------------------------------------------------------------------------------------
> flatview_ref
> memory_region_find returns d->mr
> memory_region_ref(d->mr) /* nop */
> qdev_free(d)
> object_unparent(d)
> unrealize(d)
> memory_region_del_subregion(d->mr)
> FlatView updated, d->mr not in the new view
>
> flatview_unref
> memory_region_unref(d->mr)
> object_unref(d)
> free(d)
> if (!d->mr->is_ram) { /* BAD! */
> memory_region_unref(d->mr) /* nop */
> return error
> }
>
>
> Here, the memory region is dereferenced *before* we know that it is BQL-free
> (in fact, exactly to ascertain whether it is BQL-free).
Both flatview update and lookup *plus* locking type evaluation (i.e.
memory region dereferencing) always happen under the address space lock.
See Pingfan's patch.
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2013-05-06 10:56 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-25 2:02 [Qemu-devel] [PATCH v7 0/7] push mmio dispatch out of big lock Liu Ping Fan
2012-11-25 2:02 ` [Qemu-devel] [PATCH v7 1/7] qom: apply atomic on object's refcount Liu Ping Fan
2012-11-28 17:16 ` Richard Henderson
2012-11-29 8:35 ` liu ping fan
2012-11-25 2:02 ` [Qemu-devel] [PATCH v7 2/7] hotplug: introduce qdev_unplug_complete() to remove device from views Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 3/7] pci: remove pci device from mem view when unplug Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 4/7] memory: introduce local lock for address space Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 5/7] memory: make mmio dispatch able to be out of biglock Liu Ping Fan
2013-05-06 11:21 ` Paolo Bonzini
2013-05-06 11:25 ` Jan Kiszka
2013-05-06 11:30 ` Paolo Bonzini
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 6/7] memory: introduce tls context to trace nested mmio request issue Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 7/7] vcpu: push mmio dispatcher out of big lock Liu Ping Fan
2012-12-06 7:28 ` [Qemu-devel] [PATCH v7 0/7] push mmio dispatch " liu ping fan
2013-05-02 16:58 ` Jan Kiszka
2013-05-02 17:14 ` Jan Kiszka
2013-05-03 7:37 ` liu ping fan
2013-05-03 8:04 ` Jan Kiszka
2013-05-04 9:47 ` Paolo Bonzini
2013-05-04 10:42 ` Jan Kiszka
2013-05-06 8:07 ` Paolo Bonzini
2013-05-06 8:40 ` Jan Kiszka
2013-05-06 10:27 ` Paolo Bonzini
2013-05-06 10:56 ` Jan Kiszka [this message]
2013-05-06 10:58 ` Paolo Bonzini
2013-05-06 11:11 ` Jan Kiszka
2013-05-06 11:28 ` Paolo Bonzini
2013-05-06 11:39 ` Jan Kiszka
2013-05-06 11:47 ` Paolo Bonzini
2013-05-06 12:06 ` Jan Kiszka
2013-05-06 13:09 ` Paolo Bonzini
2013-05-06 14:05 ` Jan Kiszka
2013-05-06 14:28 ` Paolo Bonzini
2013-05-06 1:46 ` liu ping fan
2013-05-06 1:57 ` liu ping fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51878C4B.7050700@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemulist@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.