From: Paolo Bonzini <pbonzini@redhat.com>
To: Matthew Rosato <mjrosato@linux.vnet.ibm.com>, qemu-devel@nongnu.org
Cc: borntraeger@de.ibm.com, famz@redhat.com
Subject: Re: [Qemu-devel] [PATCH] memory: Fix double unref of flatview
Date: Thu, 12 Feb 2015 18:09:48 +0100 [thread overview]
Message-ID: <54DCDE5C.5060509@redhat.com> (raw)
In-Reply-To: <1423758091-26462-1-git-send-email-mjrosato@linux.vnet.ibm.com>
On 12/02/2015 17:21, Matthew Rosato wrote:
> Since 374f2981d1 "memory: protect current_map by RCU",
> address_space_update_topology unrefs the old_flatview twice,
> once by call_rcu and once by direct call. This patch removes
> the direct call in favor of the call_rcu. Fixes at least one
> assertion failure seen in s390, where a ref count for a memory
> region attempts to go negative during hot-unplug of guest memory.
>
> Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
The two unrefs are correct.
One is needed to balance address_space_get_flatview; the other is
needed because as->current_map does not point to old_view anymore.
You can remove them with something like this (your patch plus one
extra hunk):
diff --git a/memory.c b/memory.c
index a844ced..5add529 100644
--- a/memory.c
+++ b/memory.c
@@ -747,7 +747,7 @@ static void address_space_update_topology_pass(AddressSpace *as,
static void address_space_update_topology(AddressSpace *as)
{
- FlatView *old_view = address_space_get_flatview(as);
+ FlatView *old_view = as->current_map;
FlatView *new_view = generate_memory_topology(as->root);
address_space_update_topology_pass(as, old_view, new_view, false);
@@ -755,7 +755,6 @@ static void address_space_update_topology(AddressSpace *as)
/* Writes are protected by the BQL. */
atomic_rcu_set(&as->current_map, new_view);
- call_rcu(old_view, flatview_unref, rcu);
/* Note that all the old MemoryRegions are still alive up to this
* point. This relieves most MemoryListeners from the need to
@@ -763,7 +762,7 @@ static void address_space_update_topology(AddressSpace *as)
* outside the iothread mutex, in which case precise reference
* counting is necessary.
*/
- flatview_unref(old_view);
+ call_rcu(old_view, flatview_unref, rcu);
address_space_update_ioeventfds(as);
}
but it wouldn't affect your bug.
Paolo
next prev parent reply other threads:[~2015-02-12 17:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-12 16:21 [Qemu-devel] [PATCH] memory: Fix double unref of flatview Matthew Rosato
2015-02-12 17:09 ` Paolo Bonzini [this message]
2015-02-12 17:34 ` Paolo Bonzini
2015-02-12 19:32 ` Matthew Rosato
2015-02-12 20:43 ` Paolo Bonzini
2015-02-13 3:29 ` Matthew Rosato
2015-02-13 9:29 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54DCDE5C.5060509@redhat.com \
--to=pbonzini@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=famz@redhat.com \
--cc=mjrosato@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.