[Qemu-devel] [PATCH v2 01/17] memory: add getter/setter for owner

[Paolo Bonzini <pbonzini@redhat.com>]

Whenever memory regions are accessed outside the BQL, they need to be
preserved against hot-unplug.  MemoryRegions actually do not have their
own reference count; they piggyback on a QOM object, their "owner".
Add two functions to retrieve and specify the owner.

The setter function will affect the owner recursively on a whole tree
of contained regions, but without crossing (a) aliases (b) regions that
are already owned by another device.  This is so that a device can create
a complex tree of regions and a single call to memory_region_set_owner
will affect the entire tree.

In turn, this lets buses (usually through a bus-specific function, e.g.
pci_register_bar) set the owner for regions that are managed by the bus.
The device must set the owner itself only if the device plays directly
with address_space_memory/io (which shouldn't happen except in special
cases) or if regions are added/deleted after passing the container to
the bus (for example dynamically while the device runs).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 include/exec/memory.h | 36 ++++++++++++++++++++++++++++++++++++
 memory.c              | 45 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 3598c4f..e51f30f 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -150,6 +150,7 @@ struct MemoryRegion {
     const MemoryRegionIOMMUOps *iommu_ops;
     void *opaque;
     MemoryRegion *parent;
+    struct Object *owner;
     Int128 size;
     hwaddr addr;
     void (*destructor)(MemoryRegion *mr);
@@ -388,6 +389,41 @@ void memory_region_init_iommu(MemoryRegion *mr,
 void memory_region_destroy(MemoryRegion *mr);
 
 /**
+ * memory_region_owner: get a memory region's owner.
+ *
+ * @mr: the memory region being queried.
+ */
+struct Object *memory_region_owner(MemoryRegion *mr);
+
+/**
+ * memory_region_set_owner: set the owner for a memory region and all
+ * the unowned regions below it.
+ *
+ * The owner of a region is an object that must be preserved together
+ * with the region itself while the region is being accessed.  This
+ * is useful whenever a region is accessed while the big QEMU lock is
+ * not held, even in the simplest case of accessing RAM from
+ * asynchronous block device I/O.
+ *
+ * This function will affect the owner recursively on a whole tree
+ * of contained regions (not aliases), but without crossing regions that
+ * are already owned by another device.  This is so that a device can create
+ * a complex tree of regions and a single call to memory_region_set_owner
+ * will affect the entire tree.
+ *
+ * This function will usually be called through a bus-specific function, e.g.
+ * pci_register_bar or sysbus_init_mmio.  The device must set the owner itself
+ * only if it uses memory_region_add_subregion directly on some address space,
+ * or after the parent region is passed to the bus (for example dynamically
+ * while the device runs).
+ *
+ * @mr: the memory region being set.
+ * @owner: the object that acts as the owner
+ */
+void memory_region_set_owner(MemoryRegion *mr,
+                             struct Object *owner);
+
+/**
  * memory_region_size: get a memory region's size.
  *
  * @mr: the memory region being queried.
diff --git a/memory.c b/memory.c
index c500d8d..b40cdde 100644
--- a/memory.c
+++ b/memory.c
@@ -823,6 +823,7 @@ void memory_region_init(MemoryRegion *mr,
     mr->opaque = NULL;
     mr->iommu_ops = NULL;
     mr->parent = NULL;
+    mr->owner = NULL;
     mr->size = int128_make64(size);
     if (size == UINT64_MAX) {
         mr->size = int128_2_64();
@@ -1089,6 +1090,50 @@ void memory_region_destroy(MemoryRegion *mr)
     g_free(mr->ioeventfds);
 }
 
+Object *memory_region_owner(MemoryRegion *mr)
+{
+    return mr->owner;
+}
+
+void memory_region_set_owner(MemoryRegion *mr,
+                             Object *owner)
+{
+    MemoryRegion *child;
+    Object *old_owner;
+
+    old_owner = mr->owner;
+    assert(old_owner == NULL || old_owner == owner);
+
+    if (owner != NULL && old_owner == NULL) {
+        object_ref(owner);
+    }
+    mr->owner = owner;
+
+    QTAILQ_FOREACH(child, &mr->subregions, subregions_link) {
+        Object *child_owner = child->owner;
+        if (child_owner == NULL || child_owner == owner) {
+            /* Balance the reference that would have been added in
+             * memory_region_add_subregion.  Same below for
+             * memory_region_del_subregion.
+             */
+            if (owner != NULL && child_owner == NULL) {
+                memory_region_ref(child);
+            }
+            memory_region_set_owner(child, owner);
+            if (owner == NULL && child_owner != NULL) {
+                memory_region_unref(child);
+            }
+        }
+    }
+
+    /* Do not unref until all child regions have been processed,
+     * or the old owner might disappear.
+     */
+    if (owner == NULL && old_owner != NULL) {
+        object_unref(old_owner);
+    }
+}
+
 uint64_t memory_region_size(MemoryRegion *mr)
 {
     if (int128_eq(mr->size, int128_2_64())) {
-- 
1.8.1.4