From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44874) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UulFl-0001RA-FF for qemu-devel@nongnu.org; Thu, 04 Jul 2013 11:15:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UulFj-0005Ps-Rj for qemu-devel@nongnu.org; Thu, 04 Jul 2013 11:15:25 -0400 Received: from mail-wi0-x232.google.com ([2a00:1450:400c:c05::232]:38764) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UulFj-0005Pm-Ko for qemu-devel@nongnu.org; Thu, 04 Jul 2013 11:15:23 -0400 Received: by mail-wi0-f178.google.com with SMTP id k10so1343462wiv.5 for ; Thu, 04 Jul 2013 08:15:23 -0700 (PDT) Received: from playground.station (net-37-117-148-210.cust.dsl.vodafone.it. [37.117.148.210]) by mx.google.com with ESMTPSA id d8sm4212546wiz.0.2013.07.04.08.15.20 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 04 Jul 2013 08:15:22 -0700 (PDT) Sender: Paolo Bonzini From: Paolo Bonzini Date: Thu, 4 Jul 2013 17:13:25 +0200 Message-Id: <1372950842-32422-30-git-send-email-pbonzini@redhat.com> In-Reply-To: <1372950842-32422-1-git-send-email-pbonzini@redhat.com> References: <1372950842-32422-1-git-send-email-pbonzini@redhat.com> Subject: [Qemu-devel] [PATCH 29/66] memory: ref/unref memory across address_space_map/unmap List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org The iothread mutex might be released between map and unmap, so the mapped region might disappear. Reviewed-by: Jan Kiszka Signed-off-by: Paolo Bonzini --- exec.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/exec.c b/exec.c index a994bc8..b339c23 100644 --- a/exec.c +++ b/exec.c @@ -1986,6 +1986,7 @@ void cpu_physical_memory_write_rom(hwaddr addr, } typedef struct { + MemoryRegion *mr; void *buffer; hwaddr addr; hwaddr len; @@ -2083,6 +2084,9 @@ void *address_space_map(AddressSpace *as, bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE); bounce.addr = addr; bounce.len = l; + + memory_region_ref(mr); + bounce.mr = mr; if (!is_write) { address_space_read(as, addr, bounce.buffer, l); } @@ -2109,6 +2113,7 @@ void *address_space_map(AddressSpace *as, } } + memory_region_ref(mr); *plen = done; return qemu_ram_ptr_length(raddr + base, plen); } @@ -2121,10 +2126,12 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len, int is_write, hwaddr access_len) { if (buffer != bounce.buffer) { + MemoryRegion *mr; + ram_addr_t addr1; + + mr = qemu_ram_addr_from_host(buffer, &addr1); + assert(mr != NULL); if (is_write) { - ram_addr_t addr1; - MemoryRegion *mr = qemu_ram_addr_from_host(buffer, &addr1); - assert(mr != NULL); while (access_len) { unsigned l; l = TARGET_PAGE_SIZE; @@ -2138,6 +2145,7 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len, if (xen_enabled()) { xen_invalidate_map_cache_entry(buffer); } + memory_region_unref(mr); return; } if (is_write) { @@ -2145,6 +2153,7 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len, } qemu_vfree(bounce.buffer); bounce.buffer = NULL; + memory_region_unref(bounce.mr); cpu_notify_map_clients(); } -- 1.8.1.4