From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50292) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YLELz-0001oo-Me for qemu-devel@nongnu.org; Tue, 10 Feb 2015 12:12:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YLELt-0004Tr-OI for qemu-devel@nongnu.org; Tue, 10 Feb 2015 12:12:03 -0500 Received: from mx1.redhat.com ([209.132.183.28]:57537) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YLELt-0004QV-72 for qemu-devel@nongnu.org; Tue, 10 Feb 2015 12:11:57 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1AHBu6A028695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 10 Feb 2015 12:11:56 -0500 Message-ID: <1423588315.22865.819.camel@redhat.com> From: Alex Williamson Date: Tue, 10 Feb 2015 10:11:55 -0700 In-Reply-To: <1423572769-4238-1-git-send-email-pbonzini@redhat.com> References: <1423572769-4238-1-git-send-email-pbonzini@redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] memory: unregister AddressSpace MemoryListener within BQL List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: qemu-devel@nongnu.org On Tue, 2015-02-10 at 13:52 +0100, Paolo Bonzini wrote: > address_space_destroy_dispatch is called from an RCU callback and hence > outside the iothread mutex (BQL). However, after address_space_destroy > no new accesses can hit the destroyed AddressSpace so it is not necessary > to observe changes to the memory map. Move the memory_listener_unregister > call earlier, to make it thread-safe again. > > Reported-by: Alex Williamson > Fixes: 374f2981d1f10bc4307f250f24b2a7ddb9b14be0 > Signed-off-by: Paolo Bonzini > --- > exec.c | 6 +++++- > include/exec/memory-internal.h | 1 + > memory.c | 1 + > 3 files changed, 7 insertions(+), 1 deletion(-) Seems to fix it, Thanks! Tested-by: Alex Williamson > diff --git a/exec.c b/exec.c > index 6b79ad1..6dff7bc 100644 > --- a/exec.c > +++ b/exec.c > @@ -2059,11 +2059,15 @@ void address_space_init_dispatch(AddressSpace *as) > memory_listener_register(&as->dispatch_listener, as); > } > > +void address_space_unregister(AddressSpace *as) > +{ > + memory_listener_unregister(&as->dispatch_listener); > +} > + > void address_space_destroy_dispatch(AddressSpace *as) > { > AddressSpaceDispatch *d = as->dispatch; > > - memory_listener_unregister(&as->dispatch_listener); > g_free(d); > as->dispatch = NULL; > } > diff --git a/include/exec/memory-internal.h b/include/exec/memory-internal.h > index 25c43c0..fb467ac 100644 > --- a/include/exec/memory-internal.h > +++ b/include/exec/memory-internal.h > @@ -23,6 +23,7 @@ > typedef struct AddressSpaceDispatch AddressSpaceDispatch; > > void address_space_init_dispatch(AddressSpace *as); > +void address_space_unregister(AddressSpace *as); > void address_space_destroy_dispatch(AddressSpace *as); > > extern const MemoryRegionOps unassigned_mem_ops; > diff --git a/memory.c b/memory.c > index 9b91243..130152c 100644 > --- a/memory.c > +++ b/memory.c > @@ -1978,6 +1978,7 @@ void address_space_destroy(AddressSpace *as) > as->root = NULL; > memory_region_transaction_commit(); > QTAILQ_REMOVE(&address_spaces, as, address_spaces_link); > + address_space_unregister(as); > > /* At this point, as->dispatch and as->current_map are dummy > * entries that the guest should never use. Wait for the old