From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:42493)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TQdYE-0003Ox-Q6
	for qemu-devel@nongnu.org; Tue, 23 Oct 2012 08:25:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TQdY9-0007ox-Gg
	for qemu-devel@nongnu.org; Tue, 23 Oct 2012 08:25:42 -0400
Received: from mail-bk0-f45.google.com ([209.85.214.45]:65153)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TQdY9-0007o4-8m
	for qemu-devel@nongnu.org; Tue, 23 Oct 2012 08:25:37 -0400
Received: by mail-bk0-f45.google.com with SMTP id jf3so1232842bkc.4
	for <qemu-devel@nongnu.org>; Tue, 23 Oct 2012 05:25:35 -0700 (PDT)
Date: Tue, 23 Oct 2012 14:25:32 +0200
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20121023122532.GE19977@stefanha-thinkpad.redhat.com>
References: <1348226255-4226-1-git-send-email-vasilis.liaskovitis@profitbricks.com>
	<1348226255-4226-6-git-send-email-vasilis.liaskovitis@profitbricks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1348226255-4226-6-git-send-email-vasilis.liaskovitis@profitbricks.com>
Subject: Re: [Qemu-devel] [RFC PATCH v3 05/19] Implement dimm device
 abstraction
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Vasilis Liaskovitis <vasilis.liaskovitis@profitbricks.com>
Cc: Ping Fan Liu <pingfank@linux.vnet.ibm.com>, kvm@vger.kernel.org, gleb@redhat.com, seabios@seabios.org, qemu-devel@nongnu.org, blauwirbel@gmail.com, kevin@koconnor.net, avi@redhat.com, anthony@codemonkey.ws, imammedo@redhat.com, kraxel@redhat.com

On Fri, Sep 21, 2012 at 01:17:21PM +0200, Vasilis Liaskovitis wrote:
> +static void dimm_populate(DimmDevice *s)
> +{
> +    DeviceState *dev= (DeviceState*)s;
> +    MemoryRegion *new = NULL;
> +
> +    new = g_malloc(sizeof(MemoryRegion));
> +    memory_region_init_ram(new, dev->id, s->size);
> +    vmstate_register_ram_global(new);
> +    memory_region_add_subregion(get_system_memory(), s->start, new);
> +    s->mr = new;
> +}
> +
> +static void dimm_depopulate(DimmDevice *s)
> +{
> +    assert(s);
> +    vmstate_unregister_ram(s->mr, NULL);
> +    memory_region_del_subregion(get_system_memory(), s->mr);
> +    memory_region_destroy(s->mr);
> +    s->mr = NULL;
> +}

How is dimm hot unplug protected against callers who currently have RAM
mapped (from cpu_physical_memory_map())?

Emulated devices call cpu_physical_memory_map() directly or indirectly
through DMA emulation code.  The RAM pointer may be held for arbitrary
lengths of time, across main loop iterations, etc.

It's not clear to me that it is safe to unplug a DIMM that has network
or disk I/O buffers, for example.  We also need to be robust against
malicious guests who abuse the hotplug lifecycle.  QEMU should never be
left with dangling pointers.

Stefan