From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:45048)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1UZJUN-0007CG-27
	for qemu-devel@nongnu.org; Mon, 06 May 2013 07:21:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1UZJUL-0003qa-0l
	for qemu-devel@nongnu.org; Mon, 06 May 2013 07:21:50 -0400
Received: from mail-gh0-f180.google.com ([209.85.160.180]:43749)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1UZJUK-0003qL-RP
	for qemu-devel@nongnu.org; Mon, 06 May 2013 07:21:48 -0400
Received: by mail-gh0-f180.google.com with SMTP id f18so652742ghb.25
	for <qemu-devel@nongnu.org>; Mon, 06 May 2013 04:21:48 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <51879242.7030402@redhat.com>
Date: Mon, 06 May 2013 13:21:38 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1353808984-22368-1-git-send-email-qemulist@gmail.com>
	<1353808984-22368-6-git-send-email-qemulist@gmail.com>
In-Reply-To: <1353808984-22368-6-git-send-email-qemulist@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v7 5/7] memory: make mmio dispatch able to
	be out of biglock
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Liu Ping Fan <qemulist@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, gleb@redhat.com, Jan Kiszka <jan.kiszka@siemens.com>, Marcelo Tosatti <mtosatti@redhat.com>, qemu-devel@nongnu.org, Anthony Liguori <anthony@codemonkey.ws>, Stefan Hajnoczi <stefanha@gmail.com>

Il 25/11/2012 03:03, Liu Ping Fan ha scritto:
> @@ -3550,12 +3668,11 @@ void *address_space_map(AddressSpace *as,
>                          target_phys_addr_t *plen,
>                          bool is_write)
>  {
> -    AddressSpaceDispatch *d = as->dispatch;
>      target_phys_addr_t len = *plen;
>      target_phys_addr_t todo = 0;
>      int l;
>      target_phys_addr_t page;
> -    MemoryRegionSection *section;
> +    MemoryRegionSection *section, mr_obj;
>      ram_addr_t raddr = RAM_ADDR_MAX;
>      ram_addr_t rlen;
>      void *ret;
> @@ -3565,7 +3682,8 @@ void *address_space_map(AddressSpace *as,
>          l = (page + TARGET_PAGE_SIZE) - addr;
>          if (l > len)
>              l = len;
> -        section = phys_page_find(d, page >> TARGET_PAGE_BITS);
> +        address_space_section_lookup_ref(as, page >> TARGET_PAGE_BITS, &mr_obj);
> +        section = &mr_obj;
>  
>          if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
>              if (todo || bounce.buffer) {
> @@ -3579,6 +3697,7 @@ void *address_space_map(AddressSpace *as,
>              }
>  
>              *plen = l;
> +            memory_region_section_unref(&mr_obj);
>              return bounce.buffer;
>          }
>          if (!todo) {
> @@ -3589,6 +3708,7 @@ void *address_space_map(AddressSpace *as,
>          len -= l;
>          addr += l;
>          todo += l;
> +        memory_region_section_unref(&mr_obj);
>      }
>      rlen = todo;
>      ret = qemu_ram_ptr_length(raddr, &rlen);

I think this unref is wrong.  You need to delay it to the
address_space_unmap, and this in turns requires changing the signature
of address_space_map.

Paolo