From: Paolo Bonzini <pbonzini@redhat.com>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: qemu-devel <qemu-devel@nongnu.org>, Liu Ping Fan <qemulist@gmail.com>
Subject: Re: [Qemu-devel] [PATCH v7 0/7] push mmio dispatch out of big lock
Date: Mon, 06 May 2013 13:28:55 +0200 [thread overview]
Message-ID: <518793F7.1010502@redhat.com> (raw)
In-Reply-To: <51878FCE.2020907@siemens.com>
Il 06/05/2013 13:11, Jan Kiszka ha scritto:
> On 2013-05-06 12:58, Paolo Bonzini wrote:
>> Il 06/05/2013 12:56, Jan Kiszka ha scritto:
>>>> The problem is that even if I/O for a region is supposed to happen
>>>> within the BQL, lookup can happen outside the BQL. Lookup will use the
>>>> region even if it is just to discard it:
>>>>
>>>> VCPU thread (under BQL) device thread
>>>> --------------------------------------------------------------------------------------
>>>> flatview_ref
>>>> memory_region_find returns d->mr
>>>> memory_region_ref(d->mr) /* nop */
>>>> qdev_free(d)
>>>> object_unparent(d)
>>>> unrealize(d)
>>>> memory_region_del_subregion(d->mr)
>>>> FlatView updated, d->mr not in the new view
>>>>
>>>> flatview_unref
>>>> memory_region_unref(d->mr)
>>>> object_unref(d)
>>>> free(d)
>>>> if (!d->mr->is_ram) { /* BAD! */
>>>> memory_region_unref(d->mr) /* nop */
>>>> return error
>>>> }
>>>>
>>>>
>>>> Here, the memory region is dereferenced *before* we know that it is BQL-free
>>>> (in fact, exactly to ascertain whether it is BQL-free).
>>>
>>> Both flatview update and lookup *plus* locking type evaluation (i.e.
>>> memory region dereferencing) always happen under the address space lock.
>>> See Pingfan's patch.
>>
>> That's true of address_space_rw/map, but I don't think it holds for
>> memory_region_find.
>
> It has to, or it would be broken: Either it is called on a region that
> supports reference counting
You cannot know that in advance, can you? The address is decided by the
guest.
> and, thus, increments the counter before
> returning, or it has to be called with the BQL held.
... or we need to support reference counting on all regions, so that the
other possibility is automatically true.
Strictly speaking, only regions that can be unplugged need to support
reference counting.
Paolo
next prev parent reply other threads:[~2013-05-06 11:38 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-25 2:02 [Qemu-devel] [PATCH v7 0/7] push mmio dispatch out of big lock Liu Ping Fan
2012-11-25 2:02 ` [Qemu-devel] [PATCH v7 1/7] qom: apply atomic on object's refcount Liu Ping Fan
2012-11-28 17:16 ` Richard Henderson
2012-11-29 8:35 ` liu ping fan
2012-11-25 2:02 ` [Qemu-devel] [PATCH v7 2/7] hotplug: introduce qdev_unplug_complete() to remove device from views Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 3/7] pci: remove pci device from mem view when unplug Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 4/7] memory: introduce local lock for address space Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 5/7] memory: make mmio dispatch able to be out of biglock Liu Ping Fan
2013-05-06 11:21 ` Paolo Bonzini
2013-05-06 11:25 ` Jan Kiszka
2013-05-06 11:30 ` Paolo Bonzini
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 6/7] memory: introduce tls context to trace nested mmio request issue Liu Ping Fan
2012-11-25 2:03 ` [Qemu-devel] [PATCH v7 7/7] vcpu: push mmio dispatcher out of big lock Liu Ping Fan
2012-12-06 7:28 ` [Qemu-devel] [PATCH v7 0/7] push mmio dispatch " liu ping fan
2013-05-02 16:58 ` Jan Kiszka
2013-05-02 17:14 ` Jan Kiszka
2013-05-03 7:37 ` liu ping fan
2013-05-03 8:04 ` Jan Kiszka
2013-05-04 9:47 ` Paolo Bonzini
2013-05-04 10:42 ` Jan Kiszka
2013-05-06 8:07 ` Paolo Bonzini
2013-05-06 8:40 ` Jan Kiszka
2013-05-06 10:27 ` Paolo Bonzini
2013-05-06 10:56 ` Jan Kiszka
2013-05-06 10:58 ` Paolo Bonzini
2013-05-06 11:11 ` Jan Kiszka
2013-05-06 11:28 ` Paolo Bonzini [this message]
2013-05-06 11:39 ` Jan Kiszka
2013-05-06 11:47 ` Paolo Bonzini
2013-05-06 12:06 ` Jan Kiszka
2013-05-06 13:09 ` Paolo Bonzini
2013-05-06 14:05 ` Jan Kiszka
2013-05-06 14:28 ` Paolo Bonzini
2013-05-06 1:46 ` liu ping fan
2013-05-06 1:57 ` liu ping fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=518793F7.1010502@redhat.com \
--to=pbonzini@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=qemu-devel@nongnu.org \
--cc=qemulist@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).