From: Peter Xu <peterx@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Akihiko Odaki" <odaki@rsg.ci.i.u-tokyo.ac.jp>,
qemu-devel@nongnu.org,
"Alex Williamson" <alex.williamson@redhat.com>,
"Cédric Le Goater" <clg@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"David Hildenbrand" <david@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Helge Deller" <deller@gmx.de>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"John Snow" <jsnow@redhat.com>,
qemu-block@nongnu.org, "Keith Busch" <kbusch@kernel.org>,
"Klaus Jensen" <its@irrelevant.dk>,
"Jesper Devantier" <foss@defmacro.it>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Nicholas Piggin" <npiggin@gmail.com>,
qemu-ppc@nongnu.org, "John Levon" <john.levon@nutanix.com>,
"Thanos Makatos" <thanos.makatos@nutanix.com>,
"Yanan Wang" <wangyanan55@huawei.com>,
"BALATON Zoltan" <balaton@eik.bme.hu>,
"Jiaxun Yang" <jiaxun.yang@flygoat.com>,
"Daniel Henrique Barboza" <danielhb413@gmail.com>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Harsh Prateek Bora" <harshpb@linux.ibm.com>,
"Alexey Kardashevskiy" <aik@ozlabs.ru>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Fabiano Rosas" <farosas@suse.de>,
"Thomas Huth" <thuth@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Dmitry Osipenko" <dmitry.osipenko@collabora.com>,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>
Subject: Re: [PATCH v2 3/3] memory: Stop piggybacking on memory region owners
Date: Fri, 26 Sep 2025 11:16:45 -0400 [thread overview]
Message-ID: <aNauXSMiP0LUWQ5J@x1.local> (raw)
In-Reply-To: <CAFEAcA8qdWtdX0Xc0WAuT9eZsXbudV2g2=Da8pK6tEfytdMbpw@mail.gmail.com>
On Fri, Sep 26, 2025 at 10:09:29AM +0100, Peter Maydell wrote:
> On Thu, 25 Sept 2025 at 21:06, Peter Xu <peterx@redhat.com> wrote:
> >
> > On Thu, Sep 25, 2025 at 10:03:45AM +0100, Peter Maydell wrote:
> > > On Wed, 24 Sept 2025 at 22:14, Peter Xu <peterx@redhat.com> wrote:
> > > > Side note: when I was trying to test hotplugs with i386/q35, unfortunately
> > > > I didn't really see when the address space was destroyed, maybe there's a
> > > > bug somewhere; I put that info into appendix at the end.
> > >
> > > This is https://gitlab.com/qemu-project/qemu/-/issues/2517
> > >
> > > I got blocked on that because I ran into a weird "I have some
> > > memory that needs to be freed by the RCU callback, but only
> > > after the callback has freed some other RCU stuff". I see
> > > Paolo made a reply on that bug -- I would need to get back
> > > to it and reproduce whatever it was I was doing.
> >
> > Thanks for the link, right that looks exactly like what I hit.
> >
> > I am curious if FIFO is guaranteed for RCU in general, or it is an impl
> > detail only specific to QEMU.
> >
> > The other thing is I feel like it should be OK to reorder callbacks, if all
> > the call_rcu() users can make sure the rcu-freed object is completely
> > detached from the rest world, e.g. resetting all relevant pointers to NULL.
> > With that, it seems the order won't matter too, because nobody will be able
> > to reference the internal object anyway, so the two objects (after reseting
> > all referers to NULL pointer of the inner object) are completely standalone.
>
> The specific ordering problem for cpu_address_space is that
> there's a g_new allocated array of memory which contains
> the AddressSpace objects (not pointers to them). The ASes need
> to be RCU-deallocated first so they can clean up their internal
> data structures; only once that has happened can we free the
> memory that holds the AddressSpace structs themselves.
If it's about cpu_address_space_destroy(), then IIUC it can also be done by
providing a destroy_free() function so that instead of trying to serialize
two rcu callbacks, we could easily serialize the operations in one
callback. One sample patch attached to avoid relying on order of rcu
enqueue.
Thanks,
===8<===
From 427ce0d2c7efe5771be859fa34c6f3ec18498a29 Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Fri, 26 Sep 2025 10:55:26 -0400
Subject: [PATCH] memory: New AS helper to serialize destroy+free
Signed-off-by: Peter Xu <peterx@redhat.com>
---
include/system/memory.h | 10 ++++++++++
system/memory.c | 20 +++++++++++++++++++-
system/physmem.c | 3 +--
3 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/include/system/memory.h b/include/system/memory.h
index aa85fc27a1..45f8c3d4aa 100644
--- a/include/system/memory.h
+++ b/include/system/memory.h
@@ -2735,6 +2735,16 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name);
*/
void address_space_destroy(AddressSpace *as);
+/**
+ * address_space_destroy_free: destroy an address space and free it
+ *
+ * Same to address_space_destroy(), only that it will also free the
+ * memory that AddressSpace pointer points to.
+ *
+ * @as: address space to be destroyed
+ */
+void address_space_destroy_free(AddressSpace *as);
+
/**
* address_space_remove_listeners: unregister all listeners of an address space
*
diff --git a/system/memory.c b/system/memory.c
index cf8cad6961..fe8b28a096 100644
--- a/system/memory.c
+++ b/system/memory.c
@@ -3278,7 +3278,14 @@ static void do_address_space_destroy(AddressSpace *as)
memory_region_unref(as->root);
}
-void address_space_destroy(AddressSpace *as)
+static void do_address_space_destroy_free(AddressSpace *as)
+{
+ do_address_space_destroy(as);
+ g_free(as);
+}
+
+/* Detach address space from global view, notify all listeners */
+static void address_space_detach(AddressSpace *as)
{
MemoryRegion *root = as->root;
@@ -3293,9 +3300,20 @@ void address_space_destroy(AddressSpace *as)
* values to expire before freeing the data.
*/
as->root = root;
+}
+
+void address_space_destroy(AddressSpace *as)
+{
+ address_space_detach(as);
call_rcu(as, do_address_space_destroy, rcu);
}
+void address_space_destroy_free(AddressSpace *as)
+{
+ address_space_detach(as);
+ call_rcu(as, do_address_space_destroy_free, rcu);
+}
+
static const char *memory_region_type(MemoryRegion *mr)
{
if (mr->alias) {
diff --git a/system/physmem.c b/system/physmem.c
index ae8ecd50ea..5afd6c67e6 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -821,8 +821,7 @@ void cpu_address_space_destroy(CPUState *cpu, int asidx)
memory_listener_unregister(&cpuas->tcg_as_listener);
}
- address_space_destroy(cpuas->as);
- g_free_rcu(cpuas->as, rcu);
+ g_clear_pointer(&cpuas->as, address_space_destroy_free);
if (asidx == 0) {
/* reset the convenience alias for address space 0 */
--
2.50.1
--
Peter Xu
next prev parent reply other threads:[~2025-09-26 15:18 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-06 2:39 [PATCH v2 0/3] memory: Stop piggybacking on memory region owners Akihiko Odaki
2025-09-06 2:39 ` [PATCH v2 1/3] qom: Do not finalize twice Akihiko Odaki
2025-09-23 9:27 ` Paolo Bonzini
2025-09-06 2:39 ` [PATCH v2 2/3] virtio-gpu-virgl: Add virtio-gpu-virgl-hostmem-region type Akihiko Odaki
2025-09-06 2:39 ` [PATCH v2 3/3] memory: Stop piggybacking on memory region owners Akihiko Odaki
2025-09-10 21:45 ` Peter Xu
2025-09-11 3:40 ` Akihiko Odaki
2025-09-11 22:26 ` Peter Xu
2025-09-18 12:04 ` Akihiko Odaki
2025-09-24 21:14 ` Peter Xu
2025-09-25 9:03 ` Peter Maydell
2025-09-25 20:05 ` Peter Xu
2025-09-26 9:09 ` Peter Maydell
2025-09-26 15:16 ` Peter Xu [this message]
2025-09-26 15:59 ` Peter Maydell
2025-09-26 16:56 ` Peter Maydell
2025-09-26 17:10 ` Peter Xu
2025-09-29 12:45 ` Peter Maydell
2025-09-29 14:37 ` Peter Xu
2025-09-29 14:43 ` Peter Maydell
2025-09-23 8:41 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNauXSMiP0LUWQ5J@x1.local \
--to=peterx@redhat.com \
--cc=aik@ozlabs.ru \
--cc=alex.bennee@linaro.org \
--cc=alex.williamson@redhat.com \
--cc=balaton@eik.bme.hu \
--cc=berrange@redhat.com \
--cc=clg@redhat.com \
--cc=danielhb413@gmail.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=deller@gmx.de \
--cc=dmitry.osipenko@collabora.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=foss@defmacro.it \
--cc=harshpb@linux.ibm.com \
--cc=its@irrelevant.dk \
--cc=jiaxun.yang@flygoat.com \
--cc=john.levon@nutanix.com \
--cc=jsnow@redhat.com \
--cc=kbusch@kernel.org \
--cc=kraxel@redhat.com \
--cc=lvivier@redhat.com \
--cc=manos.pitsidianakis@linaro.org \
--cc=marcandre.lureau@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=npiggin@gmail.com \
--cc=odaki@rsg.ci.i.u-tokyo.ac.jp \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thanos.makatos@nutanix.com \
--cc=thuth@redhat.com \
--cc=wangyanan55@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).