From: Paolo Bonzini <pbonzini@redhat.com> To: Liu Ping Fan <qemulist@gmail.com> Cc: kvm@vger.kernel.org, "Jan Kiszka" <jan.kiszka@siemens.com>, "Marcelo Tosatti" <mtosatti@redhat.com>, qemu-devel@nongnu.org, "Blue Swirl" <blauwirbel@gmail.com>, "Avi Kivity" <avi@redhat.com>, "Anthony Liguori" <anthony@codemonkey.ws>, "Stefan Hajnoczi" <stefanha@gmail.com>, "Andreas Färber" <afaerber@suse.de> Subject: Re: [PATCH 13/15] hotplug: introduce qdev_unplug_complete() to remove device from views Date: Wed, 08 Aug 2012 11:52:24 +0200 [thread overview] Message-ID: <502236D8.3040902@redhat.com> (raw) In-Reply-To: <1344407156-25562-14-git-send-email-qemulist@gmail.com> Il 08/08/2012 08:25, Liu Ping Fan ha scritto: > +void qdev_unplug_complete(DeviceState *dev, Error **errp) > +{ > + /* isolate from mem view */ > + qdev_unmap(dev); > + qemu_lock_devtree(); > + /* isolate from device tree */ > + qdev_unset_parent(dev); > + qemu_unlock_devtree(); > + object_unref(OBJECT(dev)); Rather than deferring the free, you should defer the unref. Otherwise the following can happen when you have "real" RCU access to the memory map on the read-side: VCPU thread I/O thread ===================================================================== get MMIO request rcu_read_lock() walk memory map qdev_unmap() lock_devtree() ... unlock_devtree unref dev -> refcnt=0, free enqueued ref() rcu_read_unlock() free() <dangling pointer!> If you defer the unref, you have instead VCPU thread I/O thread ===================================================================== get MMIO request rcu_read_lock() walk memory map qdev_unmap() lock_devtree() ... unlock_devtree unref is enqueued ref() -> refcnt = 2 rcu_read_unlock() unref() -> refcnt=1 unref() -> refcnt = 1 So this also makes patch 14 unnecessary. Paolo > +}
WARNING: multiple messages have this Message-ID (diff)
From: Paolo Bonzini <pbonzini@redhat.com> To: Liu Ping Fan <qemulist@gmail.com> Cc: kvm@vger.kernel.org, "Jan Kiszka" <jan.kiszka@siemens.com>, "Marcelo Tosatti" <mtosatti@redhat.com>, qemu-devel@nongnu.org, "Blue Swirl" <blauwirbel@gmail.com>, "Avi Kivity" <avi@redhat.com>, "Anthony Liguori" <anthony@codemonkey.ws>, "Stefan Hajnoczi" <stefanha@gmail.com>, "Andreas Färber" <afaerber@suse.de> Subject: Re: [Qemu-devel] [PATCH 13/15] hotplug: introduce qdev_unplug_complete() to remove device from views Date: Wed, 08 Aug 2012 11:52:24 +0200 [thread overview] Message-ID: <502236D8.3040902@redhat.com> (raw) In-Reply-To: <1344407156-25562-14-git-send-email-qemulist@gmail.com> Il 08/08/2012 08:25, Liu Ping Fan ha scritto: > +void qdev_unplug_complete(DeviceState *dev, Error **errp) > +{ > + /* isolate from mem view */ > + qdev_unmap(dev); > + qemu_lock_devtree(); > + /* isolate from device tree */ > + qdev_unset_parent(dev); > + qemu_unlock_devtree(); > + object_unref(OBJECT(dev)); Rather than deferring the free, you should defer the unref. Otherwise the following can happen when you have "real" RCU access to the memory map on the read-side: VCPU thread I/O thread ===================================================================== get MMIO request rcu_read_lock() walk memory map qdev_unmap() lock_devtree() ... unlock_devtree unref dev -> refcnt=0, free enqueued ref() rcu_read_unlock() free() <dangling pointer!> If you defer the unref, you have instead VCPU thread I/O thread ===================================================================== get MMIO request rcu_read_lock() walk memory map qdev_unmap() lock_devtree() ... unlock_devtree unref is enqueued ref() -> refcnt = 2 rcu_read_unlock() unref() -> refcnt=1 unref() -> refcnt = 1 So this also makes patch 14 unnecessary. Paolo > +}
next prev parent reply other threads:[~2012-08-08 9:52 UTC|newest] Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-08-08 6:25 [PATCH 0/15 v2] prepare unplug out of protection of global lock Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 6:25 ` [PATCH 01/15] atomic: introduce atomic operations Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 8:55 ` Paolo Bonzini 2012-08-08 8:55 ` [Qemu-devel] " Paolo Bonzini 2012-08-08 9:02 ` Avi Kivity 2012-08-08 9:02 ` [Qemu-devel] " Avi Kivity 2012-08-08 9:05 ` 陳韋任 (Wei-Ren Chen) 2012-08-08 9:05 ` 陳韋任 (Wei-Ren Chen) 2012-08-08 9:15 ` Avi Kivity 2012-08-08 9:15 ` [Qemu-devel] " Avi Kivity 2012-08-08 9:21 ` Peter Maydell 2012-08-08 9:21 ` Peter Maydell 2012-08-08 13:09 ` Stefan Hajnoczi 2012-08-08 13:09 ` Stefan Hajnoczi 2012-08-08 13:18 ` Paolo Bonzini 2012-08-08 13:18 ` Paolo Bonzini 2012-08-08 13:32 ` Peter Maydell 2012-08-08 13:32 ` [Qemu-devel] " Peter Maydell 2012-08-08 13:49 ` Paolo Bonzini 2012-08-08 13:49 ` [Qemu-devel] " Paolo Bonzini 2012-08-08 14:00 ` Avi Kivity 2012-08-08 14:00 ` [Qemu-devel] " Avi Kivity 2012-08-08 6:25 ` [PATCH 02/15] qom: using atomic ops to re-implement object_ref Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 6:25 ` [PATCH 03/15] qom: introduce reclaimer to release obj Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:05 ` Avi Kivity 2012-08-08 9:05 ` [Qemu-devel] " Avi Kivity 2012-08-08 9:07 ` Paolo Bonzini 2012-08-08 9:07 ` [Qemu-devel] " Paolo Bonzini 2012-08-08 9:15 ` Avi Kivity 2012-08-08 9:15 ` [Qemu-devel] " Avi Kivity 2012-08-09 7:33 ` liu ping fan 2012-08-09 7:33 ` [Qemu-devel] " liu ping fan 2012-08-09 7:49 ` Paolo Bonzini 2012-08-09 7:49 ` [Qemu-devel] " Paolo Bonzini 2012-08-09 8:18 ` Avi Kivity 2012-08-09 8:18 ` [Qemu-devel] " Avi Kivity 2012-08-10 6:43 ` liu ping fan 2012-08-10 6:43 ` [Qemu-devel] " liu ping fan 2012-08-08 9:35 ` Paolo Bonzini 2012-08-08 9:35 ` [Qemu-devel] " Paolo Bonzini 2012-08-09 7:38 ` liu ping fan 2012-08-09 7:38 ` [Qemu-devel] " liu ping fan 2012-08-08 6:25 ` [PATCH 04/15] memory: MemoryRegion topology must be stable when updating Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:13 ` Avi Kivity 2012-08-08 9:13 ` [Qemu-devel] " Avi Kivity 2012-08-09 7:28 ` liu ping fan 2012-08-09 7:28 ` [Qemu-devel] " liu ping fan 2012-08-09 8:24 ` Avi Kivity 2012-08-09 8:24 ` [Qemu-devel] " Avi Kivity 2012-08-10 6:44 ` liu ping fan 2012-08-10 6:44 ` [Qemu-devel] " liu ping fan 2012-08-13 18:28 ` Marcelo Tosatti 2012-08-13 18:28 ` [Qemu-devel] " Marcelo Tosatti 2012-08-08 19:17 ` Blue Swirl 2012-08-08 19:17 ` [Qemu-devel] " Blue Swirl 2012-08-09 7:28 ` liu ping fan 2012-08-09 7:28 ` [Qemu-devel] " liu ping fan 2012-08-09 17:09 ` Blue Swirl 2012-08-09 17:09 ` [Qemu-devel] " Blue Swirl 2012-08-08 6:25 ` [PATCH 05/15] memory: introduce life_ops to MemoryRegion Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:18 ` Avi Kivity 2012-08-08 9:18 ` [Qemu-devel] " Avi Kivity 2012-08-08 6:25 ` [PATCH 06/15] memory: use refcnt to manage MemoryRegion Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:20 ` Avi Kivity 2012-08-08 9:20 ` [Qemu-devel] " Avi Kivity 2012-08-09 7:27 ` liu ping fan 2012-08-09 7:27 ` [Qemu-devel] " liu ping fan 2012-08-09 8:38 ` Avi Kivity 2012-08-09 8:38 ` [Qemu-devel] " Avi Kivity 2012-08-10 6:44 ` liu ping fan 2012-08-10 6:44 ` [Qemu-devel] " liu ping fan 2012-08-12 8:43 ` Avi Kivity 2012-08-12 8:43 ` [Qemu-devel] " Avi Kivity 2012-08-08 6:25 ` [PATCH 07/15] memory: inc/dec mr's ref when adding/removing from mem view Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 6:25 ` [PATCH 08/15] memory: introduce PhysMap to present snapshot of toploygy Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:27 ` Avi Kivity 2012-08-08 9:27 ` [Qemu-devel] " Avi Kivity 2012-08-08 19:18 ` Blue Swirl 2012-08-08 19:18 ` [Qemu-devel] " Blue Swirl 2012-08-09 7:29 ` liu ping fan 2012-08-09 7:29 ` [Qemu-devel] " liu ping fan 2012-08-08 6:25 ` [PATCH 09/15] memory: prepare flatview and radix-tree for rcu style access Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:41 ` Avi Kivity 2012-08-08 9:41 ` [Qemu-devel] " Avi Kivity 2012-08-11 1:58 ` liu ping fan 2012-08-11 1:58 ` [Qemu-devel] " liu ping fan 2012-08-11 10:06 ` liu ping fan 2012-08-11 10:06 ` [Qemu-devel] " liu ping fan 2012-08-08 19:23 ` Blue Swirl 2012-08-08 19:23 ` [Qemu-devel] " Blue Swirl 2012-08-09 7:29 ` liu ping fan 2012-08-09 7:29 ` [Qemu-devel] " liu ping fan 2012-08-08 6:25 ` [PATCH 10/15] memory: change tcg related code to using PhysMap Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 6:25 ` [PATCH 11/15] lock: introduce global lock for device tree Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:41 ` Paolo Bonzini 2012-08-08 9:41 ` [Qemu-devel] " Paolo Bonzini 2012-08-09 7:28 ` liu ping fan 2012-08-09 7:28 ` [Qemu-devel] " liu ping fan 2012-08-09 7:41 ` Paolo Bonzini 2012-08-09 7:41 ` [Qemu-devel] " Paolo Bonzini 2012-08-08 9:42 ` Avi Kivity 2012-08-08 9:42 ` [Qemu-devel] " Avi Kivity 2012-08-09 7:27 ` liu ping fan 2012-08-09 7:27 ` [Qemu-devel] " liu ping fan 2012-08-09 8:31 ` Avi Kivity 2012-08-09 8:31 ` [Qemu-devel] " Avi Kivity 2012-08-08 6:25 ` [PATCH 12/15] qdev: using devtree lock to protect device's accessing Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:33 ` Peter Maydell 2012-08-08 9:33 ` [Qemu-devel] " Peter Maydell 2012-08-08 6:25 ` [PATCH 13/15] hotplug: introduce qdev_unplug_complete() to remove device from views Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:52 ` Paolo Bonzini [this message] 2012-08-08 9:52 ` Paolo Bonzini 2012-08-08 10:07 ` Avi Kivity 2012-08-08 10:07 ` [Qemu-devel] " Avi Kivity 2012-08-09 7:28 ` liu ping fan 2012-08-09 7:28 ` [Qemu-devel] " liu ping fan 2012-08-09 8:00 ` Paolo Bonzini 2012-08-09 8:00 ` [Qemu-devel] " Paolo Bonzini 2012-08-10 6:42 ` liu ping fan 2012-08-10 6:42 ` [Qemu-devel] " liu ping fan 2012-08-13 18:53 ` Marcelo Tosatti 2012-08-13 18:53 ` [Qemu-devel] " Marcelo Tosatti 2012-08-13 18:51 ` Marcelo Tosatti 2012-08-13 18:51 ` [Qemu-devel] " Marcelo Tosatti 2012-08-08 6:25 ` [PATCH 14/15] qom: object_unref call reclaimer Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:40 ` Paolo Bonzini 2012-08-08 9:40 ` [Qemu-devel] " Paolo Bonzini 2012-08-13 18:56 ` Marcelo Tosatti 2012-08-13 18:56 ` [Qemu-devel] " Marcelo Tosatti 2012-08-08 6:25 ` [PATCH 15/15] e1000: using new interface--unmap to unplug Liu Ping Fan 2012-08-08 6:25 ` [Qemu-devel] " Liu Ping Fan 2012-08-08 9:56 ` Paolo Bonzini 2012-08-08 9:56 ` [Qemu-devel] " Paolo Bonzini 2012-08-09 7:28 ` liu ping fan 2012-08-09 7:28 ` [Qemu-devel] " liu ping fan 2012-08-09 7:40 ` Paolo Bonzini 2012-08-09 7:40 ` [Qemu-devel] " Paolo Bonzini 2012-08-10 6:43 ` liu ping fan 2012-08-10 6:43 ` [Qemu-devel] " liu ping fan
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=502236D8.3040902@redhat.com \ --to=pbonzini@redhat.com \ --cc=afaerber@suse.de \ --cc=anthony@codemonkey.ws \ --cc=avi@redhat.com \ --cc=blauwirbel@gmail.com \ --cc=jan.kiszka@siemens.com \ --cc=kvm@vger.kernel.org \ --cc=mtosatti@redhat.com \ --cc=qemu-devel@nongnu.org \ --cc=qemulist@gmail.com \ --cc=stefanha@gmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.