From mboxrd@z Thu Jan 1 00:00:00 1970 From: liu ping fan Subject: Re: [PATCH 13/15] hotplug: introduce qdev_unplug_complete() to remove device from views Date: Thu, 9 Aug 2012 15:28:27 +0800 Message-ID: References: <1344407156-25562-1-git-send-email-qemulist@gmail.com> <1344407156-25562-14-git-send-email-qemulist@gmail.com> <502236D8.3040902@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, Anthony Liguori , Avi Kivity , Jan Kiszka , Marcelo Tosatti , Stefan Hajnoczi , Blue Swirl , =?ISO-8859-1?Q?Andreas_F=E4rber?= To: Paolo Bonzini Return-path: Received: from mail-we0-f174.google.com ([74.125.82.174]:41914 "EHLO mail-we0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755748Ab2HIH2s (ORCPT ); Thu, 9 Aug 2012 03:28:48 -0400 Received: by weyx8 with SMTP id x8so86791wey.19 for ; Thu, 09 Aug 2012 00:28:47 -0700 (PDT) In-Reply-To: <502236D8.3040902@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Wed, Aug 8, 2012 at 5:52 PM, Paolo Bonzini wrote: > Il 08/08/2012 08:25, Liu Ping Fan ha scritto: >> +void qdev_unplug_complete(DeviceState *dev, Error **errp) >> +{ >> + /* isolate from mem view */ >> + qdev_unmap(dev); >> + qemu_lock_devtree(); >> + /* isolate from device tree */ >> + qdev_unset_parent(dev); >> + qemu_unlock_devtree(); >> + object_unref(OBJECT(dev)); > > Rather than deferring the free, you should defer the unref. Otherwise > the following can happen when you have "real" RCU access to the memory > map on the read-side: > > VCPU thread I/O thread > ===================================================================== > get MMIO request > rcu_read_lock() > walk memory map > qdev_unmap() > lock_devtree() > ... > unlock_devtree > unref dev -> refcnt=0, free enqueued > ref() No ref() for dev here, while we have ref to flatview+radix in my patches. I use rcu to protect radix+flatview+mr refered. As to dev, its ref has inc when it is added into mem view -- that is memory_region_add_subregion -> memory_region_get() { if(atomic_add_and_return()) dev->ref++ }. So not until reclaimer of mem view, the dev's ref is hold by mem view. In a short word, rcu protect mem view, while device is protected by refcnt. > rcu_read_unlock() > free() > > > If you defer the unref, you have instead > > VCPU thread I/O thread > ===================================================================== > get MMIO request > rcu_read_lock() > walk memory map > qdev_unmap() > lock_devtree() > ... > unlock_devtree > unref is enqueued > ref() -> refcnt = 2 > rcu_read_unlock() > unref() -> refcnt=1 > unref() -> refcnt = 1 > > So this also makes patch 14 unnecessary. > > Paolo > >> +} > > From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:46248) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SzNAn-0003vk-8b for qemu-devel@nongnu.org; Thu, 09 Aug 2012 03:28:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SzNAm-0008Vz-6R for qemu-devel@nongnu.org; Thu, 09 Aug 2012 03:28:49 -0400 Received: from mail-wg0-f41.google.com ([74.125.82.41]:54436) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SzNAm-0008Vv-1A for qemu-devel@nongnu.org; Thu, 09 Aug 2012 03:28:48 -0400 Received: by wgbds1 with SMTP id ds1so84961wgb.4 for ; Thu, 09 Aug 2012 00:28:47 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <502236D8.3040902@redhat.com> References: <1344407156-25562-1-git-send-email-qemulist@gmail.com> <1344407156-25562-14-git-send-email-qemulist@gmail.com> <502236D8.3040902@redhat.com> From: liu ping fan Date: Thu, 9 Aug 2012 15:28:27 +0800 Message-ID: Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [Qemu-devel] [PATCH 13/15] hotplug: introduce qdev_unplug_complete() to remove device from views List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: kvm@vger.kernel.org, Jan Kiszka , Marcelo Tosatti , qemu-devel@nongnu.org, Blue Swirl , Avi Kivity , Anthony Liguori , Stefan Hajnoczi , =?ISO-8859-1?Q?Andreas_F=E4rber?= On Wed, Aug 8, 2012 at 5:52 PM, Paolo Bonzini wrote: > Il 08/08/2012 08:25, Liu Ping Fan ha scritto: >> +void qdev_unplug_complete(DeviceState *dev, Error **errp) >> +{ >> + /* isolate from mem view */ >> + qdev_unmap(dev); >> + qemu_lock_devtree(); >> + /* isolate from device tree */ >> + qdev_unset_parent(dev); >> + qemu_unlock_devtree(); >> + object_unref(OBJECT(dev)); > > Rather than deferring the free, you should defer the unref. Otherwise > the following can happen when you have "real" RCU access to the memory > map on the read-side: > > VCPU thread I/O thread > ===================================================================== > get MMIO request > rcu_read_lock() > walk memory map > qdev_unmap() > lock_devtree() > ... > unlock_devtree > unref dev -> refcnt=0, free enqueued > ref() No ref() for dev here, while we have ref to flatview+radix in my patches. I use rcu to protect radix+flatview+mr refered. As to dev, its ref has inc when it is added into mem view -- that is memory_region_add_subregion -> memory_region_get() { if(atomic_add_and_return()) dev->ref++ }. So not until reclaimer of mem view, the dev's ref is hold by mem view. In a short word, rcu protect mem view, while device is protected by refcnt. > rcu_read_unlock() > free() > > > If you defer the unref, you have instead > > VCPU thread I/O thread > ===================================================================== > get MMIO request > rcu_read_lock() > walk memory map > qdev_unmap() > lock_devtree() > ... > unlock_devtree > unref is enqueued > ref() -> refcnt = 2 > rcu_read_unlock() > unref() -> refcnt=1 > unref() -> refcnt = 1 > > So this also makes patch 14 unnecessary. > > Paolo > >> +} > >