[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 13/15] hotplug: introduce qdev_unplug_complete()
|
From: |
Avi Kivity |
|
Subject: |
Re: [Qemu-devel] [PATCH 13/15] hotplug: introduce qdev_unplug_complete() to remove device from views |
|
Date: |
Wed, 08 Aug 2012 13:07:27 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 |
On 08/08/2012 12:52 PM, Paolo Bonzini wrote:
> Il 08/08/2012 08:25, Liu Ping Fan ha scritto:
>> +void qdev_unplug_complete(DeviceState *dev, Error **errp)
>> +{
>> + /* isolate from mem view */
>> + qdev_unmap(dev);
>> + qemu_lock_devtree();
>> + /* isolate from device tree */
>> + qdev_unset_parent(dev);
>> + qemu_unlock_devtree();
>> + object_unref(OBJECT(dev));
>
> Rather than deferring the free, you should defer the unref. Otherwise
> the following can happen when you have "real" RCU access to the memory
> map on the read-side:
>
> VCPU thread I/O thread
> =====================================================================
> get MMIO request
> rcu_read_lock()
> walk memory map
> qdev_unmap()
> lock_devtree()
> ...
> unlock_devtree
> unref dev -> refcnt=0, free enqueued
> ref()
> rcu_read_unlock()
> free()
> <dangling pointer!>
unref should follow either synchronize_rcu(), or be in a call_rcu()
callback (deferring the unref). IMO synchronize_rcu() is sufficient
here, unplug is a truly slow path, esp. on real hardware.
--
error compiling committee.c: too many arguments to function
[Qemu-devel] [PATCH 15/15] e1000: using new interface--unmap to unplug, Liu Ping Fan, 2012/08/08