[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 1/4] exec: Atomic access to bounce buffer
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH v3 1/4] exec: Atomic access to bounce buffer |
|
Date: |
Mon, 16 Mar 2015 08:30:15 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
On 16/03/2015 06:31, Fam Zheng wrote:
> There could be a race condition when two processes call
> address_space_map concurrently and both want to use the bounce buffer.
>
> Add an in_use flag in BounceBuffer to sync it.
>
> Signed-off-by: Fam Zheng <address@hidden>
> ---
> exec.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/exec.c b/exec.c
> index e97071a..4080044 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -2483,6 +2483,7 @@ typedef struct {
> void *buffer;
> hwaddr addr;
> hwaddr len;
> + bool in_use;
> } BounceBuffer;
>
> static BounceBuffer bounce;
> @@ -2571,9 +2572,10 @@ void *address_space_map(AddressSpace *as,
> l = len;
> mr = address_space_translate(as, addr, &xlat, &l, is_write);
> if (!memory_access_is_direct(mr, is_write)) {
> - if (bounce.buffer) {
> + if (atomic_xchg(&bounce.in_use, true)) {
> return NULL;
> }
> + smp_mb();
smp_mb() not needed.
Ok with this change.
Paolo
> /* Avoid unbounded allocations */
> l = MIN(l, TARGET_PAGE_SIZE);
> bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
> @@ -2641,6 +2643,7 @@ void address_space_unmap(AddressSpace *as, void
> *buffer, hwaddr len,
> qemu_vfree(bounce.buffer);
> bounce.buffer = NULL;
> memory_region_unref(bounce.mr);
> + atomic_mb_set(&bounce.in_use, false);
> cpu_notify_map_clients();
> }
>
>