On Fri, Jun 19, 2015 at 05:19:44PM +0200, Paolo Bonzini wrote: > > > On 19/06/2015 15:34, Michael S. Tsirkin wrote: > > On Fri, Jun 19, 2015 at 12:44:26PM +0200, Paolo Bonzini wrote: > >> > >> > >> On 19/06/2015 12:14, Michael S. Tsirkin wrote: > >>> On Fri, Jun 19, 2015 at 10:52:47AM +0200, Paolo Bonzini wrote: > >>>> > >>>> > >>>> On 19/06/2015 10:05, Michael S. Tsirkin wrote: > >>>>>> No, only destruction of the memory region frees it. address_space_map > >>>>>> takes a reference to the memory region and address_space_unmap releases it. > >>>>>> > >>>>>> Paolo > >>>>> > >>>>> Confused. So can we call mmap(MAP_NORESERVE) in address_space_unmap > >>>>> after we detect refcount is 0? > >>>> > >>>> No, because in the meanwhile another DIMM could have been hotplugged > >>>> at the same place where the old one was. This is legal: > >>>> > >>>> user guest QEMU > >>>> ---------------------------------------------------------------------------------------- > >>>> start I/O > >>>> '---------------> address_space_map > >>>> device_del > >>>> '-------------------> receives SCI > >>>> executes _EJ0 > >>>> '---------------> memory_region_del_subregion > >>>> object_unparent > >>> > >>> So guest started DMA into memory, then ejected this memory while DMA > >>> is in progress? > >> > >> Yes. There is nothing that forbids doing that. > > > > Can we simply defer the next device_add using a hva until all IO completes? > > We could, but I/O is just an example. It can be I/O, a network ring, > whatever. We cannot audit all address_space_map uses. > > Paolo No need to audit them all: defer device_add using an hva range until address_space_unmap drops using hvas in range drops reference count to 0. -- MST -- To unsubscribe from this list: send the line "unsubscribe kvm" in
