On Fri, Jun 19, 2015 at 10:52:47AM +0200, Paolo Bonzini wrote: > > > On 19/06/2015 10:05, Michael S. Tsirkin wrote: > > > No, only destruction of the memory region frees it. address_space_map > > > takes a reference to the memory region and address_space_unmap releases it. > > > > > > Paolo > > > > Confused. So can we call mmap(MAP_NORESERVE) in address_space_unmap > > after we detect refcount is 0? > > No, because in the meanwhile another DIMM could have been hotplugged > at the same place where the old one was. This is legal: > > user guest QEMU > ---------------------------------------------------------------------------------------- > start I/O > '---------------> address_space_map > device_del > '-------------------> receives SCI > executes _EJ0 > '---------------> memory_region_del_subregion > object_unparent > device_add > '-----------------------------------------> device_set_realized > hotplug_handler_plug > pc_machine_device_plug_cb > pc_dimm_plug > memory_region_add_subregion > > I/O finishes > address_space_unmap > > Surprise removal similarly could be done in QEMU, but it will hold to > some resources for as long as the device backends need them. > > Paolo OK so what's the problem with checking for this condition, after address_space_unmap detects that ref count is 0 and before calling mmap(MAP_NORESERVE)? At that point we are off the data path so we can take locks. -- MST -- To unsubscribe from this list: send the line "unsubscribe kvm" in