Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2196487/?format=api
{ "id": 2196487, "url": "http://patchwork.ozlabs.org/api/patches/2196487/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260214-region-v1-1-229f00ae1f38@rsg.ci.i.u-tokyo.ac.jp/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260214-region-v1-1-229f00ae1f38@rsg.ci.i.u-tokyo.ac.jp>", "list_archive_url": null, "date": "2026-02-14T04:33:36", "name": "virtio-gpu-virgl: Add virtio-gpu-virgl-hostmem-region type", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "a3b446b4e4077701701d193092cd8d0e061d145a", "submitter": { "id": 90980, "url": "http://patchwork.ozlabs.org/api/people/90980/?format=api", "name": "Akihiko Odaki", "email": "odaki@rsg.ci.i.u-tokyo.ac.jp" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260214-region-v1-1-229f00ae1f38@rsg.ci.i.u-tokyo.ac.jp/mbox/", "series": [ { "id": 492158, "url": "http://patchwork.ozlabs.org/api/series/492158/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=492158", "date": "2026-02-14T04:33:36", "name": "virtio-gpu-virgl: Add virtio-gpu-virgl-hostmem-region type", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/492158/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2196487/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2196487/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=fail reason=\"key not found in DNS\" header.d=rsg.ci.i.u-tokyo.ac.jp\n header.i=@rsg.ci.i.u-tokyo.ac.jp header.a=rsa-sha256 header.s=rs20250326\n header.b=i0g4utVv;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fCbmx2VSxz1xvS\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 14 Feb 2026 15:35:11 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vr7MR-000092-BG; Fri, 13 Feb 2026 23:34:27 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <odaki@rsg.ci.i.u-tokyo.ac.jp>)\n id 1vr7MP-00008Z-IG; Fri, 13 Feb 2026 23:34:25 -0500", "from www3579.sakura.ne.jp ([49.212.243.89])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <odaki@rsg.ci.i.u-tokyo.ac.jp>)\n id 1vr7MM-0002x2-89; Fri, 13 Feb 2026 23:34:25 -0500", "from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp\n [133.11.54.205]) (authenticated bits=0)\n by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 61E4XfFf021785\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);\n Sat, 14 Feb 2026 13:33:53 +0900 (JST)\n (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp)" ], "DKIM-Signature": "a=rsa-sha256; bh=sd3849txVWpf4agTIrXwJOdVo2SNRDihL4uhG/9jcOY=;\n c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp;\n h=From:Date:Subject:Message-Id:To;\n s=rs20250326; t=1771043633; v=1;\n b=i0g4utVv8C50Dlr8fI8zHSJTDKOWSdQoiaXOXqfYUXgGR+k1TS1vKLJRbdXDaC+k\n uTDrnRCTVYH7rIPTjoTRu2JOdZaoi41FLk2sE6s1DRu9Urx3biCF1+bcWLtbeyeL\n IcvBfsKm0rnZD+mpNQKyFwpZrOkuAX7IX6VxoOnSyf0g9ITa5fW1rsBK3xOd3cC2\n kOi4EBMh2cjtlbiHMp3k05HSMJxyT++g16YncJeyntwrmMEsSL5jdmCoBaYHt6zZ\n OCBokgWwSt2X1Q5EqardE6afZJX3BzEQGUwIsAHx6L4FI0OGjF+dADKLUUcDHqlH\n lpmy2DTmBzDv7PXKkSgKWA==", "From": "Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>", "Date": "Sat, 14 Feb 2026 13:33:36 +0900", "Subject": "[PATCH] virtio-gpu-virgl: Add virtio-gpu-virgl-hostmem-region type", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "7bit", "Message-Id": "<20260214-region-v1-1-229f00ae1f38@rsg.ci.i.u-tokyo.ac.jp>", "X-B4-Tracking": "v=1; b=H4sIAB/7j2kC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE\n vPSU3UzU4B8JSMDIzMDI0MT3aLUdKASXTNLg0RDc/NkAxNzUyWg4oKi1LTMCrBB0bG1tQAW5WF\n hWAAAAA==", "X-Change-ID": "20260214-region-690a177c0475", "To": "qemu-devel@nongnu.org", "Cc": "\"Michael S. Tsirkin\" <mst@redhat.com>,\n =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>,\n Dmitry Osipenko <dmitry.osipenko@collabora.com>,\n Joelle van Dyne <j@getutm.app>, Michael Tokarev <mjt@tls.msk.ru>,\n Peter Maydell <peter.maydell@linaro.org>, qemu-stable@nongnu.org,\n Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>", "X-Mailer": "b4 0.15-dev-67ece", "Received-SPF": "pass client-ip=49.212.243.89;\n envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp", "X-Spam_score_int": "-16", "X-Spam_score": "-1.7", "X-Spam_bar": "-", "X-Spam_report": "(-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,\n DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,\n RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=no autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "Commit e27194e087ae (\"virtio-gpu-virgl: correct parent for blob memory\nregion\") made the name member of MemoryRegion unset, causing a NULL\npointer dereference[1]:\n> Thread 2 \"qemu-system-x86\" received signal SIGSEGV, Segmentation fault.\n> (gdb) bt\n> #0 0x00007ffff56565e2 in __strcmp_evex () at /lib64/libc.so.6\n> #1 0x0000555555841bdb in find_fd (head=0x5555572337d0 <cpr_state>,\n> name=0x0, id=0) at ../migration/cpr.c:68\n> #2 cpr_delete_fd (name=name@entry=0x0, id=id@entry=0) at\n> ../migration/cpr.c:77\n> #3 0x000055555582290a in qemu_ram_free (block=0x7ff7e93aa7f0) at\n> ../system/physmem.c:2615\n> #4 0x000055555581ae02 in memory_region_finalize (obj=<optimized out>)\n> at ../system/memory.c:1816\n> #5 0x0000555555a70ab9 in object_deinit (obj=<optimized out>,\n> type=<optimized out>) at ../qom/object.c:715\n> #6 object_finalize (data=0x7ff7e936eff0) at ../qom/object.c:729\n> #7 object_unref (objptr=0x7ff7e936eff0) at ../qom/object.c:1232\n> #8 0x0000555555814fae in memory_region_unref (mr=<optimized out>) at\n> ../system/memory.c:1848\n> #9 flatview_destroy (view=0x555559ed6c40) at ../system/memory.c:301\n> #10 0x0000555555bfc122 in call_rcu_thread (opaque=<optimized out>) at\n> ../util/rcu.c:324\n> #11 0x0000555555bf17a7 in qemu_thread_start (args=0x555557b99520) at\n> ../util/qemu-thread-posix.c:393\n> #12 0x00007ffff556f464 in start_thread () at /lib64/libc.so.6\n> #13 0x00007ffff55f25ac in __clone3 () at /lib64/libc.so.6\n\nThe intention of the aforementioned commit is to prevent a MemoryRegion\nfrom parenting itself while its references is counted indendependently\nof the device. To achieve the same goal, add a type of QOM objects that\ncount references and parent MemoryRegions.\n\n[1] https://lore.kernel.org/qemu-devel/4eb93d7a-1fa9-4b3c-8ad7-a2eb64f025a0@collabora.com/\n\nCc: qemu-stable@nongnu.org\nFixes: e27194e087ae (\"virtio-gpu-virgl: correct parent for blob memory region\")\nSigned-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>\n---\n hw/display/virtio-gpu-virgl.c | 54 +++++++++++++++++++++++++++++++------------\n 1 file changed, 39 insertions(+), 15 deletions(-)\n\n\n---\nbase-commit: ece408818d27f745ef1b05fb3cc99a1e7a5bf580\nchange-id: 20260214-region-690a177c0475\n\nBest regards,\n-- \nAkihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>", "diff": "diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c\nindex ecf8494f3676..0f754829fb71 100644\n--- a/hw/display/virtio-gpu-virgl.c\n+++ b/hw/display/virtio-gpu-virgl.c\n@@ -52,11 +52,17 @@ virgl_get_egl_display(G_GNUC_UNUSED void *cookie)\n \n #if VIRGL_VERSION_MAJOR >= 1\n struct virtio_gpu_virgl_hostmem_region {\n+ Object parent_obj;\n MemoryRegion mr;\n struct VirtIOGPU *g;\n bool finish_unmapping;\n };\n \n+#define TYPE_VIRTIO_GPU_VIRGL_HOSTMEM_REGION \"virtio-gpu-virgl-hostmem-region\"\n+\n+OBJECT_DECLARE_SIMPLE_TYPE(virtio_gpu_virgl_hostmem_region,\n+ VIRTIO_GPU_VIRGL_HOSTMEM_REGION)\n+\n static struct virtio_gpu_virgl_hostmem_region *\n to_hostmem_region(MemoryRegion *mr)\n {\n@@ -70,14 +76,22 @@ static void virtio_gpu_virgl_resume_cmdq_bh(void *opaque)\n virtio_gpu_process_cmdq(g);\n }\n \n-static void virtio_gpu_virgl_hostmem_region_free(void *obj)\n+/*\n+ * MR could outlive the resource if MR's reference is held outside of\n+ * virtio-gpu. In order to prevent unmapping resource while MR is alive,\n+ * and thus, making the data pointer invalid, we will block virtio-gpu\n+ * command processing until MR is fully unreferenced and freed.\n+ */\n+static void virtio_gpu_virgl_hostmem_region_finalize(Object *obj)\n {\n- MemoryRegion *mr = MEMORY_REGION(obj);\n- struct virtio_gpu_virgl_hostmem_region *vmr;\n+ struct virtio_gpu_virgl_hostmem_region *vmr = VIRTIO_GPU_VIRGL_HOSTMEM_REGION(obj);\n VirtIOGPUBase *b;\n VirtIOGPUGL *gl;\n \n- vmr = to_hostmem_region(mr);\n+ if (!vmr->g) {\n+ return;\n+ }\n+\n vmr->finish_unmapping = true;\n \n b = VIRTIO_GPU_BASE(vmr->g);\n@@ -92,11 +106,26 @@ static void virtio_gpu_virgl_hostmem_region_free(void *obj)\n qemu_bh_schedule(gl->cmdq_resume_bh);\n }\n \n+static const TypeInfo virtio_gpu_virgl_hostmem_region_info = {\n+ .parent = TYPE_OBJECT,\n+ .name = TYPE_VIRTIO_GPU_VIRGL_HOSTMEM_REGION,\n+ .instance_size = sizeof(struct virtio_gpu_virgl_hostmem_region),\n+ .instance_finalize = virtio_gpu_virgl_hostmem_region_finalize\n+};\n+\n+static void virtio_gpu_virgl_types(void)\n+{\n+ type_register_static(&virtio_gpu_virgl_hostmem_region_info);\n+}\n+\n+type_init(virtio_gpu_virgl_types)\n+\n static int\n virtio_gpu_virgl_map_resource_blob(VirtIOGPU *g,\n struct virtio_gpu_virgl_resource *res,\n uint64_t offset)\n {\n+ g_autofree char *name = NULL;\n struct virtio_gpu_virgl_hostmem_region *vmr;\n VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);\n MemoryRegion *mr;\n@@ -117,21 +146,16 @@ virtio_gpu_virgl_map_resource_blob(VirtIOGPU *g,\n }\n \n vmr = g_new0(struct virtio_gpu_virgl_hostmem_region, 1);\n+ name = g_strdup_printf(\"blob[%\" PRIu32 \"]\", res->base.resource_id);\n+ object_initialize_child(OBJECT(g), name, vmr,\n+ TYPE_VIRTIO_GPU_VIRGL_HOSTMEM_REGION);\n vmr->g = g;\n \n mr = &vmr->mr;\n- memory_region_init_ram_ptr(mr, OBJECT(mr), NULL, size, data);\n+ memory_region_init_ram_ptr(mr, OBJECT(vmr), \"mr\", size, data);\n memory_region_add_subregion(&b->hostmem, offset, mr);\n memory_region_set_enabled(mr, true);\n \n- /*\n- * MR could outlive the resource if MR's reference is held outside of\n- * virtio-gpu. In order to prevent unmapping resource while MR is alive,\n- * and thus, making the data pointer invalid, we will block virtio-gpu\n- * command processing until MR is fully unreferenced and freed.\n- */\n- OBJECT(mr)->free = virtio_gpu_virgl_hostmem_region_free;\n-\n res->mr = mr;\n \n trace_virtio_gpu_cmd_res_map_blob(res->base.resource_id, vmr, mr);\n@@ -163,7 +187,7 @@ virtio_gpu_virgl_unmap_resource_blob(VirtIOGPU *g,\n * 1. Begin async unmapping with memory_region_del_subregion()\n * and suspend/block cmd processing.\n * 2. Wait for res->mr to be freed and cmd processing resumed\n- * asynchronously by virtio_gpu_virgl_hostmem_region_free().\n+ * asynchronously by virtio_gpu_virgl_hostmem_region_finalize().\n * 3. Finish the unmapping with final virgl_renderer_resource_unmap().\n */\n if (vmr->finish_unmapping) {\n@@ -186,7 +210,7 @@ virtio_gpu_virgl_unmap_resource_blob(VirtIOGPU *g,\n /* memory region owns self res->mr object and frees it by itself */\n memory_region_set_enabled(mr, false);\n memory_region_del_subregion(&b->hostmem, mr);\n- object_unref(OBJECT(mr));\n+ object_unparent(OBJECT(vmr));\n }\n \n return 0;\n", "prefixes": [] }