From patchwork Tue Jun 19 01:41:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 931282
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=nongnu.org
	(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;
	envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=linux.vnet.ibm.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="GnPx50Ab"; dkim-atps=neutral
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 418sJf5Dwcz9s37
	for <incoming@patchwork.ozlabs.org>;
	Tue, 19 Jun 2018 12:25:53 +1000 (AEST)
Received: from localhost ([::1]:38610 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1fV6L8-0006yf-2s
	for incoming@patchwork.ozlabs.org; Mon, 18 Jun 2018 22:25:50 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45544)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1fV5hl-0001JL-O5
	for qemu-devel@nongnu.org; Mon, 18 Jun 2018 21:45:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1fV5hk-0008DC-J4
	for qemu-devel@nongnu.org; Mon, 18 Jun 2018 21:45:09 -0400
Received: from mail-ot0-x22b.google.com ([2607:f8b0:4003:c0f::22b]:41124)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <flukshun@gmail.com>)
	id 1fV5hk-0008Cu-DD; Mon, 18 Jun 2018 21:45:08 -0400
Received: by mail-ot0-x22b.google.com with SMTP id d19-v6so20756217oti.8;
	Mon, 18 Jun 2018 18:45:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=GMgzRmin9XaAWYtAvbRrog4EI+qJbdFg8paxzDsOWjY=;
	b=GnPx50AbIHnT+UBMo6npQjxSYZ9cIx0gkpLnoBsg504igPDYuS90bXCMFpnB+Q7rjl
	+BpfWViYZ7tzncHVjjg3EqlmLnb0rPOZ9186YZ91vipRN7PPKijuwNHg0zT+5plXhA9o
	HxqWZKYsmCMRGVRT2QQ6XmwSojF9Jqd4UUhJuAEjUSLQTejrVHA64tJsiQnjF9RAEqmS
	MXhHYd8fkuZ8qISAGExumnT9udv05Apwckrpxdxw6ChPNj4jcOhFSR4RX+FWSk3SJd77
	nlDO5XPa8b7cir9bnearj+d0XWq8PQNaXcQzj80k4P/H/FoGkV+QmoSL1BU1HAoMckA3
	mXGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=GMgzRmin9XaAWYtAvbRrog4EI+qJbdFg8paxzDsOWjY=;
	b=Nze+P3mfi+znVVWW8gIiSjfZEolr72zXtrCfcOtYgA0jNfoYKO4qObmzr/WI/0p4Jl
	kcMnVeY+YTgDWXlsTfF9RSFpHfziAs6iUqbNRElihEj/MEsE1sUf0dMky61+40X7mhVo
	mmS+vBRtwNf7sLkagw9Pi15j64G1dHi82utJ/JhUewqktigouuWDACZtAp4fFI8K8CZl
	0mmw/YAy4eoiH/vY0n/JoJKnss9HoeTpZcEUpGdU8Nmestty/R6iE0XqxSYQMpf6oIJf
	nVEHaZniO0IAv2XM/Wfh/Oj4bPiizEsK6K9fsCwBrQ9ZO1SkReYe7GkXLG6bw5I8Z9MR
	g+4A==
X-Gm-Message-State: APt69E2TjxCWDTwU4JWWOaqv4ICgX9d0tlQz27aYRKZrbhgoTbqjvlWQ
	BJp4rkbem5Gd49ITcefoGICSu88z
X-Google-Smtp-Source: 
 ADUXVKJUzDchx8ZK2whzMXimjVVcJGdEssmQT1uGXEPhbJGjC3xz8pthSpMjFpL01cD1TTUKPXRBCQ==
X-Received: by 2002:a9d:542e:: with SMTP id
	j46-v6mr10297010oth.41.1529372707236;
	Mon, 18 Jun 2018 18:45:07 -0700 (PDT)
Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net.
	[76.251.165.188]) by smtp.gmail.com with ESMTPSA id
	97-v6sm7800093oth.15.2018.06.18.18.45.05
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 18 Jun 2018 18:45:06 -0700 (PDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Mon, 18 Jun 2018 20:41:56 -0500
Message-Id: <20180619014319.28272-31-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180619014319.28272-1-mdroth@linux.vnet.ibm.com>
References: <20180619014319.28272-1-mdroth@linux.vnet.ibm.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4003:c0f::22b
Subject: [Qemu-devel] [PATCH 030/113] address_space_read:
	address_space_to_flatview needs RCU lock
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-stable@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

From: Paolo Bonzini <pbonzini@redhat.com>

address_space_read is calling address_space_to_flatview but it can
be called outside the RCU lock.  To fix it, push the rcu_read_lock/unlock
pair up from flatview_read_full to address_space_read's constant size
fast path and address_space_read_full.

Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b2a44fcad74f1cc7a6786d38eba7db12ab2352ba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 exec.c                | 38 +++++++++++++++++++++++++-------------
 include/exec/memory.h | 23 +++++++++--------------
 2 files changed, 34 insertions(+), 27 deletions(-)

diff --git a/exec.c b/exec.c
index 884e243a84..7e3c5c67f0 100644
--- a/exec.c
+++ b/exec.c
@@ -2575,6 +2575,8 @@ static const MemoryRegionOps watch_mem_ops = {
     },
 };
 
+static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
+                                      MemTxAttrs attrs, uint8_t *buf, int len);
 static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
                                   const uint8_t *buf, int len);
 static bool flatview_access_valid(FlatView *fv, hwaddr addr, int len,
@@ -3092,24 +3094,18 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
     return result;
 }
 
-MemTxResult flatview_read_full(FlatView *fv, hwaddr addr,
-                               MemTxAttrs attrs, uint8_t *buf, int len)
+/* Called from RCU critical section.  */
+static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
+                                 MemTxAttrs attrs, uint8_t *buf, int len)
 {
     hwaddr l;
     hwaddr addr1;
     MemoryRegion *mr;
-    MemTxResult result = MEMTX_OK;
-
-    if (len > 0) {
-        rcu_read_lock();
-        l = len;
-        mr = flatview_translate(fv, addr, &addr1, &l, false);
-        result = flatview_read_continue(fv, addr, attrs, buf, len,
-                                        addr1, l, mr);
-        rcu_read_unlock();
-    }
 
-    return result;
+    l = len;
+    mr = flatview_translate(fv, addr, &addr1, &l, false);
+    return flatview_read_continue(fv, addr, attrs, buf, len,
+                                  addr1, l, mr);
 }
 
 static MemTxResult flatview_rw(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
@@ -3130,6 +3126,22 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
                        addr, attrs, buf, len, is_write);
 }
 
+MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
+                                    MemTxAttrs attrs, uint8_t *buf, int len)
+{
+    MemTxResult result = MEMTX_OK;
+    FlatView *fv;
+
+    if (len > 0) {
+        rcu_read_lock();
+        fv = address_space_to_flatview(as);
+        result = flatview_read(fv, addr, attrs, buf, len);
+        rcu_read_unlock();
+    }
+
+    return result;
+}
+
 MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
                                 MemTxAttrs attrs,
                                 const uint8_t *buf, int len)
diff --git a/include/exec/memory.h b/include/exec/memory.h
index ca544027fb..e7fdb1b79a 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1907,13 +1907,12 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
 
 
 /* Internal functions, part of the implementation of address_space_read.  */
+MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
+                                    MemTxAttrs attrs, uint8_t *buf, int len);
 MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
                                    MemTxAttrs attrs, uint8_t *buf,
                                    int len, hwaddr addr1, hwaddr l,
                                    MemoryRegion *mr);
-
-MemTxResult flatview_read_full(FlatView *fv, hwaddr addr,
-                               MemTxAttrs attrs, uint8_t *buf, int len);
 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr);
 
 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
@@ -1932,7 +1931,7 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
  *
  * Return a MemTxResult indicating whether the operation succeeded
  * or failed (eg unassigned memory, device rejected the transaction,
- * IOMMU fault).
+ * IOMMU fault).  Called within RCU critical section.
  *
  * @as: #AddressSpace to be accessed
  * @addr: address within that address space
@@ -1940,17 +1939,20 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
  * @buf: buffer with the data transferred
  */
 static inline __attribute__((__always_inline__))
-MemTxResult flatview_read(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
-                          uint8_t *buf, int len)
+MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
+                               MemTxAttrs attrs, uint8_t *buf,
+                               int len)
 {
     MemTxResult result = MEMTX_OK;
     hwaddr l, addr1;
     void *ptr;
     MemoryRegion *mr;
+    FlatView *fv;
 
     if (__builtin_constant_p(len)) {
         if (len) {
             rcu_read_lock();
+            fv = address_space_to_flatview(as);
             l = len;
             mr = flatview_translate(fv, addr, &addr1, &l, false);
             if (len == l && memory_access_is_direct(mr, false)) {
@@ -1963,18 +1965,11 @@ MemTxResult flatview_read(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
             rcu_read_unlock();
         }
     } else {
-        result = flatview_read_full(fv, addr, attrs, buf, len);
+        result = address_space_read_full(as, addr, attrs, buf, len);
     }
     return result;
 }
 
-static inline MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
-                                             MemTxAttrs attrs, uint8_t *buf,
-                                             int len)
-{
-    return flatview_read(address_space_to_flatview(as), addr, attrs, buf, len);
-}
-
 /**
  * address_space_read_cached: read from a cached RAM region
  *