From patchwork Wed Apr 19 15:16:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mark Cave-Ayland X-Patchwork-Id: 1770759 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (4096-bit key; unprotected) header.d=ilande.co.uk header.i=@ilande.co.uk header.a=rsa-sha256 header.s=20220518 header.b=DDvQdQtZ; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q1kvY18ZRz1ybC for ; Thu, 20 Apr 2023 01:18:32 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pp9YV-0002Bw-CY; Wed, 19 Apr 2023 11:17:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp9YR-0002B0-1w for qemu-devel@nongnu.org; Wed, 19 Apr 2023 11:17:07 -0400 Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp9YO-0001kg-CR for qemu-devel@nongnu.org; Wed, 19 Apr 2023 11:17:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=dXLpAW5xn9aTWVccDDujZdP7T4c7jsbVfrgDBo7ESmo=; b=DDvQdQtZVP/L+YlWmx3yq3Yokv Qqe/3Y3mE4yud0/pVDOo+KyZHlRa3XsjF/IY1vUmr7CSMz317kTi3Za5RzmA835ADa7UjKF/kZTP5 RZLC7w0ByLHbJ0vW4n1/jjTgnnfJujva2eypy6LhNPfMlKePGiPDE8YIKUbIdh7AyYGpntkhqurtq 4Ojxe07fTME1RFoYTrjTyoCVJwq+NOlbKU32QuTXdt03R0sQLt7OgZco0MAAqoX4OmX8LP4A+7R6o jBYtIVYwKDmfSTEwMKhBdHKNZ7ux10c4sYAqOVX1wQOae+DW40Lx7BHEyqwVCWdNonZMqQbCwll5Y +LiEG0Uk9XL2i4wJTe3HAhr2XC64qpphXsxVu/EomPltThkHIu1DUDU2LF+Tk3egylHtheo0rNOLE UHTzJWqQkRiY8W9T8xAP2L0jdRdap0hH6oajqjH2eSNIZOOh7YNEyUrEhZpaa3xbHqLa0zJ+ifK88 jxyzrpWoel1XxQ5K7uSKgIzo5mFBCE2wGuJb/1LOnFuSMOP/DW7Y0JDna9fGAOoIIPt9xWtYFRzEa slkpFKvD/Ix1vagcv6ORr9FbIzPIGZFc8BpQx3nYnuggSYJAJYzCZ5qjPOIADRv8hKWpIUx89FxNo UjYr0am82UiuncRlAGGRAwOMp8mAX9lV8MFfHz2Y0=; Received: from host81-151-114-25.range81-151.btcentralplus.com ([81.151.114.25] helo=kentang.home) by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pp9XV-00041C-4p; Wed, 19 Apr 2023 16:16:09 +0100 From: Mark Cave-Ayland To: pbonzini@redhat.com, qemu-devel@nongnu.org Date: Wed, 19 Apr 2023 16:16:50 +0100 Message-Id: <20230419151652.362717-2-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230419151652.362717-1-mark.cave-ayland@ilande.co.uk> References: <20230419151652.362717-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 81.151.114.25 X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH 1/3] softmmu/ioport.c: allocate MemoryRegionPortioList ports on the heap X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk) Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org In order to facilitate a conversion of MemoryRegionPortioList to a QOM object move the allocation of MemoryRegionPortioList ports to the heap instead of using a variable-length member at the end of the MemoryRegionPortioList structure. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- softmmu/ioport.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/softmmu/ioport.c b/softmmu/ioport.c index cb8adb0b93..d0d5b0bcaa 100644 --- a/softmmu/ioport.c +++ b/softmmu/ioport.c @@ -35,7 +35,7 @@ typedef struct MemoryRegionPortioList { MemoryRegion mr; void *portio_opaque; - MemoryRegionPortio ports[]; + MemoryRegionPortio *ports; } MemoryRegionPortioList; static uint64_t unassigned_io_read(void *opaque, hwaddr addr, unsigned size) @@ -147,6 +147,7 @@ void portio_list_destroy(PortioList *piolist) for (i = 0; i < piolist->nr; ++i) { mrpio = container_of(piolist->regions[i], MemoryRegionPortioList, mr); object_unparent(OBJECT(&mrpio->mr)); + g_free(mrpio->ports); g_free(mrpio); } g_free(piolist->regions); @@ -227,9 +228,9 @@ static void portio_list_add_1(PortioList *piolist, unsigned i; /* Copy the sub-list and null-terminate it. */ - mrpio = g_malloc0(sizeof(MemoryRegionPortioList) + - sizeof(MemoryRegionPortio) * (count + 1)); + mrpio = g_malloc0(sizeof(MemoryRegionPortioList)); mrpio->portio_opaque = piolist->opaque; + mrpio->ports = g_malloc0(sizeof(MemoryRegionPortio) * (count + 1)); memcpy(mrpio->ports, pio_init, sizeof(MemoryRegionPortio) * count); memset(mrpio->ports + count, 0, sizeof(MemoryRegionPortio)); From patchwork Wed Apr 19 15:16:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mark Cave-Ayland X-Patchwork-Id: 1770762 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (4096-bit key; unprotected) header.d=ilande.co.uk header.i=@ilande.co.uk header.a=rsa-sha256 header.s=20220518 header.b=sXZoFQtA; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q1kvc6Htvz1ybC for ; Thu, 20 Apr 2023 01:18:36 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pp9YX-0002Db-RC; Wed, 19 Apr 2023 11:17:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp9YR-0002Bg-MH for qemu-devel@nongnu.org; Wed, 19 Apr 2023 11:17:07 -0400 Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp9YP-0001ro-1o for qemu-devel@nongnu.org; Wed, 19 Apr 2023 11:17:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=69YWgBkYYZ02iLttMw6v1R/FN+cbYbjRdXS0KAwXIBs=; b=sXZoFQtA9P1BbFAQImxFmUoSAq XWK8ob4blm/5Sbv4Way7ktJMzJjeVuue/YV+a1Q+IUB28SyeIt3g60ThOOlArhZRBCHs5STGgAoNu 29wXEC5/ZblcEWM17VZpJ/NRyvCVjnpRJz923vF/aezakhl3+wlfmk6zJl0+75q+ui6Kq0mE1PUmH 8tBGnSJ7IEY9/82k/BVrTo68jZ/h1xVd5gavup0NH+G1NdHdNmYO8+mOuLyw1ecLeSRTFg6v7ZUrv c1K7sIMkf9xfqZ4hXdWKQPs1AgwyeLiISoO8Le1rkQCAJcH632z6+0R4znRI0kxQcu0iB+ka8A6W+ qGEvu98dCypQuuqpmwyskysqT1Q9gd1RfQRfN/hRFK/CePvLTjQqcalkspz+a/kVnrZsAyjoEZ3ll GjTxWbVk18MuI+T3RW81IEp4ofOFwV8MpxbDVFmASbrwdxTBskCG3CwpA7Nf/L4MG1hAl5uLcMOoH Q2e3q+1AeU3fOFKkQHp06BBQm9RFL8GUEPUfXr8T0gnkxCGkwMwR3a4+MrovJYCX8x9S6qjAy/ycp obWbq/H31cGBwb2WupJNhtY/7uCxrkGgFjZ0qwZ/dgPWgIZReVYt1InQd3bYAH04adiC742j6CWmn RgmMXAQN+xyfPfeo5rFb4TYenDZaUS8vEoxrWB65Y=; Received: from host81-151-114-25.range81-151.btcentralplus.com ([81.151.114.25] helo=kentang.home) by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pp9XV-00041C-Hk; Wed, 19 Apr 2023 16:16:13 +0100 From: Mark Cave-Ayland To: pbonzini@redhat.com, qemu-devel@nongnu.org Date: Wed, 19 Apr 2023 16:16:51 +0100 Message-Id: <20230419151652.362717-3-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230419151652.362717-1-mark.cave-ayland@ilande.co.uk> References: <20230419151652.362717-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 81.151.114.25 X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH 2/3] softmmu/ioport.c: QOMify MemoryRegionPortioList X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk) Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The aim of QOMification is so that the lifetime of the MemoryRegionPortioList structure can be managed using QOM's in-built refcounting instead of having to handle this manually. Due to the use of an opaque pointer it isn't possible to model the new TYPE_MEMORY_REGION_PORTIO_LIST directly using QOM properties, however since use of the new object is restricted to the portio API we can simply set the opaque pointer (and the heap-allocated port list) internally. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- softmmu/ioport.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/softmmu/ioport.c b/softmmu/ioport.c index d0d5b0bcaa..238625a36f 100644 --- a/softmmu/ioport.c +++ b/softmmu/ioport.c @@ -32,11 +32,16 @@ #include "exec/address-spaces.h" #include "trace.h" -typedef struct MemoryRegionPortioList { +struct MemoryRegionPortioList { + Object obj; + MemoryRegion mr; void *portio_opaque; MemoryRegionPortio *ports; -} MemoryRegionPortioList; +}; + +#define TYPE_MEMORY_REGION_PORTIO_LIST "memory-region-portio-list" +OBJECT_DECLARE_SIMPLE_TYPE(MemoryRegionPortioList, MEMORY_REGION_PORTIO_LIST) static uint64_t unassigned_io_read(void *opaque, hwaddr addr, unsigned size) { @@ -228,7 +233,8 @@ static void portio_list_add_1(PortioList *piolist, unsigned i; /* Copy the sub-list and null-terminate it. */ - mrpio = g_malloc0(sizeof(MemoryRegionPortioList)); + mrpio = MEMORY_REGION_PORTIO_LIST( + object_new(TYPE_MEMORY_REGION_PORTIO_LIST)); mrpio->portio_opaque = piolist->opaque; mrpio->ports = g_malloc0(sizeof(MemoryRegionPortio) * (count + 1)); memcpy(mrpio->ports, pio_init, sizeof(MemoryRegionPortio) * count); @@ -298,3 +304,16 @@ void portio_list_del(PortioList *piolist) memory_region_del_subregion(piolist->address_space, &mrpio->mr); } } + +static const TypeInfo memory_region_portio_list_info = { + .parent = TYPE_OBJECT, + .name = TYPE_MEMORY_REGION_PORTIO_LIST, + .instance_size = sizeof(MemoryRegionPortioList), +}; + +static void ioport_register_types(void) +{ + type_register_static(&memory_region_portio_list_info); +} + +type_init(ioport_register_types) From patchwork Wed Apr 19 15:16:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mark Cave-Ayland X-Patchwork-Id: 1770761 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (4096-bit key; unprotected) header.d=ilande.co.uk header.i=@ilande.co.uk header.a=rsa-sha256 header.s=20220518 header.b=AdmurUTS; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q1kvY1bgvz23tY for ; Thu, 20 Apr 2023 01:18:32 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pp9YZ-0002Dk-FP; Wed, 19 Apr 2023 11:17:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp9YW-0002CV-LW for qemu-devel@nongnu.org; Wed, 19 Apr 2023 11:17:12 -0400 Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp9YU-0001yd-KP for qemu-devel@nongnu.org; Wed, 19 Apr 2023 11:17:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=1qywIM3PSPm4u0V0yB57cICscdrKSPEJAz0977NsRcg=; b=AdmurUTSxQxegMZa7tXh/ebz25 a4ON4Br9ZkB79dhpjCMuwGk+pbMp32lbhCVP0pcVYxzwkb/KQGidZWxi5rXrcFVYS4oLgfimXW/Ud fg7pYy7ppeqKp+Dg0suc6+aPNCxQFyk+f/wVwnu+S3BNO29KBr+2lk8sX2+y/EXF4aNKRGjXHK6l3 mkntRkXY5JjFiGgacBUP21Pennb6f5bvIRDN61/0jXjh4phQcDz9HwFGFv4sOIvQqT2D+jcBnpTfH M8fFh4DkoP0MkGiaTqBbP9I9eNRtX8gShCBkzRvvpIgH2p3mwmp0dThM7NM2fJv2p7cJ5seWpBJql UpOQMm0SfkSnoe0Ij/OO3QPBmpZEA0g5P38kFzlPovQEbc2bAsxGmwamkFbXN6M3knUinPHQQ8ycW e5e5fV6+46ksYmQMtUfNsf5FLuBNszdF6Zz8jfOD0EgovttAsx8RbWkH3mEXH7KGMLkoZuOr3qhvo kY//PY5OkGGAXWjc5STcVnOPJV1TuLoVgi8eR/om0K/hvoLk6NZ2splLuiuVGbKY+bInTQL+mvIvT k7YInIdS2Hlo1zVDr/PvYo10YVftLfDXnX5EhE3eCQxGnboVr/q1osc6piGYjvChZkcgHCUaD4KZO DraTDpmU703mwZR2/qcNvTZ0VlWkqBEOus7VauJiQ=; Received: from host81-151-114-25.range81-151.btcentralplus.com ([81.151.114.25] helo=kentang.home) by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pp9XZ-00041C-PA; Wed, 19 Apr 2023 16:16:17 +0100 From: Mark Cave-Ayland To: pbonzini@redhat.com, qemu-devel@nongnu.org Date: Wed, 19 Apr 2023 16:16:52 +0100 Message-Id: <20230419151652.362717-4-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230419151652.362717-1-mark.cave-ayland@ilande.co.uk> References: <20230419151652.362717-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 81.151.114.25 X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH 3/3] softmmu/ioport.c: make MemoryRegionPortioList owner of portio_list MemoryRegions X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk) Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Currently when portio_list MemoryRegions are freed using portio_list_destroy() the RCU thread segfaults generating a backtrace similar to that below: #0 0x5555599a34b6 in phys_section_destroy ../softmmu/physmem.c:996 #1 0x5555599a37a3 in phys_sections_free ../softmmu/physmem.c:1011 #2 0x5555599b24aa in address_space_dispatch_free ../softmmu/physmem.c:2430 #3 0x55555996a283 in flatview_destroy ../softmmu/memory.c:292 #4 0x55555a2cb9fb in call_rcu_thread ../util/rcu.c:284 #5 0x55555a29b71d in qemu_thread_start ../util/qemu-thread-posix.c:541 #6 0x7ffff4a0cea6 in start_thread nptl/pthread_create.c:477 #7 0x7ffff492ca2e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfca2e) The problem here is that portio_list_destroy() unparents the portio_list MemoryRegions causing them to be freed immediately, however the flatview still has a reference to the MemoryRegion and so causes a use-after-free segfault when the RCU thread next updates the flatview. Solve the lifetime issue by making MemoryRegionPortioList the owner of the portio_list MemoryRegions, and then reparenting them to the portio_list owner. This ensures that they can be accessed as QOM childen via the portio_list owner, yet the MemoryRegionPortioList owns the refcount. Update portio_list_destroy() to unparent the MemoryRegion from the portio_list owner and then add a finalize() method to MemoryRegionPortioList, so that the portio_list MemoryRegions remain allocated until flatview_destroy() removes the final refcount upon the next flatview update. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- softmmu/ioport.c | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/softmmu/ioport.c b/softmmu/ioport.c index 238625a36f..d89c659662 100644 --- a/softmmu/ioport.c +++ b/softmmu/ioport.c @@ -26,6 +26,7 @@ */ #include "qemu/osdep.h" +#include "qemu/rcu.h" #include "cpu.h" #include "exec/ioport.h" #include "exec/memory.h" @@ -152,8 +153,7 @@ void portio_list_destroy(PortioList *piolist) for (i = 0; i < piolist->nr; ++i) { mrpio = container_of(piolist->regions[i], MemoryRegionPortioList, mr); object_unparent(OBJECT(&mrpio->mr)); - g_free(mrpio->ports); - g_free(mrpio); + object_unref(mrpio); } g_free(piolist->regions); } @@ -230,6 +230,8 @@ static void portio_list_add_1(PortioList *piolist, unsigned off_low, unsigned off_high) { MemoryRegionPortioList *mrpio; + Object *owner; + char *name; unsigned i; /* Copy the sub-list and null-terminate it. */ @@ -246,8 +248,25 @@ static void portio_list_add_1(PortioList *piolist, mrpio->ports[i].base = start + off_low; } - memory_region_init_io(&mrpio->mr, piolist->owner, &portio_ops, mrpio, + /* + * The MemoryRegion owner is the MemoryRegionPortioList since that manages + * the lifecycle via the refcount + */ + memory_region_init_io(&mrpio->mr, OBJECT(mrpio), &portio_ops, mrpio, piolist->name, off_high - off_low); + + /* Reparent the MemoryRegion to the piolist owner */ + object_ref(&mrpio->mr); + object_unparent(OBJECT(&mrpio->mr)); + if (!piolist->owner) { + owner = container_get(qdev_get_machine(), "/unattached"); + } else { + owner = piolist->owner; + } + name = g_strdup_printf("%s[*]", piolist->name); + object_property_add_child(owner, name, OBJECT(&mrpio->mr)); + g_free(name); + if (piolist->flush_coalesced_mmio) { memory_region_set_flush_coalesced(&mrpio->mr); } @@ -305,10 +324,19 @@ void portio_list_del(PortioList *piolist) } } +static void memory_region_portio_list_finalize(Object *obj) +{ + MemoryRegionPortioList *mrpio = MEMORY_REGION_PORTIO_LIST(obj); + + object_unref(&mrpio->mr); + g_free(mrpio->ports); +} + static const TypeInfo memory_region_portio_list_info = { .parent = TYPE_OBJECT, .name = TYPE_MEMORY_REGION_PORTIO_LIST, .instance_size = sizeof(MemoryRegionPortioList), + .instance_finalize = memory_region_portio_list_finalize, }; static void ioport_register_types(void)