On 2013-06-28 18:58, Paolo Bonzini wrote:
> The iothread mutex might be released between map and unmap, so the
> mapped region might disappear.
>
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
> ---
> exec.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index ea79aea..d28403b 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1994,6 +1994,7 @@ void cpu_physical_memory_write_rom(hwaddr addr,
> }
>
> typedef struct {
> + MemoryRegion *mr;
> void *buffer;
> hwaddr addr;
> hwaddr len;
> @@ -2091,6 +2092,9 @@ void *address_space_map(AddressSpace *as,
> bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
> bounce.addr = addr;
> bounce.len = l;
> +
> + memory_region_ref(mr);
> + bounce.mr = mr;
> if (!is_write) {
> address_space_read(as, addr, bounce.buffer, l);
> }
> @@ -2117,6 +2121,7 @@ void *address_space_map(AddressSpace *as,
> }
> }
>
> + memory_region_ref(mr);
> *plen = done;
> return qemu_ram_ptr_length(raddr + base, plen);
> }
> @@ -2129,9 +2134,12 @@ void address_space_unmap(AddressSpace *as, void
> *buffer, hwaddr len,
> int is_write, hwaddr access_len)
> {
> if (buffer != bounce.buffer) {
> + MemoryRegion *mr;
> + ram_addr_t addr1;
> +
> + mr = qemu_ram_addr_from_host(buffer, &addr1);
> + assert(mr);
> if (is_write) {
> - ram_addr_t addr1;
> - qemu_ram_addr_from_host(buffer, &addr1);
> while (access_len) {
> unsigned l;
> l = TARGET_PAGE_SIZE;
> @@ -2145,6 +2153,7 @@ void address_space_unmap(AddressSpace *as, void
> *buffer, hwaddr len,
> if (xen_enabled()) {
> xen_invalidate_map_cache_entry(buffer);
> }
> + memory_region_unref(mr);
> return;
> }
> if (is_write) {
> @@ -2152,6 +2161,7 @@ void address_space_unmap(AddressSpace *as, void
> *buffer, hwaddr len,
> }
> qemu_vfree(bounce.buffer);
> bounce.buffer = NULL;
> + memory_region_unref(bounce.mr);
> cpu_notify_map_clients();
> }
>
>
Reviewed-by: Jan Kiszka <jan.kis...@siemens.com>
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
