v3: Address Paolo's comments:
Use atomic_xchg for bounce buffer.
Use mutex and BH for map_client_list.
The global bounce buffer used for non-direct memory access is not thread-safe:
1) Access to "bounce" is not atomic.
2) Access to "map_client_list" is not atomic.
3) In dma_blk_cb, there is a race condition between:
mem = dma_memory_map(...
and
cpu_register_map_client(...
Bounce may become available after dma_memory_map failed but before
cpu_register_map_client is called.
4) The reschedule_dma is not in the right AioContext;
continue_after_map_failure called from other threads will race with
dma_aio_cancel.
This series fixes these issues respectively.
Fam Zheng (4):
exec: Atomic access to bounce buffer
exec: Protect map_client_list with mutex
exec: Notify cpu_register_map_client caller if the bounce buffer is
available
dma-helpers: Fix race condition of continue_after_map_failure and
dma_aio_cancel
dma-helpers.c | 17 +++++------
exec.c | 77 ++++++++++++++++++++++++++++++++---------------
include/exec/cpu-common.h | 3 +-
3 files changed, 62 insertions(+), 35 deletions(-)
--
1.9.3
