v4: Remove smp_mb() in patch 1.
Remove two cpu_exec_init_all() calls.
Rename cpu_notify_map_clients_unlocked -> cpu_notify_map_clients_locked.
Add Paolo's rev-by in patch 5.
v3: Address Paolo's comments:
Use atomic_xchg for bounce buffer.
Use mutex and BH for map_client_list.
The global bounce buffer used for non-direct memory access is not thread-safe:
1) Access to "bounce" is not atomic.
2) Access to "map_client_list" is not atomic.
3) In dma_blk_cb, there is a race condition between:
mem = dma_memory_map(...
and
cpu_register_map_client(...
Bounce may become available after dma_memory_map failed but before
cpu_register_map_client is called.
4) The reschedule_dma is not in the right AioContext;
continue_after_map_failure called from other threads will race with
dma_aio_cancel.
This series fixes these issues respectively.
Fam Zheng (5):
exec: Atomic access to bounce buffer
linux-user, bsd-user: Remove two calls to cpu_exec_init_all
exec: Protect map_client_list with mutex
exec: Notify cpu_register_map_client caller if the bounce buffer is
available
dma-helpers: Fix race condition of continue_after_map_failure and
dma_aio_cancel
bsd-user/main.c | 1 -
dma-helpers.c | 17 +++++------
exec.c | 76 +++++++++++++++++++++++++++++++----------------
include/exec/cpu-common.h | 3 +-
linux-user/main.c | 1 -
5 files changed, 61 insertions(+), 37 deletions(-)
--
1.9.3
