On 07/03/2018 13:49, Cornelia Huck wrote:
> On Tue,  6 Mar 2018 14:19:15 +0100
> Paolo Bonzini <pbonz...@redhat.com> wrote:
> 
>> address_space_access_valid is calling address_space_to_flatview but it can
>> be called outside the RCU lock.  To fix it, push the rcu_read_lock/unlock
>> pair up from flatview_access_valid to address_space_access_valid.
>>
>> Reviewed-by: Alexey Kardashevskiy <a...@ozlabs.ru>
>> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>> ---
>>  exec.c | 12 ++++++++----
>>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> This one kills my s390x guests when running under tcg:
> 
> qemu-system-s390x: /home/cohuck/git/qemu/include/qemu/rcu.h:89: void 
> rcu_read_unlock(void): Assertion `p_rcu_reader->depth != 0' failed.
> 
> Easy to reproduce with the moon buggy image from the QEMU Advent
> Calendar:
> 
> s390x-softmmu/qemu-system-s390x -M s390-ccw-virtio -nographic -smp 2 -kernel 
> ~/Downloads/s390-moon-buggy/s390-bb.kernel -initrd 
> ~/Downloads/s390-moon-buggy/s390-moon-buggy.initrd

This is the fix for all of these:

diff --git a/exec.c b/exec.c
index 604f03c535..a9181e6417 100644
--- a/exec.c
+++ b/exec.c
@@ -3393,7 +3393,6 @@ static bool flatview_access_valid(FlatView *fv,
hwaddr addr, int len,
         if (!memory_access_is_direct(mr, is_write)) {
             l = memory_access_size(mr, l, addr);
             if (!memory_region_access_valid(mr, xlat, l, is_write)) {
-                rcu_read_unlock();
                 return false;
             }
         }

Paolo

Reply via email to