On 08/08/2012 12:52 PM, Paolo Bonzini wrote:
> Il 08/08/2012 08:25, Liu Ping Fan ha scritto:
>> +void qdev_unplug_complete(DeviceState *dev, Error **errp)
>> +{
>> + /* isolate from mem view */
>> + qdev_unmap(dev);
>> + qemu_lock_devtree();
>> + /* isolate from device tree */
>> + qdev_unset_parent(dev);
>> + qemu_unlock_devtree();
>> + object_unref(OBJECT(dev));
>
> Rather than deferring the free, you should defer the unref. Otherwise
> the following can happen when you have "real" RCU access to the memory
> map on the read-side:
>
> VCPU thread I/O thread
> =====================================================================
> get MMIO request
> rcu_read_lock()
> walk memory map
> qdev_unmap()
> lock_devtree()
> ...
> unlock_devtree
> unref dev -> refcnt=0, free enqueued
> ref()
> rcu_read_unlock()
> free()
> <dangling pointer!>
unref should follow either synchronize_rcu(), or be in a call_rcu()
callback (deferring the unref). IMO synchronize_rcu() is sufficient
here, unplug is a truly slow path, esp. on real hardware.
--
error compiling committee.c: too many arguments to function
