From nobody Sat May 18 16:46:57 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=bu.edu ARC-Seal: i=1; a=rsa-sha256; t=1674112101; cv=none; d=zohomail.com; s=zohoarc; b=UhohBvabsw8vGqNe/mP3TvORtSWXJZWB0dwKK104YDaSDAN3oIRFC9XpWm8Vhqms2gK992uwp9YLfkqMc45Nd7SneWsceAGzLcWbH25tCvYs8JUYk2HCIfSGpeBY7ySVjY9PoyFQjki761r5+Rvse/rPkOiwJc87CW5ms/LJVWA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674112101; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mLs7a7Ftr7qo3BjjTUcGQbWcDFtsi0J+OZS3/qg35qk=; b=c6yZVybjIbNrP6KhP4RSJsY5HHIFnrIMxlqgsBBy4ioCgtlvkwapaSpOuZ2xZ/skRTIqmVh1cDuBLSvVSp/SMSUSIz9UcV+C6AApu/c1+d4VwnABrHJfywXcdb0pdQoRAHX5pWGjOBARehJ7+65rbdS35TP19RF/5WrZrzhnZpE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1674112101075552.6418415879397; Wed, 18 Jan 2023 23:08:21 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pIOxj-0005T7-5k; Thu, 19 Jan 2023 02:03:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pIOxc-0005K9-6s for qemu-devel@nongnu.org; Thu, 19 Jan 2023 02:03:44 -0500 Received: from esa16.hc2706-39.iphmx.com ([216.71.140.205]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pIOxY-0000Ka-DK for qemu-devel@nongnu.org; Thu, 19 Jan 2023 02:03:43 -0500 Received: from mail-yb1-f197.google.com ([209.85.219.197]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 19 Jan 2023 02:03:38 -0500 Received: by mail-yb1-f197.google.com with SMTP id z17-20020a256651000000b007907852ca4dso1294740ybm.16 for ; Wed, 18 Jan 2023 23:03:38 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id az31-20020a05620a171f00b006fbbdc6c68fsm23714281qkb.68.2023.01.18.23.03.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 23:03:35 -0800 (PST) X-IronPort-RemoteIP: 209.85.219.197 X-IronPort-MID: 250579176 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:qm25vKP8lR4jREjvrR0blcFynXyQoLVcMsEvi/4bfWQNrUoig2cEz DAeUDqAbvveMGKhftl1aYvg/UgPuZfRx9BmSAZtpSBmQkwRlceUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vraf656CEmjslkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimEc3l48sfrZ80s25aWq4Vv0g3RlDRx1lA6G/5UqJM9HTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiG9Y+DyDX4pZlc/HKbix5m8AH+v1T2MzwyKtgo27hc9hZk L2hvHErIOsjFvSkdO81CnG0H8ziVEHvFXCuzXWX6KSuI0P6n3TE5PBXDFEqNrEk4rxyGnxf9 qweeWoKV0XW7w626OrTpuhEg80iKIz6NtpatCgxknfWCvEpRZ2FSKLPjTNa9G1o14YeQLCEP ptfMGswBPjDS0Qn1lM/AZYumuuyrnPiNTBUtTp5oIJtvjCOk10oj+aF3Nz9f4WKY8pSt12kg V3dpFTrXUg5bfOhxm/Qmp6rrqqV9c/hY6oLGbils/JnnlCX7moUDhIQSB28u/bRt6Klc9dWK khR6yB36KZrpRPtQd76UBm15nWDu3bwRuZtLgHz0ynVooK83upTLjNsouJpADD+iPILeA== IronPort-HdrOrdr: A9a23:TS1j6KBOWyB+vBnlHel655DYdb4zR+YMi2TDGXoBLSC9Ffbo6/ xG+c5w6faaskd2ZJhNo6HjBEDEewKmyXcX2/htAV7dZniehILAFugLhvqA/9SjIVyFygc078 ddmsNFebrN5DZB/KPHyTj9OfobhPe8zICUqdH380pNJDsaFJ2ILD0UNu9YKCBLrcV9a6bRbK DsnvavbgDOGEgqUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mLs7a7Ftr7qo3BjjTUcGQbWcDFtsi0J+OZS3/qg35qk=; b=ZEaXmUT0oisNOTb1d9/nvdptFJjUdKzUJAhBTHRJBDnuTMO/lB1ie8ZDSpZ/diCG+2 NuK/1DnMDPoFy8WbcrDd9be36qlIyiciDU5/y2VETvI1kKFbznQgucDYpGscXr9IMppb lw2Umc9g8Qv1/2RinRWl0nxdJx48de+jxqymuwAiKQbj70wVB8AHoKKKLzkwBenqR8Y0 NvziZbe7RPe0cu7astLOuown88TXmKf4xHZ1ln+kwHiB949fysOoeMwW7R+aECIsqMhw T/VNJlv8hzhUoZ7PJA2Sg3IX/EbKiZWZp61WDafpXeWu70C1HS0jICH9Rs96o5mmWuJt K6qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mLs7a7Ftr7qo3BjjTUcGQbWcDFtsi0J+OZS3/qg35qk=; b=bmaSfIws83ssNuWyo1y07b77SOSBna08CX+tAf8LfVEwTNEKYLnJnwhf5jQATp8dRl WNuZXOztc6e+/phwBWcdAwOiuIHnXH8XKl5ExMJuHT8dceH6mvZ9rGVd8FuY0JmpC5lx AFsiFUeP/m8q4wv5KVAkqWOqipTQVA1FeVEA1ssD12zygcQfIjc9Y6ntwlsiAktH1dw7 pgAnrncz2fmWtMSkPD1e6w2zsjrG5+BmMYGLIkYMTecyD1yQIkrXiJlOCNR196gRWjTb yOf6jxbh4cF+79lhxr7oEHRhXlAHVo2fG2vNGb4vzHYjtEFTciratvuYeBdTX2S9mnlV pWKQ== X-Gm-Message-State: AFqh2kpg+oq8mnJ9W8IadnzphpnWUdGLD3Dpua+NMSj/yMA1BPDSi5q6 TmqFmU17cvsliB+Ar6VUwNsAjj740lCmBOqPW/akFeDT8wZTeFcqAzRiFSxBpVcLat5lYSa9dlD Nn3MfdDfuKeaWCU/jhjxxCXTR/XTsJg== X-Received: by 2002:a25:d08b:0:b0:7b9:15c0:22e9 with SMTP id h133-20020a25d08b000000b007b915c022e9mr8057743ybg.21.1674111816317; Wed, 18 Jan 2023 23:03:36 -0800 (PST) X-Google-Smtp-Source: AMrXdXuS3PWZ6duXyiqcprWo5W+4lvv1cTJZQ74VPBu5XLRbQ+xbwPdhxAsxAdQ8tgFZep4CGXgS6w== X-Received: by 2002:a25:d08b:0:b0:7b9:15c0:22e9 with SMTP id h133-20020a25d08b000000b007b915c022e9mr8057717ybg.21.1674111815991; Wed, 18 Jan 2023 23:03:35 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen Subject: [PATCH v4 1/3] memory: prevent dma-reentracy issues Date: Thu, 19 Jan 2023 02:03:06 -0500 Message-Id: <20230119070308.321653-2-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230119070308.321653-1-alxndr@bu.edu> References: <20230119070308.321653-1-alxndr@bu.edu> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.71.140.205; envelope-from=alxndr@bu.edu; helo=esa16.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @bu.edu) X-ZM-MESSAGEID: 1674112101566100002 Content-Type: text/plain; charset="utf-8" Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA. This flag is set/checked prior to calling a device's MemoryRegion handlers, and set when device code initiates DMA. The purpose of this flag is to prevent two types of DMA-based reentrancy issues: 1.) mmio -> dma -> mmio case 2.) bh -> dma write -> mmio case These issues have led to problems such as stack-exhaustion and use-after-frees. Summary of the problem from Peter Maydell: https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5Kck= nhPRD5fPBZA@mail.gmail.com Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827 Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi --- include/hw/qdev-core.h | 7 +++++++ softmmu/memory.c | 15 +++++++++++++++ softmmu/trace-events | 1 + 3 files changed, 23 insertions(+) diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h index 35fddb19a6..8858195262 100644 --- a/include/hw/qdev-core.h +++ b/include/hw/qdev-core.h @@ -162,6 +162,10 @@ struct NamedClockList { QLIST_ENTRY(NamedClockList) node; }; =20 +typedef struct { + bool engaged_in_io; +} MemReentrancyGuard; + /** * DeviceState: * @realized: Indicates whether the device has been fully constructed. @@ -194,6 +198,9 @@ struct DeviceState { int alias_required_for_version; ResettableState reset; GSList *unplug_blockers; + + /* Is the device currently in mmio/pio/dma? Used to prevent re-entranc= y */ + MemReentrancyGuard mem_reentrancy_guard; }; =20 struct DeviceListener { diff --git a/softmmu/memory.c b/softmmu/memory.c index e05332d07f..90ffaaa4f5 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -533,6 +533,7 @@ static MemTxResult access_with_adjusted_size(hwaddr add= r, uint64_t access_mask; unsigned access_size; unsigned i; + DeviceState *dev =3D NULL; MemTxResult r =3D MEMTX_OK; =20 if (!access_size_min) { @@ -542,6 +543,17 @@ static MemTxResult access_with_adjusted_size(hwaddr ad= dr, access_size_max =3D 4; } =20 + /* Do not allow more than one simultanous access to a device's IO Regi= ons */ + if (mr->owner && + !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) { + dev =3D (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE= ); + if (dev->mem_reentrancy_guard.engaged_in_io) { + trace_memory_region_reentrant_io(get_cpu_index(), mr, addr, si= ze); + return MEMTX_ERROR; + } + dev->mem_reentrancy_guard.engaged_in_io =3D true; + } + /* FIXME: support unaligned access? */ access_size =3D MAX(MIN(size, access_size_max), access_size_min); access_mask =3D MAKE_64BIT_MASK(0, access_size * 8); @@ -556,6 +568,9 @@ static MemTxResult access_with_adjusted_size(hwaddr add= r, access_mask, attrs); } } + if (dev) { + dev->mem_reentrancy_guard.engaged_in_io =3D false; + } return r; } =20 diff --git a/softmmu/trace-events b/softmmu/trace-events index 22606dc27b..62d04ea9a7 100644 --- a/softmmu/trace-events +++ b/softmmu/trace-events @@ -13,6 +13,7 @@ memory_region_ops_read(int cpu_index, void *mr, uint64_t = addr, uint64_t value, u memory_region_ops_write(int cpu_index, void *mr, uint64_t addr, uint64_t v= alue, unsigned size, const char *name) "cpu %d mr %p addr 0x%"PRIx64" value= 0x%"PRIx64" size %u name '%s'" memory_region_subpage_read(int cpu_index, void *mr, uint64_t offset, uint6= 4_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64= " size %u" memory_region_subpage_write(int cpu_index, void *mr, uint64_t offset, uint= 64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx6= 4" size %u" +memory_region_reentrant_io(int cpu_index, void *mr, uint64_t offset, unsig= ned size) "cpu %d mr %p offset 0x%"PRIx64" size %u" memory_region_ram_device_read(int cpu_index, void *mr, uint64_t addr, uint= 64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64"= size %u" memory_region_ram_device_write(int cpu_index, void *mr, uint64_t addr, uin= t64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64= " size %u" memory_region_sync_dirty(const char *mr, const char *listener, int global)= "mr '%s' listener '%s' synced (global=3D%d)" --=20 2.39.0 From nobody Sat May 18 16:46:57 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=bu.edu ARC-Seal: i=1; a=rsa-sha256; t=1674112072; cv=none; d=zohomail.com; s=zohoarc; b=P4jCjeOf+jox2KZQ+Cu/cJ6DnYPLBvup7kI1iHx/AXsEOlHh+C4qnLUcw2eYIkOkvpJzy4BhXTuX24VFRKDsXOypMGl87oOzzNoxWzsc203cwHYWifhEQup1ZL/Ry+eSHB+GzsuQaA8asSEZSNbmOttZ2KtBnmpLHHL4KjW5VIk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674112072; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2giDB2PPJNn2gXornDaWomerDVImbh9Af956/AyFUYE=; b=NynDMwpKUsmpLCFwa0tmqv2X7NDqGIeF8RT0V5jo/xdrjSLV5ck1crw3ycXFLRHLjEzr28FpWkyaLpClHzIhVKw+vmA7DZ52ejasY2SDOlXTsFus8m+39OZlJTIVW5bplWmKdGttIsMa51VWJqyQHTEdXqjwJljC+GtdcYLopvk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1674112072089734.7751167246058; Wed, 18 Jan 2023 23:07:52 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pIOy8-0005qx-Cc; Thu, 19 Jan 2023 02:04:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pIOxp-0005be-6V for qemu-devel@nongnu.org; Thu, 19 Jan 2023 02:04:01 -0500 Received: from esa3.hc2706-39.iphmx.com ([68.232.154.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pIOxl-0000Lf-Ju for qemu-devel@nongnu.org; Thu, 19 Jan 2023 02:03:55 -0500 Received: from mail-qv1-f70.google.com ([209.85.219.70]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 19 Jan 2023 02:03:51 -0500 Received: by mail-qv1-f70.google.com with SMTP id k15-20020a0cd68f000000b00535261af1b1so573439qvi.13 for ; Wed, 18 Jan 2023 23:03:51 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id l23-20020a37f917000000b006fc2b672950sm23575695qkj.37.2023.01.18.23.03.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 23:03:49 -0800 (PST) X-IronPort-RemoteIP: 209.85.219.70 X-IronPort-MID: 252287273 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:WmxUza/eiFls5zkqAUAmDrUDPXyTJUtcMsCJ2f8bNWPcYEJGY0x3n WseWDzXPf+IZzGned52bI3lpk8GvZaHz9BhSwdv/nwxFiIbosf7XuiUfxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yI6jeTQHOGU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCkaGt MiaT/f3YTdJ4BYpdDNLg06/gEk35q+q4WpJ5gVWic1j5zcyqVFEVPrzGonsdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVHmZkh+AsBOsTAbzsAG6ZvXAdJHAathZ5RlqPgqo DlFncTYpQ7EpcQgksxEO/VTO3gW0aGrZNYriJVw2CCe5xSuTpfi/xlhJGsGNI8a+eEpPWZD8 NYCDjoJVCquoMvjldpXSsE07igiBMziPYdao285iD+GVbApRpfMR6iM7thdtNsyrpoWTLCOO oxDMGspM0yojx5nYz/7DLo3mPeuimPXeSAepV6IzUYyyzKOllYhj+Kya7I5fPS6WOILvh2Dh FvjxE6mCE5HEt2+lzW8pyfEaujn2HmTtJgpPKS18+MvjFCNy2g7DhoQWl2m5/6jhSaDt8l3L kUV/m83s/F3+hPzCNb6WBK8rTiPuRt0t8dsLtDWITqlksL8izt1zEBdJtKdQLTKbPMLeAE= IronPort-HdrOrdr: A9a23:5iSF+6xGTC+PvWSUDLiZKrPxb+skLtp133Aq2lEZdPWaSL39qy nIpoVm6fYuskdtZJhEo7y90ca7MBXhHKBOkMYs1NuZLWvbUS6TXflfBWWL+UyqJ8XRntQtmJ uIWZIOQeEZNDBB/IzHCOPRKadt/DD/ytHhuQ689QYWcegVUdAY0+4jMHfsLqQefmAvbvBVe/ v9l6l6SiKbCAoqh4aAdwI4tsf41pP2ffndEHk77nAcmWyzZfLB0s+PL/A0tS1xb9vBqY1Shl Qs/2HCl9qemsD+8AbV01na5YlXntyJ8Ko3OOW8zvINIjHbgQ6yDb4RKIGqjXQOuemq3k0nid /Wvn4bTrZOwkKURHi8pS320Q/63F8Vmg/f4G7du2LqpfriTjQgB/xAgp8xSGqp13Yd DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2giDB2PPJNn2gXornDaWomerDVImbh9Af956/AyFUYE=; b=APuGsyxtHA7oY+fPZnv5nzmtFWybHLpa540ExIAanZGh5JaQ5bCmWpTy0eHcttX2rt n1PJC/h90Z7KSqtMdpU8w+u9xYoiWJw5riWNY8sRUzQ5I6FBpAO0P0ysLySo75JITT6g X8eIPnbggoBM38kN9Dgi6tpuYaQ2B/sEkifGi2cDh8sX3g7RQKTN9gPYAcStw9h9SR4N T8/QJqXRZfiivCni+0Uxt6ejcKYn8aE8Jt0+sqPx0CmEt21Z0d3NU/k53AhafqMVKa37 OKNBT9Wfr8ZjjEJwV3zNVa9zhp7U/MFBuh1R//MDiRJHMn1zhnvcorrsrYbc0bW5wfSd i2CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2giDB2PPJNn2gXornDaWomerDVImbh9Af956/AyFUYE=; b=xFOH168KONQQhWAWwYSz2dVTGZRHiIp/fQb+D+eW2zu7QgbZMJslIU9o3Ah8ygTPbN UzHyNM/WcKN6PW32ilF5jOAIOoGt3VhXeOV/fgI/Y1qFqGD/LY8eNE1inNonmnIouMBB Zvzj96tK6SfOjk5FvcfABLuP5CCvWrrJojbTgcAsbwngvMr83xztS4HWHO/J6kWmTqyb 9pjDNQtRzWxVtHfTlGi0nNoYCydSwrf/tNVxl16fx0Yh2v2HvwD9bIJJnrJhoMurLRo8 mRzxk19HLuZCJ2yMIa6JAUvZRzzeCznZ5DjmsMf65NSHMDpY9qFjEaF7WJdcnf7QEKH5 KA0w== X-Gm-Message-State: AFqh2kqBAysEVMDbcp9Jumu4QIXYkxIkySUe8aoZTsxeGjzL+QlMGe8A AJz2o7s/hMf4i2Aum0lxhg2uTsHLtsD2u+2XUbiG3OhNmtu97JJmMFQAOMZ4UDkqlZ5ycgg0If4 G5uQq7GqCwNhtkGiv/YOBTKliajjTSw== X-Received: by 2002:ac8:51ce:0:b0:3b6:3b81:9a99 with SMTP id d14-20020ac851ce000000b003b63b819a99mr12937942qtn.14.1674111830334; Wed, 18 Jan 2023 23:03:50 -0800 (PST) X-Google-Smtp-Source: AMrXdXuE8xw+H+Nr746fUNgpsfmQoyKHRhlW6E97veC/t1q0G9dt8dEQG+KjgBeJbfRq3B9szOEEjw== X-Received: by 2002:ac8:51ce:0:b0:3b6:3b81:9a99 with SMTP id d14-20020ac851ce000000b003b63b819a99mr12937899qtn.14.1674111829996; Wed, 18 Jan 2023 23:03:49 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen , Fam Zheng , Kevin Wolf , Hanna Reitz , qemu-block@nongnu.org (open list:Block I/O path) Subject: [PATCH v4 2/3] async: Add an optional reentrancy guard to the BH API Date: Thu, 19 Jan 2023 02:03:07 -0500 Message-Id: <20230119070308.321653-3-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230119070308.321653-1-alxndr@bu.edu> References: <20230119070308.321653-1-alxndr@bu.edu> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=68.232.154.118; envelope-from=alxndr@bu.edu; helo=esa3.hc2706-39.iphmx.com X-Spam_score_int: -33 X-Spam_score: -3.4 X-Spam_bar: --- X-Spam_report: (-3.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @bu.edu) X-ZM-MESSAGEID: 1674112073587100001 Content-Type: text/plain; charset="utf-8" Devices can pass their MemoryReentrancyGuard (from their DeviceState), when creating new BHes. Then, the async API will toggle the guard before/after calling the BH call-back. This prevents bh->mmio reentrancy issues. Signed-off-by: Alexander Bulekov --- docs/devel/multiple-iothreads.txt | 2 ++ include/block/aio.h | 18 ++++++++++++++++-- include/qemu/main-loop.h | 7 +++++-- tests/unit/ptimer-test-stubs.c | 3 ++- util/async.c | 12 +++++++++++- util/main-loop.c | 5 +++-- 6 files changed, 39 insertions(+), 8 deletions(-) diff --git a/docs/devel/multiple-iothreads.txt b/docs/devel/multiple-iothre= ads.txt index 343120f2ef..e4fafed9d9 100644 --- a/docs/devel/multiple-iothreads.txt +++ b/docs/devel/multiple-iothreads.txt @@ -61,6 +61,7 @@ There are several old APIs that use the main loop AioCont= ext: * LEGACY qemu_aio_set_event_notifier() - monitor an event notifier * LEGACY timer_new_ms() - create a timer * LEGACY qemu_bh_new() - create a BH + * LEGACY qemu_bh_new_guarded() - create a BH with a device re-entrancy gu= ard * LEGACY qemu_aio_wait() - run an event loop iteration =20 Since they implicitly work on the main loop they cannot be used in code th= at @@ -72,6 +73,7 @@ Instead, use the AioContext functions directly (see inclu= de/block/aio.h): * aio_set_event_notifier() - monitor an event notifier * aio_timer_new() - create a timer * aio_bh_new() - create a BH + * aio_bh_new_guarded() - create a BH with a device re-entrancy guard * aio_poll() - run an event loop iteration =20 The AioContext can be obtained from the IOThread using diff --git a/include/block/aio.h b/include/block/aio.h index 0f65a3cc9e..94d661ff7e 100644 --- a/include/block/aio.h +++ b/include/block/aio.h @@ -23,6 +23,8 @@ #include "qemu/thread.h" #include "qemu/timer.h" #include "block/graph-lock.h" +#include "hw/qdev-core.h" + =20 typedef struct BlockAIOCB BlockAIOCB; typedef void BlockCompletionFunc(void *opaque, int ret); @@ -332,9 +334,11 @@ void aio_bh_schedule_oneshot_full(AioContext *ctx, QEM= UBHFunc *cb, void *opaque, * is opaque and must be allocated prior to its use. * * @name: A human-readable identifier for debugging purposes. + * @reentrancy_guard: A guard set when entering a cb to prevent + * device-reentrancy issues */ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, - const char *name); + const char *name, MemReentrancyGuard *reentrancy_g= uard); =20 /** * aio_bh_new: Allocate a new bottom half structure @@ -343,7 +347,17 @@ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *c= b, void *opaque, * string. */ #define aio_bh_new(ctx, cb, opaque) \ - aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb))) + aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)), NULL) + +/** + * aio_bh_new_guarded: Allocate a new bottom half structure with a + * reentrancy_guard + * + * A convenience wrapper for aio_bh_new_full() that uses the cb as the name + * string. + */ +#define aio_bh_new_guarded(ctx, cb, opaque, guard) \ + aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)), guard) =20 /** * aio_notify: Force processing of pending events. diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h index c25f390696..84d1ce57f0 100644 --- a/include/qemu/main-loop.h +++ b/include/qemu/main-loop.h @@ -389,9 +389,12 @@ void qemu_cond_timedwait_iothread(QemuCond *cond, int = ms); =20 void qemu_fd_register(int fd); =20 +#define qemu_bh_new_guarded(cb, opaque, guard) \ + qemu_bh_new_full((cb), (opaque), (stringify(cb)), guard) #define qemu_bh_new(cb, opaque) \ - qemu_bh_new_full((cb), (opaque), (stringify(cb))) -QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name); + qemu_bh_new_full((cb), (opaque), (stringify(cb)), NULL) +QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name, + MemReentrancyGuard *reentrancy_guard); void qemu_bh_schedule_idle(QEMUBH *bh); =20 enum { diff --git a/tests/unit/ptimer-test-stubs.c b/tests/unit/ptimer-test-stubs.c index f5e75a96b6..24d5413f9d 100644 --- a/tests/unit/ptimer-test-stubs.c +++ b/tests/unit/ptimer-test-stubs.c @@ -107,7 +107,8 @@ int64_t qemu_clock_deadline_ns_all(QEMUClockType type, = int attr_mask) return deadline; } =20 -QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name) +QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name, + MemReentrancyGuard *reentrancy_guard) { QEMUBH *bh =3D g_new(QEMUBH, 1); =20 diff --git a/util/async.c b/util/async.c index 14d63b3091..08924c3212 100644 --- a/util/async.c +++ b/util/async.c @@ -65,6 +65,7 @@ struct QEMUBH { void *opaque; QSLIST_ENTRY(QEMUBH) next; unsigned flags; + MemReentrancyGuard *reentrancy_guard; }; =20 /* Called concurrently from any thread */ @@ -133,7 +134,7 @@ void aio_bh_schedule_oneshot_full(AioContext *ctx, QEMU= BHFunc *cb, } =20 QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, - const char *name) + const char *name, MemReentrancyGuard *reentrancy_g= uard) { QEMUBH *bh; bh =3D g_new(QEMUBH, 1); @@ -142,13 +143,22 @@ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *= cb, void *opaque, .cb =3D cb, .opaque =3D opaque, .name =3D name, + .reentrancy_guard =3D reentrancy_guard, }; return bh; } =20 void aio_bh_call(QEMUBH *bh) { + if (bh->reentrancy_guard) { + bh->reentrancy_guard->engaged_in_io =3D true; + } + bh->cb(bh->opaque); + + if (bh->reentrancy_guard) { + bh->reentrancy_guard->engaged_in_io =3D false; + } } =20 /* Multiple occurrences of aio_bh_poll cannot be called concurrently. */ diff --git a/util/main-loop.c b/util/main-loop.c index 58f776a8c9..07d2e2040a 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -617,9 +617,10 @@ void main_loop_wait(int nonblocking) =20 /* Functions to operate on the main QEMU AioContext. */ =20 -QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name) +QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name, M= emReentrancyGuard *reentrancy_guard) { - return aio_bh_new_full(qemu_aio_context, cb, opaque, name); + return aio_bh_new_full(qemu_aio_context, cb, opaque, name, + reentrancy_guard); } =20 /* --=20 2.39.0 From nobody Sat May 18 16:46:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=bu.edu ARC-Seal: i=1; a=rsa-sha256; t=1674111923; cv=none; d=zohomail.com; s=zohoarc; b=nSRv1QjxHnODsIt122jf5PO8dvq4JueNnccHC+9Y0rQpPyhVixgEPf+guiWjZND9MTcy83Da9KOxUHt5wVAjR5bMipko5qp+1HELJD4GT4/eVK0r5XHu+9ZJin1pbMWtxeVXZObtmbkDrTa9FFIEQ0myLgQFve0r2tZyvMeFe64= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674111923; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=E4pJmeqUZRL40o660Z8ZlGFqTDULPb9loeeYL7ivzYk=; b=JdCCQxN63kQSvsb+y7lEtK3oSrtn9Z7XjLxEsSQ9wEriXKtL9n7LpQa31ADaao+p+cXWlrEdZZX+ezKuYYvL1OJ7UIReQu3YjPTN+oASEfix53Q8R6+7biFlTCHI6VRqZft2FCc5Z5od1I0jJMSwLhQasCsHssMZzvkF1EeAIZ4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1674111923898621.1526470395663; Wed, 18 Jan 2023 23:05:23 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.480873.745475 (Exim 4.92) (envelope-from ) id 1pIOyO-0003h3-MF; Thu, 19 Jan 2023 07:04:32 +0000 Received: by outflank-mailman (output) from mailman id 480873.745475; Thu, 19 Jan 2023 07:04:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pIOyO-0003gw-JR; Thu, 19 Jan 2023 07:04:32 +0000 Received: by outflank-mailman (input) for mailman id 480873; Thu, 19 Jan 2023 07:04:31 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pIOyM-0003go-KU for xen-devel@lists.xenproject.org; Thu, 19 Jan 2023 07:04:31 +0000 Received: from esa6.hc2706-39.iphmx.com (esa6.hc2706-39.iphmx.com [216.71.137.79]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 7d979c81-97c7-11ed-b8d1-410ff93cb8f0; Thu, 19 Jan 2023 08:04:19 +0100 (CET) Received: from mail-pg1-f200.google.com ([209.85.215.200]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 19 Jan 2023 02:04:17 -0500 Received: by mail-pg1-f200.google.com with SMTP id f132-20020a636a8a000000b00473d0b600ebso574650pgc.14 for ; Wed, 18 Jan 2023 23:04:17 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id t1-20020ac86a01000000b003a7e4129f83sm18379551qtr.85.2023.01.18.23.04.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 23:04:05 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 7d979c81-97c7-11ed-b8d1-410ff93cb8f0 X-IronPort-RemoteIP: 209.85.215.200 X-IronPort-MID: 256114136 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:Mgg4m6odkRjJLOh02gCcBQO34TteBmJYZBIvgKrLsJaIsI4StFCzt garIBmGOquCZjejfI9zaoSyo0NV65LUndQ3TwRsqHpgF3tG85acVYWSI3mrAy7DdceroGCLT ik9hnssCOhuExcwcz/0auCJQUFUjP3OHfykTbaeYUidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRnPKET5TcyqlFOZH4hDfDpR5fHatQMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+AsBOsDAbzsAB+v9T2M4nVKtio27hc+ada Tl6ncfYpQ8BZsUgkQmGOvVSO3gW0aZuodcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw8b1ZGmJK8 tUjdQsUTRei1/L1546Zc7w57igjBJGD0II3v3hhyXTBAq9jT8qbG+PF4thX2Dp2jcdLdRrcT 5BBOHw/MVKaOkAJYA9PYH49tL7Aan3XejlIrl6PjaAqpWXf0WSd1ZC3bYSMI4DTHps9ckCwm Xzj/HWjOSojP92WxxaG1G2ihf3tgnauMG4VPPjinhJwu3WDy2pWBBAIWF+TpfiillX4S99ZM 1YT+Cclse417kPDczXmdxixoXrBphFFHtQKS7V85waKxa7ZpQ2eAwDoUwJ8VTDvj+duLRRC6 7NDt4qwbdCzmNV5kU6gy4o= IronPort-HdrOrdr: A9a23:MaDVNanKGvJNSRdkX/YQcqo/wmXpDfL63DAbv31ZSRFFG/FwWf re+MjzsiWE9Ar5PUtLpTnuAtjnfZqxz+8W3WBVB8bYYOCEghrUEGgd1/qa/9SIIUSXnZ8/6U 4jSdkFNDSZNzhHZK3BkW6F+rgbsby62ZHtr8vli1lWcSFWR5dJ0zpZYzzrbXGehzMrOXP6Lv ehDwZ8yQZIAU5nFvhTz0NrPtT+mw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E4pJmeqUZRL40o660Z8ZlGFqTDULPb9loeeYL7ivzYk=; b=ERPQXJu68/Xrio72aqd90/8aXjLFP56cuoy3sx/p6kVl0WhCKpltFDZLolkrLIvf4o 9uyW2urXEyB/MOucUaDHO1jrPXoLkLTArwXrWX675ObuVv0etuwI6oxl98ZLJXin3sJZ ggFShoU7k+bI+quxKiJKeP8f84ga/HumJjZigToxq9qPuYWYqS/Zq3NEmwtagmBrLD+R MYzKeGLfKtCmRQbWAaaA85JKep04kwMCJgTg/Mr9Y01Ip267ETiZtbrkJJnprHQVa3o2 3TXWuLwxRB48vuwCLPFlIAzEr0Ft22Yodga0PVvXex5tseSc+wEoDv0bjaU1LIRz00LD ivNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E4pJmeqUZRL40o660Z8ZlGFqTDULPb9loeeYL7ivzYk=; b=RWf5HZEHaHkN7qUbzttaDIVTm6u2SambcL5/tj6ldCU7hGG+UFm2s4FTx9/qPdYVhq 6MFzpgp9PMMb04cSYOydJtq/6xSzksAxRjuqvkPDxgyFJ7I4gWaBSme6DXPjPCnnyvB/ 8/rNqALLfvLN7RWr0wpNqJnZducGFjMFO92gDnrAJWvXCHu7tTlJqHXIkSPMINoQ9HnX 6CwenIsYQAjeD5bKfm4PtEy70KnykwZWQH3E1CN+wA9lvAiv5LFHMVU0E3I3duoVcURd qAPe9qzb15gtzh6KlcgwkdvyHf81u9psCRY/uhpayofbeZRrRzFAKkjIS9JCIiW2ZKQ8 toYA== X-Gm-Message-State: AFqh2kqzPQEN3mr5NEirLa3+PbaF2lB200Jt1riM8Jj9Rg+M8NYxir70 2NbejQ4Xs0x5ye+Ys23u2JAMptX+XSF8/zsBrxEryc/xy6kf8+DxYuJH508/H/CUAwOmu6PwwFd HDpbizl8s8xQWxLMramfSBKTOHc3MVhoPzdOWK0y2yQ== X-Received: by 2002:ac8:45cd:0:b0:3b6:3267:efa1 with SMTP id e13-20020ac845cd000000b003b63267efa1mr13310901qto.50.1674111845918; Wed, 18 Jan 2023 23:04:05 -0800 (PST) X-Google-Smtp-Source: AMrXdXtEiE9va0pYp6bJKPXscClk6pML4cboxFe+vd1v6BP6m1qJWNzzSQvjcX8dEBMmZQ3eqy2mUg== X-Received: by 2002:ac8:45cd:0:b0:3b6:3267:efa1 with SMTP id e13-20020ac845cd000000b003b63267efa1mr13310855qto.50.1674111845530; Wed, 18 Jan 2023 23:04:05 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen , Stefano Stabellini , Anthony Perard , Paul Durrant , Kevin Wolf , Hanna Reitz , Amit Shah , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , John Snow , Peter Maydell , Mark Cave-Ayland , Keith Busch , Klaus Jensen , Fam Zheng , Dmitry Fleytman , "Gonglei (Arei)" , xen-devel@lists.xenproject.org (open list:X86 Xen CPUs), qemu-block@nongnu.org (open list:virtio-blk), qemu-arm@nongnu.org (open list:i.MX31 (kzm)), qemu-ppc@nongnu.org (open list:Old World (g3beige)) Subject: [PATCH v4 3/3] hw: replace most qemu_bh_new calls with qemu_bh_new_guarded Date: Thu, 19 Jan 2023 02:03:08 -0500 Message-Id: <20230119070308.321653-4-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230119070308.321653-1-alxndr@bu.edu> References: <20230119070308.321653-1-alxndr@bu.edu> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CES-GSUITE_AUTH: bf3aNvsZpxl8 X-ZohoMail-DKIM: pass (identity @bu.edu) X-ZM-MESSAGEID: 1674111924864100003 Content-Type: text/plain; charset="utf-8" This protects devices from bh->mmio reentrancy issues. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi --- hw/9pfs/xen-9p-backend.c | 4 +++- hw/block/dataplane/virtio-blk.c | 3 ++- hw/block/dataplane/xen-block.c | 5 +++-- hw/block/virtio-blk.c | 5 +++-- hw/char/virtio-serial-bus.c | 3 ++- hw/display/qxl.c | 9 ++++++--- hw/display/virtio-gpu.c | 6 ++++-- hw/ide/ahci.c | 3 ++- hw/ide/core.c | 3 ++- hw/misc/imx_rngc.c | 6 ++++-- hw/misc/macio/mac_dbdma.c | 2 +- hw/net/virtio-net.c | 3 ++- hw/nvme/ctrl.c | 6 ++++-- hw/scsi/mptsas.c | 3 ++- hw/scsi/scsi-bus.c | 3 ++- hw/scsi/vmw_pvscsi.c | 3 ++- hw/usb/dev-uas.c | 3 ++- hw/usb/hcd-dwc2.c | 3 ++- hw/usb/hcd-ehci.c | 3 ++- hw/usb/hcd-uhci.c | 2 +- hw/usb/host-libusb.c | 6 ++++-- hw/usb/redirect.c | 6 ++++-- hw/usb/xen-usb.c | 3 ++- hw/virtio/virtio-balloon.c | 5 +++-- hw/virtio/virtio-crypto.c | 3 ++- 25 files changed, 66 insertions(+), 35 deletions(-) diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index 65c4979c3c..f077c1b255 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -441,7 +441,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xen= dev) xen_9pdev->rings[i].ring.out =3D xen_9pdev->rings[i].data + XEN_FLEX_RING_SIZE(ring_order); =20 - xen_9pdev->rings[i].bh =3D qemu_bh_new(xen_9pfs_bh, &xen_9pdev->ri= ngs[i]); + xen_9pdev->rings[i].bh =3D qemu_bh_new_guarded(xen_9pfs_bh, + &xen_9pdev->rings[i], + &DEVICE(xen_9pdev)->m= em_reentrancy_guard); xen_9pdev->rings[i].out_cons =3D 0; xen_9pdev->rings[i].out_size =3D 0; xen_9pdev->rings[i].inprogress =3D false; diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-bl= k.c index 26f965cabc..191a8c90aa 100644 --- a/hw/block/dataplane/virtio-blk.c +++ b/hw/block/dataplane/virtio-blk.c @@ -127,7 +127,8 @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, V= irtIOBlkConf *conf, } else { s->ctx =3D qemu_get_aio_context(); } - s->bh =3D aio_bh_new(s->ctx, notify_guest_bh, s); + s->bh =3D aio_bh_new_guarded(s->ctx, notify_guest_bh, s, + &DEVICE(s)->mem_reentrancy_guard); s->batch_notify_vqs =3D bitmap_new(conf->num_queues); =20 *dataplane =3D s; diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c index 2785b9e849..e31806b317 100644 --- a/hw/block/dataplane/xen-block.c +++ b/hw/block/dataplane/xen-block.c @@ -632,8 +632,9 @@ XenBlockDataPlane *xen_block_dataplane_create(XenDevice= *xendev, } else { dataplane->ctx =3D qemu_get_aio_context(); } - dataplane->bh =3D aio_bh_new(dataplane->ctx, xen_block_dataplane_bh, - dataplane); + dataplane->bh =3D aio_bh_new_guarded(dataplane->ctx, xen_block_datapla= ne_bh, + dataplane, + &DEVICE(xendev)->mem_reentrancy_gua= rd); =20 return dataplane; } diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index f717550fdc..e9f516e633 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -866,8 +866,9 @@ static void virtio_blk_dma_restart_cb(void *opaque, boo= l running, * requests will be processed while starting the data plane. */ if (!s->bh && !virtio_bus_ioeventfd_enabled(bus)) { - s->bh =3D aio_bh_new(blk_get_aio_context(s->conf.conf.blk), - virtio_blk_dma_restart_bh, s); + s->bh =3D aio_bh_new_guarded(blk_get_aio_context(s->conf.conf.blk), + virtio_blk_dma_restart_bh, s, + &DEVICE(s)->mem_reentrancy_guard); blk_inc_in_flight(s->conf.conf.blk); qemu_bh_schedule(s->bh); } diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index 7d4601cb5d..dd619f0731 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -985,7 +985,8 @@ static void virtser_port_device_realize(DeviceState *de= v, Error **errp) return; } =20 - port->bh =3D qemu_bh_new(flush_queued_data_bh, port); + port->bh =3D qemu_bh_new_guarded(flush_queued_data_bh, port, + &dev->mem_reentrancy_guard); port->elem =3D NULL; } =20 diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 6772849dec..67efa3c3ef 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -2223,11 +2223,14 @@ static void qxl_realize_common(PCIQXLDevice *qxl, E= rror **errp) =20 qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl); =20 - qxl->update_irq =3D qemu_bh_new(qxl_update_irq_bh, qxl); + qxl->update_irq =3D qemu_bh_new_guarded(qxl_update_irq_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_gua= rd); qxl_reset_state(qxl); =20 - qxl->update_area_bh =3D qemu_bh_new(qxl_render_update_area_bh, qxl); - qxl->ssd.cursor_bh =3D qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl-= >ssd); + qxl->update_area_bh =3D qemu_bh_new_guarded(qxl_render_update_area_bh,= qxl, + &DEVICE(qxl)->mem_reentrancy= _guard); + qxl->ssd.cursor_bh =3D qemu_bh_new_guarded(qemu_spice_cursor_refresh_b= h, &qxl->ssd, + &DEVICE(qxl)->mem_reentrancy_= guard); } =20 static void qxl_realize_primary(PCIDevice *dev, Error **errp) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 5e15c79b94..66ac9b6cc5 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1339,8 +1339,10 @@ void virtio_gpu_device_realize(DeviceState *qdev, Er= ror **errp) =20 g->ctrl_vq =3D virtio_get_queue(vdev, 0); g->cursor_vq =3D virtio_get_queue(vdev, 1); - g->ctrl_bh =3D qemu_bh_new(virtio_gpu_ctrl_bh, g); - g->cursor_bh =3D qemu_bh_new(virtio_gpu_cursor_bh, g); + g->ctrl_bh =3D qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, + &qdev->mem_reentrancy_guard); + g->cursor_bh =3D qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, + &qdev->mem_reentrancy_guard); QTAILQ_INIT(&g->reslist); QTAILQ_INIT(&g->cmdq); QTAILQ_INIT(&g->fenceq); diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 7ce001cacd..37091150cb 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1508,7 +1508,8 @@ static void ahci_cmd_done(const IDEDMA *dma) ahci_write_fis_d2h(ad); =20 if (ad->port_regs.cmd_issue && !ad->check_bh) { - ad->check_bh =3D qemu_bh_new(ahci_check_cmd_bh, ad); + ad->check_bh =3D qemu_bh_new_guarded(ahci_check_cmd_bh, ad, + &DEVICE(ad)->mem_reentrancy_gua= rd); qemu_bh_schedule(ad->check_bh); } } diff --git a/hw/ide/core.c b/hw/ide/core.c index 5d1039378f..8c8d1a8ec2 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -519,7 +519,8 @@ BlockAIOCB *ide_issue_trim( =20 iocb =3D blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); iocb->s =3D s; - iocb->bh =3D qemu_bh_new(ide_trim_bh_cb, iocb); + iocb->bh =3D qemu_bh_new_guarded(ide_trim_bh_cb, iocb, + &DEVICE(s)->mem_reentrancy_guard); iocb->ret =3D 0; iocb->qiov =3D qiov; iocb->i =3D -1; diff --git a/hw/misc/imx_rngc.c b/hw/misc/imx_rngc.c index 632c03779c..082c6980ad 100644 --- a/hw/misc/imx_rngc.c +++ b/hw/misc/imx_rngc.c @@ -228,8 +228,10 @@ static void imx_rngc_realize(DeviceState *dev, Error *= *errp) sysbus_init_mmio(sbd, &s->iomem); =20 sysbus_init_irq(sbd, &s->irq); - s->self_test_bh =3D qemu_bh_new(imx_rngc_self_test, s); - s->seed_bh =3D qemu_bh_new(imx_rngc_seed, s); + s->self_test_bh =3D qemu_bh_new_guarded(imx_rngc_self_test, s, + &dev->mem_reentrancy_guard); + s->seed_bh =3D qemu_bh_new_guarded(imx_rngc_seed, s, + &dev->mem_reentrancy_guard); } =20 static void imx_rngc_reset(DeviceState *dev) diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index efcc02609f..cc7e02203d 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -914,7 +914,7 @@ static void mac_dbdma_realize(DeviceState *dev, Error *= *errp) { DBDMAState *s =3D MAC_DBDMA(dev); =20 - s->bh =3D qemu_bh_new(DBDMA_run_bh, s); + s->bh =3D qemu_bh_new_guarded(DBDMA_run_bh, s, &dev->mem_reentrancy_gu= ard); } =20 static void mac_dbdma_class_init(ObjectClass *oc, void *data) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 3ae909041a..a170c724de 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -2885,7 +2885,8 @@ static void virtio_net_add_queue(VirtIONet *n, int in= dex) n->vqs[index].tx_vq =3D virtio_add_queue(vdev, n->net_conf.tx_queue_size, virtio_net_handle_tx_bh); - n->vqs[index].tx_bh =3D qemu_bh_new(virtio_net_tx_bh, &n->vqs[inde= x]); + n->vqs[index].tx_bh =3D qemu_bh_new_guarded(virtio_net_tx_bh, &n->= vqs[index], + &DEVICE(vdev)->mem_reent= rancy_guard); } =20 n->vqs[index].tx_waiting =3D 0; diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index f25cc2c235..dcb250e772 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -4318,7 +4318,8 @@ static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n,= uint64_t dma_addr, QTAILQ_INSERT_TAIL(&(sq->req_list), &sq->io_req[i], entry); } =20 - sq->bh =3D qemu_bh_new(nvme_process_sq, sq); + sq->bh =3D qemu_bh_new_guarded(nvme_process_sq, sq, + &DEVICE(sq->ctrl)->mem_reentrancy_guard); =20 if (n->dbbuf_enabled) { sq->db_addr =3D n->dbbuf_dbs + (sqid << 3); @@ -4708,7 +4709,8 @@ static void nvme_init_cq(NvmeCQueue *cq, NvmeCtrl *n,= uint64_t dma_addr, } } n->cq[cqid] =3D cq; - cq->bh =3D qemu_bh_new(nvme_post_cqes, cq); + cq->bh =3D qemu_bh_new_guarded(nvme_post_cqes, cq, + &DEVICE(cq->ctrl)->mem_reentrancy_guard); } =20 static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeRequest *req) diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c index c485da792c..3de288b454 100644 --- a/hw/scsi/mptsas.c +++ b/hw/scsi/mptsas.c @@ -1322,7 +1322,8 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error= **errp) } s->max_devices =3D MPTSAS_NUM_PORTS; =20 - s->request_bh =3D qemu_bh_new(mptsas_fetch_requests, s); + s->request_bh =3D qemu_bh_new_guarded(mptsas_fetch_requests, s, + &DEVICE(dev)->mem_reentrancy_guard= ); =20 scsi_bus_init(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info); } diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index ceceafb2cd..e5c9f7a53d 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -193,7 +193,8 @@ static void scsi_dma_restart_cb(void *opaque, bool runn= ing, RunState state) AioContext *ctx =3D blk_get_aio_context(s->conf.blk); /* The reference is dropped in scsi_dma_restart_bh.*/ object_ref(OBJECT(s)); - s->bh =3D aio_bh_new(ctx, scsi_dma_restart_bh, s); + s->bh =3D aio_bh_new_guarded(ctx, scsi_dma_restart_bh, s, + &DEVICE(s)->mem_reentrancy_guard); qemu_bh_schedule(s->bh); } } diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c index fa76696855..4de34536e9 100644 --- a/hw/scsi/vmw_pvscsi.c +++ b/hw/scsi/vmw_pvscsi.c @@ -1184,7 +1184,8 @@ pvscsi_realizefn(PCIDevice *pci_dev, Error **errp) pcie_endpoint_cap_init(pci_dev, PVSCSI_EXP_EP_OFFSET); } =20 - s->completion_worker =3D qemu_bh_new(pvscsi_process_completion_queue, = s); + s->completion_worker =3D qemu_bh_new_guarded(pvscsi_process_completion= _queue, s, + &DEVICE(pci_dev)->mem_reent= rancy_guard); =20 scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(pci_dev), &pvscsi_scsi_i= nfo); /* override default SCSI bus hotplug-handler, with pvscsi's one */ diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c index 88f99c05d5..f013ded91e 100644 --- a/hw/usb/dev-uas.c +++ b/hw/usb/dev-uas.c @@ -937,7 +937,8 @@ static void usb_uas_realize(USBDevice *dev, Error **err= p) =20 QTAILQ_INIT(&uas->results); QTAILQ_INIT(&uas->requests); - uas->status_bh =3D qemu_bh_new(usb_uas_send_status_bh, uas); + uas->status_bh =3D qemu_bh_new_guarded(usb_uas_send_status_bh, uas, + &d->mem_reentrancy_guard); =20 dev->flags |=3D (1 << USB_DEV_FLAG_IS_SCSI_STORAGE); scsi_bus_init(&uas->bus, sizeof(uas->bus), DEVICE(dev), &usb_uas_scsi_= info); diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 8755e9cbb0..a0c4e782b2 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -1364,7 +1364,8 @@ static void dwc2_realize(DeviceState *dev, Error **er= rp) s->fi =3D USB_FRMINTVL - 1; s->eof_timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_frame_boundary,= s); s->frame_timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_work_timer, s= ); - s->async_bh =3D qemu_bh_new(dwc2_work_bh, s); + s->async_bh =3D qemu_bh_new_guarded(dwc2_work_bh, s, + &dev->mem_reentrancy_guard); =20 sysbus_init_irq(sbd, &s->irq); } diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index d4da8dcb8d..c930c60921 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -2533,7 +2533,8 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev,= Error **errp) } =20 s->frame_timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s= ); - s->async_bh =3D qemu_bh_new(ehci_work_bh, s); + s->async_bh =3D qemu_bh_new_guarded(ehci_work_bh, s, + &dev->mem_reentrancy_guard); s->device =3D dev; =20 s->vmstate =3D qemu_add_vm_change_state_handler(usb_ehci_vm_state_chan= ge, s); diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c index 30ae0104bb..bdc891f57a 100644 --- a/hw/usb/hcd-uhci.c +++ b/hw/usb/hcd-uhci.c @@ -1193,7 +1193,7 @@ void usb_uhci_common_realize(PCIDevice *dev, Error **= errp) USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL); } } - s->bh =3D qemu_bh_new(uhci_bh, s); + s->bh =3D qemu_bh_new_guarded(uhci_bh, s, &DEVICE(dev)->mem_reentrancy= _guard); s->frame_timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, uhci_frame_timer, = s); s->num_ports_vmstate =3D NB_PORTS; QTAILQ_INIT(&s->queues); diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index 176868d345..f500db85ab 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -1141,7 +1141,8 @@ static void usb_host_nodev_bh(void *opaque) static void usb_host_nodev(USBHostDevice *s) { if (!s->bh_nodev) { - s->bh_nodev =3D qemu_bh_new(usb_host_nodev_bh, s); + s->bh_nodev =3D qemu_bh_new_guarded(usb_host_nodev_bh, s, + &DEVICE(s)->mem_reentrancy_guard= ); } qemu_bh_schedule(s->bh_nodev); } @@ -1739,7 +1740,8 @@ static int usb_host_post_load(void *opaque, int versi= on_id) USBHostDevice *dev =3D opaque; =20 if (!dev->bh_postld) { - dev->bh_postld =3D qemu_bh_new(usb_host_post_load_bh, dev); + dev->bh_postld =3D qemu_bh_new_guarded(usb_host_post_load_bh, dev, + &DEVICE(dev)->mem_reentrancy_= guard); } qemu_bh_schedule(dev->bh_postld); dev->bh_postld_pending =3D true; diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index fd7df599bc..39fbaaab16 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -1441,8 +1441,10 @@ static void usbredir_realize(USBDevice *udev, Error = **errp) } } =20 - dev->chardev_close_bh =3D qemu_bh_new(usbredir_chardev_close_bh, dev); - dev->device_reject_bh =3D qemu_bh_new(usbredir_device_reject_bh, dev); + dev->chardev_close_bh =3D qemu_bh_new_guarded(usbredir_chardev_close_b= h, dev, + &DEVICE(dev)->mem_reentran= cy_guard); + dev->device_reject_bh =3D qemu_bh_new_guarded(usbredir_device_reject_b= h, dev, + &DEVICE(dev)->mem_reentran= cy_guard); dev->attach_timer =3D timer_new_ms(QEMU_CLOCK_VIRTUAL, usbredir_do_att= ach, dev); =20 packet_id_queue_init(&dev->cancelled, dev, "cancelled"); diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c index 0f7369e7ed..dec91294ad 100644 --- a/hw/usb/xen-usb.c +++ b/hw/usb/xen-usb.c @@ -1021,7 +1021,8 @@ static void usbback_alloc(struct XenLegacyDevice *xen= dev) =20 QTAILQ_INIT(&usbif->req_free_q); QSIMPLEQ_INIT(&usbif->hotplug_q); - usbif->bh =3D qemu_bh_new(usbback_bh, usbif); + usbif->bh =3D qemu_bh_new_guarded(usbback_bh, usbif, + &DEVICE(xendev)->mem_reentrancy_guard); } =20 static int usbback_free(struct XenLegacyDevice *xendev) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 746f07c4d2..309cebacc6 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -908,8 +908,9 @@ static void virtio_balloon_device_realize(DeviceState *= dev, Error **errp) precopy_add_notifier(&s->free_page_hint_notify); =20 object_ref(OBJECT(s->iothread)); - s->free_page_bh =3D aio_bh_new(iothread_get_aio_context(s->iothrea= d), - virtio_ballloon_get_free_page_hints, = s); + s->free_page_bh =3D aio_bh_new_guarded(iothread_get_aio_context(s-= >iothread), + virtio_ballloon_get_free_page= _hints, s, + &DEVICE(s)->mem_reentrancy_gu= ard); } =20 if (virtio_has_feature(s->host_features, VIRTIO_BALLOON_F_REPORTING)) { diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 516425e26a..4c95f1096e 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -1050,7 +1050,8 @@ static void virtio_crypto_device_realize(DeviceState = *dev, Error **errp) vcrypto->vqs[i].dataq =3D virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_b= h); vcrypto->vqs[i].dataq_bh =3D - qemu_bh_new(virtio_crypto_dataq_bh, &vcrypto->vqs[i]); + qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs= [i], + &dev->mem_reentrancy_guard); vcrypto->vqs[i].vcrypto =3D vcrypto; } =20 --=20 2.39.0