From nobody Sun Apr 28 19:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 151635150299896.89741710244277; Fri, 19 Jan 2018 00:45:02 -0800 (PST) Received: from localhost ([::1]:35310 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ecSI8-0001Nh-1Q for importer@patchew.org; Fri, 19 Jan 2018 03:44:52 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53558) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ecSG0-0008V2-Md for qemu-devel@nongnu.org; Fri, 19 Jan 2018 03:42:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ecSFz-0004Dk-MD for qemu-devel@nongnu.org; Fri, 19 Jan 2018 03:42:40 -0500 Received: from mx1.redhat.com ([209.132.183.28]:49708) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ecSFz-00045s-Fm for qemu-devel@nongnu.org; Fri, 19 Jan 2018 03:42:39 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2207D81DF0; Fri, 19 Jan 2018 08:42:33 +0000 (UTC) Received: from xz-mi.nay.redhat.com (dhcp-14-131.nay.redhat.com [10.66.14.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id EAC3D60BE7; Fri, 19 Jan 2018 08:42:30 +0000 (UTC) From: Peter Xu To: qemu-devel@nongnu.org Date: Fri, 19 Jan 2018 16:42:18 +0800 Message-Id: <20180119084219.31187-2-peterx@redhat.com> In-Reply-To: <20180119084219.31187-1-peterx@redhat.com> References: <20180119084219.31187-1-peterx@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 19 Jan 2018 08:42:33 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [RFC 1/2] memory: do explicit cleanup when remove listeners X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexey Kardashevskiy , Paolo Bonzini , Alex Williamson , peterx@redhat.com, David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" When unregister memory listeners, we should call, e.g., region_del() (and possibly other undo operations) on every existing memory region sections there, otherwise we may leak resources that are held during the region_add(). This patch undo the stuff for the listeners, which emulates the case when the address space is set from current to an empty state. I found this problem when debugging a refcount leak issue that leads to a device unplug event lost (please see the "Bug:" line below). In that case, the leakage of resource is the PCI BAR memory region refcount. And since memory regions are not keeping their own refcount but onto their owners, so the vfio-pci device's (who is the owner of the PCI BAR memory regions) refcount is leaked, and event missing. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=3D1531393 Signed-off-by: Peter Xu --- memory.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/memory.c b/memory.c index 4b41fb837b..7d0064bd52 100644 --- a/memory.c +++ b/memory.c @@ -2609,6 +2609,29 @@ static void listener_add_address_space(MemoryListene= r *listener, flatview_unref(view); } =20 +static void listener_del_address_space(MemoryListener *listener, + AddressSpace *as) +{ + FlatView *view; + FlatRange *fr; + + view =3D address_space_get_flatview(as); + FOR_EACH_FLAT_RANGE(fr, view) { + MemoryRegionSection section =3D section_from_flat_range(fr, view); + + if (fr->dirty_log_mask && listener->log_stop) { + listener->log_stop(listener, §ion, fr->dirty_log_mask, 0); + } + if (listener->region_del) { + listener->region_del(listener, §ion); + } + } + if (listener->commit) { + listener->commit(listener); + } + flatview_unref(view); +} + void memory_listener_register(MemoryListener *listener, AddressSpace *as) { MemoryListener *other =3D NULL; @@ -2649,6 +2672,7 @@ void memory_listener_unregister(MemoryListener *liste= ner) return; } =20 + listener_del_address_space(listener, listener->address_space); QTAILQ_REMOVE(&memory_listeners, listener, link); QTAILQ_REMOVE(&listener->address_space->listeners, listener, link_as); listener->address_space =3D NULL; --=20 2.14.3 From nobody Sun Apr 28 19:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1516351501066834.9872187043981; Fri, 19 Jan 2018 00:45:01 -0800 (PST) Received: from localhost ([::1]:35311 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ecSID-0001QU-6z for importer@patchew.org; Fri, 19 Jan 2018 03:44:57 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53598) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ecSG3-000065-It for qemu-devel@nongnu.org; Fri, 19 Jan 2018 03:42:44 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ecSG2-0004JW-Rk for qemu-devel@nongnu.org; Fri, 19 Jan 2018 03:42:43 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50024) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ecSG2-0004HV-M7 for qemu-devel@nongnu.org; Fri, 19 Jan 2018 03:42:42 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CA1677CBA3; Fri, 19 Jan 2018 08:42:41 +0000 (UTC) Received: from xz-mi.nay.redhat.com (dhcp-14-131.nay.redhat.com [10.66.14.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8CC4660BE7; Fri, 19 Jan 2018 08:42:33 +0000 (UTC) From: Peter Xu To: qemu-devel@nongnu.org Date: Fri, 19 Jan 2018 16:42:19 +0800 Message-Id: <20180119084219.31187-3-peterx@redhat.com> In-Reply-To: <20180119084219.31187-1-peterx@redhat.com> References: <20180119084219.31187-1-peterx@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 19 Jan 2018 08:42:41 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [RFC 2/2] vfio: listener unregister before unset container X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexey Kardashevskiy , Paolo Bonzini , Alex Williamson , peterx@redhat.com, David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" After previous patch, listener unregister will need the container to be alive. Let's move this unregister phase to be before unset container, since that operation will free the backend container in kernel, then we'll get these after previous patch: qemu-system-x86_64: VFIO_UNMAP_DMA: -22 qemu-system-x86_64: vfio_dma_unmap(0x559bf53a4590, 0x0, 0xa0000) =3D -22 (I= nvalid argument) Signed-off-by: Peter Xu --- hw/vfio/common.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index b77be3a8b3..76cf28d462 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -1161,19 +1161,27 @@ static void vfio_disconnect_container(VFIOGroup *gr= oup) { VFIOContainer *container =3D group->container; =20 + QLIST_REMOVE(group, container_next); + group->container =3D NULL; + + /* + * Explicitly release the listener first before unset container, + * since unset may destroy the backend container if it's the last + * group. + */ + if (QLIST_EMPTY(&container->group_list)) { + vfio_listener_release(container); + } + if (ioctl(group->fd, VFIO_GROUP_UNSET_CONTAINER, &container->fd)) { error_report("vfio: error disconnecting group %d from container", group->groupid); } =20 - QLIST_REMOVE(group, container_next); - group->container =3D NULL; - if (QLIST_EMPTY(&container->group_list)) { VFIOAddressSpace *space =3D container->space; VFIOGuestIOMMU *giommu, *tmp; =20 - vfio_listener_release(container); QLIST_REMOVE(container, next); =20 QLIST_FOREACH_SAFE(giommu, &container->giommu_list, giommu_next, t= mp) { --=20 2.14.3