From nobody Wed Feb 11 06:00:00 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1520239349302179.53838430225005;
 Mon, 5 Mar 2018 00:42:29 -0800 (PST)
Received: from localhost ([::1]:47842 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1eslhU-0000OS-Ja
	for importer@patchew.org; Mon, 05 Mar 2018 03:42:28 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35117)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1eslcD-0004Ld-Rc
	for qemu-devel@nongnu.org; Mon, 05 Mar 2018 03:37:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1eslcC-0004PJ-Vb
	for qemu-devel@nongnu.org; Mon, 05 Mar 2018 03:37:01 -0500
Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:42955)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <paolo.bonzini@gmail.com>)
	id 1eslcC-0004OP-Or; Mon, 05 Mar 2018 03:37:00 -0500
Received: by mail-wr0-x242.google.com with SMTP id k9so16250484wre.9;
	Mon, 05 Mar 2018 00:37:00 -0800 (PST)
Received: from donizetti.lan (94-36-191-219.adsl-ull.clienti.tiscali.it.
	[94.36.191.219]) by smtp.gmail.com with ESMTPSA id
	y23sm13206739wra.9.2018.03.05.00.36.58
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 05 Mar 2018 00:36:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=BLEr+kfoHVoZFjt/6KbncBfLMl00pPPN9dHIx7HqKk0=;
	b=aSokHvihAICxKTARwHXDlSVMahQ6SMDfnocbpzbhh2pLpJ38IReQXP3bCxfOx5ktk8
	WIVf+8kJsE/hsO2CVZ2GE5zddJpG+cw+1SkjTZfbMB7vJC+RluSBzFPuLEpCV2iGXGzB
	wNbrYaW1aJAGXMC5qLOQPybTdQzuR3qj32ySxur1ULFJMln8+ohMWY+gUDdsBB7SX2YP
	pXVfO+Du+2ePbHPZ8h10jUIUEwCtHdjrf/7c/qqQEawI1ao2k0CfoulwYXvBu1MpFJ3O
	UGvEC78fbeJLM9P0XCCR3DEiVv+NGeo/4ny13lhqL51XNH8idfdwEmzVE9HxcsDDnK83
	6c/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=BLEr+kfoHVoZFjt/6KbncBfLMl00pPPN9dHIx7HqKk0=;
	b=YZPEDkFuiVJQLytfFCvnKdKqJp6xM3+1DxpQPReBacT+rDDeBLVFeH5H7zyrpYUZLf
	i/FOkUUKh2KEIpwNm00SiOe7tB5if8/0FhLxXaPTWzja4uTFhzxnDXyo/ehHFtO4t8iN
	UAxDwwxsgZQG9WRy/XiI9td1gDrzYfE8nv8OzI1F9GfQsuzgWXq4UB6XTSrIarE7ndej
	vnAVruUQEhw3e3XHkhAyHZxd6JqNtK91cE15k9qAUt6VLNbw0OgM7cOhgRqDkn3Q5KPN
	fEIz0g7iiFaA0qUUjzlq348Rfjw59gfX0RmUFfHFoMuSZN04mXVqR8dBtPD8OFjAg5Sz
	wQVw==
X-Gm-Message-State: APf1xPDLvZVP5ewiyy1i3pkfN/3C4wokbszm2/LtdDGrY/xXWa/jL4c/
	ZUTMSg/lhMcH7QitoM8VdnfweFLX
X-Google-Smtp-Source: 
 AG47ELuYRob+uOmGdsRlsBIpvlXcWXCxqqueawhHFtLv/O4vkix42DemR5HUQIPUuPEAcB7KLTborA==
X-Received: by 10.223.181.152 with SMTP id c24mr12785277wre.233.1520239019323;
	Mon, 05 Mar 2018 00:36:59 -0800 (PST)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Mon,  5 Mar 2018 09:36:51 +0100
Message-Id: <20180305083655.6186-4-pbonzini@redhat.com>
X-Mailer: git-send-email 2.14.3
In-Reply-To: <20180305083655.6186-1-pbonzini@redhat.com>
References: <20180305083655.6186-1-pbonzini@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c0c::242
Subject: [Qemu-devel] [PATCH 3/7] address_space_write:
 address_space_to_flatview needs RCU lock
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>, qemu-stable@nongnu.org,
	David Gibson <david@gibson.dropbear.id.au>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

address_space_write is calling address_space_to_flatview but it can
be called outside the RCU lock.  To fix it, push the rcu_read_lock/unlock
pair up from flatview_write to address_space_write.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
 exec.c | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/exec.c b/exec.c
index e8d7b335b6..0b74b58d45 100644
--- a/exec.c
+++ b/exec.c
@@ -3074,6 +3074,7 @@ static MemTxResult flatview_write_continue(FlatView *=
fv, hwaddr addr,
     return result;
 }
=20
+/* Called from RCU critical section.  */
 static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs at=
trs,
                                   const uint8_t *buf, int len)
 {
@@ -3082,25 +3083,14 @@ static MemTxResult flatview_write(FlatView *fv, hwa=
ddr addr, MemTxAttrs attrs,
     MemoryRegion *mr;
     MemTxResult result =3D MEMTX_OK;
=20
-    if (len > 0) {
-        rcu_read_lock();
-        l =3D len;
-        mr =3D flatview_translate(fv, addr, &addr1, &l, true);
-        result =3D flatview_write_continue(fv, addr, attrs, buf, len,
-                                         addr1, l, mr);
-        rcu_read_unlock();
-    }
+    l =3D len;
+    mr =3D flatview_translate(fv, addr, &addr1, &l, true);
+    result =3D flatview_write_continue(fv, addr, attrs, buf, len,
+                                     addr1, l, mr);
=20
     return result;
 }
=20
-MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
-                                              MemTxAttrs attrs,
-                                              const uint8_t *buf, int len)
-{
-    return flatview_write(address_space_to_flatview(as), addr, attrs, buf,=
 len);
-}
-
 /* Called within RCU critical section.  */
 MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
                                    MemTxAttrs attrs, uint8_t *buf,
@@ -3209,6 +3199,23 @@ MemTxResult address_space_rw(AddressSpace *as, hwadd=
r addr,
                        addr, attrs, buf, len, is_write);
 }
=20
+MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
+                                MemTxAttrs attrs,
+                                const uint8_t *buf, int len)
+{
+    MemTxResult result =3D MEMTX_OK;
+    FlatView *fv;
+
+    if (len > 0) {
+        rcu_read_lock();
+        fv =3D address_space_to_flatview(as);
+        result =3D flatview_write(fv, addr, attrs, buf, len);
+        rcu_read_unlock();
+    }
+
+    return result;
+}
+
 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
                             int len, int is_write)
 {
--=20
2.14.3