1. Patchew
  2. QEMU
  3. View series

[PATCH 00/35] memory: QOM-ify AddressSpace

Akihiko Odaki posted 35 patches 1 month, 4 weeks ago
Failed in applying to current master (apply log)
include/exec/cpu-common.h     |  4 +--
include/system/memory.h       | 20 +++++++++------
hw/alpha/typhoon.c            |  4 +--
hw/arm/armv7m.c               |  2 +-
hw/arm/aspeed_ast27x0.c       |  2 +-
hw/arm/smmu-common.c          |  5 ++--
hw/core/loader.c              |  8 +++---
hw/display/artist.c           |  2 +-
hw/display/bcm2835_fb.c       |  2 +-
hw/dma/bcm2835_dma.c          |  2 +-
hw/dma/pl080.c                |  2 +-
hw/dma/pl330.c                |  3 +--
hw/dma/rc4030.c               |  4 +--
hw/dma/xilinx_axidma.c        |  4 +--
hw/dma/xlnx-zdma.c            |  2 +-
hw/dma/xlnx_csu_dma.c         |  2 +-
hw/fsi/aspeed_apb2opb.c       |  2 +-
hw/i2c/aspeed_i2c.c           |  3 +--
hw/i386/amd_iommu.c           |  5 ++--
hw/i386/intel_iommu.c         |  5 +++-
hw/intc/arm_gicv3_common.c    |  3 +--
hw/intc/pnv_xive.c            |  4 +--
hw/loongarch/virt.c           |  3 ++-
hw/mem/cxl_type3.c            | 44 +++++++++------------------------
hw/mem/memory-device.c        |  4 +--
hw/misc/aspeed_hace.c         |  2 +-
hw/misc/auxbus.c              |  2 +-
hw/misc/bcm2835_mbox.c        |  2 +-
hw/misc/bcm2835_property.c    |  2 +-
hw/misc/max78000_gcr.c        |  2 +-
hw/misc/tz-mpc.c              |  6 ++---
hw/misc/tz-msc.c              |  2 +-
hw/misc/tz-ppc.c              |  5 +++-
hw/net/allwinner-sun8i-emac.c |  2 +-
hw/net/cadence_gem.c          |  4 +--
hw/net/dp8393x.c              |  2 +-
hw/net/msf2-emac.c            |  2 +-
hw/net/mv88w8618_eth.c        |  2 +-
hw/nubus/nubus-bus.c          |  4 +--
hw/pci-host/astro.c           |  3 +--
hw/pci-host/designware.c      |  5 ++--
hw/pci-host/dino.c            |  4 +--
hw/pci-host/gt64120.c         |  2 +-
hw/pci-host/pnv_phb3.c        |  4 +--
hw/pci-host/pnv_phb4.c        |  4 +--
hw/pci-host/ppc440_pcix.c     |  2 +-
hw/pci-host/ppce500.c         |  2 +-
hw/pci-host/raven.c           |  2 +-
hw/pci/pci.c                  |  6 ++---
hw/pci/pci_bridge.c           | 10 ++++----
hw/ppc/pnv_lpc.c              |  2 +-
hw/ppc/pnv_xscom.c            |  2 +-
hw/ppc/spapr_pci.c            |  5 ++--
hw/ppc/spapr_vio.c            |  2 +-
hw/remote/iommu.c             |  4 +--
hw/riscv/riscv-iommu.c        |  9 ++++---
hw/s390x/s390-pci-bus.c       |  9 ++-----
hw/scsi/lsi53c895a.c          |  5 ++--
hw/sd/allwinner-sdhost.c      |  2 +-
hw/sd/sdhci.c                 |  4 +--
hw/sparc/sun4m_iommu.c        |  2 +-
hw/sparc64/sun4u_iommu.c      |  2 +-
hw/ssi/aspeed_smc.c           |  6 ++---
hw/usb/hcd-dwc2.c             |  2 +-
hw/usb/hcd-xhci-sysbus.c      |  2 +-
hw/vfio/listener.c            |  8 ++++--
hw/virtio/vhost-vdpa.c        |  4 ++-
hw/virtio/virtio-iommu.c      |  3 ++-
hw/virtio/virtio-pci.c        | 12 ++++-----
system/memory.c               | 57 ++++++++++++++++++++++++++++---------------
system/physmem.c              | 24 ++++++++++--------
target/i386/kvm/kvm.c         |  3 ++-
target/mips/cpu.c             |  4 +--
target/xtensa/cpu.c           |  2 +-
74 files changed, 204 insertions(+), 195 deletions(-)
[PATCH 00/35] memory: QOM-ify AddressSpace
Posted by Akihiko Odaki 1 month, 4 weeks ago 
Based-on: <20250917-subregion-v1-0-bef37d9b4f73@rsg.ci.i.u-tokyo.ac.jp>
("[PATCH 00/14] Fix memory region use-after-finalization")

Make AddressSpaces QOM objects to ensure that they are destroyed when
their owners are finalized and also to get a unique path for debugging
output.

Suggested by BALATON Zoltan:
https://lore.kernel.org/qemu-devel/cd21698f-db77-eb75-6966-d559fdcab835@eik.bme.hu/

Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
---
Akihiko Odaki (35):
      memory: QOM-ify AddressSpace
      hw/core/loader: Use address_space_get_path()
      vfio: Use address_space_get_path()
      hw/alpha: QOM-ify AddressSpace
      hw/arm: QOM-ify AddressSpace
      hw/display: QOM-ify AddressSpace
      hw/dma: QOM-ify AddressSpace
      hw/fsi: QOM-ify AddressSpace
      hw/i2c: QOM-ify AddressSpace
      hw/i386: QOM-ify AddressSpace
      hw/intc: QOM-ify AddressSpace
      hw/loongarch: QOM-ify AddressSpace
      hw/mem: QOM-ify AddressSpace
      hw/misc: QOM-ify AddressSpace
      hw/net: QOM-ify AddressSpace
      hw/nubus: QOM-ify AddressSpace
      hw/pci: QOM-ify AddressSpace
      hw/pci-host: QOM-ify AddressSpace
      hw/ppc: QOM-ify AddressSpace
      hw/remote: QOM-ify AddressSpace
      hw/riscv: QOM-ify AddressSpace
      hw/s390x: QOM-ify AddressSpace
      hw/scsi: QOM-ify AddressSpace
      hw/sd: QOM-ify AddressSpace
      hw/sparc: QOM-ify AddressSpace
      hw/sparc64: QOM-ify AddressSpace
      hw/ssi: QOM-ify AddressSpace
      hw/usb: QOM-ify AddressSpace
      hw/usb: QOM-ify AddressSpace
      hw/virtio: QOM-ify AddressSpace
      system/physmem: QOM-ify AddressSpace
      target/i386: QOM-ify AddressSpace
      target/mips: QOM-ify AddressSpace
      target/xtensa: QOM-ify AddressSpace
      memory: Drop non-QOM AddressSpace support

 include/exec/cpu-common.h     |  4 +--
 include/system/memory.h       | 20 +++++++++------
 hw/alpha/typhoon.c            |  4 +--
 hw/arm/armv7m.c               |  2 +-
 hw/arm/aspeed_ast27x0.c       |  2 +-
 hw/arm/smmu-common.c          |  5 ++--
 hw/core/loader.c              |  8 +++---
 hw/display/artist.c           |  2 +-
 hw/display/bcm2835_fb.c       |  2 +-
 hw/dma/bcm2835_dma.c          |  2 +-
 hw/dma/pl080.c                |  2 +-
 hw/dma/pl330.c                |  3 +--
 hw/dma/rc4030.c               |  4 +--
 hw/dma/xilinx_axidma.c        |  4 +--
 hw/dma/xlnx-zdma.c            |  2 +-
 hw/dma/xlnx_csu_dma.c         |  2 +-
 hw/fsi/aspeed_apb2opb.c       |  2 +-
 hw/i2c/aspeed_i2c.c           |  3 +--
 hw/i386/amd_iommu.c           |  5 ++--
 hw/i386/intel_iommu.c         |  5 +++-
 hw/intc/arm_gicv3_common.c    |  3 +--
 hw/intc/pnv_xive.c            |  4 +--
 hw/loongarch/virt.c           |  3 ++-
 hw/mem/cxl_type3.c            | 44 +++++++++------------------------
 hw/mem/memory-device.c        |  4 +--
 hw/misc/aspeed_hace.c         |  2 +-
 hw/misc/auxbus.c              |  2 +-
 hw/misc/bcm2835_mbox.c        |  2 +-
 hw/misc/bcm2835_property.c    |  2 +-
 hw/misc/max78000_gcr.c        |  2 +-
 hw/misc/tz-mpc.c              |  6 ++---
 hw/misc/tz-msc.c              |  2 +-
 hw/misc/tz-ppc.c              |  5 +++-
 hw/net/allwinner-sun8i-emac.c |  2 +-
 hw/net/cadence_gem.c          |  4 +--
 hw/net/dp8393x.c              |  2 +-
 hw/net/msf2-emac.c            |  2 +-
 hw/net/mv88w8618_eth.c        |  2 +-
 hw/nubus/nubus-bus.c          |  4 +--
 hw/pci-host/astro.c           |  3 +--
 hw/pci-host/designware.c      |  5 ++--
 hw/pci-host/dino.c            |  4 +--
 hw/pci-host/gt64120.c         |  2 +-
 hw/pci-host/pnv_phb3.c        |  4 +--
 hw/pci-host/pnv_phb4.c        |  4 +--
 hw/pci-host/ppc440_pcix.c     |  2 +-
 hw/pci-host/ppce500.c         |  2 +-
 hw/pci-host/raven.c           |  2 +-
 hw/pci/pci.c                  |  6 ++---
 hw/pci/pci_bridge.c           | 10 ++++----
 hw/ppc/pnv_lpc.c              |  2 +-
 hw/ppc/pnv_xscom.c            |  2 +-
 hw/ppc/spapr_pci.c            |  5 ++--
 hw/ppc/spapr_vio.c            |  2 +-
 hw/remote/iommu.c             |  4 +--
 hw/riscv/riscv-iommu.c        |  9 ++++---
 hw/s390x/s390-pci-bus.c       |  9 ++-----
 hw/scsi/lsi53c895a.c          |  5 ++--
 hw/sd/allwinner-sdhost.c      |  2 +-
 hw/sd/sdhci.c                 |  4 +--
 hw/sparc/sun4m_iommu.c        |  2 +-
 hw/sparc64/sun4u_iommu.c      |  2 +-
 hw/ssi/aspeed_smc.c           |  6 ++---
 hw/usb/hcd-dwc2.c             |  2 +-
 hw/usb/hcd-xhci-sysbus.c      |  2 +-
 hw/vfio/listener.c            |  8 ++++--
 hw/virtio/vhost-vdpa.c        |  4 ++-
 hw/virtio/virtio-iommu.c      |  3 ++-
 hw/virtio/virtio-pci.c        | 12 ++++-----
 system/memory.c               | 57 ++++++++++++++++++++++++++++---------------
 system/physmem.c              | 24 ++++++++++--------
 target/i386/kvm/kvm.c         |  3 ++-
 target/mips/cpu.c             |  4 +--
 target/xtensa/cpu.c           |  2 +-
 74 files changed, 204 insertions(+), 195 deletions(-)
---
base-commit: e101d33792530093fa0b0a6e5f43e4d8cfe4581e
change-id: 20250915-qom-e7fcca27d4db
prerequisite-change-id: 20250906-use-37ecc903a9e0:v2
prerequisite-patch-id: d464fda86a3c79ff8e6d7a2e623d979b2a47019b
prerequisite-patch-id: 17b153237f69c898b9c5b93aad0d5116d0bfe49f
prerequisite-patch-id: a323f67e01c672ab2958a237ea54b77f1443e2d1
prerequisite-patch-id: 822094864ad7a6a702fee098e4835621bd8092fe
prerequisite-patch-id: 5757efd81557b060257b5db6dec6fd189076ee77
prerequisite-patch-id: bd912830a326f13186bf38e916655ec980e11af8
prerequisite-patch-id: fe6b92112288829e60f10c305742a544f45e8984
prerequisite-patch-id: ac4ff0c11dcc1fc5d08b4fc480c14721fde574ad
prerequisite-patch-id: ff398fa97b5f2feee85372fdf108d82d8d5526b0
prerequisite-patch-id: 7ac446ae76e05dd267a63889ff775ac609712c31
prerequisite-patch-id: b49a74cd5f31348c3dc13dcfd1dad629e6b30387
prerequisite-patch-id: 8f61fe1b81cf3ec906ebbf61776573edd96c1e8c
prerequisite-patch-id: 01fb8ccbe7326021a94a8d7531189568d2e311a7
prerequisite-patch-id: 974b0fc6d7c8d6d56b8f44597260647e1a53cf38
prerequisite-patch-id: 55c4711a2a4e6b02b8b512e0283f8feaf7d3bfa3
prerequisite-message-id: <cover.1751493467.git.balaton@eik.bme.hu>
prerequisite-patch-id: f9c7e666c59cdc8a561d6d122e7937648da490e1
prerequisite-patch-id: 9b52629b6d9d32e71e5c416aead9aadb0e3c7ae2
prerequisite-patch-id: 16467219e7dd93204cec6ceb6d69577e3e86c03a
prerequisite-patch-id: 37a3ee3288d2cda8303c9c9e3d5ec9d813b05ef6
prerequisite-patch-id: b707ebf05289b55e8458b6b3515aa0fc559c7c88
prerequisite-patch-id: 721e733f06ce38375881520725177c9da9c22633
prerequisite-patch-id: 3cd399b599a9ff57066d820b1e6504b335be4f79
prerequisite-patch-id: 8a607cc6e52a6a6958a73cd1a1b824b52a4f4582
prerequisite-patch-id: af3976b1c4c3ef4859f2371a318214af5418e97d
prerequisite-patch-id: 76c6e115f8771f31c99f454fd3188ca49e283025
prerequisite-patch-id: 488b5dd5a90070331daae2e22f7c1f6419a7e428
prerequisite-patch-id: 53b85575018fecb94e208bdb5d3047b8d66fb4dd
prerequisite-patch-id: 0426e04bb68376f2d4fad6ade4ac641202172396
prerequisite-patch-id: 6ba40a4bf6e2b0ba3d4ecf9a1c4fed7f46e5730c

Best regards,
--  
Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Re: [PATCH 00/35] memory: QOM-ify AddressSpace
Posted by Cédric Le Goater 1 month, 3 weeks ago 
Hello Akihiko,

On 9/17/25 14:56, Akihiko Odaki wrote:
> Based-on: <20250917-subregion-v1-0-bef37d9b4f73@rsg.ci.i.u-tokyo.ac.jp>
> ("[PATCH 00/14] Fix memory region use-after-finalization")
> 
> Make AddressSpaces QOM objects to ensure that they are destroyed when
> their owners are finalized and also to get a unique path for debugging
> output.
> 
> Suggested by BALATON Zoltan:
> https://lore.kernel.org/qemu-devel/cd21698f-db77-eb75-6966-d559fdcab835@eik.bme.hu/
> 
> Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>

I wonder if this is going to fix an issue I was seeing a while ago
in the FSI models. I couldn't find a clean way to avoid corrupting
memory because of how the address_space was created and later on
destroyed. See below,

Thanks,

C.



from hw/fsi/ :
     
     typedef struct OPBus {
         BusState bus;
     
         MemoryRegion mr;
         AddressSpace as;
     } OPBus;
     
     
     typedef struct AspeedAPB2OPBState {
         ...	
         OPBus opb[ASPEED_FSI_NUM];
         ...
     }

     static void fsi_aspeed_apb2opb_realize(DeviceState *dev, Error **errp)
     {
         SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
         AspeedAPB2OPBState *s = ASPEED_APB2OPB(dev);
         int i;
     
         /*
          * TODO: The OPBus model initializes the OPB address space in
          * the .instance_init handler and this is problematic for test
          * device-introspect-test. To avoid a memory corruption and a QEMU
          * crash, qbus_init() should be called from realize(). Something to
          * improve. Possibly, OPBus could also be removed.
          */
         for (i = 0; i < ASPEED_FSI_NUM; i++) {
             qbus_init(&s->opb[i], sizeof(s->opb[i]), TYPE_OP_BUS, DEVICE(s),
                       NULL);
         }
         ....

     static void fsi_opb_init(Object *o)
     {
         OPBus *opb = OP_BUS(o);

         memory_region_init(&opb->mr, 0, TYPE_FSI_OPB, UINT32_MAX);
         address_space_init(&opb->as, &opb->mr, TYPE_FSI_OPB);
    }
Re: [PATCH 00/35] memory: QOM-ify AddressSpace
Posted by Akihiko Odaki 1 month, 3 weeks ago 
On 2025/09/18 21:39, Cédric Le Goater wrote:
> Hello Akihiko,
> 
> On 9/17/25 14:56, Akihiko Odaki wrote:
>> Based-on: <20250917-subregion-v1-0-bef37d9b4f73@rsg.ci.i.u-tokyo.ac.jp>
>> ("[PATCH 00/14] Fix memory region use-after-finalization")
>>
>> Make AddressSpaces QOM objects to ensure that they are destroyed when
>> their owners are finalized and also to get a unique path for debugging
>> output.
>>
>> Suggested by BALATON Zoltan:
>> https://lore.kernel.org/qemu-devel/cd21698f-db77-eb75-6966- 
>> d559fdcab835@eik.bme.hu/
>>
>> Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
> 
> I wonder if this is going to fix an issue I was seeing a while ago
> in the FSI models. I couldn't find a clean way to avoid corrupting
> memory because of how the address_space was created and later on
> destroyed. See below,

Partially, but this is insufficient.

The first problem is that AddressSpace suffers from circular references 
the following series solves:
https://lore.kernel.org/qemu-devel/20250906-mr-v2-0-2820f5a3d282@rsg.ci.i.u-tokyo.ac.jp/
"[PATCH v2 0/3] memory: Stop piggybacking on memory region owners"

Another problem is that RCU is not properly waited. This is left to 
future work.

Regards,
Akihiko Odaki
Re: [PATCH 00/35] memory: QOM-ify AddressSpace
Posted by Peter Xu 1 month, 2 weeks ago 
On Thu, Sep 18, 2025 at 09:47:07PM +0900, Akihiko Odaki wrote:
> On 2025/09/18 21:39, Cédric Le Goater wrote:
> > Hello Akihiko,
> > 
> > On 9/17/25 14:56, Akihiko Odaki wrote:
> > > Based-on: <20250917-subregion-v1-0-bef37d9b4f73@rsg.ci.i.u-tokyo.ac.jp>
> > > ("[PATCH 00/14] Fix memory region use-after-finalization")
> > > 
> > > Make AddressSpaces QOM objects to ensure that they are destroyed when
> > > their owners are finalized and also to get a unique path for debugging
> > > output.
> > > 
> > > Suggested by BALATON Zoltan:
> > > https://lore.kernel.org/qemu-devel/cd21698f-db77-eb75-6966-
> > > d559fdcab835@eik.bme.hu/
> > > 
> > > Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
> > 
> > I wonder if this is going to fix an issue I was seeing a while ago
> > in the FSI models. I couldn't find a clean way to avoid corrupting
> > memory because of how the address_space was created and later on
> > destroyed. See below,
> 
> Partially, but this is insufficient.
> 
> The first problem is that AddressSpace suffers from circular references the
> following series solves:
> https://lore.kernel.org/qemu-devel/20250906-mr-v2-0-2820f5a3d282@rsg.ci.i.u-tokyo.ac.jp/
> "[PATCH v2 0/3] memory: Stop piggybacking on memory region owners"
> 
> Another problem is that RCU is not properly waited. This is left to future
> work.

Just to mention, Peter Maydell just posted a series for fixing AS
destructions here:

https://lore.kernel.org/qemu-devel/20250929144228.1994037-1-peter.maydell@linaro.org/

IIUC it should also work for FSI, if FSI can convert to use dynamically
allocated AddressSpaces (with/without QOMify; as Akihiko pointed out
correctly, these should be orthogonal), then provide a proper unrealize()
of the bus device to invoke address_space_destroy_free().

Thanks,

-- 
Peter Xu
Re: [PATCH 00/35] memory: QOM-ify AddressSpace
Posted by Cédric Le Goater 1 month, 2 weeks ago 
On 9/29/25 22:58, Peter Xu wrote:
> On Thu, Sep 18, 2025 at 09:47:07PM +0900, Akihiko Odaki wrote:
>> On 2025/09/18 21:39, Cédric Le Goater wrote:
>>> Hello Akihiko,
>>>
>>> On 9/17/25 14:56, Akihiko Odaki wrote:
>>>> Based-on: <20250917-subregion-v1-0-bef37d9b4f73@rsg.ci.i.u-tokyo.ac.jp>
>>>> ("[PATCH 00/14] Fix memory region use-after-finalization")
>>>>
>>>> Make AddressSpaces QOM objects to ensure that they are destroyed when
>>>> their owners are finalized and also to get a unique path for debugging
>>>> output.
>>>>
>>>> Suggested by BALATON Zoltan:
>>>> https://lore.kernel.org/qemu-devel/cd21698f-db77-eb75-6966-
>>>> d559fdcab835@eik.bme.hu/
>>>>
>>>> Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
>>>
>>> I wonder if this is going to fix an issue I was seeing a while ago
>>> in the FSI models. I couldn't find a clean way to avoid corrupting
>>> memory because of how the address_space was created and later on
>>> destroyed. See below,
>>
>> Partially, but this is insufficient.
>>
>> The first problem is that AddressSpace suffers from circular references the
>> following series solves:
>> https://lore.kernel.org/qemu-devel/20250906-mr-v2-0-2820f5a3d282@rsg.ci.i.u-tokyo.ac.jp/
>> "[PATCH v2 0/3] memory: Stop piggybacking on memory region owners"
>>
>> Another problem is that RCU is not properly waited. This is left to future
>> work.
> 
> Just to mention, Peter Maydell just posted a series for fixing AS
> destructions here:
> 
> https://lore.kernel.org/qemu-devel/20250929144228.1994037-1-peter.maydell@linaro.org/
> 
> IIUC it should also work for FSI, if FSI can convert to use dynamically
> allocated AddressSpaces (with/without QOMify; as Akihiko pointed out
> correctly, these should be orthogonal), then provide a proper unrealize()
> of the bus device to invoke address_space_destroy_free().


Thanks,

I see the series is reviewed. Once merged, I will rework the OP bus
and check if the issue we initially saw on the OPB address space is
fixed.

C.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.