| Message ID | 20230205040737.3567731-5-alxndr@bu.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | None | expand |
On Sat, Feb 04, 2023 at 11:07:37PM -0500, Alexander Bulekov wrote: > This protects devices from bh->mmio reentrancy issues. > > Reviewed-by: Darren Kenny <darren.kenny@oracle.com> > Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > --- > hw/9pfs/xen-9p-backend.c | 4 +++- > hw/block/dataplane/virtio-blk.c | 3 ++- > hw/block/dataplane/xen-block.c | 5 +++-- > hw/char/virtio-serial-bus.c | 3 ++- > hw/display/qxl.c | 9 ++++++--- > hw/display/virtio-gpu.c | 6 ++++-- > hw/ide/ahci.c | 3 ++- > hw/ide/core.c | 3 ++- > hw/misc/imx_rngc.c | 6 ++++-- > hw/misc/macio/mac_dbdma.c | 2 +- > hw/net/virtio-net.c | 3 ++- > hw/nvme/ctrl.c | 6 ++++-- > hw/scsi/mptsas.c | 3 ++- > hw/scsi/scsi-bus.c | 3 ++- > hw/scsi/vmw_pvscsi.c | 3 ++- > hw/usb/dev-uas.c | 3 ++- > hw/usb/hcd-dwc2.c | 3 ++- > hw/usb/hcd-ehci.c | 3 ++- > hw/usb/hcd-uhci.c | 2 +- > hw/usb/host-libusb.c | 6 ++++-- > hw/usb/redirect.c | 6 ++++-- > hw/usb/xen-usb.c | 3 ++- > hw/virtio/virtio-balloon.c | 5 +++-- > hw/virtio/virtio-crypto.c | 3 ++- > 24 files changed, 63 insertions(+), 33 deletions(-) > > diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c > index 65c4979c3c..f077c1b255 100644 > --- a/hw/9pfs/xen-9p-backend.c > +++ b/hw/9pfs/xen-9p-backend.c > @@ -441,7 +441,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev) > xen_9pdev->rings[i].ring.out = xen_9pdev->rings[i].data + > XEN_FLEX_RING_SIZE(ring_order); > > - xen_9pdev->rings[i].bh = qemu_bh_new(xen_9pfs_bh, &xen_9pdev->rings[i]); > + xen_9pdev->rings[i].bh = qemu_bh_new_guarded(xen_9pfs_bh, > + &xen_9pdev->rings[i], > + &DEVICE(xen_9pdev)->mem_reentrancy_guard); > xen_9pdev->rings[i].out_cons = 0; > xen_9pdev->rings[i].out_size = 0; > xen_9pdev->rings[i].inprogress = false; > diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c > index b28d81737e..a6202997ee 100644 > --- a/hw/block/dataplane/virtio-blk.c > +++ b/hw/block/dataplane/virtio-blk.c > @@ -127,7 +127,8 @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf, > } else { > s->ctx = qemu_get_aio_context(); > } > - s->bh = aio_bh_new(s->ctx, notify_guest_bh, s); > + s->bh = aio_bh_new_guarded(s->ctx, notify_guest_bh, s, > + &DEVICE(vdev)->mem_reentrancy_guard); > s->batch_notify_vqs = bitmap_new(conf->num_queues); > > *dataplane = s; > diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c > index 2785b9e849..e31806b317 100644 > --- a/hw/block/dataplane/xen-block.c > +++ b/hw/block/dataplane/xen-block.c > @@ -632,8 +632,9 @@ XenBlockDataPlane *xen_block_dataplane_create(XenDevice *xendev, > } else { > dataplane->ctx = qemu_get_aio_context(); > } > - dataplane->bh = aio_bh_new(dataplane->ctx, xen_block_dataplane_bh, > - dataplane); > + dataplane->bh = aio_bh_new_guarded(dataplane->ctx, xen_block_dataplane_bh, > + dataplane, > + &DEVICE(xendev)->mem_reentrancy_guard); > > return dataplane; > } > diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c > index 7d4601cb5d..dd619f0731 100644 > --- a/hw/char/virtio-serial-bus.c > +++ b/hw/char/virtio-serial-bus.c > @@ -985,7 +985,8 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) > return; > } > > - port->bh = qemu_bh_new(flush_queued_data_bh, port); > + port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port, > + &dev->mem_reentrancy_guard); > port->elem = NULL; > } > > diff --git a/hw/display/qxl.c b/hw/display/qxl.c > index ec712d3ca2..c0460c4ef1 100644 > --- a/hw/display/qxl.c > +++ b/hw/display/qxl.c > @@ -2201,11 +2201,14 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) > > qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl); > > - qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl); > + qxl->update_irq = qemu_bh_new_guarded(qxl_update_irq_bh, qxl, > + &DEVICE(qxl)->mem_reentrancy_guard); > qxl_reset_state(qxl); > > - qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl); > - qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd); > + qxl->update_area_bh = qemu_bh_new_guarded(qxl_render_update_area_bh, qxl, > + &DEVICE(qxl)->mem_reentrancy_guard); > + qxl->ssd.cursor_bh = qemu_bh_new_guarded(qemu_spice_cursor_refresh_bh, &qxl->ssd, > + &DEVICE(qxl)->mem_reentrancy_guard); > } > > static void qxl_realize_primary(PCIDevice *dev, Error **errp) > diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c > index 5e15c79b94..66ac9b6cc5 100644 > --- a/hw/display/virtio-gpu.c > +++ b/hw/display/virtio-gpu.c > @@ -1339,8 +1339,10 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) > > g->ctrl_vq = virtio_get_queue(vdev, 0); > g->cursor_vq = virtio_get_queue(vdev, 1); > - g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g); > - g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g); > + g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, > + &qdev->mem_reentrancy_guard); > + g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, > + &qdev->mem_reentrancy_guard); > QTAILQ_INIT(&g->reslist); > QTAILQ_INIT(&g->cmdq); > QTAILQ_INIT(&g->fenceq); > diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c > index 7ce001cacd..37091150cb 100644 > --- a/hw/ide/ahci.c > +++ b/hw/ide/ahci.c > @@ -1508,7 +1508,8 @@ static void ahci_cmd_done(const IDEDMA *dma) > ahci_write_fis_d2h(ad); > > if (ad->port_regs.cmd_issue && !ad->check_bh) { > - ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); > + ad->check_bh = qemu_bh_new_guarded(ahci_check_cmd_bh, ad, > + &DEVICE(ad)->mem_reentrancy_guard); > qemu_bh_schedule(ad->check_bh); > } > } > diff --git a/hw/ide/core.c b/hw/ide/core.c > index 5d1039378f..8c8d1a8ec2 100644 > --- a/hw/ide/core.c > +++ b/hw/ide/core.c > @@ -519,7 +519,8 @@ BlockAIOCB *ide_issue_trim( > > iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); > iocb->s = s; > - iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); > + iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, > + &DEVICE(s)->mem_reentrancy_guard); > iocb->ret = 0; > iocb->qiov = qiov; > iocb->i = -1; > diff --git a/hw/misc/imx_rngc.c b/hw/misc/imx_rngc.c > index 632c03779c..082c6980ad 100644 > --- a/hw/misc/imx_rngc.c > +++ b/hw/misc/imx_rngc.c > @@ -228,8 +228,10 @@ static void imx_rngc_realize(DeviceState *dev, Error **errp) > sysbus_init_mmio(sbd, &s->iomem); > > sysbus_init_irq(sbd, &s->irq); > - s->self_test_bh = qemu_bh_new(imx_rngc_self_test, s); > - s->seed_bh = qemu_bh_new(imx_rngc_seed, s); > + s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s, > + &dev->mem_reentrancy_guard); > + s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s, > + &dev->mem_reentrancy_guard); > } > > static void imx_rngc_reset(DeviceState *dev) > diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c > index 43bb1f56ba..80a789f32b 100644 > --- a/hw/misc/macio/mac_dbdma.c > +++ b/hw/misc/macio/mac_dbdma.c > @@ -914,7 +914,7 @@ static void mac_dbdma_realize(DeviceState *dev, Error **errp) > { > DBDMAState *s = MAC_DBDMA(dev); > > - s->bh = qemu_bh_new(DBDMA_run_bh, s); > + s->bh = qemu_bh_new_guarded(DBDMA_run_bh, s, &dev->mem_reentrancy_guard); > } > > static void mac_dbdma_class_init(ObjectClass *oc, void *data) > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c > index 3ae909041a..a170c724de 100644 > --- a/hw/net/virtio-net.c > +++ b/hw/net/virtio-net.c > @@ -2885,7 +2885,8 @@ static void virtio_net_add_queue(VirtIONet *n, int index) > n->vqs[index].tx_vq = > virtio_add_queue(vdev, n->net_conf.tx_queue_size, > virtio_net_handle_tx_bh); > - n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]); > + n->vqs[index].tx_bh = qemu_bh_new_guarded(virtio_net_tx_bh, &n->vqs[index], > + &DEVICE(vdev)->mem_reentrancy_guard); > } > > n->vqs[index].tx_waiting = 0; > diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c > index f25cc2c235..dcb250e772 100644 > --- a/hw/nvme/ctrl.c > +++ b/hw/nvme/ctrl.c > @@ -4318,7 +4318,8 @@ static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n, uint64_t dma_addr, > QTAILQ_INSERT_TAIL(&(sq->req_list), &sq->io_req[i], entry); > } > > - sq->bh = qemu_bh_new(nvme_process_sq, sq); > + sq->bh = qemu_bh_new_guarded(nvme_process_sq, sq, > + &DEVICE(sq->ctrl)->mem_reentrancy_guard); > > if (n->dbbuf_enabled) { > sq->db_addr = n->dbbuf_dbs + (sqid << 3); > @@ -4708,7 +4709,8 @@ static void nvme_init_cq(NvmeCQueue *cq, NvmeCtrl *n, uint64_t dma_addr, > } > } > n->cq[cqid] = cq; > - cq->bh = qemu_bh_new(nvme_post_cqes, cq); > + cq->bh = qemu_bh_new_guarded(nvme_post_cqes, cq, > + &DEVICE(cq->ctrl)->mem_reentrancy_guard); > } > > static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeRequest *req) > diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c > index c485da792c..3de288b454 100644 > --- a/hw/scsi/mptsas.c > +++ b/hw/scsi/mptsas.c > @@ -1322,7 +1322,8 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) > } > s->max_devices = MPTSAS_NUM_PORTS; > > - s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); > + s->request_bh = qemu_bh_new_guarded(mptsas_fetch_requests, s, > + &DEVICE(dev)->mem_reentrancy_guard); > > scsi_bus_init(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info); > } > diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c > index ceceafb2cd..e5c9f7a53d 100644 > --- a/hw/scsi/scsi-bus.c > +++ b/hw/scsi/scsi-bus.c > @@ -193,7 +193,8 @@ static void scsi_dma_restart_cb(void *opaque, bool running, RunState state) > AioContext *ctx = blk_get_aio_context(s->conf.blk); > /* The reference is dropped in scsi_dma_restart_bh.*/ > object_ref(OBJECT(s)); > - s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s); > + s->bh = aio_bh_new_guarded(ctx, scsi_dma_restart_bh, s, > + &DEVICE(s)->mem_reentrancy_guard); > qemu_bh_schedule(s->bh); > } > } > diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c > index fa76696855..4de34536e9 100644 > --- a/hw/scsi/vmw_pvscsi.c > +++ b/hw/scsi/vmw_pvscsi.c > @@ -1184,7 +1184,8 @@ pvscsi_realizefn(PCIDevice *pci_dev, Error **errp) > pcie_endpoint_cap_init(pci_dev, PVSCSI_EXP_EP_OFFSET); > } > > - s->completion_worker = qemu_bh_new(pvscsi_process_completion_queue, s); > + s->completion_worker = qemu_bh_new_guarded(pvscsi_process_completion_queue, s, > + &DEVICE(pci_dev)->mem_reentrancy_guard); > > scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(pci_dev), &pvscsi_scsi_info); > /* override default SCSI bus hotplug-handler, with pvscsi's one */ > diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c > index 88f99c05d5..f013ded91e 100644 > --- a/hw/usb/dev-uas.c > +++ b/hw/usb/dev-uas.c > @@ -937,7 +937,8 @@ static void usb_uas_realize(USBDevice *dev, Error **errp) > > QTAILQ_INIT(&uas->results); > QTAILQ_INIT(&uas->requests); > - uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas); > + uas->status_bh = qemu_bh_new_guarded(usb_uas_send_status_bh, uas, > + &d->mem_reentrancy_guard); > > dev->flags |= (1 << USB_DEV_FLAG_IS_SCSI_STORAGE); > scsi_bus_init(&uas->bus, sizeof(uas->bus), DEVICE(dev), &usb_uas_scsi_info); > diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c > index 8755e9cbb0..a0c4e782b2 100644 > --- a/hw/usb/hcd-dwc2.c > +++ b/hw/usb/hcd-dwc2.c > @@ -1364,7 +1364,8 @@ static void dwc2_realize(DeviceState *dev, Error **errp) > s->fi = USB_FRMINTVL - 1; > s->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_frame_boundary, s); > s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_work_timer, s); > - s->async_bh = qemu_bh_new(dwc2_work_bh, s); > + s->async_bh = qemu_bh_new_guarded(dwc2_work_bh, s, > + &dev->mem_reentrancy_guard); > > sysbus_init_irq(sbd, &s->irq); > } > diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c > index d4da8dcb8d..c930c60921 100644 > --- a/hw/usb/hcd-ehci.c > +++ b/hw/usb/hcd-ehci.c > @@ -2533,7 +2533,8 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp) > } > > s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s); > - s->async_bh = qemu_bh_new(ehci_work_bh, s); > + s->async_bh = qemu_bh_new_guarded(ehci_work_bh, s, > + &dev->mem_reentrancy_guard); > s->device = dev; > > s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); > diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c > index 30ae0104bb..bdc891f57a 100644 > --- a/hw/usb/hcd-uhci.c > +++ b/hw/usb/hcd-uhci.c > @@ -1193,7 +1193,7 @@ void usb_uhci_common_realize(PCIDevice *dev, Error **errp) > USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL); > } > } > - s->bh = qemu_bh_new(uhci_bh, s); > + s->bh = qemu_bh_new_guarded(uhci_bh, s, &DEVICE(dev)->mem_reentrancy_guard); > s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, uhci_frame_timer, s); > s->num_ports_vmstate = NB_PORTS; > QTAILQ_INIT(&s->queues); > diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c > index 176868d345..f500db85ab 100644 > --- a/hw/usb/host-libusb.c > +++ b/hw/usb/host-libusb.c > @@ -1141,7 +1141,8 @@ static void usb_host_nodev_bh(void *opaque) > static void usb_host_nodev(USBHostDevice *s) > { > if (!s->bh_nodev) { > - s->bh_nodev = qemu_bh_new(usb_host_nodev_bh, s); > + s->bh_nodev = qemu_bh_new_guarded(usb_host_nodev_bh, s, > + &DEVICE(s)->mem_reentrancy_guard); > } > qemu_bh_schedule(s->bh_nodev); > } > @@ -1739,7 +1740,8 @@ static int usb_host_post_load(void *opaque, int version_id) > USBHostDevice *dev = opaque; > > if (!dev->bh_postld) { > - dev->bh_postld = qemu_bh_new(usb_host_post_load_bh, dev); > + dev->bh_postld = qemu_bh_new_guarded(usb_host_post_load_bh, dev, > + &DEVICE(dev)->mem_reentrancy_guard); > } > qemu_bh_schedule(dev->bh_postld); > dev->bh_postld_pending = true; > diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c > index fd7df599bc..39fbaaab16 100644 > --- a/hw/usb/redirect.c > +++ b/hw/usb/redirect.c > @@ -1441,8 +1441,10 @@ static void usbredir_realize(USBDevice *udev, Error **errp) > } > } > > - dev->chardev_close_bh = qemu_bh_new(usbredir_chardev_close_bh, dev); > - dev->device_reject_bh = qemu_bh_new(usbredir_device_reject_bh, dev); > + dev->chardev_close_bh = qemu_bh_new_guarded(usbredir_chardev_close_bh, dev, > + &DEVICE(dev)->mem_reentrancy_guard); > + dev->device_reject_bh = qemu_bh_new_guarded(usbredir_device_reject_bh, dev, > + &DEVICE(dev)->mem_reentrancy_guard); > dev->attach_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, usbredir_do_attach, dev); > > packet_id_queue_init(&dev->cancelled, dev, "cancelled"); > diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c > index 0f7369e7ed..dec91294ad 100644 > --- a/hw/usb/xen-usb.c > +++ b/hw/usb/xen-usb.c > @@ -1021,7 +1021,8 @@ static void usbback_alloc(struct XenLegacyDevice *xendev) > > QTAILQ_INIT(&usbif->req_free_q); > QSIMPLEQ_INIT(&usbif->hotplug_q); > - usbif->bh = qemu_bh_new(usbback_bh, usbif); > + usbif->bh = qemu_bh_new_guarded(usbback_bh, usbif, > + &DEVICE(xendev)->mem_reentrancy_guard); > } > > static int usbback_free(struct XenLegacyDevice *xendev) > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index 746f07c4d2..309cebacc6 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -908,8 +908,9 @@ static void virtio_balloon_device_realize(DeviceState *dev, Error **errp) > precopy_add_notifier(&s->free_page_hint_notify); > > object_ref(OBJECT(s->iothread)); > - s->free_page_bh = aio_bh_new(iothread_get_aio_context(s->iothread), > - virtio_ballloon_get_free_page_hints, s); > + s->free_page_bh = aio_bh_new_guarded(iothread_get_aio_context(s->iothread), > + virtio_ballloon_get_free_page_hints, s, > + &DEVICE(s)->mem_reentrancy_guard); > } > > if (virtio_has_feature(s->host_features, VIRTIO_BALLOON_F_REPORTING)) { > diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c > index 516425e26a..4c95f1096e 100644 > --- a/hw/virtio/virtio-crypto.c > +++ b/hw/virtio/virtio-crypto.c > @@ -1050,7 +1050,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) > vcrypto->vqs[i].dataq = > virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); > vcrypto->vqs[i].dataq_bh = > - qemu_bh_new(virtio_crypto_dataq_bh, &vcrypto->vqs[i]); > + qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i], > + &dev->mem_reentrancy_guard); > vcrypto->vqs[i].vcrypto = vcrypto; > } > > -- > 2.39.0
On 01/03/2023 20:54, Michael S. Tsirkin wrote: > On Sat, Feb 04, 2023 at 11:07:37PM -0500, Alexander Bulekov wrote: >> This protects devices from bh->mmio reentrancy issues. >> >> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> >> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> >> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > > Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > Xen parts... Reviewed-by: Paul Durrant <paul@xen.org>
On 05/02/2023 05.07, Alexander Bulekov wrote: > This protects devices from bh->mmio reentrancy issues. > > Reviewed-by: Darren Kenny <darren.kenny@oracle.com> > Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- ... > diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c > index 65c4979c3c..f077c1b255 100644 > --- a/hw/9pfs/xen-9p-backend.c > +++ b/hw/9pfs/xen-9p-backend.c > @@ -441,7 +441,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev) > xen_9pdev->rings[i].ring.out = xen_9pdev->rings[i].data + > XEN_FLEX_RING_SIZE(ring_order); > > - xen_9pdev->rings[i].bh = qemu_bh_new(xen_9pfs_bh, &xen_9pdev->rings[i]); > + xen_9pdev->rings[i].bh = qemu_bh_new_guarded(xen_9pfs_bh, > + &xen_9pdev->rings[i], > + &DEVICE(xen_9pdev)->mem_reentrancy_guard); xen_9pdev is not derived from DeviceState, so you must not cast it with DEVICE(). > diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c > index 7ce001cacd..37091150cb 100644 > --- a/hw/ide/ahci.c > +++ b/hw/ide/ahci.c > @@ -1508,7 +1508,8 @@ static void ahci_cmd_done(const IDEDMA *dma) > ahci_write_fis_d2h(ad); > > if (ad->port_regs.cmd_issue && !ad->check_bh) { > - ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); > + ad->check_bh = qemu_bh_new_guarded(ahci_check_cmd_bh, ad, > + &DEVICE(ad)->mem_reentrancy_guard); > qemu_bh_schedule(ad->check_bh); > } > } Dito - ad is not derived from DeviceState, so you cannot use DEVICE() here. (This was causing the crash in the macOS CI job) > diff --git a/hw/ide/core.c b/hw/ide/core.c > index 5d1039378f..8c8d1a8ec2 100644 > --- a/hw/ide/core.c > +++ b/hw/ide/core.c > @@ -519,7 +519,8 @@ BlockAIOCB *ide_issue_trim( > > iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); > iocb->s = s; > - iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); > + iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, > + &DEVICE(s)->mem_reentrancy_guard); IDEState s is also not directly derived from DeviceState. Not sure, but maybe you can get to the device here in a similar way that is done in ide_identify() : IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; ? > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index 746f07c4d2..309cebacc6 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -908,8 +908,9 @@ static void virtio_balloon_device_realize(DeviceState *dev, Error **errp) > precopy_add_notifier(&s->free_page_hint_notify); > > object_ref(OBJECT(s->iothread)); > - s->free_page_bh = aio_bh_new(iothread_get_aio_context(s->iothread), > - virtio_ballloon_get_free_page_hints, s); > + s->free_page_bh = aio_bh_new_guarded(iothread_get_aio_context(s->iothread), > + virtio_ballloon_get_free_page_hints, s, > + &DEVICE(s)->mem_reentrancy_guard); You could use "dev" instead of "s" here to get rid of the DEVICE() cast. The remaining changes look fine to me. Thomas
diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index 65c4979c3c..f077c1b255 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -441,7 +441,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev) xen_9pdev->rings[i].ring.out = xen_9pdev->rings[i].data + XEN_FLEX_RING_SIZE(ring_order); - xen_9pdev->rings[i].bh = qemu_bh_new(xen_9pfs_bh, &xen_9pdev->rings[i]); + xen_9pdev->rings[i].bh = qemu_bh_new_guarded(xen_9pfs_bh, + &xen_9pdev->rings[i], + &DEVICE(xen_9pdev)->mem_reentrancy_guard); xen_9pdev->rings[i].out_cons = 0; xen_9pdev->rings[i].out_size = 0; xen_9pdev->rings[i].inprogress = false; diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c index b28d81737e..a6202997ee 100644 --- a/hw/block/dataplane/virtio-blk.c +++ b/hw/block/dataplane/virtio-blk.c @@ -127,7 +127,8 @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf, } else { s->ctx = qemu_get_aio_context(); } - s->bh = aio_bh_new(s->ctx, notify_guest_bh, s); + s->bh = aio_bh_new_guarded(s->ctx, notify_guest_bh, s, + &DEVICE(vdev)->mem_reentrancy_guard); s->batch_notify_vqs = bitmap_new(conf->num_queues); *dataplane = s; diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c index 2785b9e849..e31806b317 100644 --- a/hw/block/dataplane/xen-block.c +++ b/hw/block/dataplane/xen-block.c @@ -632,8 +632,9 @@ XenBlockDataPlane *xen_block_dataplane_create(XenDevice *xendev, } else { dataplane->ctx = qemu_get_aio_context(); } - dataplane->bh = aio_bh_new(dataplane->ctx, xen_block_dataplane_bh, - dataplane); + dataplane->bh = aio_bh_new_guarded(dataplane->ctx, xen_block_dataplane_bh, + dataplane, + &DEVICE(xendev)->mem_reentrancy_guard); return dataplane; } diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index 7d4601cb5d..dd619f0731 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -985,7 +985,8 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) return; } - port->bh = qemu_bh_new(flush_queued_data_bh, port); + port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port, + &dev->mem_reentrancy_guard); port->elem = NULL; } diff --git a/hw/display/qxl.c b/hw/display/qxl.c index ec712d3ca2..c0460c4ef1 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -2201,11 +2201,14 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl); - qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl); + qxl->update_irq = qemu_bh_new_guarded(qxl_update_irq_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_guard); qxl_reset_state(qxl); - qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl); - qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd); + qxl->update_area_bh = qemu_bh_new_guarded(qxl_render_update_area_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_guard); + qxl->ssd.cursor_bh = qemu_bh_new_guarded(qemu_spice_cursor_refresh_bh, &qxl->ssd, + &DEVICE(qxl)->mem_reentrancy_guard); } static void qxl_realize_primary(PCIDevice *dev, Error **errp) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 5e15c79b94..66ac9b6cc5 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1339,8 +1339,10 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) g->ctrl_vq = virtio_get_queue(vdev, 0); g->cursor_vq = virtio_get_queue(vdev, 1); - g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g); - g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g); + g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, + &qdev->mem_reentrancy_guard); + g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, + &qdev->mem_reentrancy_guard); QTAILQ_INIT(&g->reslist); QTAILQ_INIT(&g->cmdq); QTAILQ_INIT(&g->fenceq); diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 7ce001cacd..37091150cb 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1508,7 +1508,8 @@ static void ahci_cmd_done(const IDEDMA *dma) ahci_write_fis_d2h(ad); if (ad->port_regs.cmd_issue && !ad->check_bh) { - ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); + ad->check_bh = qemu_bh_new_guarded(ahci_check_cmd_bh, ad, + &DEVICE(ad)->mem_reentrancy_guard); qemu_bh_schedule(ad->check_bh); } } diff --git a/hw/ide/core.c b/hw/ide/core.c index 5d1039378f..8c8d1a8ec2 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -519,7 +519,8 @@ BlockAIOCB *ide_issue_trim( iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); iocb->s = s; - iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); + iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, + &DEVICE(s)->mem_reentrancy_guard); iocb->ret = 0; iocb->qiov = qiov; iocb->i = -1; diff --git a/hw/misc/imx_rngc.c b/hw/misc/imx_rngc.c index 632c03779c..082c6980ad 100644 --- a/hw/misc/imx_rngc.c +++ b/hw/misc/imx_rngc.c @@ -228,8 +228,10 @@ static void imx_rngc_realize(DeviceState *dev, Error **errp) sysbus_init_mmio(sbd, &s->iomem); sysbus_init_irq(sbd, &s->irq); - s->self_test_bh = qemu_bh_new(imx_rngc_self_test, s); - s->seed_bh = qemu_bh_new(imx_rngc_seed, s); + s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s, + &dev->mem_reentrancy_guard); + s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s, + &dev->mem_reentrancy_guard); } static void imx_rngc_reset(DeviceState *dev) diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index 43bb1f56ba..80a789f32b 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -914,7 +914,7 @@ static void mac_dbdma_realize(DeviceState *dev, Error **errp) { DBDMAState *s = MAC_DBDMA(dev); - s->bh = qemu_bh_new(DBDMA_run_bh, s); + s->bh = qemu_bh_new_guarded(DBDMA_run_bh, s, &dev->mem_reentrancy_guard); } static void mac_dbdma_class_init(ObjectClass *oc, void *data) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 3ae909041a..a170c724de 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -2885,7 +2885,8 @@ static void virtio_net_add_queue(VirtIONet *n, int index) n->vqs[index].tx_vq = virtio_add_queue(vdev, n->net_conf.tx_queue_size, virtio_net_handle_tx_bh); - n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]); + n->vqs[index].tx_bh = qemu_bh_new_guarded(virtio_net_tx_bh, &n->vqs[index], + &DEVICE(vdev)->mem_reentrancy_guard); } n->vqs[index].tx_waiting = 0; diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index f25cc2c235..dcb250e772 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -4318,7 +4318,8 @@ static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n, uint64_t dma_addr, QTAILQ_INSERT_TAIL(&(sq->req_list), &sq->io_req[i], entry); } - sq->bh = qemu_bh_new(nvme_process_sq, sq); + sq->bh = qemu_bh_new_guarded(nvme_process_sq, sq, + &DEVICE(sq->ctrl)->mem_reentrancy_guard); if (n->dbbuf_enabled) { sq->db_addr = n->dbbuf_dbs + (sqid << 3); @@ -4708,7 +4709,8 @@ static void nvme_init_cq(NvmeCQueue *cq, NvmeCtrl *n, uint64_t dma_addr, } } n->cq[cqid] = cq; - cq->bh = qemu_bh_new(nvme_post_cqes, cq); + cq->bh = qemu_bh_new_guarded(nvme_post_cqes, cq, + &DEVICE(cq->ctrl)->mem_reentrancy_guard); } static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeRequest *req) diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c index c485da792c..3de288b454 100644 --- a/hw/scsi/mptsas.c +++ b/hw/scsi/mptsas.c @@ -1322,7 +1322,8 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) } s->max_devices = MPTSAS_NUM_PORTS; - s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); + s->request_bh = qemu_bh_new_guarded(mptsas_fetch_requests, s, + &DEVICE(dev)->mem_reentrancy_guard); scsi_bus_init(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info); } diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index ceceafb2cd..e5c9f7a53d 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -193,7 +193,8 @@ static void scsi_dma_restart_cb(void *opaque, bool running, RunState state) AioContext *ctx = blk_get_aio_context(s->conf.blk); /* The reference is dropped in scsi_dma_restart_bh.*/ object_ref(OBJECT(s)); - s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s); + s->bh = aio_bh_new_guarded(ctx, scsi_dma_restart_bh, s, + &DEVICE(s)->mem_reentrancy_guard); qemu_bh_schedule(s->bh); } } diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c index fa76696855..4de34536e9 100644 --- a/hw/scsi/vmw_pvscsi.c +++ b/hw/scsi/vmw_pvscsi.c @@ -1184,7 +1184,8 @@ pvscsi_realizefn(PCIDevice *pci_dev, Error **errp) pcie_endpoint_cap_init(pci_dev, PVSCSI_EXP_EP_OFFSET); } - s->completion_worker = qemu_bh_new(pvscsi_process_completion_queue, s); + s->completion_worker = qemu_bh_new_guarded(pvscsi_process_completion_queue, s, + &DEVICE(pci_dev)->mem_reentrancy_guard); scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(pci_dev), &pvscsi_scsi_info); /* override default SCSI bus hotplug-handler, with pvscsi's one */ diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c index 88f99c05d5..f013ded91e 100644 --- a/hw/usb/dev-uas.c +++ b/hw/usb/dev-uas.c @@ -937,7 +937,8 @@ static void usb_uas_realize(USBDevice *dev, Error **errp) QTAILQ_INIT(&uas->results); QTAILQ_INIT(&uas->requests); - uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas); + uas->status_bh = qemu_bh_new_guarded(usb_uas_send_status_bh, uas, + &d->mem_reentrancy_guard); dev->flags |= (1 << USB_DEV_FLAG_IS_SCSI_STORAGE); scsi_bus_init(&uas->bus, sizeof(uas->bus), DEVICE(dev), &usb_uas_scsi_info); diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 8755e9cbb0..a0c4e782b2 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -1364,7 +1364,8 @@ static void dwc2_realize(DeviceState *dev, Error **errp) s->fi = USB_FRMINTVL - 1; s->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_frame_boundary, s); s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_work_timer, s); - s->async_bh = qemu_bh_new(dwc2_work_bh, s); + s->async_bh = qemu_bh_new_guarded(dwc2_work_bh, s, + &dev->mem_reentrancy_guard); sysbus_init_irq(sbd, &s->irq); } diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index d4da8dcb8d..c930c60921 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -2533,7 +2533,8 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp) } s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s); - s->async_bh = qemu_bh_new(ehci_work_bh, s); + s->async_bh = qemu_bh_new_guarded(ehci_work_bh, s, + &dev->mem_reentrancy_guard); s->device = dev; s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c index 30ae0104bb..bdc891f57a 100644 --- a/hw/usb/hcd-uhci.c +++ b/hw/usb/hcd-uhci.c @@ -1193,7 +1193,7 @@ void usb_uhci_common_realize(PCIDevice *dev, Error **errp) USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL); } } - s->bh = qemu_bh_new(uhci_bh, s); + s->bh = qemu_bh_new_guarded(uhci_bh, s, &DEVICE(dev)->mem_reentrancy_guard); s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, uhci_frame_timer, s); s->num_ports_vmstate = NB_PORTS; QTAILQ_INIT(&s->queues); diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index 176868d345..f500db85ab 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -1141,7 +1141,8 @@ static void usb_host_nodev_bh(void *opaque) static void usb_host_nodev(USBHostDevice *s) { if (!s->bh_nodev) { - s->bh_nodev = qemu_bh_new(usb_host_nodev_bh, s); + s->bh_nodev = qemu_bh_new_guarded(usb_host_nodev_bh, s, + &DEVICE(s)->mem_reentrancy_guard); } qemu_bh_schedule(s->bh_nodev); } @@ -1739,7 +1740,8 @@ static int usb_host_post_load(void *opaque, int version_id) USBHostDevice *dev = opaque; if (!dev->bh_postld) { - dev->bh_postld = qemu_bh_new(usb_host_post_load_bh, dev); + dev->bh_postld = qemu_bh_new_guarded(usb_host_post_load_bh, dev, + &DEVICE(dev)->mem_reentrancy_guard); } qemu_bh_schedule(dev->bh_postld); dev->bh_postld_pending = true; diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index fd7df599bc..39fbaaab16 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -1441,8 +1441,10 @@ static void usbredir_realize(USBDevice *udev, Error **errp) } } - dev->chardev_close_bh = qemu_bh_new(usbredir_chardev_close_bh, dev); - dev->device_reject_bh = qemu_bh_new(usbredir_device_reject_bh, dev); + dev->chardev_close_bh = qemu_bh_new_guarded(usbredir_chardev_close_bh, dev, + &DEVICE(dev)->mem_reentrancy_guard); + dev->device_reject_bh = qemu_bh_new_guarded(usbredir_device_reject_bh, dev, + &DEVICE(dev)->mem_reentrancy_guard); dev->attach_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, usbredir_do_attach, dev); packet_id_queue_init(&dev->cancelled, dev, "cancelled"); diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c index 0f7369e7ed..dec91294ad 100644 --- a/hw/usb/xen-usb.c +++ b/hw/usb/xen-usb.c @@ -1021,7 +1021,8 @@ static void usbback_alloc(struct XenLegacyDevice *xendev) QTAILQ_INIT(&usbif->req_free_q); QSIMPLEQ_INIT(&usbif->hotplug_q); - usbif->bh = qemu_bh_new(usbback_bh, usbif); + usbif->bh = qemu_bh_new_guarded(usbback_bh, usbif, + &DEVICE(xendev)->mem_reentrancy_guard); } static int usbback_free(struct XenLegacyDevice *xendev) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 746f07c4d2..309cebacc6 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -908,8 +908,9 @@ static void virtio_balloon_device_realize(DeviceState *dev, Error **errp) precopy_add_notifier(&s->free_page_hint_notify); object_ref(OBJECT(s->iothread)); - s->free_page_bh = aio_bh_new(iothread_get_aio_context(s->iothread), - virtio_ballloon_get_free_page_hints, s); + s->free_page_bh = aio_bh_new_guarded(iothread_get_aio_context(s->iothread), + virtio_ballloon_get_free_page_hints, s, + &DEVICE(s)->mem_reentrancy_guard); } if (virtio_has_feature(s->host_features, VIRTIO_BALLOON_F_REPORTING)) { diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 516425e26a..4c95f1096e 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -1050,7 +1050,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) vcrypto->vqs[i].dataq = virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); vcrypto->vqs[i].dataq_bh = - qemu_bh_new(virtio_crypto_dataq_bh, &vcrypto->vqs[i]); + qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i], + &dev->mem_reentrancy_guard); vcrypto->vqs[i].vcrypto = vcrypto; }