From patchwork Thu Jan 26 05:25:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13116680 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 46148C05027 for ; Thu, 26 Jan 2023 05:26:35 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pKum7-0007JC-2B; Thu, 26 Jan 2023 00:26:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKum5-0007Iy-5l for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:13 -0500 Received: from esa3.hc2706-39.iphmx.com ([68.232.154.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKum3-0000nB-3V for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:12 -0500 X-IronPort-RemoteIP: 209.85.219.69 X-IronPort-MID: 253905856 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:NNQpdqsD3WAkIIy495TnONhGzufnVOtcMUV32f8akzHdYApBsoF/q tZmKWmCOfqMNzDwLt51aY/lpklTvsDUnIRlHARrrCoyRSgQ9ZOVVN+UEBzMMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gVkO6gS1LPjvyJ94Kw3dPnZw0TQH9E88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IPM0SQqkEqSh8ai87XAMEhhXJ/0F1lqTzQJ OJl7vRcQS9xVkHFdX90vxNwSkmSNoUfkFPLzOTWXWV+ACQqflO1q8iCAn3aMqUB3+pTB2pKy 8YfdhASMBmDuribmY+CH7wEasQLdKEHPasas3BkiCjHVLMoH8GFTKLN6ttVmjw3g6iiH96EP 5tfOWcpNk2RJUMeUrsUIMtWcOOAj33vdTFCgFiI46c7/gA/ySQrjeO8aIeFJ4LiqcN9v0yA4 UTLpifDWz5EBt6g6RW5ok7yv7qa9c/8cMdIfFGizdZzjViOg2AeFhASfV28p/a/lwi5Qd03F qAP0i8nrKx37VLyC9ejDlu3p3mLuhNaUN1VewEn1DywJmPvy17xLgA5ovRpMbTKaOdeqeQW6 2K0 IronPort-HdrOrdr: A9a23:HBQ6vaGSChPQ8wIMpLqE+ceALOsnbusQ8zAXPidKJSC9E/b0qy nAppQmPHPP6Qr5O0tLpTnoAsDpKk80k6QFg7X5Eo3NYOCMghrMEGgN1/qA/9SZIULDytI= Received: from mail-qv1-f69.google.com ([209.85.219.69]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 26 Jan 2023 00:26:08 -0500 Received: by mail-qv1-f69.google.com with SMTP id nk14-20020a056214350e00b0053472f03fedso509556qvb.17 for ; Wed, 25 Jan 2023 21:26:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ykJeQRTFAEO+rqm5i63fQBnRe0PX7SJNCz89jYNpgLY=; b=Kr3O4RRVtqcXLaqpW1A30Hd7GFoV30fH5ITA3n0oWZSGvdbJZ6sPavY5541aSK7Tl0 Zr6hzx8jEvMjis6xApS+Uy65C3K+87+ZjT/ZVEiLKt7Tsu+n7FqA2f38F800LWvCeJY/ 7qk8eXQVyYEC/mrGwApNSsRxytZZuakyBTfx9ndeWvd3zX6F5D9qExw2nEvFMjLXEuyT EMGXIfC2jBJs0zlOx4EoGJTkVGsvcmSue24jyuqmQCvvdIpGQY9q2rMbmQq88xvMngdq qmzL2w+fKHva7PUnzJwx35bbgI22P28TrFOsMuMFE/FtCoM6sUTLqgulmYsqtviUMEBG Zx+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ykJeQRTFAEO+rqm5i63fQBnRe0PX7SJNCz89jYNpgLY=; b=maLWtLOR7ghi4Ac1VbSz3ZUCVyQ/0dF7wsl6xLMDyAf430/pluz5np62iX8rDVKhWe RtwSEINxbRbtKnPvQvXUTpvOWn1c16GuLtqF+I6MnBDVEZYD01l5K1v1U/vcq1atPpmO TOuR3ylk866LomzVp0pt+J1Nr6wmK6FgQerFKtMyGx6O0+cUuk3Vvr/wCvzUIGKhq5RD sHoYkWgsH0nRYkcS+Qd0dMuqhJWyTEpNIbRegICx5kXkUF3/PwTRmwSAPaYdz9BGnFE1 +nKCmY3qhNKAeTcNlzb3FdwDCnHx6MlMOOTKdST0UC+wGj5W13NLkTp6yMT8dqDfV5A6 /qXw== X-Gm-Message-State: AFqh2krjcVXAhNWzer6sDSfBQ1dYEjl/PHwUiYdLPm22GfPZLB5gQj7T oXGV8Wfvnjce32USBe0EG1N7iYjuQe/245QdiMsAugkv7a8FAyYFULl4VACNsEycbCX2Mjg9RvI I7qi7oWZGsWvPpE6OlgSf6hvVVqYSmw== X-Received: by 2002:ac8:4d9b:0:b0:3b6:31f2:da0c with SMTP id a27-20020ac84d9b000000b003b631f2da0cmr46013053qtw.15.1674710767566; Wed, 25 Jan 2023 21:26:07 -0800 (PST) X-Google-Smtp-Source: AMrXdXskae1/2vnhCR6sraM29Azr3jQ9SGQt8uq15DYldqjFsQZzJ1izr9PRVmHtmnYZOKad87iP/A== X-Received: by 2002:ac8:4d9b:0:b0:3b6:31f2:da0c with SMTP id a27-20020ac84d9b000000b003b631f2da0cmr46013022qtw.15.1674710767302; Wed, 25 Jan 2023 21:26:07 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id m21-20020aed27d5000000b003b62fcd6d50sm165066qtg.28.2023.01.25.21.26.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 21:26:06 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?utf-8?q?Daniel_P_=2E_Berra?= =?utf-8?q?ng=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen Subject: [PATCH v5 1/4] memory: prevent dma-reentracy issues Date: Thu, 26 Jan 2023 00:25:55 -0500 Message-Id: <20230126052558.572634-2-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230126052558.572634-1-alxndr@bu.edu> References: <20230126052558.572634-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=68.232.154.118; envelope-from=alxndr@bu.edu; helo=esa3.hc2706-39.iphmx.com X-Spam_score_int: -33 X-Spam_score: -3.4 X-Spam_bar: --- X-Spam_report: (-3.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA. This flag is set/checked prior to calling a device's MemoryRegion handlers, and set when device code initiates DMA. The purpose of this flag is to prevent two types of DMA-based reentrancy issues: 1.) mmio -> dma -> mmio case 2.) bh -> dma write -> mmio case These issues have led to problems such as stack-exhaustion and use-after-frees. Summary of the problem from Peter Maydell: https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827 Reviewed-by: Stefan Hajnoczi Signed-off-by: Alexander Bulekov Acked-by: Peter Xu --- include/hw/qdev-core.h | 7 +++++++ softmmu/memory.c | 17 +++++++++++++++++ softmmu/trace-events | 1 + 3 files changed, 25 insertions(+) diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h index 35fddb19a6..8858195262 100644 --- a/include/hw/qdev-core.h +++ b/include/hw/qdev-core.h @@ -162,6 +162,10 @@ struct NamedClockList { QLIST_ENTRY(NamedClockList) node; }; +typedef struct { + bool engaged_in_io; +} MemReentrancyGuard; + /** * DeviceState: * @realized: Indicates whether the device has been fully constructed. @@ -194,6 +198,9 @@ struct DeviceState { int alias_required_for_version; ResettableState reset; GSList *unplug_blockers; + + /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */ + MemReentrancyGuard mem_reentrancy_guard; }; struct DeviceListener { diff --git a/softmmu/memory.c b/softmmu/memory.c index e05332d07f..daffb48493 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -533,6 +533,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, uint64_t access_mask; unsigned access_size; unsigned i; + DeviceState *dev = NULL; MemTxResult r = MEMTX_OK; if (!access_size_min) { @@ -542,6 +543,19 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, access_size_max = 4; } + /* Do not allow more than one simultanous access to a device's IO Regions */ + if (mr->owner && + !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) { + dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE); + if (dev) { + if (dev->mem_reentrancy_guard.engaged_in_io) { + trace_memory_region_reentrant_io(get_cpu_index(), mr, addr, size); + return MEMTX_ERROR; + } + dev->mem_reentrancy_guard.engaged_in_io = true; + } + } + /* FIXME: support unaligned access? */ access_size = MAX(MIN(size, access_size_max), access_size_min); access_mask = MAKE_64BIT_MASK(0, access_size * 8); @@ -556,6 +570,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, access_mask, attrs); } } + if (dev) { + dev->mem_reentrancy_guard.engaged_in_io = false; + } return r; } diff --git a/softmmu/trace-events b/softmmu/trace-events index 22606dc27b..62d04ea9a7 100644 --- a/softmmu/trace-events +++ b/softmmu/trace-events @@ -13,6 +13,7 @@ memory_region_ops_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, u memory_region_ops_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size, const char *name) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u name '%s'" memory_region_subpage_read(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u" memory_region_subpage_write(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u" +memory_region_reentrant_io(int cpu_index, void *mr, uint64_t offset, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" size %u" memory_region_ram_device_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u" memory_region_ram_device_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u" memory_region_sync_dirty(const char *mr, const char *listener, int global) "mr '%s' listener '%s' synced (global=%d)" From patchwork Thu Jan 26 05:25:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13116683 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0F66DC54E94 for ; Thu, 26 Jan 2023 05:27:02 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pKumG-0007L9-2j; Thu, 26 Jan 2023 00:26:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKumC-0007KB-9H for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:20 -0500 Received: from esa5.hc2706-39.iphmx.com ([216.71.137.63]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKum8-0000qd-Tg for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:19 -0500 X-IronPort-RemoteIP: 209.85.219.70 X-IronPort-MID: 265809644 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:8MlBUqCMy09oBRVW/5Thw5YqxClBgxIJ4kV8jS/XYbTApGgh32ZRy 2NOW2DVa/6DZ2X9fN0nbY609BkFusXdndQxTANkpHpgcSl2pJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH2dOCk9SMnvU2xbuKUIPbePSxsThNTRi4kiBZy88Y0mYctitWia++3k YqaT/b3ZRn0hFaYDkpOs/jY8Eo14qyr0N8llgdWic5j7Qe2e0Y9Ucp3yZGZdxPQXoRSF+imc OfPpJnRErTxpkpF5nuNy94XQ2VTKlLgFVHmZkl+AsBOtiN/Shkaic7XAha9hXB/0F1ll/gpo DlEWAfZpQ0BZ8Ugk8xEO/VU/r0X0QSrN9YrLFDm2fF/wXEqfFPsyfBiDRpnE7QD48JLWFp/2 sIlFjskO0Xra+KemNpXS8Fpj8UnadD1ZcYR5SkmwjbeAvIrB5vERs0m5/cChGZ21p0IR6+PI ZVBAdZsRE2ojxlnM1MHDp4ktO21wHTzblW0rXrP+/dnuzmNkFAZPL7FHsvPVc6maeBukE+Kl GKf+mfiWT4iK4nKodaC2jf27gPVpgviVYcPUbG16PNuqFuUwGMVFVsRT1TTnBWioku3WtYaM lJNvyRx9e4980ukStS7VBq9yJKZgiMhtxNrO7VSwGmwJmD8sm512kBsouZ9VeEb IronPort-HdrOrdr: A9a23:acJyBKi3Tigylsux0opwhozJWHBQXgwji2hC6mlwRA09TyVXrb HLoB19726JtN91YhsdcL+7Sc+9qB/nhPxICMwqTMyftWrdyRaVxf9ZnPLfKlTbckWUh41gPO VbAtJD4bXLbWSS5vyKhzVQfexQpeWvweSDqd2b4U1QbTxHXYld0iYRMHflLqS0fmV77FgCea Z0KvAom9PZQwVuUi1zPBZlY9T+ Received: from mail-qv1-f70.google.com ([209.85.219.70]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 26 Jan 2023 00:26:13 -0500 Received: by mail-qv1-f70.google.com with SMTP id e5-20020a056214110500b0053547681552so519217qvs.8 for ; Wed, 25 Jan 2023 21:26:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ix/LQlL7SnPYOBEKRvRlhs6b0+t/hamvfERWUcZMY5A=; b=PX5a9lchwqPi7cL+tnI+1mKLflgjVO3fKmwzbbz0ZBn2fY+528tyg/34ioMUPMW4VT 9oyM2VlUhYNsua0n4s2RELQQmd/qcNLljQZCuOW/SXvkcEveh73iHNTSnXon8k8Ec44N PTaw0cIFRnMNrFPr70nPVAIcJizXK9ENR59O13sBGv0IWWJXfGW3QVK9lnTAKDdYZCZ5 KT5OUvykGUBoTiA0eaxS2zsBn2nS9Uafc4WH8Nz5GgcZvmgH6rjm4xjLojwFK5jmRt14 YRa/akJA6QfAkxPN3YEhGdiIKevKFDPG61Z3/NP8UfUEe9z68dHyWpjuGRgbnLnjMlSL a7rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ix/LQlL7SnPYOBEKRvRlhs6b0+t/hamvfERWUcZMY5A=; b=hdAQ4wQM5P6hrseX4EIGcp0+K6cORwogoUlfWpwHXU5tz+FmmG1M6S097KieXDmumn dNmQYvp9kNFFceaRK41MCtw7oFv8oLOEN79sqg97czKlvLNpybIxqcyfBfppFRoBVEYK nFYHmu8Ry7jA4+q2+p9ofZhpypaYZb8E5glANZat4jWn6Xfte4oNus+uD4usgmEU5cIp C7umLXWtA1AFy5t3Q4pusNULBuKAzH8peUkptH4t7owNPVBwhJAzhu9MdvfnEcvgxbTd JwAIjozBMenru0yO/xiPAI3Z5lkhJKHw3antpDnoDB15vhiCwTaft48wX+vEfVqRx9Ky nlWA== X-Gm-Message-State: AFqh2krqUjTZC0E4FuVNPrYtoJMeWKV+C2c91BVxxljF73BHnh3YvD1S zFqMtJzm14gURwfRDZm329Hzce9fgfgS1K+2G64K39qhJDTyBGB8ffiaesUkeFCT6+MaxspBUzu pWGNEvTkIg11kpof0NhqSPjaVh9kRrg== X-Received: by 2002:a05:6214:3185:b0:532:32b7:b7e4 with SMTP id lb5-20020a056214318500b0053232b7b7e4mr46745543qvb.29.1674710773014; Wed, 25 Jan 2023 21:26:13 -0800 (PST) X-Google-Smtp-Source: AMrXdXtFf9qcWoInG1SmTJspY0x7lq8bRIWqmQVAN0nrHHWd36zkt74i8hjneSgCXXvkTZ2RM1+SyQ== X-Received: by 2002:a05:6214:3185:b0:532:32b7:b7e4 with SMTP id lb5-20020a056214318500b0053232b7b7e4mr46745501qvb.29.1674710772722; Wed, 25 Jan 2023 21:26:12 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id h185-20020a376cc2000000b007069375e0f4sm326169qkc.122.2023.01.25.21.26.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 21:26:11 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?utf-8?q?Daniel_P_=2E_Berra?= =?utf-8?q?ng=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen , Fam Zheng , Kevin Wolf , Hanna Reitz , qemu-block@nongnu.org (open list:Block I/O path) Subject: [PATCH v5 2/4] async: Add an optional reentrancy guard to the BH API Date: Thu, 26 Jan 2023 00:25:56 -0500 Message-Id: <20230126052558.572634-3-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230126052558.572634-1-alxndr@bu.edu> References: <20230126052558.572634-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.63; envelope-from=alxndr@bu.edu; helo=esa5.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Devices can pass their MemoryReentrancyGuard (from their DeviceState), when creating new BHes. Then, the async API will toggle the guard before/after calling the BH call-back. This prevents bh->mmio reentrancy issues. Signed-off-by: Alexander Bulekov --- docs/devel/multiple-iothreads.txt | 7 +++++++ include/block/aio.h | 18 ++++++++++++++++-- include/qemu/main-loop.h | 7 +++++-- tests/unit/ptimer-test-stubs.c | 3 ++- util/async.c | 18 +++++++++++++++++- util/main-loop.c | 5 +++-- util/trace-events | 1 + 7 files changed, 51 insertions(+), 8 deletions(-) diff --git a/docs/devel/multiple-iothreads.txt b/docs/devel/multiple-iothreads.txt index 343120f2ef..a3e949f6b3 100644 --- a/docs/devel/multiple-iothreads.txt +++ b/docs/devel/multiple-iothreads.txt @@ -61,6 +61,7 @@ There are several old APIs that use the main loop AioContext: * LEGACY qemu_aio_set_event_notifier() - monitor an event notifier * LEGACY timer_new_ms() - create a timer * LEGACY qemu_bh_new() - create a BH + * LEGACY qemu_bh_new_guarded() - create a BH with a device re-entrancy guard * LEGACY qemu_aio_wait() - run an event loop iteration Since they implicitly work on the main loop they cannot be used in code that @@ -72,8 +73,14 @@ Instead, use the AioContext functions directly (see include/block/aio.h): * aio_set_event_notifier() - monitor an event notifier * aio_timer_new() - create a timer * aio_bh_new() - create a BH + * aio_bh_new_guarded() - create a BH with a device re-entrancy guard * aio_poll() - run an event loop iteration +The qemu_bh_new_guarded/aio_bh_new_guarded APIs accept a "MemReentrancyGuard" +argument, which is used to check for and prevent re-entrancy problems. For +BHs associated with devices, the reentrancy-guard is contained in the +corresponding DeviceState and named "mem_reentrancy_guard". + The AioContext can be obtained from the IOThread using iothread_get_aio_context() or for the main loop using qemu_get_aio_context(). Code that takes an AioContext argument works both in IOThreads or the main diff --git a/include/block/aio.h b/include/block/aio.h index 0f65a3cc9e..94d661ff7e 100644 --- a/include/block/aio.h +++ b/include/block/aio.h @@ -23,6 +23,8 @@ #include "qemu/thread.h" #include "qemu/timer.h" #include "block/graph-lock.h" +#include "hw/qdev-core.h" + typedef struct BlockAIOCB BlockAIOCB; typedef void BlockCompletionFunc(void *opaque, int ret); @@ -332,9 +334,11 @@ void aio_bh_schedule_oneshot_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, * is opaque and must be allocated prior to its use. * * @name: A human-readable identifier for debugging purposes. + * @reentrancy_guard: A guard set when entering a cb to prevent + * device-reentrancy issues */ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, - const char *name); + const char *name, MemReentrancyGuard *reentrancy_guard); /** * aio_bh_new: Allocate a new bottom half structure @@ -343,7 +347,17 @@ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, * string. */ #define aio_bh_new(ctx, cb, opaque) \ - aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb))) + aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)), NULL) + +/** + * aio_bh_new_guarded: Allocate a new bottom half structure with a + * reentrancy_guard + * + * A convenience wrapper for aio_bh_new_full() that uses the cb as the name + * string. + */ +#define aio_bh_new_guarded(ctx, cb, opaque, guard) \ + aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)), guard) /** * aio_notify: Force processing of pending events. diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h index c25f390696..84d1ce57f0 100644 --- a/include/qemu/main-loop.h +++ b/include/qemu/main-loop.h @@ -389,9 +389,12 @@ void qemu_cond_timedwait_iothread(QemuCond *cond, int ms); void qemu_fd_register(int fd); +#define qemu_bh_new_guarded(cb, opaque, guard) \ + qemu_bh_new_full((cb), (opaque), (stringify(cb)), guard) #define qemu_bh_new(cb, opaque) \ - qemu_bh_new_full((cb), (opaque), (stringify(cb))) -QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name); + qemu_bh_new_full((cb), (opaque), (stringify(cb)), NULL) +QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name, + MemReentrancyGuard *reentrancy_guard); void qemu_bh_schedule_idle(QEMUBH *bh); enum { diff --git a/tests/unit/ptimer-test-stubs.c b/tests/unit/ptimer-test-stubs.c index f5e75a96b6..24d5413f9d 100644 --- a/tests/unit/ptimer-test-stubs.c +++ b/tests/unit/ptimer-test-stubs.c @@ -107,7 +107,8 @@ int64_t qemu_clock_deadline_ns_all(QEMUClockType type, int attr_mask) return deadline; } -QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name) +QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name, + MemReentrancyGuard *reentrancy_guard) { QEMUBH *bh = g_new(QEMUBH, 1); diff --git a/util/async.c b/util/async.c index 14d63b3091..dae77c0d7e 100644 --- a/util/async.c +++ b/util/async.c @@ -65,6 +65,7 @@ struct QEMUBH { void *opaque; QSLIST_ENTRY(QEMUBH) next; unsigned flags; + MemReentrancyGuard *reentrancy_guard; }; /* Called concurrently from any thread */ @@ -133,7 +134,7 @@ void aio_bh_schedule_oneshot_full(AioContext *ctx, QEMUBHFunc *cb, } QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, - const char *name) + const char *name, MemReentrancyGuard *reentrancy_guard) { QEMUBH *bh; bh = g_new(QEMUBH, 1); @@ -142,13 +143,28 @@ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque, .cb = cb, .opaque = opaque, .name = name, + .reentrancy_guard = reentrancy_guard, }; return bh; } void aio_bh_call(QEMUBH *bh) { + bool last_engaged_in_io = false; + + if (bh->reentrancy_guard) { + last_engaged_in_io = bh->reentrancy_guard->engaged_in_io; + if (bh->reentrancy_guard->engaged_in_io) { + trace_reentrant_aio(bh->ctx, bh->name); + } + bh->reentrancy_guard->engaged_in_io = true; + } + bh->cb(bh->opaque); + + if (bh->reentrancy_guard) { + bh->reentrancy_guard->engaged_in_io = last_engaged_in_io; + } } /* Multiple occurrences of aio_bh_poll cannot be called concurrently. */ diff --git a/util/main-loop.c b/util/main-loop.c index 58f776a8c9..07d2e2040a 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -617,9 +617,10 @@ void main_loop_wait(int nonblocking) /* Functions to operate on the main QEMU AioContext. */ -QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name) +QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name, MemReentrancyGuard *reentrancy_guard) { - return aio_bh_new_full(qemu_aio_context, cb, opaque, name); + return aio_bh_new_full(qemu_aio_context, cb, opaque, name, + reentrancy_guard); } /* diff --git a/util/trace-events b/util/trace-events index c8f53d7d9f..dc3b1eb3bf 100644 --- a/util/trace-events +++ b/util/trace-events @@ -11,6 +11,7 @@ poll_remove(void *ctx, void *node, int fd) "ctx %p node %p fd %d" # async.c aio_co_schedule(void *ctx, void *co) "ctx %p co %p" aio_co_schedule_bh_cb(void *ctx, void *co) "ctx %p co %p" +reentrant_aio(void *ctx, const char *name) "ctx %p name %s" # thread-pool.c thread_pool_submit(void *pool, void *req, void *opaque) "pool %p req %p opaque %p" From patchwork Thu Jan 26 05:25:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13116681 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B3580C54E94 for ; Thu, 26 Jan 2023 05:26:46 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pKumG-0007LO-TU; Thu, 26 Jan 2023 00:26:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKumE-0007L1-U9 for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:22 -0500 Received: from esa4.hc2706-39.iphmx.com ([216.71.146.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKumC-0000rp-Tn for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:22 -0500 X-IronPort-RemoteIP: 209.85.160.199 X-IronPort-MID: 253344971 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:45ruM6u3vyiqGR+KIbDXxsNCGefnVOhcMUV32f8akzHdYApBsoF/q tZmKWGAOv2DMzf0fd10aYq1oRwD68CByN5rSARq+y9hFn8b9ZOVVN+UEBzMMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gVkO6gS1LPjvyJ94Kw3dPnZw0TQH9E88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IPM0SQqkEqSh8ai87XAMEhhXJ/0F1lqTzQJ OJl7vRcQS9xVkHFdX90vxNwSkmSNoUfkFPLzOTWXWV+ACQqflO1q8iCAn3aMqVC9sApDE5A6 cUCDwsGTjWcu+Gt3ou0H7wEasQLdKEHPasas3BkiCjFVLMoGMGSBarN4tBc0XE7gcUm8fT2P ZJIL2oyKk2eO1sWawZ/5JEWxY9EglH2dy1epEi9r7dx7mTOpOB0+OKwa4GJJo3VHK25mG6zq 3jGoWD7CyhAbua9wAqa4lKRvN7AyHaTtIU6UefQGuRRqESew3FWBBAIWF+Tp/6/hUijHdVFJ CQpFjEGqKEz8AmyUoC4UUTp8TiLuRkTX9cWGOo/gO2Q9pfpD8+iLjBsZlZ8hBYO7afamRRCO oe1ou7U IronPort-HdrOrdr: A9a23:0LcDGKA1Y7nu9yrlHel655DYdb4zR+YMi2TDGXoBLSC9Ffbo6/ xG+c5w6faaskd2ZJhNo6HjBEDEewKmyXcX2/htAV7dZniehILAFugLhvqA/9SjIVyFygc078 ddmsNFebrN5DZB/KPHyTj9OfobhPe8zICUqdH380pNJDsaFJ2ILD0UNu9YKCBLrcV9a6bRbK DsnvavbgDOGEgqUg== Received: from mail-qt1-f199.google.com ([209.85.160.199]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 26 Jan 2023 00:26:18 -0500 Received: by mail-qt1-f199.google.com with SMTP id br26-20020a05622a1e1a00b003b62dc86831so364176qtb.8 for ; Wed, 25 Jan 2023 21:26:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R1xbLBwy3u4pgrDFz3PbIvoPbIPQ0shmdeGzEwb5b28=; b=n/p4K7Ha1MskIdvl9utinTNncF9vVOYpqSKiC7ASjHp4DsgZHmfDS5ghMwcO0dSotn xKbKCYl7zvvDc8SclL3hfvb58YsmAzY0ujIm7NAe2zGd2oU2MO0qlkkhNuOAHbSCz6M1 tiB4X5/MgCHtsFqZbbz6hE3FSOMgdtEtSqE8WDLjVnI3TnodErFu1VtZQRkHrKABL3ic u8pTaJ+pf3kIKWcqHOIRbNwJvOLJ2h7cSI7vZLiEoepJqKqfMk1iz8J5ST90Fs9A3wtV RpnyXtftlqiZPBMGRNjicTOUdlb67t7LywJyjyTynWhxifvYCSnMErevUWd9pL1PF3cP 1Dsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R1xbLBwy3u4pgrDFz3PbIvoPbIPQ0shmdeGzEwb5b28=; b=VKzBRtlqWIO4HlvlHSX9avng6K6q7BiKMG1rBEQVCBiV3vvVhrHN5LSdNSY61rLBi0 80+dUdMACbc3ulgfI3w53L1ZTe25l9ynZAyQrlRAHsVRWjZ+Olwxb25F6ZmE4lGdnL1X hg+4UhjP28T80Y7lqnt190PsWkujb8VEMnZK26CpYv0hyk4NFlbB6cKPkySkkUVs8at1 guXr+M11M+1jMEM8dxrGjCdkaLjSTggAxY5DG5l8/VWZCuO4qdI9kSsoqewt2CWTB07s unBwBX1O1RodyU7BrZozq8iOKEdly14pQecsr54QSeGFee7g+wu0Aa9syVSN5mSBbMG8 UI3w== X-Gm-Message-State: AO0yUKVK9kiiK5Q6DHF2tjXfVtQ+WVNnw9KLppA4fZcFnhxGaYiVWLpJ x91LnvI6vAsGPxIrjPKydJ/VO4JvVMwSZXdW+zNsMBmDb/MinWNuZ7nrcFSt2BKQs8NV9Vtl53y kSbdbaAxq+yh3WTcWFi+MObtZfJXoPA== X-Received: by 2002:a05:622a:1001:b0:3b6:3133:4499 with SMTP id d1-20020a05622a100100b003b631334499mr9103538qte.1.1674710777184; Wed, 25 Jan 2023 21:26:17 -0800 (PST) X-Google-Smtp-Source: AK7set/hTz49ErW5kmhlLjUhXEaSlLbSfuytObJCeDir8q9zn1qLdfLg1tHaVraNATFLK3sg/2c5Kg== X-Received: by 2002:a05:622a:1001:b0:3b6:3133:4499 with SMTP id d1-20020a05622a100100b003b631334499mr9103500qte.1.1674710776905; Wed, 25 Jan 2023 21:26:16 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id u4-20020ac80504000000b003a69225c2cdsm149208qtg.56.2023.01.25.21.26.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 21:26:16 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?utf-8?q?Daniel_P_=2E_Berra?= =?utf-8?q?ng=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen Subject: [PATCH v5 3/4] checkpatch: add qemu_bh_new/aio_bh_new checks Date: Thu, 26 Jan 2023 00:25:57 -0500 Message-Id: <20230126052558.572634-4-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230126052558.572634-1-alxndr@bu.edu> References: <20230126052558.572634-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.146.118; envelope-from=alxndr@bu.edu; helo=esa4.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Advise authors to use the _guarded versions of the APIs, instead. Signed-off-by: Alexander Bulekov --- scripts/checkpatch.pl | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 6ecabfb2b5..61bb4b0a19 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -2865,6 +2865,14 @@ sub process { if ($line =~ /\bsignal\s*\(/ && !($line =~ /SIG_(?:IGN|DFL)/)) { ERROR("use sigaction to establish signal handlers; signal is not portable\n" . $herecurr); } +# recommend qemu_bh_new_guarded instead of qemu_bh_new + if ($line =~ /\bqemu_bh_new\s*\(/) { + ERROR("use qemu_bh_new_guarded() instead of qemu_bh_new() to avoid reentrancy problems\n" . $herecurr); + } +# recommend aio_bh_new_guarded instead of aio_bh_new + if ($line =~ /\baio_bh_new\s*\(/) { + ERROR("use aio_bh_new_guarded() instead of aio_bh_new() to avoid reentrancy problems\n" . $herecurr); + } # check for module_init(), use category-specific init macros explicitly please if ($line =~ /^module_init\s*\(/) { ERROR("please use block_init(), type_init() etc. instead of module_init()\n" . $herecurr); From patchwork Thu Jan 26 05:25:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13116684 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 534AAC54E94 for ; Thu, 26 Jan 2023 05:27:25 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pKumd-00089l-Nr; Thu, 26 Jan 2023 00:26:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKumc-000848-0u for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:46 -0500 Received: from esa4.hc2706-39.iphmx.com ([216.71.146.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pKumY-0000vS-7A for qemu-devel@nongnu.org; Thu, 26 Jan 2023 00:26:45 -0500 X-IronPort-RemoteIP: 209.85.128.197 X-IronPort-MID: 253344990 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:IxaVJKs3ORwIJf4Inm/Sv65KZ+fnVOhcMUV32f8akzHdYApBsoF/q tZmKWiDOPmON2XxKt4gbNiz900OvZPSmtBqSVduqipnESoV9ZOVVN+UEBzMMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gVkO6gS1LPjvyJ94Kw3dPnZw0TQH9E88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IPM0SQqkEqSh8ai87XAMEhhXJ/0F1lqTzQJ OJl7vRcQS9xVkHFdX90vxNwSkmSNoUfkFPLzOTWXWV+ACQqflO1q8iCAn3aMqU7quVWBH5P1 MVbJTcVUhy4g7qY5ouCH7wEasQLdKEHPasas3BkiCDGVLMoGMGcBarN4tBc0XE7gcUm8fT2P ZJIL2oyKk2aM1sWawh/5JEWxY9EglH2dy1epEi9r7dx7mTOpOB0+OKwa4GJJo3bHa25mG6bv 3icwEH6PC0LC8OG1iap6E2qodTmyHaTtIU6UefQGuRRqESew3FWBBAIWF+Tp/6/hUijHdVFJ CQpFjEGqKEz8Am6UYC4UUTp/ziLuRkTX9cWGOo/gO2Q9pfpD8+iLjBsZlZ8hBYO76famRRCO oe1ou7U IronPort-HdrOrdr: A9a23:AZOUs6+oBM9cn+cPR/Vuk+AII+orL9Y04lQ7vn2ZKSY5TiX4rb HKoB1/73XJYVkqN03I9ervBEDiewK/yXcW2+ks1N6ZNWGLhILBFupfBODZsl7d8kPFl9K01c 1bAtND4N+bNykBsS4tijPIburJw7O8gdyVbf+19QYIcenzAZsQlzuQDGygYypLrFkvP+teKH KEjPA33gadRQ== Received: from mail-yw1-f197.google.com ([209.85.128.197]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 26 Jan 2023 00:26:41 -0500 Received: by mail-yw1-f197.google.com with SMTP id 00721157ae682-434eb7c6fa5so8926197b3.14 for ; Wed, 25 Jan 2023 21:26:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FG0/FU6uw0vDtarwt5+2HOJFgKERR2bBzA1uds1Yh7k=; b=GmkGejaNeTsdycAL/X8WF4cDWl6UjNaTGkTsucW4NaBQwCdMeQH+nl0+bKC0uHNuq3 egx929x1Ij38QCLWMQ6sQcuHlBItNc/pmEnJ1c7ogEnQz8eRKDOnYe9jAEYdQCqmmNS0 uzkqay0teZNBPbU8GooA5WbdJ9Da094j+Facglk6Uf0TdqZwlKAttsdJew0KB8EK2Lx2 ggJyvXde6UBYjvc7G5xcel4pjTDCI8b6CNF/rMEPpax3sqWVQkR0XBXgvkFS+OPlzr8N qlb8UNKVxf23Gok6Gh66cNAZJrn85bClKvewt6Ru/E8mzPriW/3FPXTaku9tG6Ira1Br Jiog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FG0/FU6uw0vDtarwt5+2HOJFgKERR2bBzA1uds1Yh7k=; b=Y17+ejcVYqfxFJHMXJdgbCEMwcRVg9ArDX/vJMkQx649jfF8VHSPejFl6v1dPnFt31 xc3nFDh/6+fHI5lh1StCYl/JMJGJ3PKdf68YQzIFR4lZnfmQsowfwvNoYbcMoIjnubBk TzM4Aq8K6qFwNo9zxZ9KLQrCQ5TwTjftXBszWi/6wnABv58ifQ/5eX3rldkF3x/ZdAQ7 Vn39kgK/3xRu/iDC4aGCMHvE7QL39dcYcODesizmAH5Hel+R8luelL70gA4v3tDUVZA2 m05zvIt2Vi3BuY97NP0Wch84ut2/7CjTHFbRrdSO2MI4gusiT1PZjhM0/lOvzGGFmezd r4EQ== X-Gm-Message-State: AO0yUKUf5ThEIxyR/tU4e8zA92G5hxHFA9O0Jh8gnXrGEtZFFNAdnrYG opFebZv4ufcm0Fi3z0wv9ewnAc0ip/75rUkBfGKPGQX0HLduh4Px9pCICvWuIRowLqN9nQZBPWF bTxmlU0ISJRTP22P6hOTJInQp2Zxchw== X-Received: by 2002:ac8:5545:0:b0:3b6:2f0d:1925 with SMTP id o5-20020ac85545000000b003b62f0d1925mr49128554qtr.64.1674710788522; Wed, 25 Jan 2023 21:26:28 -0800 (PST) X-Google-Smtp-Source: AMrXdXully7MjMRtDtbZtceH3RS9913TvvPBNRP2ZPLGLwxrSXUh8elrZBVGZpyyxkhK/A9rW0V7RQ== X-Received: by 2002:ac8:5545:0:b0:3b6:2f0d:1925 with SMTP id o5-20020ac85545000000b003b62f0d1925mr49128489qtr.64.1674710788085; Wed, 25 Jan 2023 21:26:28 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id i7-20020a05620a074700b006fed58fc1a3sm318746qki.119.2023.01.25.21.26.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 21:26:27 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Mauro Matteo Cascella , Peter Xu , Jason Wang , David Hildenbrand , Gerd Hoffmann , Thomas Huth , Laurent Vivier , Bandan Das , "Edgar E . Iglesias" , Darren Kenny , Bin Meng , Paolo Bonzini , "Michael S . Tsirkin" , Marcel Apfelbaum , =?utf-8?q?Daniel_P_=2E_Berra?= =?utf-8?q?ng=C3=A9?= , Eduardo Habkost , Jon Maloy , Siqi Chen , Stefano Stabellini , Anthony Perard , Paul Durrant , Kevin Wolf , Hanna Reitz , Amit Shah , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , John Snow , Peter Maydell , Mark Cave-Ayland , Keith Busch , Klaus Jensen , Fam Zheng , Dmitry Fleytman , "Gonglei (Arei)" , xen-devel@lists.xenproject.org (open list:X86 Xen CPUs), qemu-block@nongnu.org (open list:virtio-blk), qemu-arm@nongnu.org (open list:i.MX31 (kzm)), qemu-ppc@nongnu.org (open list:Old World (g3beige)) Subject: [PATCH v5 4/4] hw: replace most qemu_bh_new calls with qemu_bh_new_guarded Date: Thu, 26 Jan 2023 00:25:58 -0500 Message-Id: <20230126052558.572634-5-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230126052558.572634-1-alxndr@bu.edu> References: <20230126052558.572634-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.146.118; envelope-from=alxndr@bu.edu; helo=esa4.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org This protects devices from bh->mmio reentrancy issues. Reviewed-by: Stefan Hajnoczi Signed-off-by: Alexander Bulekov --- hw/9pfs/xen-9p-backend.c | 4 +++- hw/block/dataplane/virtio-blk.c | 3 ++- hw/block/dataplane/xen-block.c | 5 +++-- hw/block/virtio-blk.c | 5 +++-- hw/char/virtio-serial-bus.c | 3 ++- hw/display/qxl.c | 9 ++++++--- hw/display/virtio-gpu.c | 6 ++++-- hw/ide/ahci.c | 3 ++- hw/ide/core.c | 3 ++- hw/misc/imx_rngc.c | 6 ++++-- hw/misc/macio/mac_dbdma.c | 2 +- hw/net/virtio-net.c | 3 ++- hw/nvme/ctrl.c | 6 ++++-- hw/scsi/mptsas.c | 3 ++- hw/scsi/scsi-bus.c | 3 ++- hw/scsi/vmw_pvscsi.c | 3 ++- hw/usb/dev-uas.c | 3 ++- hw/usb/hcd-dwc2.c | 3 ++- hw/usb/hcd-ehci.c | 3 ++- hw/usb/hcd-uhci.c | 2 +- hw/usb/host-libusb.c | 6 ++++-- hw/usb/redirect.c | 6 ++++-- hw/usb/xen-usb.c | 3 ++- hw/virtio/virtio-balloon.c | 5 +++-- hw/virtio/virtio-crypto.c | 3 ++- 25 files changed, 66 insertions(+), 35 deletions(-) diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index 65c4979c3c..f077c1b255 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -441,7 +441,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev) xen_9pdev->rings[i].ring.out = xen_9pdev->rings[i].data + XEN_FLEX_RING_SIZE(ring_order); - xen_9pdev->rings[i].bh = qemu_bh_new(xen_9pfs_bh, &xen_9pdev->rings[i]); + xen_9pdev->rings[i].bh = qemu_bh_new_guarded(xen_9pfs_bh, + &xen_9pdev->rings[i], + &DEVICE(xen_9pdev)->mem_reentrancy_guard); xen_9pdev->rings[i].out_cons = 0; xen_9pdev->rings[i].out_size = 0; xen_9pdev->rings[i].inprogress = false; diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c index 26f965cabc..191a8c90aa 100644 --- a/hw/block/dataplane/virtio-blk.c +++ b/hw/block/dataplane/virtio-blk.c @@ -127,7 +127,8 @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf, } else { s->ctx = qemu_get_aio_context(); } - s->bh = aio_bh_new(s->ctx, notify_guest_bh, s); + s->bh = aio_bh_new_guarded(s->ctx, notify_guest_bh, s, + &DEVICE(s)->mem_reentrancy_guard); s->batch_notify_vqs = bitmap_new(conf->num_queues); *dataplane = s; diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c index 2785b9e849..e31806b317 100644 --- a/hw/block/dataplane/xen-block.c +++ b/hw/block/dataplane/xen-block.c @@ -632,8 +632,9 @@ XenBlockDataPlane *xen_block_dataplane_create(XenDevice *xendev, } else { dataplane->ctx = qemu_get_aio_context(); } - dataplane->bh = aio_bh_new(dataplane->ctx, xen_block_dataplane_bh, - dataplane); + dataplane->bh = aio_bh_new_guarded(dataplane->ctx, xen_block_dataplane_bh, + dataplane, + &DEVICE(xendev)->mem_reentrancy_guard); return dataplane; } diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index f717550fdc..e9f516e633 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -866,8 +866,9 @@ static void virtio_blk_dma_restart_cb(void *opaque, bool running, * requests will be processed while starting the data plane. */ if (!s->bh && !virtio_bus_ioeventfd_enabled(bus)) { - s->bh = aio_bh_new(blk_get_aio_context(s->conf.conf.blk), - virtio_blk_dma_restart_bh, s); + s->bh = aio_bh_new_guarded(blk_get_aio_context(s->conf.conf.blk), + virtio_blk_dma_restart_bh, s, + &DEVICE(s)->mem_reentrancy_guard); blk_inc_in_flight(s->conf.conf.blk); qemu_bh_schedule(s->bh); } diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index 7d4601cb5d..dd619f0731 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -985,7 +985,8 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) return; } - port->bh = qemu_bh_new(flush_queued_data_bh, port); + port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port, + &dev->mem_reentrancy_guard); port->elem = NULL; } diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 6772849dec..67efa3c3ef 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -2223,11 +2223,14 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl); - qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl); + qxl->update_irq = qemu_bh_new_guarded(qxl_update_irq_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_guard); qxl_reset_state(qxl); - qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl); - qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd); + qxl->update_area_bh = qemu_bh_new_guarded(qxl_render_update_area_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_guard); + qxl->ssd.cursor_bh = qemu_bh_new_guarded(qemu_spice_cursor_refresh_bh, &qxl->ssd, + &DEVICE(qxl)->mem_reentrancy_guard); } static void qxl_realize_primary(PCIDevice *dev, Error **errp) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 5e15c79b94..66ac9b6cc5 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1339,8 +1339,10 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) g->ctrl_vq = virtio_get_queue(vdev, 0); g->cursor_vq = virtio_get_queue(vdev, 1); - g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g); - g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g); + g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, + &qdev->mem_reentrancy_guard); + g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, + &qdev->mem_reentrancy_guard); QTAILQ_INIT(&g->reslist); QTAILQ_INIT(&g->cmdq); QTAILQ_INIT(&g->fenceq); diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 7ce001cacd..37091150cb 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1508,7 +1508,8 @@ static void ahci_cmd_done(const IDEDMA *dma) ahci_write_fis_d2h(ad); if (ad->port_regs.cmd_issue && !ad->check_bh) { - ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); + ad->check_bh = qemu_bh_new_guarded(ahci_check_cmd_bh, ad, + &DEVICE(ad)->mem_reentrancy_guard); qemu_bh_schedule(ad->check_bh); } } diff --git a/hw/ide/core.c b/hw/ide/core.c index 5d1039378f..8c8d1a8ec2 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -519,7 +519,8 @@ BlockAIOCB *ide_issue_trim( iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); iocb->s = s; - iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); + iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, + &DEVICE(s)->mem_reentrancy_guard); iocb->ret = 0; iocb->qiov = qiov; iocb->i = -1; diff --git a/hw/misc/imx_rngc.c b/hw/misc/imx_rngc.c index 632c03779c..082c6980ad 100644 --- a/hw/misc/imx_rngc.c +++ b/hw/misc/imx_rngc.c @@ -228,8 +228,10 @@ static void imx_rngc_realize(DeviceState *dev, Error **errp) sysbus_init_mmio(sbd, &s->iomem); sysbus_init_irq(sbd, &s->irq); - s->self_test_bh = qemu_bh_new(imx_rngc_self_test, s); - s->seed_bh = qemu_bh_new(imx_rngc_seed, s); + s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s, + &dev->mem_reentrancy_guard); + s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s, + &dev->mem_reentrancy_guard); } static void imx_rngc_reset(DeviceState *dev) diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index efcc02609f..cc7e02203d 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -914,7 +914,7 @@ static void mac_dbdma_realize(DeviceState *dev, Error **errp) { DBDMAState *s = MAC_DBDMA(dev); - s->bh = qemu_bh_new(DBDMA_run_bh, s); + s->bh = qemu_bh_new_guarded(DBDMA_run_bh, s, &dev->mem_reentrancy_guard); } static void mac_dbdma_class_init(ObjectClass *oc, void *data) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 3ae909041a..a170c724de 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -2885,7 +2885,8 @@ static void virtio_net_add_queue(VirtIONet *n, int index) n->vqs[index].tx_vq = virtio_add_queue(vdev, n->net_conf.tx_queue_size, virtio_net_handle_tx_bh); - n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]); + n->vqs[index].tx_bh = qemu_bh_new_guarded(virtio_net_tx_bh, &n->vqs[index], + &DEVICE(vdev)->mem_reentrancy_guard); } n->vqs[index].tx_waiting = 0; diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index f25cc2c235..dcb250e772 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -4318,7 +4318,8 @@ static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n, uint64_t dma_addr, QTAILQ_INSERT_TAIL(&(sq->req_list), &sq->io_req[i], entry); } - sq->bh = qemu_bh_new(nvme_process_sq, sq); + sq->bh = qemu_bh_new_guarded(nvme_process_sq, sq, + &DEVICE(sq->ctrl)->mem_reentrancy_guard); if (n->dbbuf_enabled) { sq->db_addr = n->dbbuf_dbs + (sqid << 3); @@ -4708,7 +4709,8 @@ static void nvme_init_cq(NvmeCQueue *cq, NvmeCtrl *n, uint64_t dma_addr, } } n->cq[cqid] = cq; - cq->bh = qemu_bh_new(nvme_post_cqes, cq); + cq->bh = qemu_bh_new_guarded(nvme_post_cqes, cq, + &DEVICE(cq->ctrl)->mem_reentrancy_guard); } static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeRequest *req) diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c index c485da792c..3de288b454 100644 --- a/hw/scsi/mptsas.c +++ b/hw/scsi/mptsas.c @@ -1322,7 +1322,8 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) } s->max_devices = MPTSAS_NUM_PORTS; - s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); + s->request_bh = qemu_bh_new_guarded(mptsas_fetch_requests, s, + &DEVICE(dev)->mem_reentrancy_guard); scsi_bus_init(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info); } diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index ceceafb2cd..e5c9f7a53d 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -193,7 +193,8 @@ static void scsi_dma_restart_cb(void *opaque, bool running, RunState state) AioContext *ctx = blk_get_aio_context(s->conf.blk); /* The reference is dropped in scsi_dma_restart_bh.*/ object_ref(OBJECT(s)); - s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s); + s->bh = aio_bh_new_guarded(ctx, scsi_dma_restart_bh, s, + &DEVICE(s)->mem_reentrancy_guard); qemu_bh_schedule(s->bh); } } diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c index fa76696855..4de34536e9 100644 --- a/hw/scsi/vmw_pvscsi.c +++ b/hw/scsi/vmw_pvscsi.c @@ -1184,7 +1184,8 @@ pvscsi_realizefn(PCIDevice *pci_dev, Error **errp) pcie_endpoint_cap_init(pci_dev, PVSCSI_EXP_EP_OFFSET); } - s->completion_worker = qemu_bh_new(pvscsi_process_completion_queue, s); + s->completion_worker = qemu_bh_new_guarded(pvscsi_process_completion_queue, s, + &DEVICE(pci_dev)->mem_reentrancy_guard); scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(pci_dev), &pvscsi_scsi_info); /* override default SCSI bus hotplug-handler, with pvscsi's one */ diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c index 88f99c05d5..f013ded91e 100644 --- a/hw/usb/dev-uas.c +++ b/hw/usb/dev-uas.c @@ -937,7 +937,8 @@ static void usb_uas_realize(USBDevice *dev, Error **errp) QTAILQ_INIT(&uas->results); QTAILQ_INIT(&uas->requests); - uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas); + uas->status_bh = qemu_bh_new_guarded(usb_uas_send_status_bh, uas, + &d->mem_reentrancy_guard); dev->flags |= (1 << USB_DEV_FLAG_IS_SCSI_STORAGE); scsi_bus_init(&uas->bus, sizeof(uas->bus), DEVICE(dev), &usb_uas_scsi_info); diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 8755e9cbb0..a0c4e782b2 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -1364,7 +1364,8 @@ static void dwc2_realize(DeviceState *dev, Error **errp) s->fi = USB_FRMINTVL - 1; s->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_frame_boundary, s); s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_work_timer, s); - s->async_bh = qemu_bh_new(dwc2_work_bh, s); + s->async_bh = qemu_bh_new_guarded(dwc2_work_bh, s, + &dev->mem_reentrancy_guard); sysbus_init_irq(sbd, &s->irq); } diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index d4da8dcb8d..c930c60921 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -2533,7 +2533,8 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp) } s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s); - s->async_bh = qemu_bh_new(ehci_work_bh, s); + s->async_bh = qemu_bh_new_guarded(ehci_work_bh, s, + &dev->mem_reentrancy_guard); s->device = dev; s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c index 30ae0104bb..bdc891f57a 100644 --- a/hw/usb/hcd-uhci.c +++ b/hw/usb/hcd-uhci.c @@ -1193,7 +1193,7 @@ void usb_uhci_common_realize(PCIDevice *dev, Error **errp) USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL); } } - s->bh = qemu_bh_new(uhci_bh, s); + s->bh = qemu_bh_new_guarded(uhci_bh, s, &DEVICE(dev)->mem_reentrancy_guard); s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, uhci_frame_timer, s); s->num_ports_vmstate = NB_PORTS; QTAILQ_INIT(&s->queues); diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index 176868d345..f500db85ab 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -1141,7 +1141,8 @@ static void usb_host_nodev_bh(void *opaque) static void usb_host_nodev(USBHostDevice *s) { if (!s->bh_nodev) { - s->bh_nodev = qemu_bh_new(usb_host_nodev_bh, s); + s->bh_nodev = qemu_bh_new_guarded(usb_host_nodev_bh, s, + &DEVICE(s)->mem_reentrancy_guard); } qemu_bh_schedule(s->bh_nodev); } @@ -1739,7 +1740,8 @@ static int usb_host_post_load(void *opaque, int version_id) USBHostDevice *dev = opaque; if (!dev->bh_postld) { - dev->bh_postld = qemu_bh_new(usb_host_post_load_bh, dev); + dev->bh_postld = qemu_bh_new_guarded(usb_host_post_load_bh, dev, + &DEVICE(dev)->mem_reentrancy_guard); } qemu_bh_schedule(dev->bh_postld); dev->bh_postld_pending = true; diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index fd7df599bc..39fbaaab16 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -1441,8 +1441,10 @@ static void usbredir_realize(USBDevice *udev, Error **errp) } } - dev->chardev_close_bh = qemu_bh_new(usbredir_chardev_close_bh, dev); - dev->device_reject_bh = qemu_bh_new(usbredir_device_reject_bh, dev); + dev->chardev_close_bh = qemu_bh_new_guarded(usbredir_chardev_close_bh, dev, + &DEVICE(dev)->mem_reentrancy_guard); + dev->device_reject_bh = qemu_bh_new_guarded(usbredir_device_reject_bh, dev, + &DEVICE(dev)->mem_reentrancy_guard); dev->attach_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, usbredir_do_attach, dev); packet_id_queue_init(&dev->cancelled, dev, "cancelled"); diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c index 0f7369e7ed..dec91294ad 100644 --- a/hw/usb/xen-usb.c +++ b/hw/usb/xen-usb.c @@ -1021,7 +1021,8 @@ static void usbback_alloc(struct XenLegacyDevice *xendev) QTAILQ_INIT(&usbif->req_free_q); QSIMPLEQ_INIT(&usbif->hotplug_q); - usbif->bh = qemu_bh_new(usbback_bh, usbif); + usbif->bh = qemu_bh_new_guarded(usbback_bh, usbif, + &DEVICE(xendev)->mem_reentrancy_guard); } static int usbback_free(struct XenLegacyDevice *xendev) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 746f07c4d2..309cebacc6 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -908,8 +908,9 @@ static void virtio_balloon_device_realize(DeviceState *dev, Error **errp) precopy_add_notifier(&s->free_page_hint_notify); object_ref(OBJECT(s->iothread)); - s->free_page_bh = aio_bh_new(iothread_get_aio_context(s->iothread), - virtio_ballloon_get_free_page_hints, s); + s->free_page_bh = aio_bh_new_guarded(iothread_get_aio_context(s->iothread), + virtio_ballloon_get_free_page_hints, s, + &DEVICE(s)->mem_reentrancy_guard); } if (virtio_has_feature(s->host_features, VIRTIO_BALLOON_F_REPORTING)) { diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 516425e26a..4c95f1096e 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -1050,7 +1050,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) vcrypto->vqs[i].dataq = virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); vcrypto->vqs[i].dataq_bh = - qemu_bh_new(virtio_crypto_dataq_bh, &vcrypto->vqs[i]); + qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i], + &dev->mem_reentrancy_guard); vcrypto->vqs[i].vcrypto = vcrypto; }