Whenever memory regions are accessed outside the BQL, they need to be
preserved against hot-unplug. MemoryRegions actually do not have their
own reference count; they piggyback on a QOM object, their "owner".
Add two functions to retrieve and specify the owner.
The setter function will affect the owner recursively on a whole tree
of contained regions, but without crossing (a) aliases (b) regions that
are already owned by another device. This is so that a device can create
a complex tree of regions and a single call to memory_region_set_owner
will affect the entire tree.
In turn, this lets buses (usually through a bus-specific function, e.g.
pci_register_bar) set the owner for regions that are managed by the bus.
The device must set the owner itself only if the device plays directly
with address_space_memory/io (which shouldn't happen except in special
cases) or if regions are added/deleted after passing the container to
the bus (for example dynamically while the device runs).
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
include/exec/memory.h | 36 ++++++++++++++++++++++++++++++++++++
memory.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+)
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 3598c4f..e51f30f 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -150,6 +150,7 @@ struct MemoryRegion {
const MemoryRegionIOMMUOps *iommu_ops;
void *opaque;
MemoryRegion *parent;
+ struct Object *owner;
Int128 size;
hwaddr addr;
void (*destructor)(MemoryRegion *mr);
@@ -388,6 +389,41 @@ void memory_region_init_iommu(MemoryRegion *mr,
void memory_region_destroy(MemoryRegion *mr);
/**
+ * memory_region_owner: get a memory region's owner.
+ *
+ * @mr: the memory region being queried.
+ */
+struct Object *memory_region_owner(MemoryRegion *mr);
+
+/**
+ * memory_region_set_owner: set the owner for a memory region and all
+ * the unowned regions below it.
+ *
+ * The owner of a region is an object that must be preserved together
+ * with the region itself while the region is being accessed. This
+ * is useful whenever a region is accessed while the big QEMU lock is
+ * not held, even in the simplest case of accessing RAM from
+ * asynchronous block device I/O.
+ *
+ * This function will affect the owner recursively on a whole tree
+ * of contained regions (not aliases), but without crossing regions that
+ * are already owned by another device. This is so that a device can create
+ * a complex tree of regions and a single call to memory_region_set_owner
+ * will affect the entire tree.
+ *
+ * This function will usually be called through a bus-specific function, e.g.
+ * pci_register_bar or sysbus_init_mmio. The device must set the owner itself
+ * only if it uses memory_region_add_subregion directly on some address space,
+ * or after the parent region is passed to the bus (for example dynamically
+ * while the device runs).
+ *
+ * @mr: the memory region being set.
+ * @owner: the object that acts as the owner
+ */
+void memory_region_set_owner(MemoryRegion *mr,
+ struct Object *owner);
+
+/**
* memory_region_size: get a memory region's size.
*
* @mr: the memory region being queried.
diff --git a/memory.c b/memory.c
index c500d8d..b40cdde 100644
--- a/memory.c
+++ b/memory.c
@@ -823,6 +823,7 @@ void memory_region_init(MemoryRegion *mr,
mr->opaque = NULL;
mr->iommu_ops = NULL;
mr->parent = NULL;
+ mr->owner = NULL;
mr->size = int128_make64(size);
if (size == UINT64_MAX) {
mr->size = int128_2_64();
@@ -1089,6 +1090,50 @@ void memory_region_destroy(MemoryRegion *mr)
g_free(mr->ioeventfds);
}
+Object *memory_region_owner(MemoryRegion *mr)
+{
+ return mr->owner;
+}
+
+void memory_region_set_owner(MemoryRegion *mr,
+ Object *owner)
+{
+ MemoryRegion *child;
+ Object *old_owner;
+
+ old_owner = mr->owner;
+ assert(old_owner == NULL || old_owner == owner);
+
+ if (owner != NULL && old_owner == NULL) {
+ object_ref(owner);
+ }
+ mr->owner = owner;
+
+ QTAILQ_FOREACH(child, &mr->subregions, subregions_link) {
+ Object *child_owner = child->owner;
+ if (child_owner == NULL || child_owner == owner) {
+ /* Balance the reference that would have been added in
+ * memory_region_add_subregion. Same below for
+ * memory_region_del_subregion.
+ */
+ if (owner != NULL && child_owner == NULL) {
+ memory_region_ref(child);
+ }
+ memory_region_set_owner(child, owner);
+ if (owner == NULL && child_owner != NULL) {
+ memory_region_unref(child);
+ }
+ }
+ }
+
+ /* Do not unref until all child regions have been processed,
+ * or the old owner might disappear.
+ */
+ if (owner == NULL && old_owner != NULL) {
+ object_unref(old_owner);
+ }
+}
+
uint64_t memory_region_size(MemoryRegion *mr)
{
if (int128_eq(mr->size, int128_2_64())) {
--
1.8.1.4
