On 28/03/2016 08:59, Michael S. Tsirkin wrote:
>> > + qemu_mutex_lock_balloon_bitmap();
>> > for (;;) {
>> > size_t offset = 0;
>> > uint32_t pfn;
>> > elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
>> > if (!elem) {
>> > + qemu_mutex_unlock_balloon_bitmap();
>> > return;
>> > }
>> >
>> > @@ -242,6 +245,7 @@ static void virtio_balloon_handle_output(VirtIODevice
>> > *vdev, VirtQueue *vq)
>> > addr = section.offset_within_region;
>> > balloon_page(memory_region_get_ram_ptr(section.mr) + addr,
>> > !!(vq == s->dvq));
>> > + qemu_balloon_bitmap_update(addr, !!(vq == s->dvq));
>> > memory_region_unref(section.mr);
>> > }
>> >
> So the assumption here is that offset_within_region equals
> ram ptr if region is get_system_memory.
>
> And I'm not sure that's always right.
>
> Paolo?
Indeed. It is correct for the main system RAM, but hot-plugged RAM
would also have a zero-based section.offset_within_region. You need to
add memory_region_get_ram_addr(section.mr), just like the call to
balloon_page adds memory_region_get_ram_ptr(section.mr).
Paolo
