On Fri, Dec 23, 2022 at 10:23:06PM +0800, Chuang Xu wrote:
> Before using any flatview, sanity check we're not during a memory
> region transaction or the map can be invalid.
>
> Signed-off-by: Chuang Xu <xuchuangxc...@bytedance.com>
> ---
> include/exec/memory.h | 9 +++++++++
> softmmu/memory.c | 5 +++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/include/exec/memory.h b/include/exec/memory.h
> index 91f8a2395a..66c43b4862 100644
> --- a/include/exec/memory.h
> +++ b/include/exec/memory.h
> @@ -1069,8 +1069,17 @@ struct FlatView {
> MemoryRegion *root;
> };
>
> +int memory_region_transaction_get_depth(void);
> +
> static inline FlatView *address_space_to_flatview(AddressSpace *as)
> {
> + /*
> + * Before using any flatview, sanity check we're not during a memory
> + * region transaction or the map can be invalid. Note that this can
> + * also be called during commit phase of memory transaction, but that
> + * should also only happen when the depth decreases to 0 first.
Nitpick: after adding the RCU check the comment may need slight touch up:
* Meanwhile it's safe to access current_map with RCU read lock held
* even if during a memory transaction. It means the user can bear
* with an obsolete map.
> + */
> + assert(memory_region_transaction_get_depth() == 0 || rcu_read_locked());
> return qatomic_rcu_read(&as->current_map);
> }
>
> diff --git a/softmmu/memory.c b/softmmu/memory.c
> index bc0be3f62c..01192e2e5b 100644
> --- a/softmmu/memory.c
> +++ b/softmmu/memory.c
> @@ -1116,6 +1116,11 @@ void memory_region_transaction_commit(void)
> }
> }
>
> +int memory_region_transaction_get_depth(void)
> +{
> + return memory_region_transaction_depth;
> +}
> +
> static void memory_region_destructor_none(MemoryRegion *mr)
> {
> }
> --
> 2.20.1
>
--
Peter Xu
