From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754299AbbFSKPF (ORCPT <rfc822;w@1wt.eu>);
	Fri, 19 Jun 2015 06:15:05 -0400
Received: from mx1.redhat.com ([209.132.183.28]:53840 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751120AbbFSKO4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 19 Jun 2015 06:14:56 -0400
Date: Fri, 19 Jun 2015 12:14:52 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org, andrey@xdel.ru
Subject: Re: [PATCH 3/5] vhost: support upto 509 memory regions
Message-ID: <20150619120734-mutt-send-email-mst@redhat.com>
References: <20150618134040-mutt-send-email-mst@redhat.com>
 <5582B088.1090207@redhat.com>
 <20150618142455-mutt-send-email-mst@redhat.com>
 <5582CBA6.5070105@redhat.com>
 <20150618164559-mutt-send-email-mst@redhat.com>
 <5582EBA6.1080607@redhat.com>
 <20150619095515-mutt-send-email-mst@redhat.com>
 <5583CB62.6030405@redhat.com>
 <20150619100409-mutt-send-email-mst@redhat.com>
 <5583D85F.7090200@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5583D85F.7090200@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jun 19, 2015 at 10:52:47AM +0200, Paolo Bonzini wrote:
> 
> 
> On 19/06/2015 10:05, Michael S. Tsirkin wrote:
> > > No, only destruction of the memory region frees it.  address_space_map
> > > takes a reference to the memory region and address_space_unmap releases it.
> > > 
> > > Paolo
> > 
> > Confused. So can we call mmap(MAP_NORESERVE) in address_space_unmap
> > after we detect refcount is 0?
> 
> No, because in the meanwhile another DIMM could have been hotplugged
> at the same place where the old one was.  This is legal:
> 
>     user                      guest                 QEMU
>     ----------------------------------------------------------------------------------------
>                               start I/O
>                                   '---------------> address_space_map
>     device_del
>         '-------------------> receives SCI
>                               executes _EJ0
>                                   '---------------> memory_region_del_subregion
>                                                     object_unparent

So guest started DMA into memory, then ejected this memory while DMA
is in progress?

>     device_add
>         '-----------------------------------------> device_set_realized
>                                                       hotplug_handler_plug
>                                                         pc_machine_device_plug_cb
>                                                           pc_dimm_plug
>                                                             memory_region_add_subregion
> 
>                                                     I/O finishes
>                                                       address_space_unmap
> 
> Surprise removal similarly could be done in QEMU, but it will hold to
> some resources for as long as the device backends need them.
> 
> Paolo