[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions

To: Xenia Ragiadakou <xenia.ragiadakou@xxxxxxx>, Huang Rui <ray.huang@xxxxxxx>, Marc-André Lureau <marcandre.lureau@xxxxxxxxx>, Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>, "Michael S . Tsirkin" <mst@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Antonio Caggiano <quic_acaggian@xxxxxxxxxxx>, "Dr . David Alan Gilbert" <dgilbert@xxxxxxxxxx>, Robert Beckett <bob.beckett@xxxxxxxxxxxxx>, Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx>, Gert Wollny <gert.wollny@xxxxxxxxxxxxx>, Alex Bennée <alex.bennee@xxxxxxxxxx>, qemu-devel@xxxxxxxxxx
From: Akihiko Odaki <akihiko.odaki@xxxxxxxxxx>
Date: Thu, 21 Dec 2023 16:50:27 +0900
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Gurchetan Singh <gurchetansingh@xxxxxxxxxxxx>, ernunes@xxxxxxxxxx, Alyssa Ross <hi@xxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Alex Deucher <alexander.deucher@xxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxx>, Christian König <christian.koenig@xxxxxxx>, Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@xxxxxxx>, Honglei Huang <honglei1.huang@xxxxxxx>, Julia Zhang <julia.zhang@xxxxxxx>, Chen Jiqian <Jiqian.Chen@xxxxxxx>
Delivery-date: Thu, 21 Dec 2023 07:50:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2023/12/21 16:35, Xenia Ragiadakou wrote:

On 21/12/23 07:45, Akihiko Odaki wrote:
On 2023/12/19 16:53, Huang Rui wrote:
From: Xenia Ragiadakou <xenia.ragiadakou@xxxxxxx>
When the memory region has a different life-cycle from that of herparent,could be automatically released, once has been unparent and once allof her
references have gone away, via the object's free callback.

However, currently, the address space subsystem keeps references to the
memory region without first incrementing its object's reference count.
As a result, the automatic deallocation of the object, not taking into
account those references, results in use-after-free memory corruption.

More specifically, reference to the memory region is kept in flatview
ranges. If the reference count of the memory region is not incremented,
flatview_destroy(), that is asynchronous, may be called after memory
region's destruction. If the reference count of the memory region is
incremented, memory region's destruction will take place after
flatview_destroy() has released its references.
This patch increases the reference count of an owned memory regionobjecton each memory_region_ref() and decreases it on eachmemory_region_unref().
Why not pass the memory region itself as the owner parameter ofmemory_region_init_ram_ptr()?
Hmm, in that case, how will it be guaranteed that the VirtIOGPU won'tdisappear while the memory region is still in use?

You can object_ref() when you do memory_region_init_ram_ptr() andobject_unref() when the memory region is being destroyed.

Follow-Ups:
- Re: [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions
  - From: Xenia Ragiadakou

References:
- [PATCH v6 00/11] Support blob memory and venus on qemu
  - From: Huang Rui
- [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions
  - From: Huang Rui
- Re: [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions
  - From: Akihiko Odaki
- Re: [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions
  - From: Xenia Ragiadakou

Prev by Date: Re: [PATCH v6 07/11] virtio-gpu: Handle resource blob commands
Next by Date: Re: [PATCH v2 07/39] xen/riscv: introduce arch-riscv/hvm/save.h
Previous by thread: Re: [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions
Next by thread: Re: [PATCH v6 06/11] softmmu/memory: enable automatic deallocation of memory regions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.