[Qemu-devel] [PATCH v4 0/5] exec: Make bounce buffer thread safe

[Fam Zheng]

v4: Remove smp_mb() in patch 1.
    Remove two cpu_exec_init_all() calls.
    Rename cpu_notify_map_clients_unlocked -> cpu_notify_map_clients_locked.
    Add Paolo's rev-by in patch 5.

v3: Address Paolo's comments:
    Use atomic_xchg for bounce buffer.
    Use mutex and BH for map_client_list.

The global bounce buffer used for non-direct memory access is not thread-safe:

 1) Access to "bounce" is not atomic.

 2) Access to "map_client_list" is not atomic.

 3) In dma_blk_cb, there is a race condition between:

        mem = dma_memory_map(...
    and
        cpu_register_map_client(...

    Bounce may become available after dma_memory_map failed but before
    cpu_register_map_client is called.

 4) The reschedule_dma is not in the right AioContext;
    continue_after_map_failure called from other threads will race with
    dma_aio_cancel.

This series fixes these issues respectively.

Fam Zheng (5):
  exec: Atomic access to bounce buffer
  linux-user, bsd-user: Remove two calls to cpu_exec_init_all
  exec: Protect map_client_list with mutex
  exec: Notify cpu_register_map_client caller if the bounce buffer is
    available
  dma-helpers: Fix race condition of continue_after_map_failure and
    dma_aio_cancel

 bsd-user/main.c           |  1 -
 dma-helpers.c             | 17 +++++------
 exec.c                    | 76 +++++++++++++++++++++++++++++++----------------
 include/exec/cpu-common.h |  3 +-
 linux-user/main.c         |  1 -
 5 files changed, 61 insertions(+), 37 deletions(-)

-- 
1.9.3