diff options
| author | Anthony Liguori <aliguori@us.ibm.com> | 2012-01-09 08:54:04 -0600 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2012-01-09 08:54:04 -0600 |
| commit | cd9244e48a6643752fccecd344d85d1c4de5cbad (patch) | |
| tree | 636124bf3c46389496ded7aec4a9b35a81e40758 | |
| parent | 1ddde08780f6862a98505f9fb9ea10305638783f (diff) | |
| parent | c49450b98f7b9edd6690f34ae6ff15fe4a6131b9 (diff) | |
| download | focaccia-qemu-cd9244e48a6643752fccecd344d85d1c4de5cbad.tar.gz focaccia-qemu-cd9244e48a6643752fccecd344d85d1c4de5cbad.zip | |
Merge remote-tracking branch 'qemu-kvm/fix-vhost-after-memory-listener' into staging
* qemu-kvm/fix-vhost-after-memory-listener: vhost: improve region filtering vhost: fix mem_sections memory corruption vhost: fix incorrect userspace address
| -rw-r--r-- | hw/vhost.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/hw/vhost.c b/hw/vhost.c index cd56e75d0a..19a7b5c820 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -15,6 +15,7 @@ #include "hw/hw.h" #include "range.h" #include <linux/vhost.h> +#include "exec-memory.h" static void vhost_dev_sync_region(struct vhost_dev *dev, MemoryRegionSection *section, @@ -365,10 +366,6 @@ static void vhost_set_memory(MemoryListener *listener, int r; void *ram; - if (!memory_region_is_ram(section->mr)) { - return; - } - dev->mem = g_realloc(dev->mem, s); if (log_dirty) { @@ -378,7 +375,7 @@ static void vhost_set_memory(MemoryListener *listener, assert(size); /* Optimize no-change case. At least cirrus_vga does this a lot at this time. */ - ram = memory_region_get_ram_ptr(section->mr); + ram = memory_region_get_ram_ptr(section->mr) + section->offset_within_region; if (add) { if (!vhost_dev_cmp_memory(dev, start_addr, size, (uintptr_t)ram)) { /* Region exists with same address. Nothing to do. */ @@ -430,12 +427,22 @@ static void vhost_set_memory(MemoryListener *listener, } } +static bool vhost_section(MemoryRegionSection *section) +{ + return section->address_space == get_system_memory() + && memory_region_is_ram(section->mr); +} + static void vhost_region_add(MemoryListener *listener, MemoryRegionSection *section) { struct vhost_dev *dev = container_of(listener, struct vhost_dev, memory_listener); + if (!vhost_section(section)) { + return; + } + ++dev->n_mem_sections; dev->mem_sections = g_renew(MemoryRegionSection, dev->mem_sections, dev->n_mem_sections); @@ -450,13 +457,17 @@ static void vhost_region_del(MemoryListener *listener, memory_listener); int i; + if (!vhost_section(section)) { + return; + } + vhost_set_memory(listener, section, false); for (i = 0; i < dev->n_mem_sections; ++i) { if (dev->mem_sections[i].offset_within_address_space == section->offset_within_address_space) { --dev->n_mem_sections; memmove(&dev->mem_sections[i], &dev->mem_sections[i+1], - dev->n_mem_sections - i); + (dev->n_mem_sections - i) * sizeof(*dev->mem_sections)); break; } } |