From d743c382861eaa1e13f503b05aba5a382a7e7f7c Mon Sep 17 00:00:00 2001 From: Avi Kivity Date: Mon, 9 Jan 2012 13:09:40 +0200 Subject: [PATCH 1/3] vhost: fix incorrect userspace address MemoryListener::region_add() gives us a slice of a MemoryRegion, not a region. Adjust the userspace address to reflect that. Signed-off-by: Avi Kivity Acked-by: Michael S. Tsirkin --- hw/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/vhost.c b/hw/vhost.c index cd56e75d0a..541c7163b2 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -378,7 +378,7 @@ static void vhost_set_memory(MemoryListener *listener, assert(size); /* Optimize no-change case. At least cirrus_vga does this a lot at this time. */ - ram = memory_region_get_ram_ptr(section->mr); + ram = memory_region_get_ram_ptr(section->mr) + section->offset_within_region; if (add) { if (!vhost_dev_cmp_memory(dev, start_addr, size, (uintptr_t)ram)) { /* Region exists with same address. Nothing to do. */ From 637f7a6a01e09bc39f7b3a24257a9cd6ea396ca0 Mon Sep 17 00:00:00 2001 From: Avi Kivity Date: Mon, 9 Jan 2012 13:59:50 +0200 Subject: [PATCH 2/3] vhost: fix mem_sections memory corruption A memset() used to delete an entry in an array did not take into account the array element's size. Signed-off-by: Avi Kivity Acked-by: Michael S. Tsirkin --- hw/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/vhost.c b/hw/vhost.c index 541c7163b2..d924fb0e4d 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -456,7 +456,7 @@ static void vhost_region_del(MemoryListener *listener, == section->offset_within_address_space) { --dev->n_mem_sections; memmove(&dev->mem_sections[i], &dev->mem_sections[i+1], - dev->n_mem_sections - i); + (dev->n_mem_sections - i) * sizeof(*dev->mem_sections)); break; } } From c49450b98f7b9edd6690f34ae6ff15fe4a6131b9 Mon Sep 17 00:00:00 2001 From: Avi Kivity Date: Mon, 9 Jan 2012 14:01:39 +0200 Subject: [PATCH 3/3] vhost: improve region filtering vhost memory management doesn't care about non-memory (e.g. PIO) or non-RAM regions. Adjust the filtering to reflect that, and move it earlier so it applies to mem_sections too. Signed-off-by: Avi Kivity Acked-by: Michael S. Tsirkin --- hw/vhost.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/hw/vhost.c b/hw/vhost.c index d924fb0e4d..19a7b5c820 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -15,6 +15,7 @@ #include "hw/hw.h" #include "range.h" #include +#include "exec-memory.h" static void vhost_dev_sync_region(struct vhost_dev *dev, MemoryRegionSection *section, @@ -365,10 +366,6 @@ static void vhost_set_memory(MemoryListener *listener, int r; void *ram; - if (!memory_region_is_ram(section->mr)) { - return; - } - dev->mem = g_realloc(dev->mem, s); if (log_dirty) { @@ -430,12 +427,22 @@ static void vhost_set_memory(MemoryListener *listener, } } +static bool vhost_section(MemoryRegionSection *section) +{ + return section->address_space == get_system_memory() + && memory_region_is_ram(section->mr); +} + static void vhost_region_add(MemoryListener *listener, MemoryRegionSection *section) { struct vhost_dev *dev = container_of(listener, struct vhost_dev, memory_listener); + if (!vhost_section(section)) { + return; + } + ++dev->n_mem_sections; dev->mem_sections = g_renew(MemoryRegionSection, dev->mem_sections, dev->n_mem_sections); @@ -450,6 +457,10 @@ static void vhost_region_del(MemoryListener *listener, memory_listener); int i; + if (!vhost_section(section)) { + return; + } + vhost_set_memory(listener, section, false); for (i = 0; i < dev->n_mem_sections; ++i) { if (dev->mem_sections[i].offset_within_address_space