aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony Liguori <aliguori@us.ibm.com>2012-01-09 08:54:04 -0600
committerAnthony Liguori <aliguori@us.ibm.com>2012-01-09 08:54:04 -0600
commitcd9244e48a6643752fccecd344d85d1c4de5cbad (patch)
tree636124bf3c46389496ded7aec4a9b35a81e40758
parent1ddde08780f6862a98505f9fb9ea10305638783f (diff)
parentc49450b98f7b9edd6690f34ae6ff15fe4a6131b9 (diff)
downloadqemu-cd9244e48a6643752fccecd344d85d1c4de5cbad.zip
qemu-cd9244e48a6643752fccecd344d85d1c4de5cbad.tar.gz
qemu-cd9244e48a6643752fccecd344d85d1c4de5cbad.tar.bz2
Merge remote-tracking branch 'qemu-kvm/fix-vhost-after-memory-listener' into staging
* qemu-kvm/fix-vhost-after-memory-listener: vhost: improve region filtering vhost: fix mem_sections memory corruption vhost: fix incorrect userspace address
-rw-r--r--hw/vhost.c23
1 files changed, 17 insertions, 6 deletions
diff --git a/hw/vhost.c b/hw/vhost.c
index cd56e75..19a7b5c 100644
--- a/hw/vhost.c
+++ b/hw/vhost.c
@@ -15,6 +15,7 @@
#include "hw/hw.h"
#include "range.h"
#include <linux/vhost.h>
+#include "exec-memory.h"
static void vhost_dev_sync_region(struct vhost_dev *dev,
MemoryRegionSection *section,
@@ -365,10 +366,6 @@ static void vhost_set_memory(MemoryListener *listener,
int r;
void *ram;
- if (!memory_region_is_ram(section->mr)) {
- return;
- }
-
dev->mem = g_realloc(dev->mem, s);
if (log_dirty) {
@@ -378,7 +375,7 @@ static void vhost_set_memory(MemoryListener *listener,
assert(size);
/* Optimize no-change case. At least cirrus_vga does this a lot at this time. */
- ram = memory_region_get_ram_ptr(section->mr);
+ ram = memory_region_get_ram_ptr(section->mr) + section->offset_within_region;
if (add) {
if (!vhost_dev_cmp_memory(dev, start_addr, size, (uintptr_t)ram)) {
/* Region exists with same address. Nothing to do. */
@@ -430,12 +427,22 @@ static void vhost_set_memory(MemoryListener *listener,
}
}
+static bool vhost_section(MemoryRegionSection *section)
+{
+ return section->address_space == get_system_memory()
+ && memory_region_is_ram(section->mr);
+}
+
static void vhost_region_add(MemoryListener *listener,
MemoryRegionSection *section)
{
struct vhost_dev *dev = container_of(listener, struct vhost_dev,
memory_listener);
+ if (!vhost_section(section)) {
+ return;
+ }
+
++dev->n_mem_sections;
dev->mem_sections = g_renew(MemoryRegionSection, dev->mem_sections,
dev->n_mem_sections);
@@ -450,13 +457,17 @@ static void vhost_region_del(MemoryListener *listener,
memory_listener);
int i;
+ if (!vhost_section(section)) {
+ return;
+ }
+
vhost_set_memory(listener, section, false);
for (i = 0; i < dev->n_mem_sections; ++i) {
if (dev->mem_sections[i].offset_within_address_space
== section->offset_within_address_space) {
--dev->n_mem_sections;
memmove(&dev->mem_sections[i], &dev->mem_sections[i+1],
- dev->n_mem_sections - i);
+ (dev->n_mem_sections - i) * sizeof(*dev->mem_sections));
break;
}
}