From 041600e23f2fe2a9c252c9a8b26c7d147bedf982 Mon Sep 17 00:00:00 2001 From: Peter Xu Date: Mon, 29 Sep 2025 15:42:27 +0100 Subject: [PATCH] memory: New AS helper to serialize destroy+free If an AddressSpace has been created in its own allocated memory, cleaning it up requires first destroying the AS and then freeing the memory. Doing this doesn't work: address_space_destroy(as); g_free_rcu(as, rcu); because both address_space_destroy() and g_free_rcu() try to use the same 'rcu' node in the AddressSpace struct and the address_space_destroy hook gets overwritten. Provide a new address_space_destroy_free() function which will destroy the AS and then free the memory it uses, all in one RCU callback. (CC to stable because the next commit needs this function.) Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell Reviewed-by: David Hildenbrand Link: https://lore.kernel.org/r/20250929144228.1994037-3-peter.maydell@linaro.org Signed-off-by: Peter Xu --- include/system/memory.h | 13 +++++++++++++ system/memory.c | 20 +++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/include/system/memory.h b/include/system/memory.h index 827e2c5aa44..08daf0fc59e 100644 --- a/include/system/memory.h +++ b/include/system/memory.h @@ -2735,11 +2735,24 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name); * Note that destruction of the AddressSpace is done via RCU; * it is therefore not valid to free the memory the AddressSpace * struct is in until after that RCU callback has completed. + * If you want to g_free() the AddressSpace after destruction you + * can do that with address_space_destroy_free(). * * @as: address space to be destroyed */ void address_space_destroy(AddressSpace *as); +/** + * address_space_destroy_free: destroy an address space and free it + * + * This does the same thing as address_space_destroy(), and then also + * frees (via g_free()) the AddressSpace itself once the destruction + * is complete. + * + * @as: address space to be destroyed + */ +void address_space_destroy_free(AddressSpace *as); + /** * address_space_remove_listeners: unregister all listeners of an address space * diff --git a/system/memory.c b/system/memory.c index cf8cad69611..fe8b28a096b 100644 --- a/system/memory.c +++ b/system/memory.c @@ -3278,7 +3278,14 @@ static void do_address_space_destroy(AddressSpace *as) memory_region_unref(as->root); } -void address_space_destroy(AddressSpace *as) +static void do_address_space_destroy_free(AddressSpace *as) +{ + do_address_space_destroy(as); + g_free(as); +} + +/* Detach address space from global view, notify all listeners */ +static void address_space_detach(AddressSpace *as) { MemoryRegion *root = as->root; @@ -3293,9 +3300,20 @@ void address_space_destroy(AddressSpace *as) * values to expire before freeing the data. */ as->root = root; +} + +void address_space_destroy(AddressSpace *as) +{ + address_space_detach(as); call_rcu(as, do_address_space_destroy, rcu); } +void address_space_destroy_free(AddressSpace *as) +{ + address_space_detach(as); + call_rcu(as, do_address_space_destroy_free, rcu); +} + static const char *memory_region_type(MemoryRegion *mr) { if (mr->alias) { -- 2.47.3