From 9e7bfda4909cc688dd0327e17985019f08a78d5d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 29 Sep 2025 15:42:26 +0100 Subject: [PATCH] include/system/memory.h: Clarify address_space_destroy() behaviour address_space_destroy() doesn't actually immediately destroy the AS; it queues it to be destroyed via RCU. This means you can't g_free() the memory the AS struct is in until that has happened. Clarify this in the documentation. Signed-off-by: Peter Maydell Reviewed-by: David Hildenbrand Link: https://lore.kernel.org/r/20250929144228.1994037-2-peter.maydell@linaro.org Signed-off-by: Peter Xu --- include/system/memory.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/system/memory.h b/include/system/memory.h index aa85fc27a10..827e2c5aa44 100644 --- a/include/system/memory.h +++ b/include/system/memory.h @@ -2727,9 +2727,14 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name); /** * address_space_destroy: destroy an address space * - * Releases all resources associated with an address space. After an address space - * is destroyed, its root memory region (given by address_space_init()) may be destroyed - * as well. + * Releases all resources associated with an address space. After an + * address space is destroyed, the reference the AddressSpace had to + * its root memory region is dropped, which may result in the + * destruction of that memory region as well. + * + * Note that destruction of the AddressSpace is done via RCU; + * it is therefore not valid to free the memory the AddressSpace + * struct is in until after that RCU callback has completed. * * @as: address space to be destroyed */ -- 2.47.3