cur_map is not used anymore; instead, each AddressSpaceDispatch has its own nodes/sections pair. The priorities of the MemoryListeners, and in the future RCU, guarantee that the nodes/sections are not freed while they are still in use.
(In fact, next_map itself is not needed except to free the data on the next update). To avoid incorrect use, replace cur_map with a temporary copy that is only valid while the topology is being updated. If you use it, the name prev_map makes it clear that you're doing something weird. Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> --- exec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/exec.c b/exec.c index 581f0c4..7f87e16 100644 --- a/exec.c +++ b/exec.c @@ -128,7 +128,7 @@ typedef struct PhysPageMap { MemoryRegionSection *sections; } PhysPageMap; -static PhysPageMap cur_map; +static PhysPageMap *prev_map; static PhysPageMap next_map; #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1) @@ -804,7 +804,7 @@ static void phys_section_destroy(MemoryRegion *mr) } } -static void phys_sections_clear(PhysPageMap *map) +static void phys_sections_free(PhysPageMap *map) { while (map->sections_nb > 0) { MemoryRegionSection *section = &map->sections[--map->sections_nb]; @@ -812,6 +812,7 @@ static void phys_sections_clear(PhysPageMap *map) } g_free(map->sections); g_free(map->nodes); + g_free(map); } static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section) @@ -1745,6 +1746,9 @@ static void core_begin(MemoryListener *listener) { uint16_t n; + prev_map = g_new(PhysPageMap, 1); + *prev_map = next_map; + memset(&next_map, 0, sizeof(next_map)); n = dummy_section(&io_mem_unassigned); assert(n == PHYS_SECTION_UNASSIGNED); @@ -1761,9 +1765,7 @@ static void core_begin(MemoryListener *listener) */ static void core_commit(MemoryListener *listener) { - PhysPageMap info = cur_map; - cur_map = next_map; - phys_sections_clear(&info); + phys_sections_free(prev_map); } static void tcg_commit(MemoryListener *listener) -- 1.8.1.4