Since 374f2981d1 "memory: protect current_map by RCU",
address_space_update_topology unrefs the old_flatview twice,
once by call_rcu and once by direct call. This patch removes
the direct call in favor of the call_rcu. Fixes at least one
assertion failure seen in s390, where a ref count for a memory
region attempts to go negative during hot-unplug of guest memory.
Signed-off-by: Matthew Rosato <mjros...@linux.vnet.ibm.com>
---
memory.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/memory.c b/memory.c
index 130152c..d08abe5 100644
--- a/memory.c
+++ b/memory.c
@@ -755,7 +755,6 @@ static void address_space_update_topology(AddressSpace *as)
/* Writes are protected by the BQL. */
atomic_rcu_set(&as->current_map, new_view);
- call_rcu(old_view, flatview_unref, rcu);
/* Note that all the old MemoryRegions are still alive up to this
* point. This relieves most MemoryListeners from the need to
@@ -763,7 +762,7 @@ static void address_space_update_topology(AddressSpace *as)
* outside the iothread mutex, in which case precise reference
* counting is necessary.
*/
- flatview_unref(old_view);
+ call_rcu(old_view, flatview_unref, rcu);
address_space_update_ioeventfds(as);
}
--
1.7.9.5
