Since 374f2981d1 "memory: protect current_map by RCU", address_space_update_topology unrefs the old_flatview twice, once by call_rcu and once by direct call. This patch removes the direct call in favor of the call_rcu. Fixes at least one assertion failure seen in s390, where a ref count for a memory region attempts to go negative during hot-unplug of guest memory.
Signed-off-by: Matthew Rosato <mjros...@linux.vnet.ibm.com> --- memory.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/memory.c b/memory.c index 130152c..d08abe5 100644 --- a/memory.c +++ b/memory.c @@ -755,7 +755,6 @@ static void address_space_update_topology(AddressSpace *as) /* Writes are protected by the BQL. */ atomic_rcu_set(&as->current_map, new_view); - call_rcu(old_view, flatview_unref, rcu); /* Note that all the old MemoryRegions are still alive up to this * point. This relieves most MemoryListeners from the need to @@ -763,7 +762,7 @@ static void address_space_update_topology(AddressSpace *as) * outside the iothread mutex, in which case precise reference * counting is necessary. */ - flatview_unref(old_view); + call_rcu(old_view, flatview_unref, rcu); address_space_update_ioeventfds(as); } -- 1.7.9.5