On 30/11/2015 23:11, Don Slutz wrote: > memory_region_unref(mr) can free memory. > > For example I got: > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7f43280d4700 (LWP 4462)] > 0x00007f43323283c0 in phys_section_destroy (mr=0x7f43259468b0) > at /home/don/xen/tools/qemu-xen-dir/exec.c:1023 > 1023 if (mr->subpage) { > (gdb) bt > at /home/don/xen/tools/qemu-xen-dir/exec.c:1023 > at /home/don/xen/tools/qemu-xen-dir/exec.c:1034 > at /home/don/xen/tools/qemu-xen-dir/exec.c:2205 > (gdb) p mr > $1 = (MemoryRegion *) 0x7f43259468b0 > > And this change prevents this.
Great, thanks! I think this fixes also the problem that Gonglei was seeing a few months ago. I'll queue it for 2.5. BTW, since I have your attention, have you noticed my refresh/rewrite of your SAS1068 patches? A review would be welcome. Paolo > Signed-off-by: Don Slutz <don.sl...@gmail.com> > --- > exec.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/exec.c b/exec.c > index de1cf19..0bf0a6e 100644 > --- a/exec.c > +++ b/exec.c > @@ -1064,9 +1064,11 @@ static uint16_t phys_section_add(PhysPageMap *map, > > static void phys_section_destroy(MemoryRegion *mr) > { > + bool have_sub_page = mr->subpage; > + > memory_region_unref(mr); > > - if (mr->subpage) { > + if (have_sub_page) { > subpage_t *subpage = container_of(mr, subpage_t, iomem); > object_unref(OBJECT(&subpage->iomem)); > g_free(subpage); >