> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
>
> On 30/11/2015 23:11, Don Slutz wrote:
> > memory_region_unref(mr) can free memory.
> >
> > For example I got:
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > [Switching to Thread 0x7f43280d4700 (LWP 4462)]
> > 0x00007f43323283c0 in phys_section_destroy (mr=0x7f43259468b0)
> > at /home/don/xen/tools/qemu-xen-dir/exec.c:1023
> > 1023 if (mr->subpage) {
> > (gdb) bt
> > at /home/don/xen/tools/qemu-xen-dir/exec.c:1023
> > at /home/don/xen/tools/qemu-xen-dir/exec.c:1034
> > at /home/don/xen/tools/qemu-xen-dir/exec.c:2205
> > (gdb) p mr
> > $1 = (MemoryRegion *) 0x7f43259468b0
> >
> > And this change prevents this.
>
> Great, thanks! I think this fixes also the problem that Gonglei was seeing a
> few months ago. I'll queue it for 2.5.
>
> BTW, since I have your attention, have you noticed my refresh/rewrite of your
> SAS1068 patches? A review would be welcome.
>
Nice catch! I will check the issue tomorrow.
Thanks for reminding and CC'ing me, Paolo.
Regards,
-Gonglei
> Paolo
>
> > Signed-off-by: Don Slutz <don.sl...@gmail.com>
> > ---
> > exec.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/exec.c b/exec.c
> > index de1cf19..0bf0a6e 100644
> > --- a/exec.c
> > +++ b/exec.c
> > @@ -1064,9 +1064,11 @@ static uint16_t phys_section_add(PhysPageMap
> > *map,
> >
> > static void phys_section_destroy(MemoryRegion *mr) {
> > + bool have_sub_page = mr->subpage;
> > +
> > memory_region_unref(mr);
> >
> > - if (mr->subpage) {
> > + if (have_sub_page) {
> > subpage_t *subpage = container_of(mr, subpage_t, iomem);
> > object_unref(OBJECT(&subpage->iomem));
> > g_free(subpage);
> >
