system: Don't leak CPU AddressSpaces

[PATCH 1/3] include/system/memory.h: Clarify address_space_destroy() behaviour

Posted by Peter Maydell 1 month, 2 weeks ago

address_space_destroy() doesn't actually immediately destroy the AS;
it queues it to be destroyed via RCU. This means you can't g_free()
the memory the AS struct is in until that has happened.

Clarify this in the documentation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/system/memory.h | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/system/memory.h b/include/system/memory.h
index aa85fc27a10..827e2c5aa44 100644
--- a/include/system/memory.h
+++ b/include/system/memory.h
@@ -2727,9 +2727,14 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name);
 /**
  * address_space_destroy: destroy an address space
  *
- * Releases all resources associated with an address space.  After an address space
- * is destroyed, its root memory region (given by address_space_init()) may be destroyed
- * as well.
+ * Releases all resources associated with an address space.  After an
+ * address space is destroyed, the reference the AddressSpace had to
+ * its root memory region is dropped, which may result in the
+ * destruction of that memory region as well.
+ *
+ * Note that destruction of the AddressSpace is done via RCU;
+ * it is therefore not valid to free the memory the AddressSpace
+ * struct is in until after that RCU callback has completed.
  *
  * @as: address space to be destroyed
  */
-- 
2.43.0

Re: [PATCH 1/3] include/system/memory.h: Clarify address_space_destroy() behaviour

Posted by David Hildenbrand 1 month, 2 weeks ago

On 29.09.25 16:42, Peter Maydell wrote:
> address_space_destroy() doesn't actually immediately destroy the AS;
> it queues it to be destroyed via RCU. This means you can't g_free()
> the memory the AS struct is in until that has happened.
> 
> Clarify this in the documentation.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   include/system/memory.h | 11 ++++++++---
>   1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/include/system/memory.h b/include/system/memory.h
> index aa85fc27a10..827e2c5aa44 100644
> --- a/include/system/memory.h
> +++ b/include/system/memory.h
> @@ -2727,9 +2727,14 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name);
>   /**
>    * address_space_destroy: destroy an address space
>    *
> - * Releases all resources associated with an address space.  After an address space
> - * is destroyed, its root memory region (given by address_space_init()) may be destroyed
> - * as well.
> + * Releases all resources associated with an address space.  After an
> + * address space is destroyed, the reference the AddressSpace had to
> + * its root memory region is dropped, which may result in the
> + * destruction of that memory region as well.
> + *
> + * Note that destruction of the AddressSpace is done via RCU;
> + * it is therefore not valid to free the memory the AddressSpace
> + * struct is in until after that RCU callback has completed.
>    *
>    * @as: address space to be destroyed
>    */

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers

David / dhildenb

[PATCH 1/3] include/system/memory.h: Clarify address_space_destroy() behaviour
[PATCH 2/3] memory: New AS helper to serialize destroy+free
[PATCH 3/3] physmem: Destroy all CPU AddressSpaces on unrealize