From nobody Fri Nov 14 23:31:34 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1759157072; cv=none; d=zohomail.com; s=zohoarc; b=Rvjbwsgb/z7uUcpeDP0kEWgaT7FCGgznJTLrEk52iI5wqbPRO2jKn5rck1FzFy24Oji+5KJksutZ6IkWH9RQekfqDkpyVuHthyw9YywyfRvOv8bkMBPuQ15YoYQuciQ6aHH97M8VQLKeytY5mUQyA1wcL8pE67MTxiIozzpYsWU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759157072; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZrX7Vo8XSH76EQy1j2jEGEf72QI55jtj06tZ0QnpNTs=; b=VaImukki8+xN7kqlyM5OnhFOHRJPOBaaphGpDWBos+qs1FUd6qyCsXSvHkY/6LPwyXTp8s9TPY+HAR2zS6pFmQgx/mg0XtK2hEaDwi5fLojXDU2RMnIXHq1kvsfkeFis+3luzRa09IiF/R/xMOcNGQ2RbINJWM4Uw3kAsB4MdD8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1759157072781439.7566579074572; Mon, 29 Sep 2025 07:44:32 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v3F5q-0004hc-3h; Mon, 29 Sep 2025 10:43:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v3F5a-0004Xn-Lz for qemu-devel@nongnu.org; Mon, 29 Sep 2025 10:42:56 -0400 Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1v3F5N-0001kQ-7G for qemu-devel@nongnu.org; Mon, 29 Sep 2025 10:42:53 -0400 Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-46e30ef74b0so33650495e9.0 for ; Mon, 29 Sep 2025 07:42:35 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-46e56f64849sm15893885e9.11.2025.09.29.07.42.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Sep 2025 07:42:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1759156953; x=1759761753; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZrX7Vo8XSH76EQy1j2jEGEf72QI55jtj06tZ0QnpNTs=; b=jguHtIegfdmeGFSZ5DxFeI/ls5miKwp6WGZNP0LDHx0hwpK1knjPDA2eoIDGSefeBE Rqi5B394TQf9pYoIkdpmEDD50yP47jZc8KV+X5f7Op/1lGd6xcg71m/8FOCgCGzviWI/ A7StTv8hMHf3qdT1VCndT2I7dYwJ0pN+myvZjaVtt5ya36vViRIusxUcm58C+bFpA+di lT0+MiN+4bppz3U9gWyL6tEJrexXFfwfkb7SAgD48IzSkifEUCz2gS3q+LJie9ocllRa l+8Zd5xmEctDT1v9rOT+LatcvNM+5BHjha7a7eJYQpJH3/nTbmNXRgBV8WUgMkLKnx0k SRAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759156953; x=1759761753; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZrX7Vo8XSH76EQy1j2jEGEf72QI55jtj06tZ0QnpNTs=; b=uDsYSqeGyomR7IADfsNIG4ZezTTOCSiwx6lR1zrGa6dxJkMID+ZaVHWqJMJTIACehB URr6FfEfnN2bPj7zxa8qHJfh9acpYEp6I2+1JF/d2UgbvNVhUGsYybUh9Aak2B3U3pD9 +eKjW8h+xu3Mti3+h9jXw9067x1ZKNAPU/jLbAxdIixi4dKHwq/kt4OtMAu0bCThuQ9F So+6wUVokocO6LM/4POTw45VJ0T95SCMoUEvIz3/q5SJDO6kcyPmco7jLPqIhS8R3Bbr JZVIAN3lo32jCLcAJoh1tcdkPDno3GKJF8K50xUssh5VSwBRDpkPc24FYUpRZ+Ht2oT0 8p0g== X-Gm-Message-State: AOJu0YxY9mr3dskkHeAThA1CpGxc+dJmsW+mkSHihF8yPD7EhD4Yqq0m XCDY6GHqsXy51is8xYQ7a5m5w47AOIU1sq9SDimf/RgUAj9u0mYnnRMyKjJSo2MY7y0T77nXXn8 1kYbu X-Gm-Gg: ASbGnctLHirL9kqIrHHsZcbEe3ttMKY9i5g0I9jSQx6zqSw9FslrzMb7vsIeKUH0KDP rYvmhf1kye9zIKBVptrM+cghR+rq2o5lBvNhVc4Oeb3Iky5f4forKtqUSgej3h4Q711SELk+O/L rn+HavTXzpad8QxTA7+l7ancTuZbj8KH1r0kLd1fIzZg/5bQA/vwff7jssrtJ49dqdQd3Kd+F6r RkIXKjfNu3pWiMaeiC6FtRuBVQlbL/DHFg3sX6nuWUV8tXt3CEncwKQ9kH9qQ4ee11l4TdzglxL Ea/0MKvGrtCkePCaqIn3EKOcnV2/gWcia5wnnBYNzUlp7+GB9SsowOiMrx/Y0mjVNcLFc0EteSY km2VP6XUGSTA2dFrxeDr2jvdJ0FPUd4fE7yiqMPsAibAe0gP/jw== X-Google-Smtp-Source: AGHT+IHYibHFXHHpGPIiYV4Fx3cc9LdlMEGgQ5i2EbAfoV7jc4kgFVqxpCDsP8m5YombICwDiv4yNQ== X-Received: by 2002:a05:600c:4192:b0:468:4350:c84d with SMTP id 5b1f17b1804b1-46e329ab0bamr102474895e9.7.1759156952637; Mon, 29 Sep 2025 07:42:32 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Eduardo Habkost , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Yanan Wang , Zhao Liu , Paolo Bonzini , Peter Xu , David Hildenbrand Subject: [PATCH 1/3] include/system/memory.h: Clarify address_space_destroy() behaviour Date: Mon, 29 Sep 2025 15:42:26 +0100 Message-ID: <20250929144228.1994037-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250929144228.1994037-1-peter.maydell@linaro.org> References: <20250929144228.1994037-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::335; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x335.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1759157074288116600 Content-Type: text/plain; charset="utf-8" address_space_destroy() doesn't actually immediately destroy the AS; it queues it to be destroyed via RCU. This means you can't g_free() the memory the AS struct is in until that has happened. Clarify this in the documentation. Signed-off-by: Peter Maydell Reviewed-by: David Hildenbrand --- include/system/memory.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/system/memory.h b/include/system/memory.h index aa85fc27a10..827e2c5aa44 100644 --- a/include/system/memory.h +++ b/include/system/memory.h @@ -2727,9 +2727,14 @@ void address_space_init(AddressSpace *as, MemoryRegi= on *root, const char *name); /** * address_space_destroy: destroy an address space * - * Releases all resources associated with an address space. After an addr= ess space - * is destroyed, its root memory region (given by address_space_init()) ma= y be destroyed - * as well. + * Releases all resources associated with an address space. After an + * address space is destroyed, the reference the AddressSpace had to + * its root memory region is dropped, which may result in the + * destruction of that memory region as well. + * + * Note that destruction of the AddressSpace is done via RCU; + * it is therefore not valid to free the memory the AddressSpace + * struct is in until after that RCU callback has completed. * * @as: address space to be destroyed */ --=20 2.43.0 From nobody Fri Nov 14 23:31:34 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1759157124; cv=none; d=zohomail.com; s=zohoarc; b=ecaxzIzsrQbdxRnR87weWb936N607i1Iir0nqYvhbeOLUBbEFkYKbPnz7FWBu+P2luhSy610QlfN3C3cu9s0AEMz7viw7lGgjnN9WFlZMPWd6ah42hyb9YLzg73jfK5o9OvhnJXWvVnKyKyDQwtYVyAY+8Sjekbok9vgiCo4H1w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759157124; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=w24qu0TlEZnI2t5vQ3QHQiMaGU0xSwrCWCvZb2/QTzs=; b=Wy3CCx+G6+miYOREDQggnYGPm5r8L6cJ2GRik/zbt1qxoMOdxMkIBatPn6tEZySAuRpQf5q9AzvMO7qP9/4eoMHs5uvgRkNG1XWIrPZ3QUViM1i2Z52G4zadNOOx71QAt8vy+fdT5imJ3AoGR8J6nxBUVhQR1uK12YEUN8UfgT8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175915712409730.683770065442673; Mon, 29 Sep 2025 07:45:24 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v3F6L-0004tv-Ik; Mon, 29 Sep 2025 10:43:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v3F5n-0004i5-Q4 for qemu-devel@nongnu.org; Mon, 29 Sep 2025 10:43:09 -0400 Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1v3F5T-0001l0-PX for qemu-devel@nongnu.org; Mon, 29 Sep 2025 10:43:07 -0400 Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-46e2c3b6d4cso34955935e9.3 for ; Mon, 29 Sep 2025 07:42:41 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-46e56f64849sm15893885e9.11.2025.09.29.07.42.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Sep 2025 07:42:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1759156954; x=1759761754; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w24qu0TlEZnI2t5vQ3QHQiMaGU0xSwrCWCvZb2/QTzs=; b=fCanxPzOXk1ul7UARe7RmXpPM/swr9fKoSFT0mcVWS/58A1n7TiOytWvWWiL3RFliF xjwHU0SlQdMXkoUXMzPdMukeUBWcNajpcX0h+pVYWIfi0H2+Pegcx+qq/aJ0ibBXCyWj W1+ifDfFesxLiWXV3G41p49yOpd5OQcuIzcfiHJVBKjNkE1U/rB4SXTg7lTkijPrzJsT /nzVjSC3KzwIozl/+H1K0L/SVxmGiKwzOvk7ZhPemAtZ72yO4baglwsaP8GxRVzK0GHJ pl0cKw6OP26Uv2aXGEp4TYxcRV8v0x78K55wELx/9KC4G2FbQ0zFJQFlt6KSk6cxc7Z7 6Crw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759156954; x=1759761754; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w24qu0TlEZnI2t5vQ3QHQiMaGU0xSwrCWCvZb2/QTzs=; b=SHEXWevOb0IBzG4t5qbNj4HE30Jgd39CIzh85K7BBmSegNebb+L6BO9pSi2KYSkjRP PFQzZ8/qmmzaH3u+6OmXlnJIifTDRY+nFOrQkmoVl7jv4BrGrHXYvu6aBWJWwLXMbr1D nrobtOYbWWLNheFOe7enN+jTn5WKisQWAh7RJfje4Wao7LlVWb98iDOgwRfZ0zOlogC1 Zt0u3C8LrF2W2/CaPwczSRtCnQE9fyfUzueV/WAcML0T51ohuzyP+W+NZjL5CXsfmVnS UULKCK3SrpNDPeuMbyJ7Yx8ypeHrVk87cRXhktpyF47Bg+3escySGMw4zadzGN32lV98 N8cw== X-Gm-Message-State: AOJu0YwZTn+gGSfahAGlpOMJI78WjDFNNYRphA+7xqUHin9l25A5Jxxd /0uTRpRPs4xqwOnvn+lu56+9U7tzFapy68oQ003LOrKjYRFeKRIsOkGJ01WINWEU3QUynnWGNk0 UEsDC X-Gm-Gg: ASbGncshWh/pp3w8OV4b1SrfkITZZR0SyvAEXUdM9yocnHRYlFGPKqZ6JdwTcclsEEN CmqKWyCnRWzjKGsT2XAXJkf4e7Mi1X0Jqc0Pczcw2BlmZlF79iG1WUOH83eSUAHqPC6RvtIO8Mj mKasPqRntV8skVxnj4Tzg1ql91iP2fSqCFtuOR7ykIisMgSoZQtDNXwJa5cBoNeP/tIOXHXjbJY iYQl3VFxBxB0QoZIwXZLVD1q21JArYmRov4lgceA+h/xnOenbZnzzMlFZadlnU5H7D9LbcaJhdk SNNuikj3TxQw7yjqMCA5p4Cs6mr0cYioXbHiAdlGa+554M0/goWrJLnYLObk0NXORYlbrl3SG8D ggiUziyTT6gh3XHQtH+oYUiElOPL7EHhPQpMD1Bg= X-Google-Smtp-Source: AGHT+IH5A1aeWf+tjZIeSnnITMHdb6amqzXI03BaBCJc0m/SRksCW4hFdydw5f2EYyB21BgEKlFe4g== X-Received: by 2002:a05:600c:8519:b0:46e:3978:ba71 with SMTP id 5b1f17b1804b1-46e3978bfffmr122280325e9.21.1759156954260; Mon, 29 Sep 2025 07:42:34 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Eduardo Habkost , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Yanan Wang , Zhao Liu , Paolo Bonzini , Peter Xu , David Hildenbrand Subject: [PATCH 2/3] memory: New AS helper to serialize destroy+free Date: Mon, 29 Sep 2025 15:42:27 +0100 Message-ID: <20250929144228.1994037-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250929144228.1994037-1-peter.maydell@linaro.org> References: <20250929144228.1994037-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::335; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x335.google.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1759157131821116600 Content-Type: text/plain; charset="utf-8" From: Peter Xu If an AddressSpace has been created in its own allocated memory, cleaning it up requires first destroying the AS and then freeing the memory. Doing this doesn't work: address_space_destroy(as); g_free_rcu(as, rcu); because both address_space_destroy() and g_free_rcu() try to use the same 'rcu' node in the AddressSpace struct and the address_space_destroy hook gets overwritten. Provide a new address_space_destroy_free() function which will destroy the AS and then free the memory it uses, all in one RCU callback. (CC to stable because the next commit needs this function.) Cc: qemu-stable@nongnu.org Signed-off-by: Peter Xu [PMM: Expanded commit message with motivation, tweaked comment] Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell Reviewed-by: David Hildenbrand --- include/system/memory.h | 13 +++++++++++++ system/memory.c | 20 +++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/include/system/memory.h b/include/system/memory.h index 827e2c5aa44..08daf0fc59e 100644 --- a/include/system/memory.h +++ b/include/system/memory.h @@ -2735,11 +2735,24 @@ void address_space_init(AddressSpace *as, MemoryReg= ion *root, const char *name); * Note that destruction of the AddressSpace is done via RCU; * it is therefore not valid to free the memory the AddressSpace * struct is in until after that RCU callback has completed. + * If you want to g_free() the AddressSpace after destruction you + * can do that with address_space_destroy_free(). * * @as: address space to be destroyed */ void address_space_destroy(AddressSpace *as); =20 +/** + * address_space_destroy_free: destroy an address space and free it + * + * This does the same thing as address_space_destroy(), and then also + * frees (via g_free()) the AddressSpace itself once the destruction + * is complete. + * + * @as: address space to be destroyed + */ +void address_space_destroy_free(AddressSpace *as); + /** * address_space_remove_listeners: unregister all listeners of an address = space * diff --git a/system/memory.c b/system/memory.c index cf8cad69611..fe8b28a096b 100644 --- a/system/memory.c +++ b/system/memory.c @@ -3278,7 +3278,14 @@ static void do_address_space_destroy(AddressSpace *a= s) memory_region_unref(as->root); } =20 -void address_space_destroy(AddressSpace *as) +static void do_address_space_destroy_free(AddressSpace *as) +{ + do_address_space_destroy(as); + g_free(as); +} + +/* Detach address space from global view, notify all listeners */ +static void address_space_detach(AddressSpace *as) { MemoryRegion *root =3D as->root; =20 @@ -3293,9 +3300,20 @@ void address_space_destroy(AddressSpace *as) * values to expire before freeing the data. */ as->root =3D root; +} + +void address_space_destroy(AddressSpace *as) +{ + address_space_detach(as); call_rcu(as, do_address_space_destroy, rcu); } =20 +void address_space_destroy_free(AddressSpace *as) +{ + address_space_detach(as); + call_rcu(as, do_address_space_destroy_free, rcu); +} + static const char *memory_region_type(MemoryRegion *mr) { if (mr->alias) { --=20 2.43.0 From nobody Fri Nov 14 23:31:34 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1759157205; cv=none; d=zohomail.com; s=zohoarc; b=jSJv/ZlUEIekfM7xIZaJWj1w1afFGPrUCBajAxMNd84iuJirPi+3Mo78uLRGWHVPl4aed9MnzsNm12vgmYRsn9aetFHCaB8q2RzXsWVYJ7cgyDmaCBrIchWL8pB4X2BPg+e0kiQFlnjRXZlr1iNE6Hhh/AhqxxbMHBw0+pNPzHs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759157205; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=IRfXK8DLlmyxNn6fM1i82Qtqd0zzhs3o+KVizRy7jKM=; b=NciXTjG+EEtSM3Cs7L5I40o05BrUaS/r0ec/nlLjyuKn7MlQ9eejeORDP6xzY/CF9Jzq3VLcQsZHfPw6rtbveD4BB4CxRv+Q5/SA418XrOzX1Zcd+3V4bdaaYg3WHer96MvIU1U2ecAgeQOUhA5GZitX8CWxqbUFB4k595l/q8E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1759157205614148.79064118919644; Mon, 29 Sep 2025 07:46:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v3F5r-0004i4-0s; Mon, 29 Sep 2025 10:43:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v3F5i-0004fE-4S for qemu-devel@nongnu.org; Mon, 29 Sep 2025 10:43:02 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1v3F5S-0001lF-GJ for qemu-devel@nongnu.org; Mon, 29 Sep 2025 10:43:01 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-46e501a9034so9247165e9.3 for ; Mon, 29 Sep 2025 07:42:37 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-46e56f64849sm15893885e9.11.2025.09.29.07.42.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Sep 2025 07:42:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1759156956; x=1759761756; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IRfXK8DLlmyxNn6fM1i82Qtqd0zzhs3o+KVizRy7jKM=; b=l3Ynnj90grEDwj+qrg2jxRr+zZhv7ISYN59O+qXRs133KtdV6B1gt2f2pXRl7kZsrm 3EVzmMde9BbIlqDwHHrTfYu3VE8vWGTFouqwKuaHHVmPV6aFodQjfLB1Fk9hEPVQmd83 8RS7tBnbGPTWbywutFuhip8uh2ncB1/PxRD3Jfm4WpRtL43cpXdCx/Pu062NEKke9rCe 7i6vbWT/aMJyRKxYf3vTUWi4xkr65xHJEY15kfTwlXTU9cYq7mcflNbJV9kznS0wdDcB Gj1PAWd32iDtCHgFRFK4a4E08mLTp6HAhTplqxcS0LNeNGhPYd4TICgZAUGXTn1PrDWD mFHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759156956; x=1759761756; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IRfXK8DLlmyxNn6fM1i82Qtqd0zzhs3o+KVizRy7jKM=; b=c6EfsXyq8hL+gIIMAGSmAsOJguCIgsE0Fzd6R21v6tHB9/gJbDEOcwtjtDdBM6a3gv MlvoJUe/iPIMOmOF9KPEn+jFyblf4/4TbM1TqmG2fvfwxUrPjNy7SRuf6DPcevu3VtV5 oLxoJh2tbHd3BbFUWaT9mQfLtbh+3AojmkDRqAQ3+VZWSFR9WCWt8AZLYSk1mMljRRDu M5wu6XqZg31bZ3xp6Ihla2fabDXZ1eIZPTp7UuNRuClo+io/EnY/kxBmyWnQ1JL4eoNm MvrkrTImpVlvXtIod4b8JGnfBmCvcmC0QxUcmcEzefUnItyT7NHy5KCZPnpWrtgfYvU+ wzMg== X-Gm-Message-State: AOJu0Ywy9Ivy/GrEJEzrUFSxAuTNOUB5wXQBcsgFitEMtCLh4AEA+ukG GwcYgUsNS5LSgz/D0RWfqzVrrBb2Kvndmr1Wb5hXpfcMSFkatigjartVFOPuZ3DgXs6yDxIh/CB q9ufw X-Gm-Gg: ASbGncvKN62OORSmPklbfNJ//a7xGGclg9GLPfX2JpfpCO6vsx8+cWVou/0qHGuCBQx DPvUn/9sTZEIRn1rkDozCdHemqk/jsjMFBWueahIN8S1qPYqlLTnHaEj/rN315DbiCFL3Z/j8Eo eHMD4J1po2K5MpXu2BdVlI5TjHVF3/oeSpe8xtjKXVNIFiPUE2wKio9AhsUxH3o/XreRbvbeBM+ uZjyQAJYqlrlzgR7AuQXGR+fZ4GUkk46vhVswyaJ3AtrC11oq+5Trjm+q5W5NYySKH2DAwcbfWd L3gBNCnem4gfVBK9lLFek8ak8tVolg9KJue/eqfBYEPt2p9jCvqQ37MAS3KHcSCEDyONhW6pP/c NxfsIIyp/V2mj/TQz5kJCazOAl2JS X-Google-Smtp-Source: AGHT+IGQEOcWVN7Mm8X8I1Xn7W5TML85UQLqnxCufY4UybG9TLkjl77E+4al6mJMJWV66tBejuLBIw== X-Received: by 2002:a05:6000:2282:b0:3ee:1586:6c85 with SMTP id ffacd0b85a97d-40e50d6de49mr14594812f8f.57.1759156955553; Mon, 29 Sep 2025 07:42:35 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Eduardo Habkost , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Yanan Wang , Zhao Liu , Paolo Bonzini , Peter Xu , David Hildenbrand Subject: [PATCH 3/3] physmem: Destroy all CPU AddressSpaces on unrealize Date: Mon, 29 Sep 2025 15:42:28 +0100 Message-ID: <20250929144228.1994037-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250929144228.1994037-1-peter.maydell@linaro.org> References: <20250929144228.1994037-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1759157206614116600 Content-Type: text/plain; charset="utf-8" When we unrealize a CPU object (which happens on vCPU hot-unplug), we should destroy all the AddressSpace objects we created via calls to cpu_address_space_init() when the CPU was realized. Commit 24bec42f3d6eae added a function to do this for a specific AddressSpace, but did not add any places where the function was called. Since we always want to destroy all the AddressSpaces on unrealize, regardless of the target architecture, we don't need to try to keep track of how many are still undestroyed, or make the target architecture code manually call a destroy function for each AS it created. Instead we can adjust the function to always completely destroy the whole cpu->ases array, and arrange for it to be called during CPU unrealize as part of the common code. Without this fix, AddressSanitizer will report a leak like this from a run where we hot-plugged and then hot-unplugged an x86 KVM vCPU: Direct leak of 416 byte(s) in 1 object(s) allocated from: #0 0x5b638565053d in calloc (/data_nvme1n1/linaro/qemu-from-laptop/qemu= /build/x86-tgts-asan/qemu-system-x86_64+0x1ee153d) (BuildId: c1cd6022b19514= 2106e1bffeca23498c2b752bca) #1 0x7c28083f77b1 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+= 0x637b1) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75) #2 0x5b6386999c7c in cpu_address_space_init /data_nvme1n1/linaro/qemu-f= rom-laptop/qemu/build/x86-tgts-asan/../../system/physmem.c:797:25 #3 0x5b638727f049 in kvm_cpu_realizefn /data_nvme1n1/linaro/qemu-from-l= aptop/qemu/build/x86-tgts-asan/../../target/i386/kvm/kvm-cpu.c:102:5 #4 0x5b6385745f40 in accel_cpu_common_realize /data_nvme1n1/linaro/qemu= -from-laptop/qemu/build/x86-tgts-asan/../../accel/accel-common.c:101:13 #5 0x5b638568fe3c in cpu_exec_realizefn /data_nvme1n1/linaro/qemu-from-= laptop/qemu/build/x86-tgts-asan/../../hw/core/cpu-common.c:232:10 #6 0x5b63874a2cd5 in x86_cpu_realizefn /data_nvme1n1/linaro/qemu-from-l= aptop/qemu/build/x86-tgts-asan/../../target/i386/cpu.c:9321:5 #7 0x5b6387a0469a in device_set_realized /data_nvme1n1/linaro/qemu-from= -laptop/qemu/build/x86-tgts-asan/../../hw/core/qdev.c:494:13 #8 0x5b6387a27d9e in property_set_bool /data_nvme1n1/linaro/qemu-from-l= aptop/qemu/build/x86-tgts-asan/../../qom/object.c:2375:5 #9 0x5b6387a2090b in object_property_set /data_nvme1n1/linaro/qemu-from= -laptop/qemu/build/x86-tgts-asan/../../qom/object.c:1450:5 #10 0x5b6387a35b05 in object_property_set_qobject /data_nvme1n1/linaro/= qemu-from-laptop/qemu/build/x86-tgts-asan/../../qom/qom-qobject.c:28:10 #11 0x5b6387a21739 in object_property_set_bool /data_nvme1n1/linaro/qem= u-from-laptop/qemu/build/x86-tgts-asan/../../qom/object.c:1520:15 #12 0x5b63879fe510 in qdev_realize /data_nvme1n1/linaro/qemu-from-lapto= p/qemu/build/x86-tgts-asan/../../hw/core/qdev.c:276:12 Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2517 Signed-off-by: Peter Maydell Reviewed-by: David Hildenbrand --- include/exec/cpu-common.h | 10 ++++----- include/hw/core/cpu.h | 1 - hw/core/cpu-common.c | 1 + stubs/cpu-destroy-address-spaces.c | 15 +++++++++++++ system/physmem.c | 34 ++++++++++++++---------------- stubs/meson.build | 1 + 6 files changed, 38 insertions(+), 24 deletions(-) create mode 100644 stubs/cpu-destroy-address-spaces.c diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h index f373781ae07..b96ac49844a 100644 --- a/include/exec/cpu-common.h +++ b/include/exec/cpu-common.h @@ -123,13 +123,13 @@ size_t qemu_ram_pagesize_largest(void); void cpu_address_space_init(CPUState *cpu, int asidx, const char *prefix, MemoryRegion *mr); /** - * cpu_address_space_destroy: - * @cpu: CPU for which address space needs to be destroyed - * @asidx: integer index of this address space + * cpu_destroy_address_spaces: + * @cpu: CPU for which address spaces need to be destroyed * - * Note that with KVM only one address space is supported. + * Destroy all address spaces associated with this CPU; this + * is called as part of unrealizing the CPU. */ -void cpu_address_space_destroy(CPUState *cpu, int asidx); +void cpu_destroy_address_spaces(CPUState *cpu); =20 void cpu_physical_memory_rw(hwaddr addr, void *buf, hwaddr len, bool is_write); diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h index c9f40c25392..0fcbc923f38 100644 --- a/include/hw/core/cpu.h +++ b/include/hw/core/cpu.h @@ -515,7 +515,6 @@ struct CPUState { QSIMPLEQ_HEAD(, qemu_work_item) work_list; =20 struct CPUAddressSpace *cpu_ases; - int cpu_ases_count; int num_ases; AddressSpace *as; MemoryRegion *memory; diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c index 41a339903ca..8c306c89e45 100644 --- a/hw/core/cpu-common.c +++ b/hw/core/cpu-common.c @@ -294,6 +294,7 @@ void cpu_exec_unrealizefn(CPUState *cpu) * accel_cpu_common_unrealize, which may free fields using call_rcu. */ accel_cpu_common_unrealize(cpu); + cpu_destroy_address_spaces(cpu); } =20 static void cpu_common_initfn(Object *obj) diff --git a/stubs/cpu-destroy-address-spaces.c b/stubs/cpu-destroy-address= -spaces.c new file mode 100644 index 00000000000..dc6813f5bd1 --- /dev/null +++ b/stubs/cpu-destroy-address-spaces.c @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#include "qemu/osdep.h" +#include "exec/cpu-common.h" + +/* + * user-mode CPUs never create address spaces with + * cpu_address_space_init(), so the cleanup function doesn't + * need to do anything. We need this stub because cpu-common.c + * is built-once so it can't #ifndef CONFIG_USER around the + * call; the real function is in physmem.c which is system-only. + */ +void cpu_destroy_address_spaces(CPUState *cpu) +{ +} diff --git a/system/physmem.c b/system/physmem.c index ae8ecd50ea1..dbb2a4e0175 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -795,7 +795,6 @@ void cpu_address_space_init(CPUState *cpu, int asidx, =20 if (!cpu->cpu_ases) { cpu->cpu_ases =3D g_new0(CPUAddressSpace, cpu->num_ases); - cpu->cpu_ases_count =3D cpu->num_ases; } =20 newas =3D &cpu->cpu_ases[asidx]; @@ -809,30 +808,29 @@ void cpu_address_space_init(CPUState *cpu, int asidx, } } =20 -void cpu_address_space_destroy(CPUState *cpu, int asidx) +void cpu_destroy_address_spaces(CPUState *cpu) { CPUAddressSpace *cpuas; + int asidx; =20 assert(cpu->cpu_ases); - assert(asidx >=3D 0 && asidx < cpu->num_ases); =20 - cpuas =3D &cpu->cpu_ases[asidx]; - if (tcg_enabled()) { - memory_listener_unregister(&cpuas->tcg_as_listener); + /* convenience alias just points to some cpu_ases[n] */ + cpu->as =3D NULL; + + for (asidx =3D 0; asidx < cpu->num_ases; asidx++) { + cpuas =3D &cpu->cpu_ases[asidx]; + if (!cpuas->as) { + /* This index was never initialized; no deinit needed */ + continue; + } + if (tcg_enabled()) { + memory_listener_unregister(&cpuas->tcg_as_listener); + } + g_clear_pointer(&cpuas->as, address_space_destroy_free); } =20 - address_space_destroy(cpuas->as); - g_free_rcu(cpuas->as, rcu); - - if (asidx =3D=3D 0) { - /* reset the convenience alias for address space 0 */ - cpu->as =3D NULL; - } - - if (--cpu->cpu_ases_count =3D=3D 0) { - g_free(cpu->cpu_ases); - cpu->cpu_ases =3D NULL; - } + g_clear_pointer(&cpu->cpu_ases, g_free); } =20 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx) diff --git a/stubs/meson.build b/stubs/meson.build index cef046e6854..5d577467bfd 100644 --- a/stubs/meson.build +++ b/stubs/meson.build @@ -55,6 +55,7 @@ endif if have_user # Symbols that are used by hw/core. stub_ss.add(files('cpu-synchronize-state.c')) + stub_ss.add(files('cpu-destroy-address-spaces.c')) =20 # Stubs for QAPI events. Those can always be included in the build, but # they are not built at all for --disable-system builds. --=20 2.43.0