From nobody Sun Apr 12 06:05:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1772021224; cv=none; d=zohomail.com; s=zohoarc; b=PHMTR8XGeUe245FHAprWpModa3Q1BNyRfJFwsjZhxlTNDCMCgKqiaT2VAIzCPi9OWt7acFenmtyMuNfaQhexOr1Xwb/0TqNU5Aky5qJrtfQIHN43ZnpqTfzhAEU7yEDUG2KA2d+DNjgdvR5xdZ/CVVqPvY1zm4wPvQ6sIYv6oWU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1772021224; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=z2KGzf0HMEkIVAc9UiJzuxWJ25Lw3QMqbgo+wk0wHYQ=; b=n5j2QZ3+FWo7Cu6rZWhdJn3ZNT7sJVR7/i9+KCtk8UhN51Svzj/0SD8L6tu7qXEn28olozyAwD16+nPvUQ07HkvAE5qDDQhysye1pCka9mmpw0p2z0Rp0k3/SrrPcDv5LxQrjPmK/359rFCLN3iex1SM8eFBuaKS13OqUxoDyPk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1772021224468760.5156636428482; Wed, 25 Feb 2026 04:07:04 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vvDew-0007so-M2; Wed, 25 Feb 2026 07:06:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vvDe9-0007Bx-9p for qemu-devel@nongnu.org; Wed, 25 Feb 2026 07:05:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vvDe6-0003k3-O5 for qemu-devel@nongnu.org; Wed, 25 Feb 2026 07:05:39 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-134-n_6TUgIhPkmo0D55ubu2BA-1; Wed, 25 Feb 2026 07:05:34 -0500 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 804C218004BB; Wed, 25 Feb 2026 12:05:32 +0000 (UTC) Received: from localhost (unknown [10.48.1.67]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1C5311955F43; Wed, 25 Feb 2026 12:05:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1772021138; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z2KGzf0HMEkIVAc9UiJzuxWJ25Lw3QMqbgo+wk0wHYQ=; b=adh88JW2mFtAMLGj9KW2F4w9xpik9GlgsVri8nBj6a7vQklMyVwyJadIw0CHFyLgJULZ5Z Bk81WWi7QnImuUO/4vIC8m2mJauLl2PUiiyuskF+v4gtmtsKqDn9U9L5uDaOJijr+CZrC3 bXCG+xr8vIxKbsF8sSvja/yCmp2mG18= X-MC-Unique: n_6TUgIhPkmo0D55ubu2BA-1 X-Mimecast-MFC-AGG-ID: n_6TUgIhPkmo0D55ubu2BA_1772021132 From: marcandre.lureau@redhat.com To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Alex Williamson , "Michael S. Tsirkin" , David Hildenbrand , Mark Kanda , kvm@vger.kernel.org, =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Xu , Ben Chaney , Fabiano Rosas , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Subject: [PATCH v2 13/14] system/memory: add RamDiscardManager reference counting and cleanup Date: Wed, 25 Feb 2026 13:04:54 +0100 Message-ID: <20260225120456.3170057-14-marcandre.lureau@redhat.com> In-Reply-To: <20260225120456.3170057-1-marcandre.lureau@redhat.com> References: <20260225120456.3170057-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=marcandre.lureau@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.734, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.78, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1772021226124158500 From: Marc-Andr=C3=A9 Lureau Listeners now hold a reference to the RamDiscardManager, ensuring it stays alive while listeners are registered. The RDM is eagerly freed when the last source and listener are removed, and also unreffed during MemoryRegion finalization as a safety net. This completes the TODO left in the previous commit and prevents both use-after-free and memory leaks of the RamDiscardManager. Signed-off-by: Marc-Andr=C3=A9 Lureau --- system/memory.c | 7 +++++-- system/ram-discard-manager.c | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/system/memory.c b/system/memory.c index 8a4cb7b59ac..664d24109ab 100644 --- a/system/memory.c +++ b/system/memory.c @@ -1817,6 +1817,7 @@ static void memory_region_finalize(Object *obj) memory_region_clear_coalescing(mr); g_free((char *)mr->name); g_free(mr->ioeventfds); + object_unref(mr->rdm); } =20 Object *memory_region_owner(MemoryRegion *mr) @@ -2123,8 +2124,10 @@ void memory_region_del_ram_discard_source(MemoryRegi= on *mr, g_assert(mr->rdm); =20 ram_discard_manager_del_source(mr->rdm, source); - - /* if there is no source and no listener left, we could free rdm */ + if (QLIST_EMPTY(&mr->rdm->source_list) && QLIST_EMPTY(&mr->rdm->rdl_li= st)) { + object_unref(mr->rdm); + mr->rdm =3D NULL; + } } =20 /* Called with rcu_read_lock held. */ diff --git a/system/ram-discard-manager.c b/system/ram-discard-manager.c index 5592bfd3486..904a98cbef1 100644 --- a/system/ram-discard-manager.c +++ b/system/ram-discard-manager.c @@ -549,6 +549,7 @@ void ram_discard_manager_register_listener(RamDiscardMa= nager *rdm, =20 g_assert(section->mr =3D=3D rdm->mr); =20 + object_ref(rdm); rdl->section =3D memory_region_section_new_copy(section); QLIST_INSERT_HEAD(&rdm->rdl_list, rdl, next); =20 @@ -570,6 +571,7 @@ void ram_discard_manager_unregister_listener(RamDiscard= Manager *rdm, memory_region_section_free_copy(rdl->section); rdl->section =3D NULL; QLIST_REMOVE(rdl, next); + object_unref(rdm); } =20 int ram_discard_manager_replay_populated_to_listeners(RamDiscardManager *r= dm) --=20 2.53.0