[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] exec: Stop using memory after free
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] exec: Stop using memory after free |
Date: |
Wed, 2 Dec 2015 10:47:29 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 02/12/2015 08:59, Gonglei (Arei) wrote:
>>>> static void phys_section_destroy(MemoryRegion *mr) {
>>>> + bool have_sub_page = mr->subpage;
>>>> +
>>>> memory_region_unref(mr);
>>>>
>>>> - if (mr->subpage) {
>>>> + if (have_sub_page) {
>>>> subpage_t *subpage = container_of(mr, subpage_t, iomem);
>
> Can we use the *mr* here again?
Yes, in the subpage case the memory is allocated by exec.c. Accessing
mr->subpage is only problematic if memory_region_unref destroys a device.
> IMO we should invoke memory_region_unref(mr) after the if check.
That's also possible.
Paolo