qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] exec: Stop using memory after free

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH] exec: Stop using memory after free
Date: Wed, 2 Dec 2015 10:47:29 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 

On 02/12/2015 08:59, Gonglei (Arei) wrote:
>>>>  static void phys_section_destroy(MemoryRegion *mr)  {
>>>> +    bool have_sub_page = mr->subpage;
>>>> +
>>>>      memory_region_unref(mr);
>>>>
>>>> -    if (mr->subpage) {
>>>> +    if (have_sub_page) {
>>>>          subpage_t *subpage = container_of(mr, subpage_t, iomem);
> 
> Can we use the *mr* here again?

Yes, in the subpage case the memory is allocated by exec.c.  Accessing
mr->subpage is only problematic if memory_region_unref destroys a device.

> IMO we should invoke memory_region_unref(mr) after the if check.

That's also possible.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]