Re: [PATCH 1/3] util/qemu-timer: Make timer_free() imply timer_del()

[Paolo Bonzini]

On 15/12/20 12:44, Peter Maydell wrote:
> > +static inline void timer_free(QEMUTimer *ts)
> > +{
> > +
> > +    if (ts->expire_time != -1) {
> > +        timer_del(ts);
> > +    }
> > +    g_free(ts);
> > +}
> I was thinking about this again this morning, and I'm not sure
> this is thread-safe.

It may not be thread-safe in principle, but any code that calls 
timer_mod, and isn't itself protected by a lock against timer_free, will 
be racing against the g_free immediately after.  That is, that code 
could run after g_free and have a use-after-free bug.

But yes, I agree it is also an unnecessary optimization.  It's better 
done in timer_del_locked, and removed from timer_mod_anticipate_ns. 
Since you are at it, you may also want to push the call to 
timer_del_locked down from timer_mod_ns and timer_mod_anticipate_ns to 
their callee, timer_mod_ns_locked.

Thanks,

Paolo