On Mon, 29 Sept 2025 at 15:37, Peter Xu <pet...@redhat.com> wrote: > On Mon, Sep 29, 2025 at 01:45:05PM +0100, Peter Maydell wrote: > > I figured out what my problem was here: like the existing > > cpu_address_space_destroy(), it wants to first destroy the AS > > and then free the memory the AS is using. So it does the > > obvious thing: > > address_space_destroy(cpuas->as); > > g_free_rcu(cpuas->as, rcu); > > > > This doesn't work, because address_space_destroy() sets > > up an RCU callback using the 'rcu' node in the AddressSpace > > struct. But then g_free_rcu() tries to do exactly the same > > thing and overwrites the info in the 'rcu' node: so we never > > call the do_address_space_destroy() hook. > > > > (1) Is there some way we can make this "tried to use the RCU > > node twice" assert? > > Good point. Maybe we should assert node->func==NULL in call_rcu1(). > > > > > (2) I think the simplest fix here is something like the > > patch you propose that does the "destroy + free" in one > > RCU callback. > > Yes, I agree. > > Note that Akihiko has another series to QOMify Address space. This problem > should be relevant there too. Currently I believe it's similarly broken in > his series, but I think maybe we should fix this first on x86/arm hotplugs.
Yep; I've just sent out a patchset that tries to do that. -- PMM
