From 6e48e8f9e0f5b6b15c41f6f8a68c9bf330147d45 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 10 Feb 2015 10:25:44 -0700
Subject: memory: unregister AddressSpace MemoryListener within BQL

address_space_destroy_dispatch is called from an RCU callback and hence
outside the iothread mutex (BQL).  However, after address_space_destroy
no new accesses can hit the destroyed AddressSpace so it is not necessary
to observe changes to the memory map.  Move the memory_listener_unregister
call earlier, to make it thread-safe again.

Reported-by: Alex Williamson <alex.williamson@redhat.com>
Fixes: 374f2981d1f10bc4307f250f24b2a7ddb9b14be0
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---
 memory.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'memory.c')

diff --git a/memory.c b/memory.c
index 9b91243978..130152cf1d 100644
--- a/memory.c
+++ b/memory.c
@@ -1978,6 +1978,7 @@ void address_space_destroy(AddressSpace *as)
     as->root = NULL;
     memory_region_transaction_commit();
     QTAILQ_REMOVE(&address_spaces, as, address_spaces_link);
+    address_space_unregister(as);
 
     /* At this point, as->dispatch and as->current_map are dummy
      * entries that the guest should never use.  Wait for the old
-- 
cgit v1.2.1