memory_region_update_container_subregions() calls memory_region_ref()
on behalf of the owner of the container. memory_region_ref() must not
be called if the owner of the container also owns the subregion.
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
---
system/memory.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/system/memory.c b/system/memory.c
index 2d6952136066..09c98042e443 100644
--- a/system/memory.c
+++ b/system/memory.c
@@ -2625,7 +2625,10 @@ static void
memory_region_update_container_subregions(MemoryRegion *subregion)
memory_region_transaction_begin();
- memory_region_ref(subregion);
+ if (mr->owner != subregion->owner) {
+ memory_region_ref(subregion);
+ }
+
QTAILQ_FOREACH(other, &mr->subregions, subregions_link) {
if (subregion->priority >= other->priority) {
QTAILQ_INSERT_BEFORE(other, subregion, subregions_link);
@@ -2683,7 +2686,11 @@ void memory_region_del_subregion(MemoryRegion *mr,
assert(alias->mapped_via_alias >= 0);
}
QTAILQ_REMOVE(&mr->subregions, subregion, subregions_link);
- memory_region_unref(subregion);
+
+ if (mr->owner != subregion->owner) {
+ memory_region_unref(subregion);
+ }
+
memory_region_update_pending |= mr->enabled && subregion->enabled;
memory_region_transaction_commit();
}
--
2.45.2
