util/qemu-timer: Make timer_free() imply timer_del()

Currently timer_free() is a simple wrapper for g_free().  This means
that the timer being freed must not be currently active, as otherwise
QEMU might crash later when the active list is processed and still
has a pointer to freed memory on it.  As a result almost all calls to
timer_free() are preceded by a timer_del() call, as can be seen in
the output of
  git grep -B1 '\<timer_free\>'

This is unfortunate API design as it makes it easy to accidentally
misuse (by forgetting the timer_del()), and the correct use is
annoyingly verbose.

Make timer_free() imply a timer_del().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201215154107.3255-2-peter.maydell@linaro.org

1 files changed, 13 insertions, 11 deletions

diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index bdecc5b41f..61296ea980 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -610,17 +610,6 @@ static inline QEMUTimer *timer_new_ms(QEMUClockType type, QEMUTimerCB *cb,
 void timer_deinit(QEMUTimer *ts);
 
 /**
- * timer_free:
- * @ts: the timer
- *
- * Free a timer (it must not be on the active list)
- */
-static inline void timer_free(QEMUTimer *ts)
-{
-    g_free(ts);
-}
-
-/**
  * timer_del:
  * @ts: the timer
  *
@@ -632,6 +621,19 @@ static inline void timer_free(QEMUTimer *ts)
 void timer_del(QEMUTimer *ts);
 
 /**
+ * timer_free:
+ * @ts: the timer
+ *
+ * Free a timer. This will call timer_del() for you to remove
+ * the timer from the active list if it was still active.
+ */
+static inline void timer_free(QEMUTimer *ts)
+{
+    timer_del(ts);
+    g_free(ts);
+}
+
+/**
  * timer_mod_ns:
  * @ts: the timer
  * @expire_time: the expiry time in nanoseconds