From 65a957dff81884c07725d3afe5aeac5223e8640c Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Thu, 1 Jul 2021 16:29:27 +0800
Subject: [PATCH] dm: rb: only free rb_entry when we remove this entry from the

Only free rb_entry when we remove this entry from the rb tree, otherwise, a
page fault would trigger when next rb itreation would access the freed rb_entry.

Tracked-On: #6056
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
---
 devicemodel/core/mem.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/devicemodel/core/mem.c b/devicemodel/core/mem.c
index 989611b3f..189e989d3 100644
--- a/devicemodel/core/mem.c
+++ b/devicemodel/core/mem.c
@@ -346,12 +346,12 @@ unregister_mem(struct mem_range *memp)
 		/* flush Per-VM cache */
 		if (mmio_hint == entry)
 			mmio_hint = NULL;
+
+		if (entry)
+			free(entry);
 	}
 	pthread_rwlock_unlock(&mmio_rwlock);
 
-	if (entry)
-		free(entry);
-
 	return err;
 }