memory: abort if a memory region is destroyed during a transaction

Destroying a memory region is illegal within a transaction, as until
the transaction is committed, the memory core may hold references to
the region.  Add an assert to check for violations of this rule.

Signed-off-by: Avi Kivity <avi@redhat.com>

diff --git a/memory.c b/memory.c
index d2f2fd6..94049a7 100644 (file)
--- a/memory.c
+++ b/memory.c
@@ -1022,6 +1022,7 @@ void memory_region_init_reservation(MemoryRegion *mr,
 void memory_region_destroy(MemoryRegion *mr)
 {
     assert(QTAILQ_EMPTY(&mr->subregions));
+    assert(memory_region_transaction_depth == 0);
     mr->destructor(mr);
     memory_region_clear_coalescing(mr);
     g_free((char *)mr->name);