From: Eduardo Habkost <ehabkost@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
qemu-arm <qemu-arm@nongnu.org>,
QEMU Developers <qemu-devel@nongnu.org>,
Markus Armbruster <armbru@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [Qemu-arm] [PATCH] hw/arm/bcm283x: Fix crash with device_add bcm2837 on unsupported machines
Date: Wed, 11 Jul 2018 16:59:24 -0300 [thread overview]
Message-ID: <20180711195924.GC7451@localhost.localdomain> (raw)
In-Reply-To: <1be41104-d896-b03b-e0f3-47ea9c3b333f@redhat.com>
On Wed, Jul 11, 2018 at 09:04:35PM +0200, Thomas Huth wrote:
> On 11.07.2018 19:21, Paolo Bonzini wrote:
> > On 10/07/2018 08:50, Peter Maydell wrote:
> >>>> Yuck. The real problem here is that we're still requiring the
> >>>> code that creates these QOM devices to manually set the parent
> >>>> in the first place. It's not surprising that we don't get it right
> >>>> (either parenting in the wrong place or not at all). I'd much
> >>>> rather see us fix that properly than keep papering over places
> >>>> where we get it wrong.
> >>> Sorry, I'm still not an expert in all this QOM stuff yet ... so what do
> >>> you exactly recommend to do instead?
> >> I'm not clear either, but I don't think that what we're
> >> currently doing can be right.
> >
> > Well, in theory it should work... I sent the expected flow in another email.
>
> Something that just came to my mind:
>
> bcm2836_init() creates the TYPE_BCM2835_PERIPHERALS object with
> object_initialize(). This creates one reference to the object already.
> Then the object is linked to its parent with
> object_property_add_child(), which creates another reference to the
> object. But where are the two references correctly destroyed again? One
> is certainly destroyed by device_unparent later, but the initial one?
> Could it be that we are simply lacking one object_unref() after the
> object_property_add_child() here?
This seems to be true, but I'm confused about the reference
counting model, here:
What exactly guarantees there will be no other references to
(e.g.) `&s->control` when `s` is freed?
We know the references added by object_initialize(),
object_property_add_child() and qdev_set_parent_bus() will be
dropped, but what about other code calling object_ref()?
--
Eduardo
WARNING: multiple messages have this Message-ID (diff)
From: Eduardo Habkost <ehabkost@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
QEMU Developers <qemu-devel@nongnu.org>,
qemu-arm <qemu-arm@nongnu.org>,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] hw/arm/bcm283x: Fix crash with device_add bcm2837 on unsupported machines
Date: Wed, 11 Jul 2018 16:59:24 -0300 [thread overview]
Message-ID: <20180711195924.GC7451@localhost.localdomain> (raw)
In-Reply-To: <1be41104-d896-b03b-e0f3-47ea9c3b333f@redhat.com>
On Wed, Jul 11, 2018 at 09:04:35PM +0200, Thomas Huth wrote:
> On 11.07.2018 19:21, Paolo Bonzini wrote:
> > On 10/07/2018 08:50, Peter Maydell wrote:
> >>>> Yuck. The real problem here is that we're still requiring the
> >>>> code that creates these QOM devices to manually set the parent
> >>>> in the first place. It's not surprising that we don't get it right
> >>>> (either parenting in the wrong place or not at all). I'd much
> >>>> rather see us fix that properly than keep papering over places
> >>>> where we get it wrong.
> >>> Sorry, I'm still not an expert in all this QOM stuff yet ... so what do
> >>> you exactly recommend to do instead?
> >> I'm not clear either, but I don't think that what we're
> >> currently doing can be right.
> >
> > Well, in theory it should work... I sent the expected flow in another email.
>
> Something that just came to my mind:
>
> bcm2836_init() creates the TYPE_BCM2835_PERIPHERALS object with
> object_initialize(). This creates one reference to the object already.
> Then the object is linked to its parent with
> object_property_add_child(), which creates another reference to the
> object. But where are the two references correctly destroyed again? One
> is certainly destroyed by device_unparent later, but the initial one?
> Could it be that we are simply lacking one object_unref() after the
> object_property_add_child() here?
This seems to be true, but I'm confused about the reference
counting model, here:
What exactly guarantees there will be no other references to
(e.g.) `&s->control` when `s` is freed?
We know the references added by object_initialize(),
object_property_add_child() and qdev_set_parent_bus() will be
dropped, but what about other code calling object_ref()?
--
Eduardo
next prev parent reply other threads:[~2018-07-11 19:59 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-09 21:03 [Qemu-arm] [PATCH] hw/arm/bcm283x: Fix crash with device_add bcm2837 on unsupported machines Thomas Huth
2018-07-09 21:03 ` [Qemu-devel] " Thomas Huth
2018-07-09 21:31 ` [Qemu-arm] " Eduardo Habkost
2018-07-09 21:31 ` [Qemu-devel] " Eduardo Habkost
2018-07-09 21:36 ` [Qemu-arm] " Thomas Huth
2018-07-09 21:36 ` [Qemu-devel] " Thomas Huth
2018-07-09 21:42 ` [Qemu-arm] " Peter Maydell
2018-07-09 21:42 ` [Qemu-devel] " Peter Maydell
2018-07-09 22:03 ` [Qemu-arm] " Thomas Huth
2018-07-09 22:03 ` [Qemu-devel] " Thomas Huth
2018-07-10 6:50 ` [Qemu-arm] " Peter Maydell
2018-07-10 6:50 ` [Qemu-devel] " Peter Maydell
2018-07-11 7:21 ` [Qemu-arm] " Thomas Huth
2018-07-11 7:21 ` [Qemu-devel] " Thomas Huth
2018-07-11 16:12 ` [Qemu-arm] " Eduardo Habkost
2018-07-11 16:12 ` [Qemu-devel] " Eduardo Habkost
2018-07-11 17:15 ` [Qemu-arm] " Peter Maydell
2018-07-11 17:15 ` [Qemu-devel] " Peter Maydell
2018-07-12 12:06 ` [Qemu-arm] " Markus Armbruster
2018-07-12 12:06 ` Markus Armbruster
2018-07-12 12:55 ` [Qemu-arm] " Peter Maydell
2018-07-12 12:55 ` Peter Maydell
2018-07-12 13:19 ` [Qemu-arm] " Markus Armbruster
2018-07-12 13:19 ` Markus Armbruster
2018-07-12 15:25 ` [Qemu-arm] " Thomas Huth
2018-07-12 15:25 ` Thomas Huth
2018-07-12 16:16 ` [Qemu-arm] " Markus Armbruster
2018-07-12 16:16 ` Markus Armbruster
2018-07-12 16:22 ` [Qemu-arm] " Peter Maydell
2018-07-12 16:22 ` Peter Maydell
2018-07-12 16:32 ` Thomas Huth
2018-07-16 6:41 ` [Qemu-arm] " Markus Armbruster
2018-07-16 6:41 ` Markus Armbruster
2018-07-11 17:21 ` [Qemu-arm] " Paolo Bonzini
2018-07-11 17:21 ` [Qemu-devel] " Paolo Bonzini
2018-07-11 19:04 ` [Qemu-arm] " Thomas Huth
2018-07-11 19:04 ` [Qemu-devel] " Thomas Huth
2018-07-11 19:59 ` Eduardo Habkost [this message]
2018-07-11 19:59 ` Eduardo Habkost
2018-07-12 8:04 ` [Qemu-arm] " Paolo Bonzini
2018-07-12 8:04 ` Paolo Bonzini
2018-07-12 12:04 ` [Qemu-arm] " Markus Armbruster
2018-07-12 12:04 ` Markus Armbruster
2018-07-11 17:20 ` [Qemu-arm] " Paolo Bonzini
2018-07-11 17:20 ` [Qemu-devel] " Paolo Bonzini
2018-07-11 18:30 ` [Qemu-arm] " Eduardo Habkost
2018-07-11 18:30 ` [Qemu-devel] " Eduardo Habkost
2018-07-11 20:16 ` [Qemu-arm] " Paolo Bonzini
2018-07-11 20:16 ` [Qemu-devel] " Paolo Bonzini
2018-07-11 20:23 ` [Qemu-arm] " Eduardo Habkost
2018-07-11 20:23 ` [Qemu-devel] " Eduardo Habkost
2018-07-12 8:05 ` Paolo Bonzini
2018-07-12 18:04 ` [Qemu-arm] " Eduardo Habkost
2018-07-12 18:04 ` Eduardo Habkost
2018-07-16 6:43 ` [Qemu-arm] " Markus Armbruster
2018-07-16 6:43 ` Markus Armbruster
2018-07-16 14:25 ` [Qemu-arm] " Eduardo Habkost
2018-07-16 14:25 ` Eduardo Habkost
2018-07-11 18:43 ` [Qemu-arm] " Thomas Huth
2018-07-11 18:43 ` [Qemu-devel] " Thomas Huth
2018-07-11 20:15 ` [Qemu-arm] " Paolo Bonzini
2018-07-11 20:15 ` [Qemu-devel] " Paolo Bonzini
2018-07-12 5:57 ` [Qemu-arm] " Thomas Huth
2018-07-12 5:57 ` [Qemu-devel] " Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180711195924.GC7451@localhost.localdomain \
--to=ehabkost@redhat.com \
--cc=armbru@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.