From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: blauwirbel@gmail.com, peter.maydell@linaro.org,
qemu-ppc@nongnu.org, agraf@suse.de, armbru@redhat.com
Subject: Re: [Qemu-devel] [PATCH 2/3] hw: do not pass NULL to memory_region_init from instance_init
Date: Thu, 01 Oct 2015 10:38:16 +0100 [thread overview]
Message-ID: <560CFF08.3080209@ilande.co.uk> (raw)
In-Reply-To: <1443530263-32340-3-git-send-email-pbonzini@redhat.com>
On 29/09/15 13:37, Paolo Bonzini wrote:
> This causes the region to outlive the object, because it attaches the
> region to /machine. This is not nice for the "realize" method, but
> much worse for "instance_init" because it can cause dangling pointers
> after a simple object_new/object_unref pair.
>
> Reported-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> hw/arm/pxa2xx.c | 2 +-
> hw/display/cg3.c | 4 ++--
> hw/display/tcx.c | 2 +-
> hw/misc/arm_integrator_debug.c | 2 +-
> hw/misc/macio/cuda.c | 2 +-
> hw/misc/macio/macio.c | 6 +++---
> 6 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
> index 164260a..79d22d9 100644
> --- a/hw/arm/pxa2xx.c
> +++ b/hw/arm/pxa2xx.c
> @@ -1958,7 +1958,7 @@ static void pxa2xx_fir_instance_init(Object *obj)
> PXA2xxFIrState *s = PXA2XX_FIR(obj);
> SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
>
> - memory_region_init_io(&s->iomem, NULL, &pxa2xx_fir_ops, s,
> + memory_region_init_io(&s->iomem, obj, &pxa2xx_fir_ops, s,
> "pxa2xx-fir", 0x1000);
> sysbus_init_mmio(sbd, &s->iomem);
> sysbus_init_irq(sbd, &s->irq);
> diff --git a/hw/display/cg3.c b/hw/display/cg3.c
> index d2a0d97..e309fbe 100644
> --- a/hw/display/cg3.c
> +++ b/hw/display/cg3.c
> @@ -280,12 +280,12 @@ static void cg3_initfn(Object *obj)
> SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> CG3State *s = CG3(obj);
>
> - memory_region_init_ram(&s->rom, NULL, "cg3.prom", FCODE_MAX_ROM_SIZE,
> + memory_region_init_ram(&s->rom, obj, "cg3.prom", FCODE_MAX_ROM_SIZE,
> &error_fatal);
> memory_region_set_readonly(&s->rom, true);
> sysbus_init_mmio(sbd, &s->rom);
>
> - memory_region_init_io(&s->reg, NULL, &cg3_reg_ops, s, "cg3.reg",
> + memory_region_init_io(&s->reg, obj, &cg3_reg_ops, s, "cg3.reg",
> CG3_REG_SIZE);
> sysbus_init_mmio(sbd, &s->reg);
> }
> diff --git a/hw/display/tcx.c b/hw/display/tcx.c
> index 4635800..bf119bc 100644
> --- a/hw/display/tcx.c
> +++ b/hw/display/tcx.c
> @@ -944,7 +944,7 @@ static void tcx_initfn(Object *obj)
> SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> TCXState *s = TCX(obj);
>
> - memory_region_init_ram(&s->rom, NULL, "tcx.prom", FCODE_MAX_ROM_SIZE,
> + memory_region_init_ram(&s->rom, OBJECT(s), "tcx.prom", FCODE_MAX_ROM_SIZE,
> &error_fatal);
> memory_region_set_readonly(&s->rom, true);
> sysbus_init_mmio(sbd, &s->rom);
> diff --git a/hw/misc/arm_integrator_debug.c b/hw/misc/arm_integrator_debug.c
> index 99b720f..6d9dd74 100644
> --- a/hw/misc/arm_integrator_debug.c
> +++ b/hw/misc/arm_integrator_debug.c
> @@ -79,7 +79,7 @@ static void intdbg_control_init(Object *obj)
> SysBusDevice *sd = SYS_BUS_DEVICE(obj);
> IntegratorDebugState *s = INTEGRATOR_DEBUG(obj);
>
> - memory_region_init_io(&s->iomem, NULL, &intdbg_control_ops,
> + memory_region_init_io(&s->iomem, obj, &intdbg_control_ops,
> NULL, "dbg-leds", 0x1000000);
> sysbus_init_mmio(sd, &s->iomem);
> }
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index f3984e3..5d7043e 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -713,7 +713,7 @@ static void cuda_initfn(Object *obj)
> CUDAState *s = CUDA(obj);
> int i;
>
> - memory_region_init_io(&s->mem, NULL, &cuda_ops, s, "cuda", 0x2000);
> + memory_region_init_io(&s->mem, obj, &cuda_ops, s, "cuda", 0x2000);
> sysbus_init_mmio(d, &s->mem);
> sysbus_init_irq(d, &s->irq);
>
> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> index e3c0242..2548d96 100644
> --- a/hw/misc/macio/macio.c
> +++ b/hw/misc/macio/macio.c
> @@ -105,10 +105,10 @@ static void macio_escc_legacy_setup(MacIOState *macio_state)
> 0xF0, 0xE0,
> };
>
> - memory_region_init(escc_legacy, NULL, "escc-legacy", 256);
> + memory_region_init(escc_legacy, OBJECT(macio_state), "escc-legacy", 256);
> for (i = 0; i < ARRAY_SIZE(maps); i += 2) {
> MemoryRegion *port = g_new(MemoryRegion, 1);
> - memory_region_init_alias(port, NULL, "escc-legacy-port",
> + memory_region_init_alias(port, OBJECT(macio_state), "escc-legacy-port",
> macio_state->escc_mem, maps[i+1], 0x2);
> memory_region_add_subregion(escc_legacy, maps[i], port);
> }
> @@ -330,7 +330,7 @@ static void macio_instance_init(Object *obj)
> MacIOState *s = MACIO(obj);
> MemoryRegion *dbdma_mem;
>
> - memory_region_init(&s->bar, NULL, "macio", 0x80000);
> + memory_region_init(&s->bar, obj, "macio", 0x80000);
>
> object_initialize(&s->cuda, sizeof(s->cuda), TYPE_CUDA);
> qdev_set_parent_bus(DEVICE(&s->cuda), sysbus_get_default());
I'm not able to test this right now, but for the TCX/CG3 changes:
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
ATB,
Mark.
next prev parent reply other threads:[~2015-10-01 9:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-29 12:37 [Qemu-devel] [PATCH 0/3] Fix dangling pointers from memory_region_init_* Paolo Bonzini
2015-09-29 12:37 ` [Qemu-devel] [PATCH 1/3] memory: allow destroying a non-empty MemoryRegion Paolo Bonzini
2015-09-29 12:37 ` [Qemu-devel] [PATCH 2/3] hw: do not pass NULL to memory_region_init from instance_init Paolo Bonzini
2015-09-29 12:42 ` Peter Maydell
2015-09-30 8:30 ` Thomas Huth
2015-09-30 13:04 ` Paolo Bonzini
2015-10-01 7:39 ` Markus Armbruster
2015-10-01 8:26 ` Markus Armbruster
2015-10-01 9:27 ` Peter Maydell
2015-09-30 8:57 ` Markus Armbruster
2015-09-30 13:03 ` Paolo Bonzini
2015-10-01 7:39 ` Markus Armbruster
2015-10-01 10:13 ` Paolo Bonzini
2015-10-01 9:38 ` Mark Cave-Ayland [this message]
2015-09-29 12:37 ` [Qemu-devel] [PATCH 3/3] macio: move DBDMA_init from instance_init to realize Paolo Bonzini
2015-09-30 8:33 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=560CFF08.3080209@ilande.co.uk \
--to=mark.cave-ayland@ilande.co.uk \
--cc=agraf@suse.de \
--cc=armbru@redhat.com \
--cc=blauwirbel@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.