From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:54689)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Tbov0-00046c-TO
	for qemu-devel@nongnu.org; Fri, 23 Nov 2012 03:47:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Tbouw-0002jt-Oq
	for qemu-devel@nongnu.org; Fri, 23 Nov 2012 03:47:26 -0500
Received: from mail-wi0-f171.google.com ([209.85.212.171]:51929)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Tbouw-0002jm-I9
	for qemu-devel@nongnu.org; Fri, 23 Nov 2012 03:47:22 -0500
Received: by mail-wi0-f171.google.com with SMTP id hn14so1064948wib.10
	for <qemu-devel@nongnu.org>; Fri, 23 Nov 2012 00:47:21 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 23 Nov 2012 09:47:11 +0100
Message-Id: <1353660436-8897-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PATCH 1.3 0/5] QOM/qdev lifetime fixes
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, aliguori@us.ibm.com, Liu Ping Fan <qemulist@gmail.com>

These patches fix problems in the handling of freeing QOM/qdev
objects.  Together, they fix hot-unplug of USB mass storage devices,
which crashed with an assertion failure.

I'm not 100% sure, but I think we were always leaking the scsi-disk in
pre-QOM days.  Now we're freeing it properly, and the assertion proves it.

However, I don't like particularly the assertion in object_delete.  Once
we're sure we've fixed all bugs, we should remove it, because it prevents
a fully correct tracking of references.

In this case, for example, there is still one reference to the scsi-disk
in the MSDState's scsi_dev member.  We don't have neither an object_ref
nor an object_unref for it, so it happens to work.  If we had an
object_ref, the matching object_unref would be in dc->exit.  But then
we'd trip on the assertion failure again, because the SCSI bus is removed
(thus calling qdev_free on the scsi-dev) before dc->exit is called.

I have more patches to actually make the reference count of devices
and buses fully correct, but they are even more scary than these, so
they should wait for 1.4.

Paolo Bonzini (5):
  qom: fix refcount of non-heap-allocated objects
  qdev: move bus removal to object_unparent
  qom: make object_delete usable for statically-allocated objects
  qdev: simplify (de)allocation of buses
  qom: make object_finalize static

 hw/qdev-core.h        |  5 -----
 hw/qdev.c             | 26 ++++++++++++++------------
 hw/pci.c              |  2 +-
 hw/sysbus.c           |  2 +-
 include/qemu/object.h | 29 ++++++++++++++++++++---------
 qom/object.c          | 12 +++++++++---
 6 files changed, 45 insertions(+), 31 deletions(-)

-- 
1.8.0