From: "Michael S. Tsirkin" <mst@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] weird qdev error
Date: Sun, 12 Feb 2012 19:57:00 +0200 [thread overview]
Message-ID: <20120212175659.GA4199@redhat.com> (raw)
In-Reply-To: <4F37F910.5030400@codemonkey.ws>
On Sun, Feb 12, 2012 at 11:38:24AM -0600, Anthony Liguori wrote:
> On 02/12/2012 11:31 AM, Michael S. Tsirkin wrote:
> >On Sun, Feb 12, 2012 at 07:07:43PM +0200, Michael S. Tsirkin wrote:
> >>I got this assert when working on qemu: pci hotplug
> >>callback failed so qdev_free was called.
> >>
> >>(gdb) where
> >>#0 0x00007ffff5fa1905 in raise () from /lib64/libc.so.6
> >>#1 0x00007ffff5fa30e5 in abort () from /lib64/libc.so.6
> >>#2 0x00007ffff7413a7f in g_assertion_message () from
> >>/lib64/libglib-2.0.so.0
> >>#3 0x00007ffff7414020 in g_assertion_message_expr () from
> >>/lib64/libglib-2.0.so.0
> >>#4 0x00007ffff7e452a9 in object_delete (obj=0x7ffff9124e60) at
> >>qom/object.c:375
> >>#5 0x00007ffff7e2f5d4 in qdev_free (dev=0x7ffff9124e60)
> >> at /home/mst/scm/qemu/hw/qdev.c:250
> >>#6 qdev_init (dev=0x7ffff9124e60) at /home/mst/scm/qemu/hw/qdev.c:149
> >>#7 0x00007ffff7e2a7fe in qdev_device_add (opts=0x7ffff8b0d3a0)
> >> at /home/mst/scm/qemu/hw/qdev-monitor.c:473
> >>#8 0x00007ffff7e06da9 in device_init_func (opts=<value optimized out>,
> >> opaque=<value optimized out>) at /home/mst/scm/qemu/vl.c:1754
> >>#9 0x00007ffff7e3737a in qemu_opts_foreach (list=<value optimized out>,
> >>func=
> >> 0x7ffff7e06d90<device_init_func>, opaque=0x0,
> >> abort_on_failure=<value optimized out>) at qemu-option.c:1048
> >>#10 0x00007ffff7e09cdb in main (argc=<value optimized out>, argv=<value
> >>optimized out>,
> >> envp=<value optimized out>) at /home/mst/scm/qemu/vl.c:3407
> >>(gdb) frame 6
> >>#6 qdev_init (dev=0x7ffff9124e60) at /home/mst/scm/qemu/hw/qdev.c:149
> >>149 qdev_free(dev);
> >>
> >>The problems seems to be that
> >>pci_qdev_init calls do_pci_unregister_device on
> >>hotplug error which will free the device twice?
> >
> >Here's a reproducer to a similar error in property parsing:
> >
> >qemu-system-x86_64 -enable-kvm -m 1G -drive file=/home/mst/rhel6.qcow2
> >-netdev user,id=bar -net
> >nic,netdev=bar,model=e1000,macaddr=52:54:00:12:34:57 -redir
> >tcp:8022::22 -device virtio-net-pci,netdev=foo,mac=5854:00:12:34:56
> >-netdev
> >tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on
> >-vnc :1 -monitor stdio
>
> Here's the fix. I need to do some regression testing and then I'll
> post as a proper top-level patch.
>
> Thanks for the report.
>
> Regards,
>
> Anthony Liguori
>
> >
> >
> >
> >>--
> >>MST
>
> >From b7fc6f1eb7c5e041eac7d610061a1be950707e5b Mon Sep 17 00:00:00 2001
> From: Anthony Liguori <aliguori@us.ibm.com>
> Date: Sun, 12 Feb 2012 11:36:24 -0600
> Subject: [PATCH] device_add: don't add a /peripheral link until init is complete
>
> Otherwise we end up with a dangling reference which causes qdev_free() to fail.
>
> Reported-by: Michael Tsirkin <mst@redhat.com>
> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This handles the option parsing but what about hotplug
failures (when bus->hotplug returns an error)?
> ---
> hw/qdev-monitor.c | 18 ++++++++++--------
> 1 files changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/hw/qdev-monitor.c b/hw/qdev-monitor.c
> index 49f13ca..a310cc7 100644
> --- a/hw/qdev-monitor.c
> +++ b/hw/qdev-monitor.c
> @@ -457,6 +457,16 @@ DeviceState *qdev_device_add(QemuOpts *opts)
> id = qemu_opts_id(opts);
> if (id) {
> qdev->id = id;
> + }
> + if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) {
> + qdev_free(qdev);
> + return NULL;
> + }
> + if (qdev_init(qdev) < 0) {
> + qerror_report(QERR_DEVICE_INIT_FAILED, driver);
> + return NULL;
> + }
> + if (qdev->id) {
> object_property_add_child(qdev_get_peripheral(), qdev->id,
> OBJECT(qdev), NULL);
> } else {
> @@ -466,14 +476,6 @@ DeviceState *qdev_device_add(QemuOpts *opts)
> OBJECT(qdev), NULL);
> g_free(name);
> }
> - if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) {
> - qdev_free(qdev);
> - return NULL;
> - }
> - if (qdev_init(qdev) < 0) {
> - qerror_report(QERR_DEVICE_INIT_FAILED, driver);
> - return NULL;
> - }
> qdev->opts = opts;
> return qdev;
> }
> --
> 1.7.4.1
>
next prev parent reply other threads:[~2012-02-12 17:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-12 17:07 [Qemu-devel] weird qdev error Michael S. Tsirkin
2012-02-12 17:31 ` Michael S. Tsirkin
2012-02-12 17:38 ` Anthony Liguori
2012-02-12 17:57 ` Michael S. Tsirkin [this message]
2012-02-12 20:04 ` Anthony Liguori
2012-02-12 20:15 ` Michael S. Tsirkin
2012-02-12 20:19 ` Anthony Liguori
2012-02-13 0:17 ` Michael S. Tsirkin
2012-02-13 1:18 ` Michael S. Tsirkin
2012-02-13 4:58 ` Michael S. Tsirkin
2012-02-13 10:19 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120212175659.GA4199@redhat.com \
--to=mst@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).