From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:52084) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SSfO8-0005z4-5B for qemu-devel@nongnu.org; Thu, 10 May 2012 22:15:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SSfO6-0000Pb-HG for qemu-devel@nongnu.org; Thu, 10 May 2012 22:15:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:30563) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SSfO6-0000Om-9T for qemu-devel@nongnu.org; Thu, 10 May 2012 22:15:22 -0400 From: Amos Kong Date: Fri, 11 May 2012 10:15:31 +0800 Message-ID: <20120511021531.14819.78211.stgit@t> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] [PATCH] qom: fix refcounting in object_property_del_child() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: pbonzini@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org Start VM with 8 multiple-function block devs, hot-removing those block devs by 'device_del ...' would cause qemu abort. object_ref() is called in object_property_add_child(), but we don't unref it in object_property_del_child(). | (qemu) device_del virti0-0-0 | (qemu) ** | ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) Signed-off-by: Amos Kong --- qom/object.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qom/object.c b/qom/object.c index e721fc2..9da6b59 100644 --- a/qom/object.c +++ b/qom/object.c @@ -320,6 +320,7 @@ static void object_property_del_child(Object *obj, Object *child, Error **errp) QTAILQ_FOREACH(prop, &obj->properties, node) { if (strstart(prop->type, "child<", NULL) && prop->opaque == child) { object_property_del(obj, prop->name, errp); + object_unref(child); break; } }