From: Amos Kong <akong@redhat.com>
To: "Andreas Färber" <afaerber@suse.de>
Cc: pbonzini@redhat.com, qemu-devel@nongnu.org,
Stefan Hajnoczi <stefanha@redhat.com>,
qemu-stable@nongnu.org
Subject: Re: [Qemu-devel] [PULL 47/58] qdev-monitor: Unref device when device_add fails
Date: Mon, 18 Nov 2013 20:29:28 +0800 [thread overview]
Message-ID: <20131118122928.GA23465@amosk.info> (raw)
In-Reply-To: <1381254296-3203-48-git-send-email-afaerber@suse.de>
On Tue, Oct 08, 2013 at 07:44:45PM +0200, Andreas Färber wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
>
> qdev_device_add() leaks the created device upon failure. I suspect this
> problem crept in because qdev_free() unparents the device but does not
> drop a reference - confusing name.
>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> Signed-off-by: Andreas Färber <afaerber@suse.de>
Hi Stefan,
This commit caused a regression bug:
hotplug more than 32 disks to vm, qemu crash
---
[amos@amosk qemu]$ cat radd.sh
for i in `seq 3 9` a b c d e f 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f;do
for j in `seq 1 7` 0;do
/bin/cp /images/none.qcow2 /tmp/resize$i$j.qcow2
echo drive_add $i.$j id=drv$i$j,file=/tmp/resize$i$j.qcow2,if=none
echo drive_add $i.$j id=drv$i$j,file=/tmp/resize$i$j.qcow2,if=none | nc -U /tmp/m
echo device_add virtio-blk-pci,id=dev$i$j,drive=drv$i$j,addr=0x$i.$j,multifunction=on
echo device_add virtio-blk-pci,id=dev$i$j,drive=drv$i$j,addr=0x$i.$j,multifunction=on | nc -U /tmp/m
done
done
----
#0 0x00005555558b7f95 in flatview_ref (view=0x0) at /home/devel/qemu/memory.c:300
#1 0x00005555558b9689 in address_space_get_flatview (as=0x55555645d660) at /home/devel/qemu/memory.c:656
#2 0x00005555558ba416 in address_space_update_topology (as=0x55555645d660) at /home/devel/qemu/memory.c:760
#3 0x00005555558ba5cf in memory_region_transaction_commit () at /home/devel/qemu/memory.c:799
#4 0x00005555558bcfcc in memory_region_set_enabled (mr=0x55555647af08, enabled=false) at /home/devel/qemu/memory.c:1503
#5 0x000055555571a0af in do_pci_register_device (pci_dev=0x55555647ac10, bus=0x5555564132b0, name=0x555556261100 "virtio-blk-pci", devfn=26) at hw/pci/pci.c:846
#6 0x000055555571c6cc in pci_qdev_init (qdev=0x55555647ac10) at hw/pci/pci.c:1751
#7 0x0000555555694d70 in device_realize (dev=0x55555647ac10, err=0x7fffffffc8e8) at hw/core/qdev.c:178
#8 0x00005555556966fc in device_set_realized (obj=0x55555647ac10, value=true, err=0x7fffffffca60) at hw/core/qdev.c:699
#9 0x00005555557e7b57 in property_set_bool (obj=0x55555647ac10, v=0x55555679a830, opaque=0x555556461b10, name=0x5555559922ae "realized", errp=0x7fffffffca60)
at qom/object.c:1315
#10 0x00005555557e665b in object_property_set (obj=0x55555647ac10, v=0x55555679a830, name=0x5555559922ae "realized", errp=0x7fffffffca60) at qom/object.c:803
#11 0x00005555557e816e in object_property_set_qobject (obj=0x55555647ac10, value=0x555556678880, name=0x5555559922ae "realized", errp=0x7fffffffca60) at qom/qom-qobject.c:24
#12 0x00005555557e6950 in object_property_set_bool (obj=0x55555647ac10, value=true, name=0x5555559922ae "realized", errp=0x7fffffffca60) at qom/object.c:866
#13 0x0000555555694ca7 in qdev_init (dev=0x55555647ac10) at hw/core/qdev.c:163
#14 0x00005555557c60ee in qdev_device_add (opts=0x555556525370) at qdev-monitor.c:543
#15 0x00005555557c6730 in do_device_add (mon=0x5555562fb760, qdict=0x55555645d440, ret_data=0x7fffffffcb80) at qdev-monitor.c:656
#16 0x00005555558c8892 in handle_user_command (mon=0x5555562fb760, cmdline=0x5555563f0f60 "device_add virtio-blk-pci,id=dev32,drive=drv32,addr=0x3.2,multifunction=on")
at /home/devel/qemu/monitor.c:4137
#17 0x00005555558ca10f in monitor_command_cb (mon=0x5555562fb760, cmdline=0x5555563f0f60 "device_add virtio-blk-pci,id=dev32,drive=drv32,addr=0x3.2,multifunction=on",
opaque=0x0) at /home/devel/qemu/monitor.c:4757
#18 0x00005555557e9491 in readline_handle_byte (rs=0x5555563f0f60, ch=10) at readline.c:373
#19 0x00005555558ca045 in monitor_read (opaque=0x5555562fb760, buf=0x7fffffffccf0 "\n\315\377\377\377\177", size=1) at /home/devel/qemu/monitor.c:4743
#20 0x00005555557c6cc8 in qemu_chr_be_write (s=0x555556269040, buf=0x7fffffffccf0 "\n\315\377\377\377\177", len=1) at qemu-char.c:165
#21 0x00005555557cb026 in tcp_chr_read (chan=0x55555645fe40, cond=G_IO_IN, opaque=0x555556269040) at qemu-char.c:2487
#22 0x00007ffff76ede06 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#23 0x000055555578ef33 in glib_pollfds_poll () at main-loop.c:189
#24 0x000055555578f028 in os_host_main_loop_wait (timeout=77312299) at main-loop.c:234
#25 0x000055555578f100 in main_loop_wait (nonblocking=0) at main-loop.c:483
#26 0x000055555582e234 in main_loop () at vl.c:2014
#27 0x0000555555835697 in main (argc=14, argv=0x7fffffffe298, envp=0x7fffffffe310) at vl.c:4362
> ---
> qdev-monitor.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/qdev-monitor.c b/qdev-monitor.c
> index b1ce26a..531b258 100644
> --- a/qdev-monitor.c
> +++ b/qdev-monitor.c
> @@ -518,6 +518,7 @@ DeviceState *qdev_device_add(QemuOpts *opts)
> }
> if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) {
> qdev_free(qdev);
> + object_unref(OBJECT(qdev));
> return NULL;
> }
> if (qdev->id) {
> @@ -531,6 +532,7 @@ DeviceState *qdev_device_add(QemuOpts *opts)
> g_free(name);
> }
> if (qdev_init(qdev) < 0) {
> + object_unref(OBJECT(qdev));
> qerror_report(QERR_DEVICE_INIT_FAILED, driver);
> return NULL;
> }
> --
> 1.8.1.4
>
--
Amos.
next prev parent reply other threads:[~2013-11-18 12:29 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-08 17:43 [Qemu-devel] [PULL 00/58] QOM devices patch queue 2013-10-08 Andreas Färber
2013-10-08 17:43 ` [Qemu-devel] [PULL 01/58] hw/arm/boot: Make user not specifying a kernel not an error Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 02/58] hw/arm: Tidy up conditional calls to arm_load_kernel() Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 03/58] mips_mipssim: Silence BIOS loading warning for qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 04/58] puv3: Turn puv3_load_kernel() into a no-op for qtest without -kernel Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 05/58] mainstone: Don't enforce use of -pflash for qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 06/58] gumstix: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 07/58] z2: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 08/58] palm: Don't enforce loading ROM or kernel " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 09/58] omap_sx1: Don't enforce use of kernel or flash " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 10/58] exynos4_boards: Silence lack of -smp 2 warning " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 11/58] armv7m: Don't enforce use of kernel " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 12/58] axis_dev88: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 13/58] mcf5208: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 14/58] an5206: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 15/58] milkymist: Suppress -kernel/-bios/-drive error " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 16/58] shix: Drop debug output Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 17/58] shix: Don't require firmware presence for qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 18/58] leon3: Don't enforce use of -bios with qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 19/58] qtest: Prepare QOM machine tests Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 20/58] milkymist-uart: Use Device::realize instead of SysBusDevice::init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 21/58] a9mpcore: Split off instance_init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 22/58] arm_gic: Extract headers hw/intc/arm_gic{, _common}.h Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 23/58] a9mpcore: Embed GICState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 24/58] a9scu: QOM cleanups Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 25/58] a9mpcore: Embed A9SCUState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 26/58] arm_mptimer: Convert to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 27/58] a9mpcore: Embed ARMMPTimerState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 28/58] a9mpcore: Convert to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 29/58] a9mpcore: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 30/58] a15mpcore: Split off instance_init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 31/58] a15mpcore: Embed GICState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 32/58] a15mpcore: Convert to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 33/58] a15mpcore: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 34/58] a9scu: Build only once Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 35/58] arm11mpcore: Fix typo in MemoryRegion name Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 36/58] arm11mpcore: Drop unused fields Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 37/58] arm11mpcore: Create container MemoryRegion in instance_init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 38/58] arm11mpcore: Split off SCU device Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 39/58] arm11mpcore: Convert ARM11MPCorePriveState to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 40/58] realview_gic: Convert " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 41/58] realview_gic: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 42/58] arm11mpcore: Convert mpcore_rirq_state to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 43/58] arm11mpcore: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 44/58] arm11mpcore: Split off RealView MPCore Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 45/58] qdev-monitor: Clean up qdev_device_add() variable naming Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 46/58] qdev-monitor: Fix crash when device_add is called with abstract driver Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 47/58] qdev-monitor: Unref device when device_add fails Andreas Färber
2013-11-18 12:29 ` Amos Kong [this message]
2013-11-18 14:35 ` Andreas Färber
2013-11-19 8:31 ` Amos Kong
2013-11-19 10:25 ` Paolo Bonzini
2013-10-08 17:44 ` [Qemu-devel] [PULL 48/58] qdev: Drop misleading qdev_free() function Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 49/58] qdev-monitor: Avoid qdev as variable name Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 50/58] qdev-monitor: Inline qdev_init() for device_add Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 51/58] qom: Include error.h directly in object.h Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 52/58] qom: Clean up struct Error references Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 53/58] qom: Add pointer to int property helpers Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 54/58] pxa: Fix typo "dettach" Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 55/58] pcmcia: QOM'ify PCMCIACardState and MicroDriveState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 56/58] microdrive: Coding Style cleanups Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 57/58] ide: Drop ide_init2_with_non_qdev_drives() Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 58/58] pcmcia/pxa2xx: QOM'ify PXA2xxPCMCIAState Andreas Färber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131118122928.GA23465@amosk.info \
--to=akong@redhat.com \
--cc=afaerber@suse.de \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).