From: Igor Mammedov <imammedo@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: pkrempa@redhat.com, mst@redhat.com, armbru@redhat.com,
qemu-devel@nongnu.org, eduardo.otubo@profitbricks.com,
marcel@redhat.com, pbonzini@redhat.com, rth@twiddle.net
Subject: Re: [Qemu-devel] [PATCH v3 17/19] target-i386: fix apic object leak when CPU is deleted
Date: Wed, 13 Jul 2016 17:46:25 +0200 [thread overview]
Message-ID: <20160713174625.3c40a9a8@nial.brq.redhat.com> (raw)
In-Reply-To: <20160713172618.718e83b6@nial.brq.redhat.com>
On Wed, 13 Jul 2016 17:26:18 +0200
Igor Mammedov <imammedo@redhat.com> wrote:
> On Wed, 13 Jul 2016 12:04:44 -0300
> Eduardo Habkost <ehabkost@redhat.com> wrote:
>
> > On Wed, Jul 06, 2016 at 08:20:53AM +0200, Igor Mammedov wrote:
> > > Signed-off-by: Igor Mammedov <imammedo@redhat.com>
> > > ---
> > > target-i386/cpu.c | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> > > index 04c0b79..2fa445d 100644
> > > --- a/target-i386/cpu.c
> > > +++ b/target-i386/cpu.c
> > > @@ -2765,6 +2765,7 @@ static void x86_cpu_apic_create(X86CPU *cpu, Error **errp)
> > >
> > > object_property_add_child(OBJECT(cpu), "lapic",
> > > OBJECT(cpu->apic_state), &error_abort);
> > > + object_unref(OBJECT(cpu->apic_state));
> >
> > What kind of event can trigger object_unparent() or
> > object_del_property() on "lapic"? Can we guarantee that the child
> > property will never be deleted by any other code, only by
> > x86_cpu_unrealizefn() and object_finalize(cpu)?
> code path that triggers unparent of lapic implicitly is
> cpu instance removal when it deletes all children.
>
> So unless someone adds explicit lapic removal somewhere in target-i386/cpu.c
Well, I've wrote nonsense here as I do remove child explicitly
in x86_cpu_unrealizefn(), so it's fine to set cpu->apic_state to NULL
as you suggest in 18/19.
The other way around might be call only apic_state->unrealize() explicitly
from x86_cpu_unrealizefn() and let QOM do unparenting/finalizing
automatically for us. I'd even prefer this one over the former.
Which one would you prefer?
> I don't see how it could be deleted by other code path.
That point still stands.
>
> > Because with this change, deleting the property will leave us
> > with with a dangling cpu->apic_state pointer.
> since there aren't other place that deletes lapic property we won't get it
> dangling pointer, see the next patch comment for call chain
>
> >
> > >
> > > qdev_prop_set_uint8(cpu->apic_state, "id", cpu->apic_id);
> > > /* TODO: convert to link<> */
> > > --
> > > 2.7.0
> > >
> >
>
>
next prev parent reply other threads:[~2016-07-13 15:46 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-06 6:20 [Qemu-devel] [PATCH v3 00/19] pc: add CPU hot-add/hot-remove with device_add/device_del Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 01/19] target-i386: cpu: use uint32_t for X86CPU.apic_id Igor Mammedov
2016-07-12 2:14 ` Eduardo Habkost
2016-07-13 22:13 ` Bandan Das
2016-07-14 8:10 ` Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 02/19] pc: add x86_topo_ids_from_apicid() Igor Mammedov
2016-07-12 2:21 ` Eduardo Habkost
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 03/19] pc: extract CPU lookup into a separate function Igor Mammedov
2016-07-12 2:28 ` Eduardo Habkost
2016-07-12 11:38 ` Igor Mammedov
2016-07-12 12:26 ` Eduardo Habkost
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 04/19] pc: cpu: consolidate apic-id validity checks in pc_cpu_pre_plug() Igor Mammedov
2016-07-12 2:28 ` Eduardo Habkost
2016-07-12 12:01 ` Igor Mammedov
2016-07-12 12:25 ` Eduardo Habkost
2016-07-13 22:16 ` Bandan Das
2016-07-14 8:14 ` Igor Mammedov
2016-07-20 15:12 ` Eduardo Habkost
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 05/19] target-i386: cpu: replace custom apic-id setter/getter with static property Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 06/19] target-i386: add socket/core/thread properties to X86CPU Igor Mammedov
2016-07-12 2:33 ` Eduardo Habkost
2016-07-13 22:22 ` Bandan Das
2016-07-14 8:18 ` Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 07/19] pc: set APIC ID based on socket/core/thread ids if it's not been set yet Igor Mammedov
2016-07-12 2:48 ` Eduardo Habkost
2016-07-12 12:52 ` Igor Mammedov
2016-07-13 15:00 ` Igor Mammedov
2016-07-13 22:24 ` Bandan Das
2016-07-13 22:38 ` Eduardo Habkost
2016-07-13 22:55 ` Bandan Das
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 08/19] pc: implement query-hotpluggable-cpus callback Igor Mammedov
2016-07-12 2:54 ` Eduardo Habkost
2016-07-12 12:31 ` Igor Mammedov
2016-07-12 14:14 ` Eric Blake
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 09/19] pc: delay setting number of boot CPUs to machine_done time Igor Mammedov
2016-07-12 3:29 ` Eduardo Habkost
2016-07-12 12:48 ` Igor Mammedov
2016-07-12 13:42 ` Igor Mammedov
2016-07-12 17:19 ` Eduardo Habkost
2016-07-13 7:44 ` Igor Mammedov
2016-07-12 17:18 ` Eduardo Habkost
2016-07-13 7:56 ` Igor Mammedov
2016-07-13 13:56 ` Eduardo Habkost
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 10/19] pc: register created initial and hotpluged CPUs in one place pc_cpu_plug() Igor Mammedov
2016-07-13 22:32 ` Bandan Das
2016-07-13 22:44 ` Eduardo Habkost
2016-07-13 22:59 ` Bandan Das
2016-07-13 23:37 ` Eduardo Habkost
2016-07-14 0:35 ` Bandan Das
2016-07-14 9:18 ` Igor Mammedov
2016-07-14 15:03 ` Eduardo Habkost
2016-07-14 15:40 ` Igor Mammedov
2016-07-14 16:43 ` Eduardo Habkost
2016-07-14 16:50 ` Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 11/19] pc: cpu: allow device_add to be used with x86 cpu Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 12/19] apic: move MAX_APICS check to 'apic' class Igor Mammedov
2016-07-13 22:47 ` Bandan Das
2016-07-13 23:38 ` Eduardo Habkost
2016-07-14 0:10 ` Bandan Das
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 13/19] apic: drop APICCommonState.idx and use APIC ID as index in local_apics[] Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 14/19] (kvm)apic: add unrealize callbacks Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 15/19] apic: use apic_id as apic's migration instance_id Igor Mammedov
2016-07-11 17:21 ` Dr. David Alan Gilbert
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 16/19] target-i386: cpu: do not ignore error and fix apic parent Igor Mammedov
2016-07-13 14:29 ` Eduardo Habkost
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 17/19] target-i386: fix apic object leak when CPU is deleted Igor Mammedov
2016-07-13 15:04 ` Eduardo Habkost
2016-07-13 15:26 ` Igor Mammedov
2016-07-13 15:46 ` Igor Mammedov [this message]
2016-07-13 16:46 ` Eduardo Habkost
2016-07-13 22:54 ` Bandan Das
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 18/19] target-i386: add x86_cpu_unrealizefn() Igor Mammedov
2016-07-13 14:59 ` Eduardo Habkost
2016-07-13 15:52 ` Igor Mammedov
2016-07-06 6:20 ` [Qemu-devel] [PATCH v3 19/19] pc: make device_del CPU work for x86 CPUs Igor Mammedov
2016-07-13 14:27 ` [Qemu-devel] [PATCH v3 00/19] pc: add CPU hot-add/hot-remove with device_add/device_del Eduardo Habkost
2016-07-13 14:34 ` Igor Mammedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160713174625.3c40a9a8@nial.brq.redhat.com \
--to=imammedo@redhat.com \
--cc=armbru@redhat.com \
--cc=eduardo.otubo@profitbricks.com \
--cc=ehabkost@redhat.com \
--cc=marcel@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pkrempa@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).