From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:52862)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1RtZSz-0001Su-7o
	for qemu-devel@nongnu.org; Sat, 04 Feb 2012 01:51:25 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1RtZSu-0001en-ND
	for qemu-devel@nongnu.org; Sat, 04 Feb 2012 01:51:20 -0500
Received: from mail-ww0-f53.google.com ([74.125.82.53]:60861)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1RtZSu-0001eg-Gz
	for qemu-devel@nongnu.org; Sat, 04 Feb 2012 01:51:16 -0500
Received: by wgbdr12 with SMTP id dr12so4443681wgb.10
	for <qemu-devel@nongnu.org>; Fri, 03 Feb 2012 22:51:15 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <4F2CD561.3020100@redhat.com>
Date: Sat, 04 Feb 2012 07:51:13 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1328201142-26145-1-git-send-email-pbonzini@redhat.com>	<1328201142-26145-2-git-send-email-pbonzini@redhat.com>	<4F2BEED5.3050904@codemonkey.ws>
	<4F2C7B7B.60801@redhat.com> <4F2CA008.2040402@codemonkey.ws>
In-Reply-To: <4F2CA008.2040402@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 01/16] qdev: fix hot-unplug
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org

On 02/04/2012 04:03 AM, Anthony Liguori wrote:
> There's no object_ref() in qdev_device_add().  The 2 references come
> from adding a child link to /peripheral and via object_new().

Sure, but there's when the object_new() reference becomes unreachable. 
At this point, if it weren't for /peripheral the device should have 
disappeared.

> object_free() drops a reference (it's called in qdev_device_del()) and
> in the process of calling object_free(), it also calls object_unparent()
> which will drop the reference from the parent.
>
> I'm not thrilled about the way reference counting is done now.  Perhaps
> we should do a gobject style floating reference...

I'm not sure that's a problem.  Rather, the problem is that we are 
(still) mixing manual memory management and refcounting by making 
object_delete drop a reference.

Can you remind me of why you have object_unref separate from 
object_delete?  Is it because you must not delete objects that were 
object_initialize'd rather than object_new'd?  Perhaps we can take care 
of that with a flag elsewhere saying "do not free this object when 
object_unref drops the last ref" (only finalize it).

Thanks for analyzing the behavior.  We don't have to get it right 
immediately as long as we know what's going on, the transition is not 
complete anyway.

Paolo