From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:49071)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1SSrCt-00085C-RM
	for qemu-devel@nongnu.org; Fri, 11 May 2012 10:52:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1SSrCl-0005OS-B1
	for qemu-devel@nongnu.org; Fri, 11 May 2012 10:52:35 -0400
Received: from mx1.redhat.com ([209.132.183.28]:18996)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1SSrCl-0005OM-3D
	for qemu-devel@nongnu.org; Fri, 11 May 2012 10:52:27 -0400
Message-ID: <4FAD27A4.9000806@redhat.com>
Date: Fri, 11 May 2012 22:52:20 +0800
From: Amos Kong <akong@redhat.com>
MIME-Version: 1.0
References: <20120511021531.14819.78211.stgit@t> <4FACB4E4.2070708@redhat.com>
In-Reply-To: <4FACB4E4.2070708@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] qom: fix refcounting in
	object_property_del_child()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org

On 05/11/2012 02:42 PM, Paolo Bonzini wrote:
> Il 11/05/2012 04:15, Amos Kong ha scritto:
>> Start VM with 8 multiple-function block devs, hot-removing
>> those block devs by 'device_del ...' would cause qemu abort.
>>
>> object_ref() is called in object_property_add_child(),
>> but we don't unref it in object_property_del_child().
>>
>> | (qemu) device_del virti0-0-0
>> | (qemu) **
>> | ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
>>
>> Signed-off-by: Amos Kong <akong@redhat.com>
>> ---
>>  qom/object.c |    1 +
>>  1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/qom/object.c b/qom/object.c
>> index e721fc2..9da6b59 100644
>> --- a/qom/object.c
>> +++ b/qom/object.c
>> @@ -320,6 +320,7 @@ static void object_property_del_child(Object *obj, Object *child, Error **errp)
>>      QTAILQ_FOREACH(prop, &obj->properties, node) {
>>          if (strstart(prop->type, "child<", NULL) && prop->opaque == child) {
>>              object_property_del(obj, prop->name, errp);
>> +            object_unref(child);
> 
> This should be called by object_finalize_child_property instead, can you
> check why this is not the case?

Yes, original ref/unref are right.
I will post another patch to fix this issue.


NAK this patch.


> Paolo

Thanks!

-- 
			Amos.