From: "Andreas Färber" <afaerber@suse.de>
To: Amos Kong <akong@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>,
qemu-stable@nongnu.org
Subject: Re: [Qemu-devel] [PULL 47/58] qdev-monitor: Unref device when device_add fails
Date: Mon, 18 Nov 2013 15:35:20 +0100 [thread overview]
Message-ID: <528A25A8.3000301@suse.de> (raw)
In-Reply-To: <20131118122928.GA23465@amosk.info>
Am 18.11.2013 13:29, schrieb Amos Kong:
> On Tue, Oct 08, 2013 at 07:44:45PM +0200, Andreas Färber wrote:
>> From: Stefan Hajnoczi <stefanha@redhat.com>
>>
>> qdev_device_add() leaks the created device upon failure. I suspect this
>> problem crept in because qdev_free() unparents the device but does not
>> drop a reference - confusing name.
>>
>> Cc: qemu-stable@nongnu.org
>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
>> Signed-off-by: Andreas Färber <afaerber@suse.de>
>
> Hi Stefan,
>
> This commit caused a regression bug:
>
> hotplug more than 32 disks to vm, qemu crash
>
> ---
>
> [amos@amosk qemu]$ cat radd.sh
> for i in `seq 3 9` a b c d e f 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f;do
> for j in `seq 1 7` 0;do
> /bin/cp /images/none.qcow2 /tmp/resize$i$j.qcow2
>
> echo drive_add $i.$j id=drv$i$j,file=/tmp/resize$i$j.qcow2,if=none
> echo drive_add $i.$j id=drv$i$j,file=/tmp/resize$i$j.qcow2,if=none | nc -U /tmp/m
>
> echo device_add virtio-blk-pci,id=dev$i$j,drive=drv$i$j,addr=0x$i.$j,multifunction=on
> echo device_add virtio-blk-pci,id=dev$i$j,drive=drv$i$j,addr=0x$i.$j,multifunction=on | nc -U /tmp/m
> done
> done
Hi, thanks for catching this.
Is this only with virtio-blk-pci or with any PCI card or only when
drives are involved? Either way it would be really great if you could
add such tests to Stefan's qtest using QMP, so that it can easily be run
by everyone.
The stacktrace below is not really telling to me. I wonder if we forget
to clean up some MemoryRegion in the device that still has a back
reference or whether the Memory API still references MemoryRegions that
have been destroyed by the device or forgets the reference devices it
still needs... Paolo?
I had reviewed the call paths and believe the patch to be 100% good, so
the fault will very likely be elsewhere.
Regards,
Andreas
>
> ----
>
> #0 0x00005555558b7f95 in flatview_ref (view=0x0) at /home/devel/qemu/memory.c:300
> #1 0x00005555558b9689 in address_space_get_flatview (as=0x55555645d660) at /home/devel/qemu/memory.c:656
> #2 0x00005555558ba416 in address_space_update_topology (as=0x55555645d660) at /home/devel/qemu/memory.c:760
> #3 0x00005555558ba5cf in memory_region_transaction_commit () at /home/devel/qemu/memory.c:799
> #4 0x00005555558bcfcc in memory_region_set_enabled (mr=0x55555647af08, enabled=false) at /home/devel/qemu/memory.c:1503
> #5 0x000055555571a0af in do_pci_register_device (pci_dev=0x55555647ac10, bus=0x5555564132b0, name=0x555556261100 "virtio-blk-pci", devfn=26) at hw/pci/pci.c:846
> #6 0x000055555571c6cc in pci_qdev_init (qdev=0x55555647ac10) at hw/pci/pci.c:1751
> #7 0x0000555555694d70 in device_realize (dev=0x55555647ac10, err=0x7fffffffc8e8) at hw/core/qdev.c:178
> #8 0x00005555556966fc in device_set_realized (obj=0x55555647ac10, value=true, err=0x7fffffffca60) at hw/core/qdev.c:699
> #9 0x00005555557e7b57 in property_set_bool (obj=0x55555647ac10, v=0x55555679a830, opaque=0x555556461b10, name=0x5555559922ae "realized", errp=0x7fffffffca60)
> at qom/object.c:1315
> #10 0x00005555557e665b in object_property_set (obj=0x55555647ac10, v=0x55555679a830, name=0x5555559922ae "realized", errp=0x7fffffffca60) at qom/object.c:803
> #11 0x00005555557e816e in object_property_set_qobject (obj=0x55555647ac10, value=0x555556678880, name=0x5555559922ae "realized", errp=0x7fffffffca60) at qom/qom-qobject.c:24
> #12 0x00005555557e6950 in object_property_set_bool (obj=0x55555647ac10, value=true, name=0x5555559922ae "realized", errp=0x7fffffffca60) at qom/object.c:866
> #13 0x0000555555694ca7 in qdev_init (dev=0x55555647ac10) at hw/core/qdev.c:163
> #14 0x00005555557c60ee in qdev_device_add (opts=0x555556525370) at qdev-monitor.c:543
> #15 0x00005555557c6730 in do_device_add (mon=0x5555562fb760, qdict=0x55555645d440, ret_data=0x7fffffffcb80) at qdev-monitor.c:656
> #16 0x00005555558c8892 in handle_user_command (mon=0x5555562fb760, cmdline=0x5555563f0f60 "device_add virtio-blk-pci,id=dev32,drive=drv32,addr=0x3.2,multifunction=on")
> at /home/devel/qemu/monitor.c:4137
> #17 0x00005555558ca10f in monitor_command_cb (mon=0x5555562fb760, cmdline=0x5555563f0f60 "device_add virtio-blk-pci,id=dev32,drive=drv32,addr=0x3.2,multifunction=on",
> opaque=0x0) at /home/devel/qemu/monitor.c:4757
> #18 0x00005555557e9491 in readline_handle_byte (rs=0x5555563f0f60, ch=10) at readline.c:373
> #19 0x00005555558ca045 in monitor_read (opaque=0x5555562fb760, buf=0x7fffffffccf0 "\n\315\377\377\377\177", size=1) at /home/devel/qemu/monitor.c:4743
> #20 0x00005555557c6cc8 in qemu_chr_be_write (s=0x555556269040, buf=0x7fffffffccf0 "\n\315\377\377\377\177", len=1) at qemu-char.c:165
> #21 0x00005555557cb026 in tcp_chr_read (chan=0x55555645fe40, cond=G_IO_IN, opaque=0x555556269040) at qemu-char.c:2487
> #22 0x00007ffff76ede06 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
> #23 0x000055555578ef33 in glib_pollfds_poll () at main-loop.c:189
> #24 0x000055555578f028 in os_host_main_loop_wait (timeout=77312299) at main-loop.c:234
> #25 0x000055555578f100 in main_loop_wait (nonblocking=0) at main-loop.c:483
> #26 0x000055555582e234 in main_loop () at vl.c:2014
> #27 0x0000555555835697 in main (argc=14, argv=0x7fffffffe298, envp=0x7fffffffe310) at vl.c:4362
>
>> ---
>> qdev-monitor.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/qdev-monitor.c b/qdev-monitor.c
>> index b1ce26a..531b258 100644
>> --- a/qdev-monitor.c
>> +++ b/qdev-monitor.c
>> @@ -518,6 +518,7 @@ DeviceState *qdev_device_add(QemuOpts *opts)
>> }
>> if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) {
>> qdev_free(qdev);
>> + object_unref(OBJECT(qdev));
>> return NULL;
>> }
>> if (qdev->id) {
>> @@ -531,6 +532,7 @@ DeviceState *qdev_device_add(QemuOpts *opts)
>> g_free(name);
>> }
>> if (qdev_init(qdev) < 0) {
>> + object_unref(OBJECT(qdev));
>> qerror_report(QERR_DEVICE_INIT_FAILED, driver);
>> return NULL;
>> }
>> --
>> 1.8.1.4
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
next prev parent reply other threads:[~2013-11-18 14:35 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-08 17:43 [Qemu-devel] [PULL 00/58] QOM devices patch queue 2013-10-08 Andreas Färber
2013-10-08 17:43 ` [Qemu-devel] [PULL 01/58] hw/arm/boot: Make user not specifying a kernel not an error Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 02/58] hw/arm: Tidy up conditional calls to arm_load_kernel() Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 03/58] mips_mipssim: Silence BIOS loading warning for qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 04/58] puv3: Turn puv3_load_kernel() into a no-op for qtest without -kernel Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 05/58] mainstone: Don't enforce use of -pflash for qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 06/58] gumstix: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 07/58] z2: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 08/58] palm: Don't enforce loading ROM or kernel " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 09/58] omap_sx1: Don't enforce use of kernel or flash " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 10/58] exynos4_boards: Silence lack of -smp 2 warning " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 11/58] armv7m: Don't enforce use of kernel " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 12/58] axis_dev88: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 13/58] mcf5208: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 14/58] an5206: " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 15/58] milkymist: Suppress -kernel/-bios/-drive error " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 16/58] shix: Drop debug output Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 17/58] shix: Don't require firmware presence for qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 18/58] leon3: Don't enforce use of -bios with qtest Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 19/58] qtest: Prepare QOM machine tests Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 20/58] milkymist-uart: Use Device::realize instead of SysBusDevice::init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 21/58] a9mpcore: Split off instance_init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 22/58] arm_gic: Extract headers hw/intc/arm_gic{, _common}.h Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 23/58] a9mpcore: Embed GICState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 24/58] a9scu: QOM cleanups Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 25/58] a9mpcore: Embed A9SCUState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 26/58] arm_mptimer: Convert to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 27/58] a9mpcore: Embed ARMMPTimerState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 28/58] a9mpcore: Convert to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 29/58] a9mpcore: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 30/58] a15mpcore: Split off instance_init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 31/58] a15mpcore: Embed GICState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 32/58] a15mpcore: Convert to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 33/58] a15mpcore: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 34/58] a9scu: Build only once Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 35/58] arm11mpcore: Fix typo in MemoryRegion name Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 36/58] arm11mpcore: Drop unused fields Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 37/58] arm11mpcore: Create container MemoryRegion in instance_init Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 38/58] arm11mpcore: Split off SCU device Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 39/58] arm11mpcore: Convert ARM11MPCorePriveState to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 40/58] realview_gic: Convert " Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 41/58] realview_gic: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 42/58] arm11mpcore: Convert mpcore_rirq_state to QOM realize Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 43/58] arm11mpcore: Prepare for QOM embedding Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 44/58] arm11mpcore: Split off RealView MPCore Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 45/58] qdev-monitor: Clean up qdev_device_add() variable naming Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 46/58] qdev-monitor: Fix crash when device_add is called with abstract driver Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 47/58] qdev-monitor: Unref device when device_add fails Andreas Färber
2013-11-18 12:29 ` Amos Kong
2013-11-18 14:35 ` Andreas Färber [this message]
2013-11-19 8:31 ` Amos Kong
2013-11-19 10:25 ` Paolo Bonzini
2013-10-08 17:44 ` [Qemu-devel] [PULL 48/58] qdev: Drop misleading qdev_free() function Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 49/58] qdev-monitor: Avoid qdev as variable name Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 50/58] qdev-monitor: Inline qdev_init() for device_add Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 51/58] qom: Include error.h directly in object.h Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 52/58] qom: Clean up struct Error references Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 53/58] qom: Add pointer to int property helpers Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 54/58] pxa: Fix typo "dettach" Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 55/58] pcmcia: QOM'ify PCMCIACardState and MicroDriveState Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 56/58] microdrive: Coding Style cleanups Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 57/58] ide: Drop ide_init2_with_non_qdev_drives() Andreas Färber
2013-10-08 17:44 ` [Qemu-devel] [PULL 58/58] pcmcia/pxa2xx: QOM'ify PXA2xxPCMCIAState Andreas Färber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=528A25A8.3000301@suse.de \
--to=afaerber@suse.de \
--cc=akong@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).