From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:47532) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Td0wC-0005BA-5A for qemu-devel@nongnu.org; Mon, 26 Nov 2012 10:49:44 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Td0wB-0003Do-2Z for qemu-devel@nongnu.org; Mon, 26 Nov 2012 10:49:36 -0500 Received: from e28smtp04.in.ibm.com ([122.248.162.4]:54047) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Td0wA-0003Cp-Er for qemu-devel@nongnu.org; Mon, 26 Nov 2012 10:49:34 -0500 Received: from /spool/local by e28smtp04.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 26 Nov 2012 21:19:29 +0530 Received: from d28av04.in.ibm.com (d28av04.in.ibm.com [9.184.220.66]) by d28relay02.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id qAQFnNq230932996 for ; Mon, 26 Nov 2012 21:19:25 +0530 Received: from d28av04.in.ibm.com (loopback [127.0.0.1]) by d28av04.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id qAQLJD4t006022 for ; Tue, 27 Nov 2012 08:19:14 +1100 From: Anthony Liguori In-Reply-To: <1353660436-8897-2-git-send-email-pbonzini@redhat.com> References: <1353660436-8897-1-git-send-email-pbonzini@redhat.com> <1353660436-8897-2-git-send-email-pbonzini@redhat.com> Date: Mon, 26 Nov 2012 09:49:01 -0600 Message-ID: <87ehjgpdoy.fsf@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [Qemu-devel] [PATCH 1.3 1/5] qom: fix refcount of non-heap-allocated objects List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini , qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Liu Ping Fan Paolo Bonzini writes: > The reference count for embedded objects is always one too low, because > object_initialize_with_type returns with zero references to the object. > This causes premature finalization of the object (or an assertion failure) > after calling object_ref to add an extra reference and object_unref to > remove it. > > The fix is to move the initial object_ref call from object_new_with_type > to object_initialize_with_type. > > Signed-off-by: Paolo Bonzini > --- > qom/object.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/qom/object.c b/qom/object.c > index d7092b0..6a8c02a 100644 > --- a/qom/object.c > +++ b/qom/object.c > @@ -307,6 +307,7 @@ void object_initialize_with_type(void *data, TypeImpl *type) > > memset(obj, 0, type->instance_size); > obj->class = type->class; > + object_ref(obj); > QTAILQ_INIT(&obj->properties); > object_init_with_type(obj, type); > } But object_property_add_child() will take a reference. When the parent object goes away, this will cause that reference to get dropped and ultimately the child object to be destroyed. IOW, this change causes embedded objects to get leaked AFAICT. Regards, Anthony Liguori > @@ -395,7 +396,6 @@ Object *object_new_with_type(Type type) > > obj = g_malloc(type->instance_size); > object_initialize_with_type(obj, type); > - object_ref(obj); > > return obj; > } > -- > 1.8.0