| Message ID | 20120511021531.14819.78211.stgit@t |
|---|---|
| State | New |
| Headers | show |
Il 11/05/2012 04:15, Amos Kong ha scritto: > Start VM with 8 multiple-function block devs, hot-removing > those block devs by 'device_del ...' would cause qemu abort. > > object_ref() is called in object_property_add_child(), > but we don't unref it in object_property_del_child(). > > | (qemu) device_del virti0-0-0 > | (qemu) ** > | ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) > > Signed-off-by: Amos Kong <akong@redhat.com> > --- > qom/object.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/qom/object.c b/qom/object.c > index e721fc2..9da6b59 100644 > --- a/qom/object.c > +++ b/qom/object.c > @@ -320,6 +320,7 @@ static void object_property_del_child(Object *obj, Object *child, Error **errp) > QTAILQ_FOREACH(prop, &obj->properties, node) { > if (strstart(prop->type, "child<", NULL) && prop->opaque == child) { > object_property_del(obj, prop->name, errp); > + object_unref(child); This should be called by object_finalize_child_property instead, can you check why this is not the case? Paolo > break; > } > } >
On 05/11/2012 02:42 PM, Paolo Bonzini wrote: > Il 11/05/2012 04:15, Amos Kong ha scritto: >> Start VM with 8 multiple-function block devs, hot-removing >> those block devs by 'device_del ...' would cause qemu abort. >> >> object_ref() is called in object_property_add_child(), >> but we don't unref it in object_property_del_child(). >> >> | (qemu) device_del virti0-0-0 >> | (qemu) ** >> | ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) >> >> Signed-off-by: Amos Kong <akong@redhat.com> >> --- >> qom/object.c | 1 + >> 1 files changed, 1 insertions(+), 0 deletions(-) >> >> diff --git a/qom/object.c b/qom/object.c >> index e721fc2..9da6b59 100644 >> --- a/qom/object.c >> +++ b/qom/object.c >> @@ -320,6 +320,7 @@ static void object_property_del_child(Object *obj, Object *child, Error **errp) >> QTAILQ_FOREACH(prop, &obj->properties, node) { >> if (strstart(prop->type, "child<", NULL) && prop->opaque == child) { >> object_property_del(obj, prop->name, errp); >> + object_unref(child); > > This should be called by object_finalize_child_property instead, can you > check why this is not the case? Yes, original ref/unref are right. I will post another patch to fix this issue. NAK this patch. > Paolo Thanks!
diff --git a/qom/object.c b/qom/object.c index e721fc2..9da6b59 100644 --- a/qom/object.c +++ b/qom/object.c @@ -320,6 +320,7 @@ static void object_property_del_child(Object *obj, Object *child, Error **errp) QTAILQ_FOREACH(prop, &obj->properties, node) { if (strstart(prop->type, "child<", NULL) && prop->opaque == child) { object_property_del(obj, prop->name, errp); + object_unref(child); break; } }
Start VM with 8 multiple-function block devs, hot-removing those block devs by 'device_del ...' would cause qemu abort. object_ref() is called in object_property_add_child(), but we don't unref it in object_property_del_child(). | (qemu) device_del virti0-0-0 | (qemu) ** | ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) Signed-off-by: Amos Kong <akong@redhat.com> --- qom/object.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)