From patchwork Sun Feb 12 17:38:24 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anthony Liguori X-Patchwork-Id: 140820 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [140.186.70.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 42C9DB6FA5 for ; Mon, 13 Feb 2012 04:38:38 +1100 (EST) Received: from localhost ([::1]:53838 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwdNk-0003rQ-5P for incoming@patchwork.ozlabs.org; Sun, 12 Feb 2012 12:38:36 -0500 Received: from eggs.gnu.org ([140.186.70.92]:54295) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwdNd-0003ph-SJ for qemu-devel@nongnu.org; Sun, 12 Feb 2012 12:38:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RwdNc-0004aU-MN for qemu-devel@nongnu.org; Sun, 12 Feb 2012 12:38:29 -0500 Received: from mail-tul01m020-f173.google.com ([209.85.214.173]:46783) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwdNc-0004aN-JF for qemu-devel@nongnu.org; Sun, 12 Feb 2012 12:38:28 -0500 Received: by obbup16 with SMTP id up16so7208689obb.4 for ; Sun, 12 Feb 2012 09:38:27 -0800 (PST) Received: by 10.60.14.5 with SMTP id l5mr3184126oec.34.1329068307186; Sun, 12 Feb 2012 09:38:27 -0800 (PST) Received: from [192.168.0.100] (cpe-70-123-132-139.austin.res.rr.com. [70.123.132.139]) by mx.google.com with ESMTPS id i5sm14850577obc.9.2012.02.12.09.38.25 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 12 Feb 2012 09:38:25 -0800 (PST) Message-ID: <4F37F910.5030400@codemonkey.ws> Date: Sun, 12 Feb 2012 11:38:24 -0600 From: Anthony Liguori User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Lightning/1.0b2 Thunderbird/3.1.15 MIME-Version: 1.0 To: "Michael S. Tsirkin" References: <20120212170743.GA3375@redhat.com> <20120212173140.GB3375@redhat.com> In-Reply-To: <20120212173140.GB3375@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.214.173 Cc: qemu-devel@nongnu.org Subject: Re: [Qemu-devel] weird qdev error X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org On 02/12/2012 11:31 AM, Michael S. Tsirkin wrote: > On Sun, Feb 12, 2012 at 07:07:43PM +0200, Michael S. Tsirkin wrote: >> I got this assert when working on qemu: pci hotplug >> callback failed so qdev_free was called. >> >> (gdb) where >> #0 0x00007ffff5fa1905 in raise () from /lib64/libc.so.6 >> #1 0x00007ffff5fa30e5 in abort () from /lib64/libc.so.6 >> #2 0x00007ffff7413a7f in g_assertion_message () from >> /lib64/libglib-2.0.so.0 >> #3 0x00007ffff7414020 in g_assertion_message_expr () from >> /lib64/libglib-2.0.so.0 >> #4 0x00007ffff7e452a9 in object_delete (obj=0x7ffff9124e60) at >> qom/object.c:375 >> #5 0x00007ffff7e2f5d4 in qdev_free (dev=0x7ffff9124e60) >> at /home/mst/scm/qemu/hw/qdev.c:250 >> #6 qdev_init (dev=0x7ffff9124e60) at /home/mst/scm/qemu/hw/qdev.c:149 >> #7 0x00007ffff7e2a7fe in qdev_device_add (opts=0x7ffff8b0d3a0) >> at /home/mst/scm/qemu/hw/qdev-monitor.c:473 >> #8 0x00007ffff7e06da9 in device_init_func (opts=, >> opaque=) at /home/mst/scm/qemu/vl.c:1754 >> #9 0x00007ffff7e3737a in qemu_opts_foreach (list=, >> func= >> 0x7ffff7e06d90, opaque=0x0, >> abort_on_failure=) at qemu-option.c:1048 >> #10 0x00007ffff7e09cdb in main (argc=, argv=> optimized out>, >> envp=) at /home/mst/scm/qemu/vl.c:3407 >> (gdb) frame 6 >> #6 qdev_init (dev=0x7ffff9124e60) at /home/mst/scm/qemu/hw/qdev.c:149 >> 149 qdev_free(dev); >> >> The problems seems to be that >> pci_qdev_init calls do_pci_unregister_device on >> hotplug error which will free the device twice? > > Here's a reproducer to a similar error in property parsing: > > qemu-system-x86_64 -enable-kvm -m 1G -drive file=/home/mst/rhel6.qcow2 > -netdev user,id=bar -net > nic,netdev=bar,model=e1000,macaddr=52:54:00:12:34:57 -redir > tcp:8022::22 -device virtio-net-pci,netdev=foo,mac=5854:00:12:34:56 > -netdev > tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on > -vnc :1 -monitor stdio Here's the fix. I need to do some regression testing and then I'll post as a proper top-level patch. Thanks for the report. Regards, Anthony Liguori > > > >> -- >> MST From b7fc6f1eb7c5e041eac7d610061a1be950707e5b Mon Sep 17 00:00:00 2001 From: Anthony Liguori Date: Sun, 12 Feb 2012 11:36:24 -0600 Subject: [PATCH] device_add: don't add a /peripheral link until init is complete Otherwise we end up with a dangling reference which causes qdev_free() to fail. Reported-by: Michael Tsirkin Signed-off-by: Anthony Liguori --- hw/qdev-monitor.c | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/hw/qdev-monitor.c b/hw/qdev-monitor.c index 49f13ca..a310cc7 100644 --- a/hw/qdev-monitor.c +++ b/hw/qdev-monitor.c @@ -457,6 +457,16 @@ DeviceState *qdev_device_add(QemuOpts *opts) id = qemu_opts_id(opts); if (id) { qdev->id = id; + } + if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) { + qdev_free(qdev); + return NULL; + } + if (qdev_init(qdev) < 0) { + qerror_report(QERR_DEVICE_INIT_FAILED, driver); + return NULL; + } + if (qdev->id) { object_property_add_child(qdev_get_peripheral(), qdev->id, OBJECT(qdev), NULL); } else { @@ -466,14 +476,6 @@ DeviceState *qdev_device_add(QemuOpts *opts) OBJECT(qdev), NULL); g_free(name); } - if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) { - qdev_free(qdev); - return NULL; - } - if (qdev_init(qdev) < 0) { - qerror_report(QERR_DEVICE_INIT_FAILED, driver); - return NULL; - } qdev->opts = opts; return qdev; } -- 1.7.4.1