[Qemu-commits] [qemu/qemu] 0210b3: qom/object: Add a new function object

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 0210b3: qom/object: Add a new function object

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 0210b3: qom/object: Add a new function object_initialize_c...
Date:	Tue, 17 Jul 2018 06:56:53 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 0210b39d0e84d5a63a3e468f177c07a3a98d88a8
      
https://github.com/qemu/qemu/commit/0210b39d0e84d5a63a3e468f177c07a3a98d88a8
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M include/qom/object.h
    M qom/object.c

  Log Message:
  -----------
  qom/object: Add a new function object_initialize_child()

A lot of code is using the object_initialize() function followed by a call
to object_property_add_child() to add the newly initialized object as a child
of the current object. Both functions increase the reference counter of the
new object, but many spots that call these two functions then forget to drop
one of the superfluous references. So the newly created object is often not
cleaned up correctly when the parent is destroyed. In the worst case, this
can cause crashes, e.g. because device objects are not correctly removed from
their parent_bus.

Since this is a common pattern between many code spots, let's introduce a
new function that takes care of calling all three required initialization
functions, first object_initialize(), then object_property_add_child() and
finally object_unref(). And since the function does a similar job like
object_new_with_props(), also allow to set additional properties via
varargs, and use user_creatable_complete() to make sure that the functions
can be used similarly.

And while we're at object.h, also fix some copy-n-paste errors in the
comments there ("to store the area" --> "to store the error").

Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 046f370fb44172a34e54e341e7aeca4405af67a1
      
https://github.com/qemu/qemu/commit/046f370fb44172a34e54e341e7aeca4405af67a1
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/core/sysbus.c
    M include/hw/sysbus.h

  Log Message:
  -----------
  hw/core/sysbus: Add a function for creating and attaching an object

A lot of functions are initializing an object and attach it immediately
afterwards to the system bus. Provide a common function for this, which
also uses object_initialize_child() to make sure that the reference
counter is correctly initialized to 1 afterwards.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 14c520e335304ba79f6a68b1ea1d90895790b065
      
https://github.com/qemu/qemu/commit/14c520e335304ba79f6a68b1ea1d90895790b065
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/bcm2836.c

  Log Message:
  -----------
  hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines

When trying to "device_add bcm2837" on a machine that is not suitable for
this device, you can quickly crash QEMU afterwards, e.g. with "info qtree":

echo "{'execute':'qmp_capabilities'} {'execute':'device_add', " \
 "'arguments':{'driver':'bcm2837'}} {'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 aarch64-softmmu/qemu-system-aarch64 -M integratorcp,accel=qtest -S -qmp stdio

{"QMP": {"version": {"qemu": {"micro": 50, "minor": 12, "major": 2},
 "package": "build-all"}, "capabilities": []}}
{"return": {}}
{"error": {"class": "GenericError", "desc": "Device 'bcm2837' can not be
 hotplugged on this machine"}}
Segmentation fault (core dumped)

The qdev_set_parent_bus() from instance_init adds a link to the child devices
which is not valid anymore after the bcm2837 instance has been destroyed.
Unfortunately, the child devices do not get destroyed / unlinked correctly
because both object_initialize() and object_property_add_child() increase
the reference count of the child objects by one, but only one reference
is dropped when the parent gets removed. So let's use the new functions
object_initialize_child() and sysbus_init_child_obj() instead to create
the objects, which will take care of creating the child objects with the
correct reference count of one.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 955cbc6b178fec1f656e702774390c2023798fb7
      
https://github.com/qemu/qemu/commit/955cbc6b178fec1f656e702774390c2023798fb7
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/armv7m.c
    M hw/arm/iotkit.c
    M hw/intc/armv7m_nvic.c

  Log Message:
  -----------
  hw/arm/armv7: Fix crash when introspecting the "iotkit" device

QEMU currently crashes when introspecting the "iotkit" device and
runnint "info qtree" afterwards, e.g. when running QEMU like this:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'iotkit'}}" "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio

Use the new functions object_initialize_child() and sysbus_init_child_obj()
to make sure that all objects get cleaned up correctly when the instances
are destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: fd31701214ccf01c815a29563e6c0e182676d39c
      
https://github.com/qemu/qemu/commit/fd31701214ccf01c815a29563e6c0e182676d39c
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/cpu/a15mpcore.c

  Log Message:
  -----------
  hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device

There is a memory management problem when introspecting the a15mpcore_priv
device. It can be seen with valgrind when running QEMU like this:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'a15mpcore_priv'}}"\
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}"  | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 12, "major": 2},
 "package": "build-all"}, "capabilities": []}}
{"return": {}}
{"return": [{"name": "num-cpu", "type": "uint32"}, {"name": "num-irq",
 "type": "uint32"}, {"name": "a15mp-priv-container[0]", "type":
  "child<qemu:memory-region>"}]}
==24978== Invalid read of size 8
==24978==    at 0x618EBA: qdev_print (qdev-monitor.c:686)
==24978==    by 0x618EBA: qbus_print (qdev-monitor.c:719)
[...]

Use the new sysbus_init_child_obj() function to make sure that we get
the reference counting of the child objects right.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: d473a0309c4362559ac1ba14f07dc1e78b215a33
      
https://github.com/qemu/qemu/commit/d473a0309c4362559ac1ba14f07dc1e78b215a33
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/msf2-soc.c

  Log Message:
  -----------
  hw/arm/msf2-soc: Fix introspection problem with the "msf2-soc" device

Valgrind currently reports a problem when running QEMU like this:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'msf2-soc'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==23097== Invalid read of size 8
==23097==    at 0x6192AA: qdev_print (qdev-monitor.c:686)
==23097==    by 0x6192AA: qbus_print (qdev-monitor.c:719)
[...]

Use the new sysbus_init_child_obj() function to make sure that the child
objects are cleaned up correctly when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 2ba486e7db9697895a9084e6dacbf522122ca9dd
      
https://github.com/qemu/qemu/commit/2ba486e7db9697895a9084e6dacbf522122ca9dd
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/cpu/a9mpcore.c

  Log Message:
  -----------
  hw/cpu/a9mpcore: Fix introspection problems with the "a9mpcore_priv" device

Running QEMU with valgrind indicates a problem here:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'a9mpcore_priv'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==30996== Invalid read of size 8
==30996==    at 0x6185DA: qdev_print (qdev-monitor.c:686)
==30996==    by 0x6185DA: qbus_print (qdev-monitor.c:719)
==30996==    by 0x452B38: handle_hmp_command (monitor.c:3446)
[...]

Use the new sysbus_init_child_obj() function to make sure that the objects
are cleaned up correctly when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: e9e4d4d3e180a35d244371fd724a9a67404678cf
      
https://github.com/qemu/qemu/commit/e9e4d4d3e180a35d244371fd724a9a67404678cf
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/fsl-imx6.c

  Log Message:
  -----------
  hw/arm/fsl-imx6: Fix introspection problems with the "fsl, imx6" device

Running QEMU with valgrind indicates a problem here:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'fsl,imx6'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==32417== Invalid read of size 8
==32417==    at 0x618A7A: qdev_print (qdev-monitor.c:686)
==32417==    by 0x618A7A: qbus_print (qdev-monitor.c:719)
==32417==    by 0x452B38: handle_hmp_command (monitor.c:3446)
[...]

Use the new sysbus_init_child_obj() and object_initialize_child() to make
sure that the objects are removed correctly when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: f8bf4b6d38e966bf7b2fd77a2ef227e0805b6d0d
      
https://github.com/qemu/qemu/commit/f8bf4b6d38e966bf7b2fd77a2ef227e0805b6d0d
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/fsl-imx7.c

  Log Message:
  -----------
  hw/arm/fsl-imx7: Fix introspection problems with the "fsl, imx7" device

Running QEMU with valgrind indicates a problem here:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'fsl,imx7'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==27284== Invalid read of size 8
==27284==    at 0x618F7A: qdev_print (qdev-monitor.c:686)
==27284==    by 0x618F7A: qbus_print (qdev-monitor.c:719)
==27284==    by 0x452B38: handle_hmp_command (monitor.c:3446)
[...]

Use the new sysbus_init_child_obj() and object_initialize_child() to make
sure that the objects are removed correctly when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 51dd12ac0e0c7c3cc95e2d97311a34a3329c13f3
      
https://github.com/qemu/qemu/commit/51dd12ac0e0c7c3cc95e2d97311a34a3329c13f3
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/fsl-imx25.c

  Log Message:
  -----------
  hw/arm/fsl-imx25: Fix introspection problem with the "fsl, imx25" device

Running QEMU with valgrind indicates a problem here:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'fsl,imx25'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==26724== Invalid read of size 8
==26724==    at 0x6190DA: qdev_print (qdev-monitor.c:686)
==26724==    by 0x6190DA: qbus_print (qdev-monitor.c:719)
[...]

Use the new sysbus_init_child_obj() to make sure that the objects are
cleaned up correctly when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: aac409c9b09fe5df11e82fc285d4e721d857f486
      
https://github.com/qemu/qemu/commit/aac409c9b09fe5df11e82fc285d4e721d857f486
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/fsl-imx31.c

  Log Message:
  -----------
  hw/arm/fsl-imx31: Fix introspection problem with the "fsl, imx31" device

Running QEMU with valgrind indicates a problem here:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'fsl,imx31'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==26172== Invalid read of size 8
==26172==    at 0x6191FA: qdev_print (qdev-monitor.c:686)
==26172==    by 0x6191FA: qbus_print (qdev-monitor.c:719)
[...]

Use the new sysbus_init_child_obj() to make sure that the objects are
cleaned up correctly when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: b2bc349822fa27c7da4e04535c5dda2cb035965b
      
https://github.com/qemu/qemu/commit/b2bc349822fa27c7da4e04535c5dda2cb035965b
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/cpu/arm11mpcore.c

  Log Message:
  -----------
  hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv'

Valgrind reports an error here:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'arm11mpcore_priv'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==3145== Invalid read of size 8
==3145==    at 0x61873A: qdev_print (qdev-monitor.c:686)
==3145==    by 0x61873A: qbus_print (qdev-monitor.c:719)
[...]

Use sysbus_init_child_obj() to fix it.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 32db1b58caa72f2ae582560f1937b21ea9ee0646
      
https://github.com/qemu/qemu/commit/32db1b58caa72f2ae582560f1937b21ea9ee0646
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/cpu/realview_mpcore.c
    M hw/intc/realview_gic.c

  Log Message:
  -----------
  hw/*/realview: Fix introspection problem with 'realview_mpcore' & 
'realview_gic'

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'realview_mpcore'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==2654== Invalid read of size 8
==2654==    at 0x61878A: qdev_print (qdev-monitor.c:686)
==2654==    by 0x61878A: qbus_print (qdev-monitor.c:719)
==2654==    by 0x452B38: handle_hmp_command (monitor.c:3446)
==2654==    by 0x452D70: qmp_human_monitor_command (monitor.c:821)
[...]

Use sysbus_init_child_obj() to fix it.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: cf3fccfa8c3ade3da058b3eac09fc1bbaa1ce648
      
https://github.com/qemu/qemu/commit/cf3fccfa8c3ade3da058b3eac09fc1bbaa1ce648
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/allwinner-a10.c

  Log Message:
  -----------
  hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10'

Valgrind complains:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'allwinner-a10'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==32519== Invalid read of size 8
==32519==    at 0x61869A: qdev_print (qdev-monitor.c:686)
==32519==    by 0x61869A: qbus_print (qdev-monitor.c:719)
==32519==    by 0x452B38: handle_hmp_command (monitor.c:3446)
[...]

Use object_initialize_child() and sysbus_init_child_obj() to fix the issue.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: a39ae81637f19086f7358555e7cc0becea301113
      
https://github.com/qemu/qemu/commit/a39ae81637f19086f7358555e7cc0becea301113
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/stm32f205_soc.c

  Log Message:
  -----------
  hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device

Valgrind complains:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'stm32f205-soc'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio
[...]
==28531== Invalid read of size 8
==28531==    at 0x6185BA: qdev_print (qdev-monitor.c:686)
==28531==    by 0x6185BA: qbus_print (qdev-monitor.c:719)
==28531==    by 0x452B38: handle_hmp_command (monitor.c:3446)
[...]

Fix it with the new sysbus_init_child_obj() function.

Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: fe04f0b4a1f4bc3d7924c914e0c6ef5222473ed0
      
https://github.com/qemu/qemu/commit/fe04f0b4a1f4bc3d7924c914e0c6ef5222473ed0
  Author: Paolo Bonzini <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/display/xlnx_dp.c
    M hw/misc/auxbus.c
    M include/hw/misc/auxbus.h

  Log Message:
  -----------
  hw/display/xlnx_dp: Move problematic code from instance_init to realize

aux_create_slave() calls qdev_init_nofail() which in turn "realizes"
the corresponding object. This is unlike qdev_create(), and it is wrong
because qdev_init_nofail() must not be called from an instance_init
function.  Move qdev_init_nofail() and the subsequent aux_map_slave into
the caller's realize function.

There are two more bugs that needs to be fixed here, too, where the
objects are created but not added as children.  Therefore when
you call object_unparent on them, nothing happens.

In particular dpcd and edid give you an infinite loop in bus_unparent,
because device_unparent is not called and does not remove them from
the list of devices on the bus.

Reported-by: Thomas Huth <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Message-id: address@hidden
[thuth: Added Paolo's fixup for the dpcd and edid unparenting]
Signed-off-by: Thomas Huth <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>


  Commit: ccf02d73d18930a15282556e577c0777fa09081b
      
https://github.com/qemu/qemu/commit/ccf02d73d18930a15282556e577c0777fa09081b
  Author: Thomas Huth <address@hidden>
  Date:   2018-07-17 (Tue, 17 Jul 2018)

  Changed paths:
    M hw/arm/xlnx-zynqmp.c

  Log Message:
  -----------
  hw/arm/xlnx-zynqmp: Fix crash when introspecting the "xlnx, zynqmp" device

QEMU currently crashes when e.g. doing something like this:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'xlnx,zynqmp'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" \
 |  aarch64-softmmu/qemu-system-aarch64 -M none,accel=qtest -qmp stdio

Use the new object_initialize_child() and sysbus_init_child_obj()
functions to get the refernce counting of the child objects right, so
that they are properly cleaned up when the parent gets destroyed.

Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/3e86907c822c...ccf02d73d189
      **NOTE:** This service been marked for deprecation: 
https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 0210b3: qom/object: Add a new function object_initialize_c..., GitHub <=
Prev by Date: [Qemu-commits] [qemu/qemu] bb23a7: qga: fix 'driver' leak in guest-get-fsinfo
Next by Date: [Qemu-commits] [qemu/qemu] 46fac1: dump: add kernel_gs_base to QEMU CPU state
Previous by thread: [Qemu-commits] [qemu/qemu] bb23a7: qga: fix 'driver' leak in guest-get-fsinfo
Next by thread: [Qemu-commits] [qemu/qemu] 46fac1: dump: add kernel_gs_base to QEMU CPU state
Index(es):
- Date
- Thread