From: Laurent Vivier <lvivier@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Laurent Vivier" <lvivier@redhat.com>,
"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
"Greg Kurz" <groug@kaod.org>,
qemu-ppc@nongnu.org, "Cédric Le Goater" <clg@kaod.org>,
"David Gibson" <david@gibson.dropbear.id.au>
Subject: [PULL v2 2/6] xive, xics: Fix reference counting on CPU objects
Date: Mon, 18 Nov 2019 11:53:15 +0100 [thread overview]
Message-ID: <20191118105319.7658-3-lvivier@redhat.com> (raw)
In-Reply-To: <20191118105319.7658-1-lvivier@redhat.com>
From: Greg Kurz <groug@kaod.org>
When a VCPU gets connected to the XIVE interrupt controller, we add a
const link targetting the CPU object to the TCTX object. Similar links
are added to the ICP object when using the XICS interrupt controller.
As explained in <qom/object.h>:
* The caller must ensure that @target stays alive as long as
* this property exists. In the case @target is a child of @obj,
* this will be the case. Otherwise, the caller is responsible for
* taking a reference.
We're in the latter case for both XICS and XIVE. Add the missing
calls to object_ref() and object_unref().
This doesn't fix any known issue because the life cycle of the TCTX or
ICP happens to be shorter than the one of the CPU or XICS fabric, but
better safe than sorry.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <157192724770.3146912.15400869269097231255.stgit@bahia.lan>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
hw/intc/xics.c | 8 +++++++-
hw/intc/xive.c | 6 +++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index 935f325749cb..5f746079be46 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -388,8 +388,10 @@ Object *icp_create(Object *cpu, const char *type, XICSFabric *xi, Error **errp)
obj = object_new(type);
object_property_add_child(cpu, type, obj, &error_abort);
object_unref(obj);
+ object_ref(OBJECT(xi));
object_property_add_const_link(obj, ICP_PROP_XICS, OBJECT(xi),
&error_abort);
+ object_ref(cpu);
object_property_add_const_link(obj, ICP_PROP_CPU, cpu, &error_abort);
object_property_set_bool(obj, true, "realized", &local_err);
if (local_err) {
@@ -403,7 +405,11 @@ Object *icp_create(Object *cpu, const char *type, XICSFabric *xi, Error **errp)
void icp_destroy(ICPState *icp)
{
- object_unparent(OBJECT(icp));
+ Object *obj = OBJECT(icp);
+
+ object_unref(object_property_get_link(obj, ICP_PROP_CPU, &error_abort));
+ object_unref(object_property_get_link(obj, ICP_PROP_XICS, &error_abort));
+ object_unparent(obj);
}
/*
diff --git a/hw/intc/xive.c b/hw/intc/xive.c
index 38257aa02083..952a461d5329 100644
--- a/hw/intc/xive.c
+++ b/hw/intc/xive.c
@@ -682,6 +682,7 @@ Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp)
obj = object_new(TYPE_XIVE_TCTX);
object_property_add_child(cpu, TYPE_XIVE_TCTX, obj, &error_abort);
object_unref(obj);
+ object_ref(cpu);
object_property_add_const_link(obj, "cpu", cpu, &error_abort);
object_property_set_bool(obj, true, "realized", &local_err);
if (local_err) {
@@ -698,7 +699,10 @@ error:
void xive_tctx_destroy(XiveTCTX *tctx)
{
- object_unparent(OBJECT(tctx));
+ Object *obj = OBJECT(tctx);
+
+ object_unref(object_property_get_link(obj, "cpu", &error_abort));
+ object_unparent(obj);
}
/*
--
2.23.0
next prev parent reply other threads:[~2019-11-18 10:55 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-18 10:53 [PULL v2 0/6] ppc-for-4.2 queue 2019-11-15 Laurent Vivier
2019-11-18 10:53 ` [PULL v2 1/6] ppc: Add intc_destroy() handlers to SpaprInterruptController/PnvChip Laurent Vivier
2019-11-18 10:53 ` Laurent Vivier [this message]
2019-11-18 10:53 ` [PULL v2 3/6] ppc: Skip partially initialized vCPUs in 'info pic' Laurent Vivier
2019-11-18 10:53 ` [PULL v2 4/6] spapr: Add /chosen to FDT only at reset time to preserve kernel and initramdisk Laurent Vivier
2019-12-03 15:57 ` Laurent Vivier
2019-12-03 16:09 ` Laurent Vivier
2019-12-04 4:23 ` Alexey Kardashevskiy
2019-12-04 4:40 ` Alexey Kardashevskiy
2019-12-04 10:32 ` Laurent Vivier
2019-12-05 4:26 ` Alexey Kardashevskiy
2019-12-05 8:52 ` Laurent Vivier
2019-11-18 10:53 ` [PULL v2 5/6] spapr/kvm: Set default cpu model for all machine classes Laurent Vivier
2019-11-18 10:53 ` [PULL v2 6/6] mos6522: fix T1 and T2 timers Laurent Vivier
2019-11-18 13:47 ` [PULL v2 0/6] ppc-for-4.2 queue 2019-11-15 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191118105319.7658-3-lvivier@redhat.com \
--to=lvivier@redhat.com \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=mark.cave-ayland@ilande.co.uk \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).