Hi, After Markus's "Several QOM objects crash on introspection" report, I started writing some unit test.
This series adds a new "qom-tests" qtest command that exercises basic QOM object life-cycle: it instantiates all non-abstract object types, gets/sets their properties, and unrefs them. This quickly surfaces leaks and crashes that could otherwise be triggered at runtime via QMP qom commands. The bulk of the series fixes the issues found by this test and ASan help. Some of the patches are redundant with patches sent earlier on the ML and marked as RFC, they should naturally be dropped during rebases, but are added for completeness and to make sure CI pass after this series in the meantime. Signed-off-by: Marc-André Lureau <[email protected]> --- Changes in v3: - update "hw/ipmi: reject NULL 'bmc'" & "hw/xlnx_dp: reject NULL 'dpdma'" - fixed user-only build in target/riscv patch - add "ui/vt100: add vt100_fini() check" patch - rebased after PR with first half of series patches landed - Link to v2: https://lore.kernel.org/qemu-devel/[email protected] Changes in v2: - tweak error messages - drop "qom: skip link property check callback", instead added two patches to avoid crash on NULL link check, and doc update - drop "RFC system/ioport" in favour of Peter Xu fix - added "hw/fsi: move OPBus qbus_init() to instance_init" to address TODO comment - added "target/riscv: use hash table as set for user_options" - gather a-b/r-b trailers - Link to v1: https://lore.kernel.org/qemu-devel/[email protected] --- Marc-André Lureau (24): ui/vt100: add vt100_fini() check hw/pci: handle missing bus in prop_pci_busnr_get chardev/char-socket: handle NULL addr in char_socket_get_addr hw/pci-bridge: handle missing parent in prop_pxb_uid_get hw/pci-host/i440fx: handle NULL bus in pci-hole64 getters hw/pci-host/q35: handle NULL bus in pci-hole64 getters hw/ipmi: reject NULL 'bmc' property rather than crash hw/xlnx_dp: reject NULL 'dpdma' property rather than crash hw/intc/apic: move checks to realize() backends/cryptodev-lkcf: skip cleanup when not initialized system/ioport: minor code simplification hw/core/machine: free shim_filename on finalization net/filter: free old values in property setters target/i386/sev: add finalize functions and fix leaking setters target/i386/kvm/tdx: free strings in tdx_guest_finalize hw/i386/nitro_enclave: add instance finalize hw/i386/pc: free pcspk on finalization hw/tpm: free PPI buffer on finalization hw/loongarch/virt: free flash devices and OEM strings on finalization hw/ppc/spapr: free host_model and host_serial on finalization target/riscv: fix general_user_opts hash table leak target/riscv: use hash table as set for user_options hw/i2c/pmbus: fix undefined behavior in pmbus_direct_mode2data qtest: add "qom-tests" command target/riscv/cpu.h | 3 ++- tests/qtest/libqtest.h | 8 ++++++ backends/cryptodev-lkcf.c | 4 +++ chardev/char-socket.c | 4 +++ hw/core/machine.c | 1 + hw/display/xlnx_dp.c | 6 +++++ hw/i2c/pmbus_device.c | 4 +-- hw/i386/nitro_enclave.c | 11 ++++++++ hw/i386/pc.c | 10 +++++++ hw/intc/apic_common.c | 23 +++++++++------- hw/ipmi/ipmi.c | 8 +++++- hw/loongarch/virt.c | 14 ++++++++++ hw/pci-bridge/pci_expander_bridge.c | 8 +++++- hw/pci-host/i440fx.c | 15 +++++++++-- hw/pci-host/q35.c | 15 +++++++++-- hw/pci/pci.c | 11 ++++++-- hw/ppc/spapr.c | 2 ++ hw/tpm/tpm_tis_sysbus.c | 9 +++++++ net/filter.c | 2 ++ system/ioport.c | 3 +-- system/qtest.c | 46 ++++++++++++++++++++++++++++++++ target/i386/cpu-apic.c | 6 +---- target/i386/kvm/tdx.c | 5 ++++ target/i386/sev.c | 37 ++++++++++++++++++++++++++ target/riscv/cpu.c | 53 ++++++++++++++++++++++--------------- target/riscv/kvm/kvm-cpu.c | 6 ++--- tests/qtest/libqtest.c | 6 +++++ tests/qtest/qom-test.c | 12 +++++++++ ui/vt100.c | 3 +++ 29 files changed, 282 insertions(+), 53 deletions(-) --- base-commit: 0bbb0c2b65db64c161f91d10a89269e6d319d2a7 change-id: 20260427-qom-tests-9dcf3b969411 Best regards, -- Marc-André Lureau <[email protected]>
