These patches fix problems in the handling of freeing QOM/qdev objects. Together, they fix hot-unplug of USB mass storage devices, which crashed with an assertion failure.
I'm not 100% sure, but I think we were always leaking the scsi-disk in pre-QOM days. Now we're freeing it properly, and the assertion proves it. However, I don't like particularly the assertion in object_delete. Once we're sure we've fixed all bugs, we should remove it, because it prevents a fully correct tracking of references. In this case, for example, there is still one reference to the scsi-disk in the MSDState's scsi_dev member. We don't have neither an object_ref nor an object_unref for it, so it happens to work. If we had an object_ref, the matching object_unref would be in dc->exit. But then we'd trip on the assertion failure again, because the SCSI bus is removed (thus calling qdev_free on the scsi-dev) before dc->exit is called. I have more patches to actually make the reference count of devices and buses fully correct, but they are even more scary than these, so they should wait for 1.4. Paolo Bonzini (5): qom: fix refcount of non-heap-allocated objects qdev: move bus removal to object_unparent qom: make object_delete usable for statically-allocated objects qdev: simplify (de)allocation of buses qom: make object_finalize static hw/qdev-core.h | 5 ----- hw/qdev.c | 26 ++++++++++++++------------ hw/pci.c | 2 +- hw/sysbus.c | 2 +- include/qemu/object.h | 29 ++++++++++++++++++++--------- qom/object.c | 12 +++++++++--- 6 files changed, 45 insertions(+), 31 deletions(-) -- 1.8.0
