Re: [Qemu-devel] [PATCH 1/3] virtio-ccw: remove qdev_unparent in unplug routing

Paolo Bonzini Mon, 25 Feb 2013 02:44:30 -0800

Il 25/02/2013 09:09, Christian Borntraeger ha scritto:
> Hmm, the old sequence was 
> 
>      object_unparent(OBJECT(dev));
>      qdev_free(dev) ---+
>                        |
>                        V
> ...
>            object_unparent(OBJECT(dev));  now the last reference is gone, 
> object is freed
>            object_unref(OBJECT(dev));     now the reference of a deleted 
> object becomes -1
> ...
> 
> Isnt that a problem in itself that we modify a reference counter in an 
> deleted object?


The second object_unparent should do nothing.  So before you had:

      object_unparent(OBJECT(dev));         leaves refcount=1
      qdev_free(dev) ---+
                        |
                        V
             object_unparent(OBJECT(dev));  do nothing
             object_unref(OBJECT(dev));     refcount=0, object freed

After the object_unref was removed you had:

      object_unparent(OBJECT(dev));         refcount=0, object freed
      qdev_free(dev) ---+
                        |
                        V
             object_unparent(OBJECT(dev));  dangling pointer!

Paolo

Re: [Qemu-devel] [PATCH 1/3] virtio-ccw: remove qdev_unparent in unplug routing

Reply via email to