On Wed, 9 Mar 2022 at 16:53, Peter Maydell <peter.mayd...@linaro.org> wrote: > > On Wed, 9 Mar 2022 at 16:21, Paolo Bonzini <pbonz...@redhat.com> wrote: > > > > On 3/9/22 11:33, Peter Maydell wrote: > > > Hi; does anybody know how device reference counting is supposed > > > to work when the device creates a "container" MemoryRegion which > > > it then puts some of its own subregions in to? > > > > > > As far as I can see when you do memory_region_add_subregion it > > > increases the refcount on the owner of the subregion. So if a > > > device creates a container MR in its own init or realize method > > > and adds sub-MRs that it owns to that container, this increases > > > the refcount on the device permanently, and so the device won't > > > ever be deinited. > > > > The unparent method is supposed to break reference cycles. > > > > In the case of QOM, unparent calls unrealize, so unrealize should remove > > the subregions it created. > > It seems asymmetric for unrealize to undo something that was > done in instance_init, though. I would expect unrealize to > undo the effects of realize, and instance_finalize to undo > the effects of instance_init.
...also, in the device-introspect-test where I see this problem, unrealize is never going to be called anyway, because the device is only put through "instance_init" and then dereffed (which does not result in instance_finalize being called, because the refcount is still non-zero). -- PMM
