On Wed, Mar 09, 2022 at 11:40:15AM +0100, Philippe Mathieu-Daudé wrote: > Cc'ing David / Peter > > On 9/3/22 11:33, Peter Maydell wrote: > > Hi; does anybody know how device reference counting is supposed > > to work when the device creates a "container" MemoryRegion which > > it then puts some of its own subregions in to? > > > > As far as I can see when you do memory_region_add_subregion it > > increases the refcount on the owner of the subregion. So if a > > device creates a container MR in its own init or realize method > > and adds sub-MRs that it owns to that container, this increases > > the refcount on the device permanently, and so the device won't > > ever be deinited. > > > > As a specific example, the usb-chipidea device does this in its > > init method, so if you run the arm device-introspect-test under > > leak-sanitizer it complains about a memory leak that happens > > when the device is put through the "init-introspect-deref" cycle.
I'm not extremely sure about this, but.. does it mean that the device may better put any of the add-subregion operations into realize() rather than instance_init()? Then in the unrealize() of the devices we should do proper del-subregion to release these refcounts. Otherwise indeed I don't see a good way to destroy the device anymore, because the assumption is after device initialized, only with that will the object_unref() continue to work on the device.. That means, perhaps in object_init_with_type() we should make sure the object refcount==1 after the ->instance_init() call? -- Peter Xu