Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On Tue, Jun 05, 2012 at 12:52:02AM +0300, Michael S. Tsirkin wrote: > On Mon, Jun 04, 2012 at 04:15:56PM -0400, Jason Baron wrote: > > On Sun, May 20, 2012 at 05:57:45PM +0800, Amos Kong wrote: > > > Start VM with 8 multiple-function block devs, hot-removing > > > those block devs by 'device_del ...' would cause qemu abort. > > > > > > | (qemu) device_del virti0-0-0 > > > | (qemu) ** > > > |ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) > > > > > > It's a regression introduced by commit 57c9fafe > > > > > > > I found a similar assertion where the parent reference isn't cleared, > > doing: > > > > (qemu) device_add pci-bridge > > > > in the monitor. I posted for patches for it under: > > > > Subject: [Qemu-devel] [PATCH 0/2] pci: hotplug bridge fixes > > > > It's still an issue with the current tree. > > > > Thanks, > > > > -Jason > > I pushed your patches on my tree pci branch, care to test > there? > Yes, fixes are confirmed. Test case is quite simple: (qemu) device_add pci_bridge causes segfault without the 2 patches applied. Thanks, -Jason
Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On Mon, Jun 04, 2012 at 04:15:56PM -0400, Jason Baron wrote: > On Sun, May 20, 2012 at 05:57:45PM +0800, Amos Kong wrote: > > Start VM with 8 multiple-function block devs, hot-removing > > those block devs by 'device_del ...' would cause qemu abort. > > > > | (qemu) device_del virti0-0-0 > > | (qemu) ** > > |ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) > > > > It's a regression introduced by commit 57c9fafe > > > > I found a similar assertion where the parent reference isn't cleared, > doing: > > (qemu) device_add pci-bridge > > in the monitor. I posted for patches for it under: > > Subject: [Qemu-devel] [PATCH 0/2] pci: hotplug bridge fixes > > It's still an issue with the current tree. > > Thanks, > > -Jason I pushed your patches on my tree pci branch, care to test there?
Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On Sun, May 20, 2012 at 05:57:45PM +0800, Amos Kong wrote: > Start VM with 8 multiple-function block devs, hot-removing > those block devs by 'device_del ...' would cause qemu abort. > > | (qemu) device_del virti0-0-0 > | (qemu) ** > |ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) > > It's a regression introduced by commit 57c9fafe > I found a similar assertion where the parent reference isn't cleared, doing: (qemu) device_add pci-bridge in the monitor. I posted for patches for it under: Subject: [Qemu-devel] [PATCH 0/2] pci: hotplug bridge fixes It's still an issue with the current tree. Thanks, -Jason
Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On Wed, May 30, 2012 at 08:14:03AM +0300, Michael S. Tsirkin wrote: > On Wed, May 30, 2012 at 10:13:07AM +0800, Anthony Liguori wrote: > > On 05/20/2012 05:57 PM, Amos Kong wrote: > > >Start VM with 8 multiple-function block devs, hot-removing > > >those block devs by 'device_del ...' would cause qemu abort. > > > > > >| (qemu) device_del virti0-0-0 > > >| (qemu) ** > > >|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) > > > > > >It's a regression introduced by commit 57c9fafe > > > > > >The whole PCI slot should be removed once. Currently only one func > > >is cleaned in pci_unplug_device(), if you try to remove a single > > >func by monitor cmd. > > > > > >free_qdev() are called for all functions in slot, > > >but unparent_delete() is only called for one > > >function. > > > > > >--- > > >aliguori has a better resolution, better to do it in 1.2 > > > > > >v2: fix warning: too many arguments for format > > >v3: move object_unparent() to acpi_piix_eject_slot() > > > > > >Signed-off-by: Amos Kong > > > > Applied. Thanks. > > > > Regards, > > > > Anthony Liguori BTW git log shows for this commit: Signed-off-by: Any idea why?
Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On Wed, May 30, 2012 at 10:13:07AM +0800, Anthony Liguori wrote:
> On 05/20/2012 05:57 PM, Amos Kong wrote:
> >Start VM with 8 multiple-function block devs, hot-removing
> >those block devs by 'device_del ...' would cause qemu abort.
> >
> >| (qemu) device_del virti0-0-0
> >| (qemu) **
> >|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
> >
> >It's a regression introduced by commit 57c9fafe
> >
> >The whole PCI slot should be removed once. Currently only one func
> >is cleaned in pci_unplug_device(), if you try to remove a single
> >func by monitor cmd.
> >
> >free_qdev() are called for all functions in slot,
> >but unparent_delete() is only called for one
> >function.
> >
> >---
> >aliguori has a better resolution, better to do it in 1.2
> >
> >v2: fix warning: too many arguments for format
> >v3: move object_unparent() to acpi_piix_eject_slot()
> >
> >Signed-off-by: Amos Kong
>
> Applied. Thanks.
>
> Regards,
>
> Anthony Liguori
>
> >---
> > hw/acpi_piix4.c |1 +
> > hw/pci.c|1 -
> > 2 files changed, 1 insertions(+), 1 deletions(-)
> >
> >diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
> >index 585da4e..0345490 100644
> >--- a/hw/acpi_piix4.c
> >+++ b/hw/acpi_piix4.c
> >@@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s,
> >unsigned slots)
> > if (pc->no_hotplug) {
> > slot_free = false;
> > } else {
> >+object_unparent(OBJECT(dev));
> > qdev_free(qdev);
> > }
> > }
Does shpc need this too now?
> >diff --git a/hw/pci.c b/hw/pci.c
> >index b706e69..c1ebdde 100644
> >--- a/hw/pci.c
> >+++ b/hw/pci.c
> >@@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev)
> > qerror_report(QERR_DEVICE_NO_HOTPLUG,
> > object_get_typename(OBJECT(dev)));
> > return -1;
> > }
> >-object_unparent(OBJECT(dev));
> > return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
> > PCI_HOTPLUG_DISABLED);
> > }
Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On 05/20/2012 05:57 PM, Amos Kong wrote:
Start VM with 8 multiple-function block devs, hot-removing
those block devs by 'device_del ...' would cause qemu abort.
| (qemu) device_del virti0-0-0
| (qemu) **
|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
It's a regression introduced by commit 57c9fafe
The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.
free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.
---
aliguori has a better resolution, better to do it in 1.2
v2: fix warning: too many arguments for format
v3: move object_unparent() to acpi_piix_eject_slot()
Signed-off-by: Amos Kong
Applied. Thanks.
Regards,
Anthony Liguori
---
hw/acpi_piix4.c |1 +
hw/pci.c|1 -
2 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 585da4e..0345490 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned
slots)
if (pc->no_hotplug) {
slot_free = false;
} else {
+object_unparent(OBJECT(dev));
qdev_free(qdev);
}
}
diff --git a/hw/pci.c b/hw/pci.c
index b706e69..c1ebdde 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev)
qerror_report(QERR_DEVICE_NO_HOTPLUG,
object_get_typename(OBJECT(dev)));
return -1;
}
-object_unparent(OBJECT(dev));
return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
PCI_HOTPLUG_DISABLED);
}
Re: [Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
On Sun, May 20, 2012 at 05:57:45PM +0800, Amos Kong wrote:
> Start VM with 8 multiple-function block devs, hot-removing
> those block devs by 'device_del ...' would cause qemu abort.
>
> | (qemu) device_del virti0-0-0
> | (qemu) **
> |ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
>
> It's a regression introduced by commit 57c9fafe
>
> The whole PCI slot should be removed once. Currently only one func
> is cleaned in pci_unplug_device(), if you try to remove a single
> func by monitor cmd.
>
> free_qdev() are called for all functions in slot,
> but unparent_delete() is only called for one
> function.
>
> ---
> aliguori has a better resolution, better to do it in 1.2
>
> v2: fix warning: too many arguments for format
> v3: move object_unparent() to acpi_piix_eject_slot()
>
> Signed-off-by: Amos Kong
commit is mangled up a bit. It should be:
subject:
commit log
Signed-off-by:
---
Versioning info
diff
No need to repost just we that. But we also need to update other pci
hotplug users: hw//shpc.c hw//pcie.c
Not sure about pci-hotplug.c (calls qdev_free on error
handling) - add a virtio blk function with wrong drive
parameter using pci_add and see. Anything else?
> ---
> hw/acpi_piix4.c |1 +
> hw/pci.c|1 -
> 2 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
> index 585da4e..0345490 100644
> --- a/hw/acpi_piix4.c
> +++ b/hw/acpi_piix4.c
> @@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s,
> unsigned slots)
> if (pc->no_hotplug) {
> slot_free = false;
> } else {
> +object_unparent(OBJECT(dev));
> qdev_free(qdev);
> }
> }
> diff --git a/hw/pci.c b/hw/pci.c
> index b706e69..c1ebdde 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev)
> qerror_report(QERR_DEVICE_NO_HOTPLUG,
> object_get_typename(OBJECT(dev)));
> return -1;
> }
> -object_unparent(OBJECT(dev));
> return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
> PCI_HOTPLUG_DISABLED);
> }
> --
> 1.7.1
[Qemu-devel] [PATCH v3] pci: call object_unparent() before free_qdev()
Start VM with 8 multiple-function block devs, hot-removing
those block devs by 'device_del ...' would cause qemu abort.
| (qemu) device_del virti0-0-0
| (qemu) **
|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
It's a regression introduced by commit 57c9fafe
The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.
free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.
---
aliguori has a better resolution, better to do it in 1.2
v2: fix warning: too many arguments for format
v3: move object_unparent() to acpi_piix_eject_slot()
Signed-off-by: Amos Kong
---
hw/acpi_piix4.c |1 +
hw/pci.c|1 -
2 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 585da4e..0345490 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned
slots)
if (pc->no_hotplug) {
slot_free = false;
} else {
+object_unparent(OBJECT(dev));
qdev_free(qdev);
}
}
diff --git a/hw/pci.c b/hw/pci.c
index b706e69..c1ebdde 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev)
qerror_report(QERR_DEVICE_NO_HOTPLUG,
object_get_typename(OBJECT(dev)));
return -1;
}
-object_unparent(OBJECT(dev));
return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
PCI_HOTPLUG_DISABLED);
}
--
1.7.1
