On 1/11/18 11:44, Igor Mammedov wrote:
object_new() returns a new backend with refcount == 1 and
then later object_property_add_child() increases refcount to 2
So when ivshmem is desroyed, the backend it has created isn't
^ "destroyed"
destroyed along with it as children cleanup will bring
backend's refcount only to 1, which leaks backend including
resources it is using.
Drop the original reference from object_new() once backend
is attached to its parent.
Signed-off-by: Igor Mammedov <imamm...@redhat.com>
---
hw/misc/ivshmem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index f88910e..ecfd10a 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -1279,6 +1279,7 @@ static void desugar_shm(IVShmemState *s)
object_property_set_bool(obj, true, "share", &error_abort);
object_property_add_child(OBJECT(s), "internal-shm-backend", obj,
&error_abort);
+ object_unref(obj);
user_creatable_complete(obj, &error_abort);
s->hostmem = MEMORY_BACKEND(obj);
}
