On 01/11/2018 11:44, Igor Mammedov wrote: > object_new() returns a new backend with refcount == 1 and > then later object_property_add_child() increases refcount to 2 > So when ivshmem is desroyed, the backend it has created isn't > destroyed along with it as children cleanup will bring > backend's refcount only to 1, which leaks backend including > resources it is using. > > Drop the original reference from object_new() once backend > is attached to its parent. > > Signed-off-by: Igor Mammedov <imamm...@redhat.com> > --- > hw/misc/ivshmem.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c > index f88910e..ecfd10a 100644 > --- a/hw/misc/ivshmem.c > +++ b/hw/misc/ivshmem.c > @@ -1279,6 +1279,7 @@ static void desugar_shm(IVShmemState *s) > object_property_set_bool(obj, true, "share", &error_abort); > object_property_add_child(OBJECT(s), "internal-shm-backend", obj, > &error_abort); > + object_unref(obj); > user_creatable_complete(obj, &error_abort); > s->hostmem = MEMORY_BACKEND(obj); > } >
Queued, thanks. Paolo
