Laszlo Ersek <ler...@redhat.com> writes: > On 03/04/19 18:50, Markus Armbruster wrote: > >> Alright, we can call object_get_class(dev_obj)->unparent(dev_obj). >> >> Final complication: if I call just that, the device's reference counter >> goes down to zero in the middle of device_unparent(), and we use after >> free. So I bracket he call with object_ref() and object_unref(). > > I don't think that requiring such a bracketing is necessarily a problem. > I vaguely remember reviewing a kernel patch 6 or so years ago where the > patch used the same idea, with those "get" and "put" functions (the bug > the patch was fixing was that the last reference was "temporarily" lost > mid-operation).
I don't regard it as problem. My voodoo coding just wasn't prepared for it. > So perhaps this can be addressed, for the general case, by extending the > documentation of device_unparent(). (The function has no documentation > at all, at the moment.) I know just enough to be dangerous here, not enough to write documentation. We really need a complete life cycle diagram for devices. The closest we have is the section on realization in qdev-core.h, which lets me divine only a part of the life cycle. The missing part I struggled with here is how to go from device state "created, not realized" to "destroyed".
