On 05/03/2020 06:54, Pan Nengyuan wrote: > This series delay timer_new from init into realize to avoid memleaks when we > call 'device_list_properties'. > And do timer_free only in s390x_cpu_finalize because it's hotplugable. > However, mos6522_realize is never called > at all due to the incorrect creation of it. So we aslo fix the incorrect > creation in mac_via first, then move the > timer_new to mos6522_realize(). > > v1: > - Delay timer_new() from init() to realize() to fix memleaks. > v2: > - Similarly to other cleanups, move timer_new into realize in > target/s390x/cpu.c (Suggested by Philippe Mathieu-Daudé). > - Send these two patches as a series instead of send each as a single > patch but with wrong subject in v1. > v3: > - It's not valid in mos6522 if we move timer_new from init to realize, > because it's never called at all. > Thus, we remove null check in reset, and add calls to mos6522_realize() > in mac_via_realize to make this move to be valid. > - split patch by device to make it more clear. > v4: > - Aslo do timer_free on the error path in realize() and fix some coding > style. Then use device_class_set_parent_unrealize to declare unrealize. > - split the mos6522 patch into two, one to fix incorrect creation of > mos6522, the other to fix memleak. > > Pan Nengyuan (3): > s390x: fix memleaks in cpu_finalize > mac_via: fix incorrect creation of mos6522 device in mac_via > hw/misc/mos6522: move timer_new from init() into realize() to avoid > memleaks > > hw/misc/mac_via.c | 43 +++++++++++++++++++++++++++++------------- > hw/misc/mos6522.c | 6 ++++++ > target/s390x/cpu-qom.h | 1 + > target/s390x/cpu.c | 41 ++++++++++++++++++++++++++++++++++++---- > 4 files changed, 74 insertions(+), 17 deletions(-)
I just tried this patchset applied on top of git master and it causes qemu-system-ppc to segfault on startup: $ gdb --args ./qemu-system-ppc ... ... Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault. 0x0000555555e7e38c in timer_del (ts=0x0) at util/qemu-timer.c:429 429 QEMUTimerList *timer_list = ts->timer_list; (gdb) bt #0 0x0000555555e7e38c in timer_del (ts=0x0) at util/qemu-timer.c:429 #1 0x0000555555b5d2c1 in mos6522_reset (dev=0x555556e0ac50) at hw/misc/mos6522.c:468 #2 0x0000555555b63570 in mos6522_cuda_reset (dev=0x555556e0ac50) at hw/misc/macio/cuda.c:599 #3 0x0000555555ad9dd5 in device_transitional_reset (obj=0x555556e0ac50) at hw/core/qdev.c:1136 #4 0x0000555555ae0755 in resettable_phase_hold (obj=0x555556e0ac50, opaque=0x0, type=RESET_TYPE_COLD) at hw/core/resettable.c:182 #5 0x0000555555add5f8 in bus_reset_child_foreach (obj=0x555556a472a0, cb=0x555555ae0605 <resettable_phase_hold>, opaque=0x0, type=RESET_TYPE_COLD) at hw/core/bus.c:94 #6 0x0000555555ae0418 in resettable_child_foreach (rc=0x55555696af80, obj=0x555556a472a0, cb=0x555555ae0605 <resettable_phase_hold>, opaque=0x0, type=RESET_TYPE_COLD) at hw/core/resettable.c:96 #7 0x0000555555ae06db in resettable_phase_hold (obj=0x555556a472a0, opaque=0x0, type=RESET_TYPE_COLD) at hw/core/resettable.c:173 #8 0x0000555555ae02ab in resettable_assert_reset (obj=0x555556a472a0, type=RESET_TYPE_COLD) at hw/core/resettable.c:60 #9 0x0000555555ae01ef in resettable_reset (obj=0x555556a472a0, type=RESET_TYPE_COLD) at hw/core/resettable.c:45 #10 0x0000555555ae0afa in resettable_cold_reset_fn (opaque=0x555556a472a0) at hw/core/resettable.c:269 #11 0x0000555555ae13a0 in qemu_devices_reset () at hw/core/reset.c:69 #12 0x000055555597d54c in qemu_system_reset (reason=SHUTDOWN_CAUSE_NONE) at /home/build/src/qemu/git/qemu/softmmu/vl.c:1393 #13 0x00005555559855bb in qemu_init (argc=1, argv=0x7fffffffea78, envp=0x7fffffffea88) at /home/build/src/qemu/git/qemu/softmmu/vl.c:4418 #14 0x0000555555e1b646 in main (argc=1, argv=0x7fffffffea78, envp=0x7fffffffea88) at /home/build/src/qemu/git/qemu/softmmu/main.c:48 Possibly related to some of the new reset changes? ATB, Mark.
