On Sun, Dec 20, 2020 at 10:25:25AM +0100, Paolo Bonzini wrote: > On 18/12/20 23:32, Eduardo Habkost wrote: > > Who owns the FlatView reference, exactly? > > The AddressSpace. The device creates the AddressSpace, which holds a > reference to the MemoryRegion through FlatView and AddressSpaceDispatch, > which holds a reference to the device. > > By destroying the address space that it created, the device can break the > reference loop. > > > If the FlatView reference is owned by the MemoryRegion, we have a > > reference loop: the device holds a reference to the MemoryRegion, > > which owns the FlatView, which holds a reference to the device. > > In this case, who owns the reference loop and is responsible for > > breaking it? > > The reference loop is owned by the device, which breaks it through unrealize > (called by unparent). > > instance_finalize by definition cannot break reference loops, so this means > that my suggestion of using address_space_init in instance_init was wrong.
Once we fix that, I suggest we add an assertion to make it illegal to call object_ref() on an object during instance_init. Do we know how many address_space_init() calls in instance_init we have today? -- Eduardo
