Re: [PATCH v4 0/3] delay timer_new from init to realize to fix memleaks.

[Mark Cave-Ayland]

On 05/03/2020 06:54, Pan Nengyuan wrote:

> This series delay timer_new from init into realize to avoid memleaks when we 
> call 'device_list_properties'.
> And do timer_free only in s390x_cpu_finalize because it's hotplugable. 
> However, mos6522_realize is never called 
> at all due to the incorrect creation of it. So we aslo fix the incorrect 
> creation in mac_via first, then move the
> timer_new to mos6522_realize().
> 
> v1:
>    - Delay timer_new() from init() to realize() to fix memleaks.
> v2:
>    - Similarly to other cleanups, move timer_new into realize in 
> target/s390x/cpu.c (Suggested by Philippe Mathieu-Daudé).
>    - Send these two patches as a series instead of send each as a single 
> patch but with wrong subject in v1.
> v3:
>    - It's not valid in mos6522 if we move timer_new from init to realize, 
> because it's never called at all.
>      Thus, we remove null check in reset, and add calls to mos6522_realize() 
> in mac_via_realize to make this move to be valid.
>    - split patch by device to make it more clear.
> v4:
>    - Aslo do timer_free on the error path in realize() and fix some coding 
> style. Then use device_class_set_parent_unrealize to declare unrealize. 
>    - split the mos6522 patch into two, one to fix incorrect creation of 
> mos6522, the other to fix memleak.
> 
> Pan Nengyuan (3):
>   s390x: fix memleaks in cpu_finalize
>   mac_via: fix incorrect creation of mos6522 device in mac_via
>   hw/misc/mos6522: move timer_new from init() into realize() to avoid
>     memleaks
> 
>  hw/misc/mac_via.c      | 43 +++++++++++++++++++++++++++++-------------
>  hw/misc/mos6522.c      |  6 ++++++
>  target/s390x/cpu-qom.h |  1 +
>  target/s390x/cpu.c     | 41 ++++++++++++++++++++++++++++++++++++----
>  4 files changed, 74 insertions(+), 17 deletions(-)

I just tried this patchset applied on top of git master and it causes 
qemu-system-ppc
to segfault on startup:

$ gdb --args ./qemu-system-ppc
...
...
Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
0x0000555555e7e38c in timer_del (ts=0x0) at util/qemu-timer.c:429
429         QEMUTimerList *timer_list = ts->timer_list;
(gdb) bt
#0  0x0000555555e7e38c in timer_del (ts=0x0) at util/qemu-timer.c:429
#1  0x0000555555b5d2c1 in mos6522_reset (dev=0x555556e0ac50) at 
hw/misc/mos6522.c:468
#2  0x0000555555b63570 in mos6522_cuda_reset (dev=0x555556e0ac50) at
hw/misc/macio/cuda.c:599
#3  0x0000555555ad9dd5 in device_transitional_reset (obj=0x555556e0ac50) at
hw/core/qdev.c:1136
#4  0x0000555555ae0755 in resettable_phase_hold (obj=0x555556e0ac50, opaque=0x0,
type=RESET_TYPE_COLD) at hw/core/resettable.c:182
#5  0x0000555555add5f8 in bus_reset_child_foreach (obj=0x555556a472a0,
cb=0x555555ae0605 <resettable_phase_hold>, opaque=0x0, type=RESET_TYPE_COLD) at
hw/core/bus.c:94
#6  0x0000555555ae0418 in resettable_child_foreach (rc=0x55555696af80,
obj=0x555556a472a0, cb=0x555555ae0605 <resettable_phase_hold>, opaque=0x0,
type=RESET_TYPE_COLD) at hw/core/resettable.c:96
#7  0x0000555555ae06db in resettable_phase_hold (obj=0x555556a472a0, opaque=0x0,
type=RESET_TYPE_COLD) at hw/core/resettable.c:173
#8  0x0000555555ae02ab in resettable_assert_reset (obj=0x555556a472a0,
type=RESET_TYPE_COLD) at hw/core/resettable.c:60
#9  0x0000555555ae01ef in resettable_reset (obj=0x555556a472a0, 
type=RESET_TYPE_COLD)
at hw/core/resettable.c:45
#10 0x0000555555ae0afa in resettable_cold_reset_fn (opaque=0x555556a472a0) at
hw/core/resettable.c:269
#11 0x0000555555ae13a0 in qemu_devices_reset () at hw/core/reset.c:69
#12 0x000055555597d54c in qemu_system_reset (reason=SHUTDOWN_CAUSE_NONE) at
/home/build/src/qemu/git/qemu/softmmu/vl.c:1393
#13 0x00005555559855bb in qemu_init (argc=1, argv=0x7fffffffea78,
envp=0x7fffffffea88) at /home/build/src/qemu/git/qemu/softmmu/vl.c:4418
#14 0x0000555555e1b646 in main (argc=1, argv=0x7fffffffea78, 
envp=0x7fffffffea88) at
/home/build/src/qemu/git/qemu/softmmu/main.c:48


Possibly related to some of the new reset changes?


ATB,

Mark.