Re: QEMU device refcounting when device creates a container MR

[Peter Xu]

On Wed, Mar 09, 2022 at 11:40:15AM +0100, Philippe Mathieu-Daudé wrote:
> Cc'ing David / Peter
> 
> On 9/3/22 11:33, Peter Maydell wrote:
> > Hi; does anybody know how device reference counting is supposed
> > to work when the device creates a "container" MemoryRegion which
> > it then puts some of its own subregions in to?
> > 
> > As far as I can see when you do memory_region_add_subregion it
> > increases the refcount on the owner of the subregion. So if a
> > device creates a container MR in its own init or realize method
> > and adds sub-MRs that it owns to that container, this increases
> > the refcount on the device permanently, and so the device won't
> > ever be deinited.
> > 
> > As a specific example, the usb-chipidea device does this in its
> > init method, so if you run the arm device-introspect-test under
> > leak-sanitizer it complains about a memory leak that happens
> > when the device is put through the "init-introspect-deref" cycle.

I'm not extremely sure about this, but.. does it mean that the device may
better put any of the add-subregion operations into realize() rather than
instance_init()?  Then in the unrealize() of the devices we should do
proper del-subregion to release these refcounts.

Otherwise indeed I don't see a good way to destroy the device anymore,
because the assumption is after device initialized, only with that will the
object_unref() continue to work on the device..

That means, perhaps in object_init_with_type() we should make sure the
object refcount==1 after the ->instance_init() call?

-- 
Peter Xu