pci: call object_unparent() before free_qdev()
authorAmos Kong <kongjianjun@gmail.com>
Sun, 20 May 2012 09:57:45 +0000 (17:57 +0800)
committerAnthony Liguori <aliguori@us.ibm.com>
Wed, 30 May 2012 01:19:24 +0000 (20:19 -0500)
Start VM with 8 multiple-function block devs, hot-removing
those block devs by 'device_del ...' would cause qemu abort.

| (qemu) device_del virti0-0-0
| (qemu) **
|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)

It's a regression introduced by commit 57c9fafe

The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.

free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.

Signed-off-by: XXXX
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
hw/acpi_piix4.c
hw/pci.c

index 585da4e3eb937ee4583c40c72102da1a42dcc265..0345490ee095d0184954b8a462eaf3e96fdf36cf 100644 (file)
@@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned slots)
             if (pc->no_hotplug) {
                 slot_free = false;
             } else {
+                object_unparent(OBJECT(dev));
                 qdev_free(qdev);
             }
         }
index b706e6980a6184b389632b4da056166866b40081..c1ebdde91e9de22823bacf8ec8d96df4aceab678 100644 (file)
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev)
         qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(dev)));
         return -1;
     }
-    object_unparent(OBJECT(dev));
     return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
                              PCI_HOTPLUG_DISABLED);
 }