From abed886ec60cf239a03515cf0b30fb11fa964c44 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 19 Oct 2015 13:11:39 +0200 Subject: [PATCH] qdev: Free QemuOpts when the QOM path goes away MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Otherwise there is a race where the DEVICE_DELETED event has been sent but attempts to reuse the ID will fail. Note that similar races exist for other QemuOpts, which this patch does not attempt to fix. For example, if the device is a block device, then unplugging it also deletes its backend. However, this backend's get deleted in drive_info_del(), which is only called when properties are destroyed. Just like device_finalize(), drive_info_del() is called some time after DEVICE_DELETED is sent. A separate patch series has been sent to plug this other bug. Character devices also have yet to be fixed. Reported-by: Michael S. Tsirkin Signed-off-by: Paolo Bonzini Reviewed-by: Markus Armbruster Signed-off-by: Andreas Färber --- hw/core/qdev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/core/qdev.c b/hw/core/qdev.c index 2c7101d..44bf790 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -1206,7 +1206,6 @@ static void device_finalize(Object *obj) NamedGPIOList *ngl, *next; DeviceState *dev = DEVICE(obj); - qemu_opts_del(dev->opts); QLIST_FOREACH_SAFE(ngl, &dev->gpios, node, next) { QLIST_REMOVE(ngl, node); @@ -1254,6 +1253,9 @@ static void device_unparent(Object *obj) qapi_event_send_device_deleted(!!dev->id, dev->id, path, &error_abort); g_free(path); } + + qemu_opts_del(dev->opts); + dev->opts = NULL; } static void device_class_init(ObjectClass *class, void *data) -- 2.7.4