From: Liu Ping Fan <pingfank@xxxxxxxxxxxxxxxxxx>
iohandler/bh/timer may use DeviceState when its refcnt=0,
postpone the reclaimer till they have done with it.
Signed-off-by: Liu Ping Fan <pingfank@xxxxxxxxxxxxxxxxxx>
---
include/qemu/object.h | 2 +-
main-loop.c | 4 ++++
main-loop.h | 2 ++
qemu-tool.c | 4 ++++
qom/Makefile.objs | 2 +-
qom/object.c | 7 ++++++-
qom/reclaimer.c | 41 +++++++++++++++++++++++++++++++++++++++++
7 files changed, 59 insertions(+), 3 deletions(-)
create mode 100644 qom/reclaimer.c
diff --git a/include/qemu/object.h b/include/qemu/object.h
index 8b17776..b233ee4 100644
--- a/include/qemu/object.h
+++ b/include/qemu/object.h
@@ -958,5 +958,5 @@ int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
*/
Object *container_get(Object *root, const char *path);
-
+void qemu_reclaimer_enqueue(Object *obj);
#endif
diff --git a/main-loop.c b/main-loop.c
index eb3b6e6..f9cecc5 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -505,5 +505,9 @@ int main_loop_wait(int nonblocking)
them. */
qemu_bh_poll();
+ /* ref to device from iohandler/bh/timer do not obey the rules, so delay
+ * reclaiming until now.
+ */
+ qemu_device_reclaimer();
return ret;
}
diff --git a/main-loop.h b/main-loop.h
index cedddf5..1a59a6d 100644
--- a/main-loop.h
+++ b/main-loop.h
@@ -367,4 +367,6 @@ void qemu_bh_schedule_idle(QEMUBH *bh);
int qemu_bh_poll(void);
void qemu_bh_update_timeout(uint32_t *timeout);
+void qemu_device_reclaimer(void);
+
#endif
diff --git a/qemu-tool.c b/qemu-tool.c
index 318c5fc..34d959b 100644
--- a/qemu-tool.c
+++ b/qemu-tool.c
@@ -75,6 +75,10 @@ void qemu_mutex_unlock_iothread(void)
{
}
+void qemu_device_reclaimer(void)
+{
+}
+
int use_icount;
void qemu_clock_warp(QEMUClock *clock)
diff --git a/qom/Makefile.objs b/qom/Makefile.objs
index 5ef060a..a579261 100644
--- a/qom/Makefile.objs
+++ b/qom/Makefile.objs
@@ -1,4 +1,4 @@
-qom-obj-y = object.o container.o qom-qobject.o
+qom-obj-y = object.o container.o qom-qobject.o reclaimer.o
qom-obj-twice-y = cpu.o
common-obj-y = $(qom-obj-twice-y)
user-obj-y = $(qom-obj-twice-y)
diff --git a/qom/object.c b/qom/object.c
index 00bb3b0..227d966 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -649,7 +649,12 @@ void object_unref(Object *obj)
/* parent always holds a reference to its children */
if (obj->ref == 0) {
- object_finalize(obj);
+ /* fixme, maybe introduce obj->finalze to make this more elegant */
+ if (object_dynamic_cast(obj, "TYPE_DEVICE") != NULL) {
+ qemu_reclaimer_enqueue(obj);
+ } else {
+ object_finalize(obj);
+ }
}
}
diff --git a/qom/reclaimer.c b/qom/reclaimer.c
new file mode 100644
index 0000000..2fb3410
--- /dev/null
+++ b/qom/reclaimer.c
@@ -0,0 +1,41 @@
+/*
+ * QEMU DeviceState reclaimer
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu-common.h"
+#include "qemu-thread.h"
+#include "main-loop.h"
+#include "qemu/object.h"
+
+typedef struct Chunk {
+ QLIST_ENTRY(Chunk) list;
+ Object *obj;
+} Chunk;
+
+static struct QemuMutex reclaimer_lock;
+static QLIST_HEAD(rcl, Chunk) reclaimer_list;
+
+void qemu_reclaimer_enqueue(Object *obj)
+{
+ Chunk *r = g_malloc0(sizeof(Chunk));
+ r->obj = obj;
+ qemu_mutex_lock(&reclaimer_lock);
+ QLIST_INSERT_HEAD_RCU(&reclaimer_list, r, list);
+ qemu_mutex_unlock(&reclaimer_lock);
+}
+
+void qemu_device_reclaimer(void)
+{
+ Chunk *cur, *next;
+
+ QLIST_FOREACH_SAFE(cur, &reclaimer_list, list, next) {
+ QLIST_REMOVE(cur, list);
+ object_finalize(cur->obj);
+ g_free(cur);
+ }
+}
--
1.7.4.4
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
