[v1] Fix various QOM object life-cycle issues

[PATCH 00/41] Fix various QOM object life-cycle issues

Marc-André Lureau posted 41 patches 3 weeks, 6 days ago

Diff against v2 v3
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260427-qom-tests-v1-0-c413f3605311@redhat.com

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, "Gonglei (Arei)" <arei.gonglei@huawei.com>, zhenwei pi <zhenwei.pi@linux.dev>, Gerd Hoffmann <kraxel@redhat.com>, Stefano Garzarella <sgarzare@redhat.com>, Ani Sinha <anisinha@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, "Cédric Le Goater" <clg@kaod.org>, Peter Maydell <peter.maydell@linaro.org>, Steven Lee <steven_lee@aspeedtech.com>, Troy Lee <leetroy@gmail.com>, Jamin Lin <jamin_lin@aspeedtech.com>, Kane Chen <kane_chen@aspeedtech.com>, Andrew Jeffery <andrew@codeconstruct.com.au>, Joel Stanley <joel@jms.id.au>, Leif Lindholm <leif.lindholm@oss.qualcomm.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Zhao Liu <zhao1.liu@intel.com>, Ninad Palsule <ninad@linux.ibm.com>, Glenn Miles <milesg@linux.ibm.com>, Titus Rwantare <titusr@google.com>, Alexander Graf <graf@amazon.com>, Dorjoy Chowdhury <dorjoychy111@gmail.com>, Richard Henderson <richard.henderson@linaro.org>, "Michael S. Tsirkin" <mst@redhat.com>, Song Gao <gaosong@loongson.cn>, Bibo Mao <maobibo@loongson.cn>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Nicholas Piggin <npiggin@gmail.com>, Aditya Gupta <adityag@linux.ibm.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Elena Ufimtseva <elena.ufimtseva@oracle.com>, Jagannathan Raman <jag.raman@oracle.com>, Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Chao Liu <chao.liu.zevorn@gmail.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Pavel Pisa <pisa@cmp.felk.cvut.cz>, Francisco Iglesias <francisco.iglesias@amd.com>, Vikram Garhwal <vikram.garhwal@bytedance.com>, Jason Wang <jasowang@redhat.com>, Zhang Chen <zhangckid@gmail.com>, Li Zhijian <lizhijian@fujitsu.com>, Fam Zheng <fam@euphon.net>, Peter Xu <peterx@redhat.com>, Fabiano Rosas <farosas@suse.de>, Laurent Vivier <lvivier@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>

There is a newer version of this series

tests/qtest/libqtest.h              |  8 ++++++
accel/kvm/kvm-all.c                 |  8 ++++++
backends/cryptodev-lkcf.c           |  4 +++
backends/igvm-cfg.c                 |  1 +
chardev/char-socket.c               |  4 +++
hw/arm/aspeed.c                     |  9 +++++++
hw/arm/sbsa-ref.c                   | 12 +++++++++
hw/arm/virt.c                       | 14 ++++++++++
hw/core/machine.c                   |  1 +
hw/core/resetcontainer.c            |  3 +++
hw/fsi/aspeed_apb2opb.c             | 31 +++++++++++++++------
hw/gpio/pca9552.c                   |  2 +-
hw/i2c/pmbus_device.c               |  4 +--
hw/i386/nitro_enclave.c             | 11 ++++++++
hw/i386/pc.c                        | 10 +++++++
hw/i386/x86.c                       |  9 +++++++
hw/intc/apic_common.c               |  2 +-
hw/loongarch/virt.c                 | 14 ++++++++++
hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
hw/pci-host/i440fx.c                | 15 +++++++++--
hw/pci-host/q35.c                   | 15 +++++++++--
hw/pci/pci.c                        | 11 ++++++--
hw/ppc/pnv.c                        |  1 +
hw/ppc/spapr.c                      |  2 ++
hw/remote/remote-obj.c              |  4 ++-
hw/remote/vfio-user-obj.c           |  4 ++-
hw/riscv/virt.c                     | 14 ++++++++++
hw/tpm/tpm_tis_sysbus.c             |  9 +++++++
io/net-listener.c                   |  9 ++++++-
net/can/can_socketcan.c             |  8 ++++++
net/colo-compare.c                  | 31 +++++++++++----------
net/filter.c                        |  2 ++
qom/object.c                        | 10 ++++---
scsi/pr-manager-helper.c            |  1 +
system/ioport.c                     |  4 ++-
system/qtest.c                      | 54 +++++++++++++++++++++++++++++++++++++
target/i386/kvm/tdx.c               |  5 ++++
target/i386/sev.c                   | 37 +++++++++++++++++++++++++
target/riscv/cpu.c                  |  7 +++++
tests/qtest/libqtest.c              |  6 +++++
tests/qtest/qom-test.c              | 12 +++++++++
ui/console-vc.c                     |  1 +
ui/console.c                        |  6 ++++-
43 files changed, 379 insertions(+), 44 deletions(-)

Expand all Fold all

[PATCH 00/41] Fix various QOM object life-cycle issues

Posted by Marc-André Lureau 3 weeks, 6 days ago

Hi,

After Markus's "Several QOM objects crash on introspection" report, I
started writing some unit test.

This series adds a new "qom-tests" qtest command that exercises basic QOM
object life-cycle: it instantiates all non-abstract object types, gets/sets
their properties, and unrefs them. This quickly surfaces leaks and crashes
that could otherwise be triggered at runtime via QMP qom commands.

The bulk of the series fixes the issues found by this test and ASan
help. Some of the patches are redundant with patches sent earlier on the
ML and marked as RFC, they should naturally be dropped during rebases,
but are added for completeness and to make sure CI pass after this
series in the meantime.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
Marc-André Lureau (41):
      hw/pci: handle missing bus in prop_pci_busnr_get
      chardev/char-socket: handle NULL addr in char_socket_get_addr
      hw/pci-bridge: handle missing parent in prop_pxb_uid_get
      hw/pci-host/i440fx: handle NULL bus in pci-hole64 getters
      hw/pci-host/q35: handle NULL bus in pci-hole64 getters
      hw/remote: check visit return in vfu_object_set_socket
      qom: skip link property check callback when clearing link
      hw/intc/apic: guard against NULL cpu in set_id
      RFC hw/remote: guard listener unregister in finalize
      backends/cryptodev-lkcf: skip cleanup when not initialized
      RFC io/net-listener: move mutex init to instance_init
      RFC net/colo-compare: guard finalize against uninitialized state
      RFC system/ioport: move embedded memory region cleanup to portio_list_destroy
      ui/console: remove console from global list on finalization
      hw/i386/x86: free oem_id and oem_table_id on finalization
      hw/core/machine: free shim_filename on finalization
      hw/core/resetcontainer: free children array on finalization
      net/filter: free old values in property setters
      ui/console-vc: destroy fifo on text console finalization
      target/i386/sev: add finalize functions and fix leaking setters
      target/i386/kvm/tdx: free strings in tdx_guest_finalize
      hw/i386/nitro_enclave: add instance finalize
      net/can: free ifname on socketcan finalization
      backends/igvm-cfg: free filename on finalization
      scsi/pr-manager-helper: free path on finalization
      accel/kvm: free device path on finalization
      system/qtest: free log path on finalization
      hw/i386/pc: free pcspk on finalization
      hw/fsi: move OPBus address space init to realize
      hw/gpio/pca9552: fix state_str leak in pca955x_set_led
      hw/arm/aspeed: free fmc_model and spi_model on finalization
      hw/tpm: free PPI buffer on finalization
      hw/arm/sbsa-ref: free unrealized flash devices on finalization
      hw/arm/virt: free flash devices and OEM strings on finalization
      hw/loongarch/virt: free flash devices and OEM strings on finalization
      hw/ppc/spapr: free host_model and host_serial on finalization
      hw/ppc/pnv: drop extra ref on PHB after adding as child
      target/riscv: fix general_user_opts hash table leak
      hw/riscv/virt: free flash devices and OEM strings on finalization
      hw/i2c/pmbus: fix undefined behavior in pmbus_direct_mode2data
      qtest: add "qom-tests" command

 tests/qtest/libqtest.h              |  8 ++++++
 accel/kvm/kvm-all.c                 |  8 ++++++
 backends/cryptodev-lkcf.c           |  4 +++
 backends/igvm-cfg.c                 |  1 +
 chardev/char-socket.c               |  4 +++
 hw/arm/aspeed.c                     |  9 +++++++
 hw/arm/sbsa-ref.c                   | 12 +++++++++
 hw/arm/virt.c                       | 14 ++++++++++
 hw/core/machine.c                   |  1 +
 hw/core/resetcontainer.c            |  3 +++
 hw/fsi/aspeed_apb2opb.c             | 31 +++++++++++++++------
 hw/gpio/pca9552.c                   |  2 +-
 hw/i2c/pmbus_device.c               |  4 +--
 hw/i386/nitro_enclave.c             | 11 ++++++++
 hw/i386/pc.c                        | 10 +++++++
 hw/i386/x86.c                       |  9 +++++++
 hw/intc/apic_common.c               |  2 +-
 hw/loongarch/virt.c                 | 14 ++++++++++
 hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
 hw/pci-host/i440fx.c                | 15 +++++++++--
 hw/pci-host/q35.c                   | 15 +++++++++--
 hw/pci/pci.c                        | 11 ++++++--
 hw/ppc/pnv.c                        |  1 +
 hw/ppc/spapr.c                      |  2 ++
 hw/remote/remote-obj.c              |  4 ++-
 hw/remote/vfio-user-obj.c           |  4 ++-
 hw/riscv/virt.c                     | 14 ++++++++++
 hw/tpm/tpm_tis_sysbus.c             |  9 +++++++
 io/net-listener.c                   |  9 ++++++-
 net/can/can_socketcan.c             |  8 ++++++
 net/colo-compare.c                  | 31 +++++++++++----------
 net/filter.c                        |  2 ++
 qom/object.c                        | 10 ++++---
 scsi/pr-manager-helper.c            |  1 +
 system/ioport.c                     |  4 ++-
 system/qtest.c                      | 54 +++++++++++++++++++++++++++++++++++++
 target/i386/kvm/tdx.c               |  5 ++++
 target/i386/sev.c                   | 37 +++++++++++++++++++++++++
 target/riscv/cpu.c                  |  7 +++++
 tests/qtest/libqtest.c              |  6 +++++
 tests/qtest/qom-test.c              | 12 +++++++++
 ui/console-vc.c                     |  1 +
 ui/console.c                        |  6 ++++-
 43 files changed, 379 insertions(+), 44 deletions(-)
---
base-commit: aa15257174da180c6a8a9d58f87319cfe61c5520
change-id: 20260427-qom-tests-9dcf3b969411

Best regards,
--  
Marc-André Lureau <marcandre.lureau@redhat.com>