[v2] Fix various QOM object life-cycle issues

[PATCH v2 00/46] Fix various QOM object life-cycle issues

Marc-André Lureau posted 46 patches 3 weeks, 5 days ago

Diff against v1 v3
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260504-qom-tests-v2-0-ef7e3dc94f7a@redhat.com

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, "Gonglei (Arei)" <arei.gonglei@huawei.com>, zhenwei pi <zhenwei.pi@linux.dev>, Gerd Hoffmann <kraxel@redhat.com>, Stefano Garzarella <sgarzare@redhat.com>, Ani Sinha <anisinha@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, "Cédric Le Goater" <clg@kaod.org>, Peter Maydell <peter.maydell@linaro.org>, Steven Lee <steven_lee@aspeedtech.com>, Troy Lee <leetroy@gmail.com>, Jamin Lin <jamin_lin@aspeedtech.com>, Kane Chen <kane_chen@aspeedtech.com>, Andrew Jeffery <andrew@codeconstruct.com.au>, Joel Stanley <joel@jms.id.au>, Leif Lindholm <leif.lindholm@oss.qualcomm.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Zhao Liu <zhao1.liu@intel.com>, Alistair Francis <alistair@alistair23.me>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>, Ninad Palsule <ninad@linux.ibm.com>, Glenn Miles <milesg@linux.ibm.com>, Titus Rwantare <titusr@google.com>, Alexander Graf <graf@amazon.com>, Dorjoy Chowdhury <dorjoychy111@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Corey Minyard <minyard@acm.org>, Song Gao <gaosong@loongson.cn>, Bibo Mao <maobibo@loongson.cn>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Nicholas Piggin <npiggin@gmail.com>, Aditya Gupta <adityag@linux.ibm.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Elena Ufimtseva <elena.ufimtseva@oracle.com>, Jagannathan Raman <jag.raman@oracle.com>, Palmer Dabbelt <palmer@dabbelt.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Chao Liu <chao.liu.zevorn@gmail.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Pavel Pisa <pisa@cmp.felk.cvut.cz>, Francisco Iglesias <francisco.iglesias@amd.com>, Vikram Garhwal <vikram.garhwal@bytedance.com>, Jason Wang <jasowang@redhat.com>, Zhang Chen <zhangckid@gmail.com>, Li Zhijian <lizhijian@fujitsu.com>, Fam Zheng <fam@euphon.net>, Peter Xu <peterx@redhat.com>, Fabiano Rosas <farosas@suse.de>, Laurent Vivier <lvivier@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>

There is a newer version of this series

include/qom/object.h                |  8 +++---
target/riscv/cpu.h                  |  3 +-
tests/qtest/libqtest.h              |  8 ++++++
accel/kvm/kvm-all.c                 |  8 ++++++
backends/cryptodev-lkcf.c           |  4 +++
backends/igvm-cfg.c                 |  1 +
chardev/char-socket.c               |  4 +++
hw/arm/aspeed.c                     |  9 ++++++
hw/arm/sbsa-ref.c                   | 12 ++++++++
hw/arm/virt.c                       | 14 ++++++++++
hw/core/machine.c                   |  1 +
hw/core/resetcontainer.c            |  3 ++
hw/display/xlnx_dp.c                |  6 ++++
hw/fsi/aspeed_apb2opb.c             | 37 +++++++++++++++---------
hw/gpio/pca9552.c                   |  2 +-
hw/i2c/pmbus_device.c               |  4 +--
hw/i386/nitro_enclave.c             | 11 ++++++++
hw/i386/pc.c                        | 10 +++++++
hw/i386/x86.c                       |  9 ++++++
hw/intc/apic_common.c               | 23 ++++++++-------
hw/ipmi/ipmi.c                      |  9 +++++-
hw/loongarch/virt.c                 | 14 ++++++++++
hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
hw/pci-host/i440fx.c                | 15 ++++++++--
hw/pci-host/q35.c                   | 15 ++++++++--
hw/pci/pci.c                        | 11 ++++++--
hw/ppc/pnv.c                        |  1 +
hw/ppc/spapr.c                      |  2 ++
hw/remote/remote-obj.c              |  4 ++-
hw/remote/vfio-user-obj.c           |  4 ++-
hw/riscv/virt.c                     | 14 ++++++++++
hw/tpm/tpm_tis_sysbus.c             |  9 ++++++
io/net-listener.c                   |  9 +++++-
net/can/can_socketcan.c             |  8 ++++++
net/colo-compare.c                  | 31 ++++++++++----------
net/filter.c                        |  2 ++
scsi/pr-manager-helper.c            |  1 +
system/ioport.c                     | 14 +++++++---
system/qtest.c                      | 56 +++++++++++++++++++++++++++++++++++++
target/i386/cpu-apic.c              |  6 +---
target/i386/kvm/tdx.c               |  5 ++++
target/i386/sev.c                   | 37 ++++++++++++++++++++++++
target/riscv/cpu.c                  | 51 ++++++++++++++++++---------------
target/riscv/kvm/kvm-cpu.c          |  6 ++--
tests/qtest/libqtest.c              |  6 ++++
tests/qtest/qom-test.c              | 12 ++++++++
ui/console-vc.c                     |  1 +
ui/console.c                        |  5 +++-
48 files changed, 440 insertions(+), 93 deletions(-)

Expand all Fold all

[PATCH v2 00/46] Fix various QOM object life-cycle issues

Posted by Marc-André Lureau 3 weeks, 5 days ago

Hi,

After Markus's "Several QOM objects crash on introspection" report, I
started writing some unit test.

This series adds a new "qom-tests" qtest command that exercises basic QOM
object life-cycle: it instantiates all non-abstract object types, gets/sets
their properties, and unrefs them. This quickly surfaces leaks and crashes
that could otherwise be triggered at runtime via QMP qom commands.

The bulk of the series fixes the issues found by this test and ASan
help. Some of the patches are redundant with patches sent earlier on the
ML and marked as RFC, they should naturally be dropped during rebases,
but are added for completeness and to make sure CI pass after this
series in the meantime.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
Changes in v2:
- tweak error messages
- drop "qom: skip link property check callback", instead
  added two patches to avoid crash on NULL link check, and doc update
- drop "RFC system/ioport" in favour of Peter Xu fix
- added "hw/fsi: move OPBus qbus_init() to instance_init" to address TODO comment
- added "target/riscv: use hash table as set for user_options"
- gather a-b/r-b trailers
- Link to v1: https://lore.kernel.org/qemu-devel/20260427-qom-tests-v1-0-c413f3605311@redhat.com

---
Marc-André Lureau (45):
      hw/pci: handle missing bus in prop_pci_busnr_get
      chardev/char-socket: handle NULL addr in char_socket_get_addr
      hw/pci-bridge: handle missing parent in prop_pxb_uid_get
      hw/pci-host/i440fx: handle NULL bus in pci-hole64 getters
      hw/pci-host/q35: handle NULL bus in pci-hole64 getters
      hw/remote: check visit return in vfu_object_set_socket
      hw/ipmi: reject NULL 'bmc' property rather than crash
      hw/xlnx_dp: reject NULL 'dpdma' property rather than crash
      qom/object: update doc about NULL values in link properties
      hw/intc/apic: move checks to realize()
      hw/remote: guard listener unregister in finalize
      backends/cryptodev-lkcf: skip cleanup when not initialized
      io/net-listener: move mutex init to instance_init
      net/colo-compare: guard finalize against uninitialized state
      system/ioport: minor code simplification
      ui/console: remove console from global list on finalization
      hw/i386/x86: free oem_id and oem_table_id on finalization
      hw/core/machine: free shim_filename on finalization
      hw/core/resetcontainer: free children array on finalization
      net/filter: free old values in property setters
      ui/console-vc: destroy fifo on text console finalization
      target/i386/sev: add finalize functions and fix leaking setters
      target/i386/kvm/tdx: free strings in tdx_guest_finalize
      hw/i386/nitro_enclave: add instance finalize
      net/can: free ifname on socketcan finalization
      backends/igvm-cfg: free filename on finalization
      scsi/pr-manager-helper: free path on finalization
      accel/kvm: free device path on finalization
      system/qtest: add missing qtest_finalize()
      hw/i386/pc: free pcspk on finalization
      hw/tpm: free PPI buffer on finalization
      hw/fsi: move OPBus address space init to realize
      hw/fsi: move OPBus qbus_init() to instance_init
      hw/gpio/pca9552: fix state_str leak in pca955x_set_led
      hw/arm/aspeed: free fmc_model and spi_model on finalization
      hw/arm/sbsa-ref: free unrealized flash devices on finalization
      hw/arm/virt: free flash devices and OEM strings on finalization
      hw/loongarch/virt: free flash devices and OEM strings on finalization
      hw/ppc/spapr: free host_model and host_serial on finalization
      hw/ppc/pnv: drop extra ref on PHB after adding as child
      target/riscv: fix general_user_opts hash table leak
      target/riscv: use hash table as set for user_options
      hw/riscv/virt: free flash devices and OEM strings on finalization
      hw/i2c/pmbus: fix undefined behavior in pmbus_direct_mode2data
      qtest: add "qom-tests" command

Peter Xu (1):
      system/ioport: Fix qom-list-properties crash on portio list obj

 include/qom/object.h                |  8 +++---
 target/riscv/cpu.h                  |  3 +-
 tests/qtest/libqtest.h              |  8 ++++++
 accel/kvm/kvm-all.c                 |  8 ++++++
 backends/cryptodev-lkcf.c           |  4 +++
 backends/igvm-cfg.c                 |  1 +
 chardev/char-socket.c               |  4 +++
 hw/arm/aspeed.c                     |  9 ++++++
 hw/arm/sbsa-ref.c                   | 12 ++++++++
 hw/arm/virt.c                       | 14 ++++++++++
 hw/core/machine.c                   |  1 +
 hw/core/resetcontainer.c            |  3 ++
 hw/display/xlnx_dp.c                |  6 ++++
 hw/fsi/aspeed_apb2opb.c             | 37 +++++++++++++++---------
 hw/gpio/pca9552.c                   |  2 +-
 hw/i2c/pmbus_device.c               |  4 +--
 hw/i386/nitro_enclave.c             | 11 ++++++++
 hw/i386/pc.c                        | 10 +++++++
 hw/i386/x86.c                       |  9 ++++++
 hw/intc/apic_common.c               | 23 ++++++++-------
 hw/ipmi/ipmi.c                      |  9 +++++-
 hw/loongarch/virt.c                 | 14 ++++++++++
 hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
 hw/pci-host/i440fx.c                | 15 ++++++++--
 hw/pci-host/q35.c                   | 15 ++++++++--
 hw/pci/pci.c                        | 11 ++++++--
 hw/ppc/pnv.c                        |  1 +
 hw/ppc/spapr.c                      |  2 ++
 hw/remote/remote-obj.c              |  4 ++-
 hw/remote/vfio-user-obj.c           |  4 ++-
 hw/riscv/virt.c                     | 14 ++++++++++
 hw/tpm/tpm_tis_sysbus.c             |  9 ++++++
 io/net-listener.c                   |  9 +++++-
 net/can/can_socketcan.c             |  8 ++++++
 net/colo-compare.c                  | 31 ++++++++++----------
 net/filter.c                        |  2 ++
 scsi/pr-manager-helper.c            |  1 +
 system/ioport.c                     | 14 +++++++---
 system/qtest.c                      | 56 +++++++++++++++++++++++++++++++++++++
 target/i386/cpu-apic.c              |  6 +---
 target/i386/kvm/tdx.c               |  5 ++++
 target/i386/sev.c                   | 37 ++++++++++++++++++++++++
 target/riscv/cpu.c                  | 51 ++++++++++++++++++---------------
 target/riscv/kvm/kvm-cpu.c          |  6 ++--
 tests/qtest/libqtest.c              |  6 ++++
 tests/qtest/qom-test.c              | 12 ++++++++
 ui/console-vc.c                     |  1 +
 ui/console.c                        |  5 +++-
 48 files changed, 440 insertions(+), 93 deletions(-)
---
base-commit: ac0cc20ad2fe0b8df2e5d9458e90a095ac711ab1
change-id: 20260427-qom-tests-9dcf3b969411

Best regards,
--  
Marc-André Lureau <marcandre.lureau@redhat.com>