1. Patchew
  2. QEMU
  3. View series

[PATCH v3 00/24] Fix various QOM object life-cycle issues

Marc-André Lureau posted 24 patches 1 week, 2 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260516-qom-tests-v3-0-3f20c3a029a7@redhat.com
Maintainers: "Gonglei (Arei)" <arei.gonglei@huawei.com>, zhenwei pi <zhenwei.pi@linux.dev>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Zhao Liu <zhao1.liu@intel.com>, Alistair Francis <alistair@alistair23.me>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>, Peter Maydell <peter.maydell@linaro.org>, Titus Rwantare <titusr@google.com>, Alexander Graf <graf@amazon.com>, Dorjoy Chowdhury <dorjoychy111@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Corey Minyard <minyard@acm.org>, Song Gao <gaosong@loongson.cn>, Bibo Mao <maobibo@loongson.cn>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Nicholas Piggin <npiggin@gmail.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>, Jason Wang <jasowang@redhat.com>, Peter Xu <peterx@redhat.com>, Fabiano Rosas <farosas@suse.de>, Laurent Vivier <lvivier@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, Palmer Dabbelt <palmer@dabbelt.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Chao Liu <chao.liu.zevorn@gmail.com>, "Daniel P. Berrangé" <berrange@redhat.com>
target/riscv/cpu.h                  |  3 ++-
tests/qtest/libqtest.h              |  8 ++++++
backends/cryptodev-lkcf.c           |  4 +++
chardev/char-socket.c               |  4 +++
hw/core/machine.c                   |  1 +
hw/display/xlnx_dp.c                |  6 +++++
hw/i2c/pmbus_device.c               |  4 +--
hw/i386/nitro_enclave.c             | 11 ++++++++
hw/i386/pc.c                        | 10 +++++++
hw/intc/apic_common.c               | 23 +++++++++-------
hw/ipmi/ipmi.c                      |  8 +++++-
hw/loongarch/virt.c                 | 14 ++++++++++
hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
hw/pci-host/i440fx.c                | 15 +++++++++--
hw/pci-host/q35.c                   | 15 +++++++++--
hw/pci/pci.c                        | 11 ++++++--
hw/ppc/spapr.c                      |  2 ++
hw/tpm/tpm_tis_sysbus.c             |  9 +++++++
net/filter.c                        |  2 ++
system/ioport.c                     |  3 +--
system/qtest.c                      | 46 ++++++++++++++++++++++++++++++++
target/i386/cpu-apic.c              |  6 +----
target/i386/kvm/tdx.c               |  5 ++++
target/i386/sev.c                   | 37 ++++++++++++++++++++++++++
target/riscv/cpu.c                  | 53 ++++++++++++++++++++++---------------
target/riscv/kvm/kvm-cpu.c          |  6 ++---
tests/qtest/libqtest.c              |  6 +++++
tests/qtest/qom-test.c              | 12 +++++++++
ui/vt100.c                          |  3 +++
29 files changed, 282 insertions(+), 53 deletions(-)
[PATCH v3 00/24] Fix various QOM object life-cycle issues
Posted by Marc-André Lureau 1 week, 2 days ago 
Hi,

After Markus's "Several QOM objects crash on introspection" report, I
started writing some unit test.

This series adds a new "qom-tests" qtest command that exercises basic QOM
object life-cycle: it instantiates all non-abstract object types, gets/sets
their properties, and unrefs them. This quickly surfaces leaks and crashes
that could otherwise be triggered at runtime via QMP qom commands.

The bulk of the series fixes the issues found by this test and ASan
help. Some of the patches are redundant with patches sent earlier on the
ML and marked as RFC, they should naturally be dropped during rebases,
but are added for completeness and to make sure CI pass after this
series in the meantime.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
Changes in v3:
- update "hw/ipmi: reject NULL 'bmc'" & "hw/xlnx_dp: reject NULL
  'dpdma'"
- fixed user-only build in target/riscv patch
- add "ui/vt100: add vt100_fini() check" patch
- rebased after PR with first half of series patches landed
- Link to v2: https://lore.kernel.org/qemu-devel/20260504-qom-tests-v2-0-ef7e3dc94f7a@redhat.com

Changes in v2:
- tweak error messages
- drop "qom: skip link property check callback", instead
  added two patches to avoid crash on NULL link check, and doc update
- drop "RFC system/ioport" in favour of Peter Xu fix
- added "hw/fsi: move OPBus qbus_init() to instance_init" to address TODO comment
- added "target/riscv: use hash table as set for user_options"
- gather a-b/r-b trailers
- Link to v1: https://lore.kernel.org/qemu-devel/20260427-qom-tests-v1-0-c413f3605311@redhat.com

---
Marc-André Lureau (24):
      ui/vt100: add vt100_fini() check
      hw/pci: handle missing bus in prop_pci_busnr_get
      chardev/char-socket: handle NULL addr in char_socket_get_addr
      hw/pci-bridge: handle missing parent in prop_pxb_uid_get
      hw/pci-host/i440fx: handle NULL bus in pci-hole64 getters
      hw/pci-host/q35: handle NULL bus in pci-hole64 getters
      hw/ipmi: reject NULL 'bmc' property rather than crash
      hw/xlnx_dp: reject NULL 'dpdma' property rather than crash
      hw/intc/apic: move checks to realize()
      backends/cryptodev-lkcf: skip cleanup when not initialized
      system/ioport: minor code simplification
      hw/core/machine: free shim_filename on finalization
      net/filter: free old values in property setters
      target/i386/sev: add finalize functions and fix leaking setters
      target/i386/kvm/tdx: free strings in tdx_guest_finalize
      hw/i386/nitro_enclave: add instance finalize
      hw/i386/pc: free pcspk on finalization
      hw/tpm: free PPI buffer on finalization
      hw/loongarch/virt: free flash devices and OEM strings on finalization
      hw/ppc/spapr: free host_model and host_serial on finalization
      target/riscv: fix general_user_opts hash table leak
      target/riscv: use hash table as set for user_options
      hw/i2c/pmbus: fix undefined behavior in pmbus_direct_mode2data
      qtest: add "qom-tests" command

 target/riscv/cpu.h                  |  3 ++-
 tests/qtest/libqtest.h              |  8 ++++++
 backends/cryptodev-lkcf.c           |  4 +++
 chardev/char-socket.c               |  4 +++
 hw/core/machine.c                   |  1 +
 hw/display/xlnx_dp.c                |  6 +++++
 hw/i2c/pmbus_device.c               |  4 +--
 hw/i386/nitro_enclave.c             | 11 ++++++++
 hw/i386/pc.c                        | 10 +++++++
 hw/intc/apic_common.c               | 23 +++++++++-------
 hw/ipmi/ipmi.c                      |  8 +++++-
 hw/loongarch/virt.c                 | 14 ++++++++++
 hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
 hw/pci-host/i440fx.c                | 15 +++++++++--
 hw/pci-host/q35.c                   | 15 +++++++++--
 hw/pci/pci.c                        | 11 ++++++--
 hw/ppc/spapr.c                      |  2 ++
 hw/tpm/tpm_tis_sysbus.c             |  9 +++++++
 net/filter.c                        |  2 ++
 system/ioport.c                     |  3 +--
 system/qtest.c                      | 46 ++++++++++++++++++++++++++++++++
 target/i386/cpu-apic.c              |  6 +----
 target/i386/kvm/tdx.c               |  5 ++++
 target/i386/sev.c                   | 37 ++++++++++++++++++++++++++
 target/riscv/cpu.c                  | 53 ++++++++++++++++++++++---------------
 target/riscv/kvm/kvm-cpu.c          |  6 ++---
 tests/qtest/libqtest.c              |  6 +++++
 tests/qtest/qom-test.c              | 12 +++++++++
 ui/vt100.c                          |  3 +++
 29 files changed, 282 insertions(+), 53 deletions(-)
---
base-commit: 0bbb0c2b65db64c161f91d10a89269e6d319d2a7
change-id: 20260427-qom-tests-9dcf3b969411

Best regards,
--  
Marc-André Lureau <marcandre.lureau@redhat.com>
Re: [PATCH v3 00/24] Fix various QOM object life-cycle issues
Posted by Marc-André Lureau 4 days, 23 hours ago 
Hi

On Sat, May 16, 2026 at 12:00 PM Marc-André Lureau
<marcandre.lureau@redhat.com> wrote:
>
> Hi,
>
> After Markus's "Several QOM objects crash on introspection" report, I
> started writing some unit test.
>
> This series adds a new "qom-tests" qtest command that exercises basic QOM
> object life-cycle: it instantiates all non-abstract object types, gets/sets
> their properties, and unrefs them. This quickly surfaces leaks and crashes
> that could otherwise be triggered at runtime via QMP qom commands.
>

ping

> The bulk of the series fixes the issues found by this test and ASan
> help. Some of the patches are redundant with patches sent earlier on the
> ML and marked as RFC, they should naturally be dropped during rebases,
> but are added for completeness and to make sure CI pass after this
> series in the meantime.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> Changes in v3:
> - update "hw/ipmi: reject NULL 'bmc'" & "hw/xlnx_dp: reject NULL
>   'dpdma'"
> - fixed user-only build in target/riscv patch
> - add "ui/vt100: add vt100_fini() check" patch
> - rebased after PR with first half of series patches landed
> - Link to v2: https://lore.kernel.org/qemu-devel/20260504-qom-tests-v2-0-ef7e3dc94f7a@redhat.com
>
> Changes in v2:
> - tweak error messages
> - drop "qom: skip link property check callback", instead
>   added two patches to avoid crash on NULL link check, and doc update
> - drop "RFC system/ioport" in favour of Peter Xu fix
> - added "hw/fsi: move OPBus qbus_init() to instance_init" to address TODO comment
> - added "target/riscv: use hash table as set for user_options"
> - gather a-b/r-b trailers
> - Link to v1: https://lore.kernel.org/qemu-devel/20260427-qom-tests-v1-0-c413f3605311@redhat.com
>
> ---
> Marc-André Lureau (24):
>       ui/vt100: add vt100_fini() check
>       hw/pci: handle missing bus in prop_pci_busnr_get
>       chardev/char-socket: handle NULL addr in char_socket_get_addr
>       hw/pci-bridge: handle missing parent in prop_pxb_uid_get
>       hw/pci-host/i440fx: handle NULL bus in pci-hole64 getters
>       hw/pci-host/q35: handle NULL bus in pci-hole64 getters
>       hw/ipmi: reject NULL 'bmc' property rather than crash
>       hw/xlnx_dp: reject NULL 'dpdma' property rather than crash
>       hw/intc/apic: move checks to realize()
>       backends/cryptodev-lkcf: skip cleanup when not initialized
>       system/ioport: minor code simplification
>       hw/core/machine: free shim_filename on finalization
>       net/filter: free old values in property setters
>       target/i386/sev: add finalize functions and fix leaking setters
>       target/i386/kvm/tdx: free strings in tdx_guest_finalize
>       hw/i386/nitro_enclave: add instance finalize
>       hw/i386/pc: free pcspk on finalization
>       hw/tpm: free PPI buffer on finalization
>       hw/loongarch/virt: free flash devices and OEM strings on finalization
>       hw/ppc/spapr: free host_model and host_serial on finalization
>       target/riscv: fix general_user_opts hash table leak
>       target/riscv: use hash table as set for user_options
>       hw/i2c/pmbus: fix undefined behavior in pmbus_direct_mode2data
>       qtest: add "qom-tests" command
>
>  target/riscv/cpu.h                  |  3 ++-
>  tests/qtest/libqtest.h              |  8 ++++++
>  backends/cryptodev-lkcf.c           |  4 +++
>  chardev/char-socket.c               |  4 +++
>  hw/core/machine.c                   |  1 +
>  hw/display/xlnx_dp.c                |  6 +++++
>  hw/i2c/pmbus_device.c               |  4 +--
>  hw/i386/nitro_enclave.c             | 11 ++++++++
>  hw/i386/pc.c                        | 10 +++++++
>  hw/intc/apic_common.c               | 23 +++++++++-------
>  hw/ipmi/ipmi.c                      |  8 +++++-
>  hw/loongarch/virt.c                 | 14 ++++++++++
>  hw/pci-bridge/pci_expander_bridge.c |  8 +++++-
>  hw/pci-host/i440fx.c                | 15 +++++++++--
>  hw/pci-host/q35.c                   | 15 +++++++++--
>  hw/pci/pci.c                        | 11 ++++++--
>  hw/ppc/spapr.c                      |  2 ++
>  hw/tpm/tpm_tis_sysbus.c             |  9 +++++++
>  net/filter.c                        |  2 ++
>  system/ioport.c                     |  3 +--
>  system/qtest.c                      | 46 ++++++++++++++++++++++++++++++++
>  target/i386/cpu-apic.c              |  6 +----
>  target/i386/kvm/tdx.c               |  5 ++++
>  target/i386/sev.c                   | 37 ++++++++++++++++++++++++++
>  target/riscv/cpu.c                  | 53 ++++++++++++++++++++++---------------
>  target/riscv/kvm/kvm-cpu.c          |  6 ++---
>  tests/qtest/libqtest.c              |  6 +++++
>  tests/qtest/qom-test.c              | 12 +++++++++
>  ui/vt100.c                          |  3 +++
>  29 files changed, 282 insertions(+), 53 deletions(-)
> ---
> base-commit: 0bbb0c2b65db64c161f91d10a89269e6d319d2a7
> change-id: 20260427-qom-tests-9dcf3b969411
>
> Best regards,
> --
> Marc-André Lureau <marcandre.lureau@redhat.com>
>
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.