diff options
| author | Peter Xu <peterx@redhat.com> | 2025-08-21 12:59:02 -0400 |
|---|---|---|
| committer | Peter Xu <peterx@redhat.com> | 2025-09-15 12:00:12 -0400 |
| commit | ac7a892fd37ce4427d390ca8556203c9a2eb9d38 (patch) | |
| tree | 3ba82bbd326dd9669987559376ebfdc7cc07f234 /scripts/lib/kdoc/kdoc_parser.py | |
| parent | c75847f9eb8fb09dde0c0f4fa4710c6bde11f5a9 (diff) | |
| download | qemu-ac7a892fd37ce4427d390ca8556203c9a2eb9d38.zip qemu-ac7a892fd37ce4427d390ca8556203c9a2eb9d38.tar.gz qemu-ac7a892fd37ce4427d390ca8556203c9a2eb9d38.tar.bz2 | |
memory: Fix leaks due to owner-shared MRs circular references
Currently, QEMU refcounts the MR by always taking it from the owner.
It's common that one object will have multiple MR objects embeded in the
object itself. All the MRs in this case share the same lifespan of the
owner object.
It's also common that in the instance_init() of an object, MR A can be a
container of MR B, C, D, by using memory_region_add_subregion*() set of
memory region APIs.
Now we have a circular reference issue, as when adding subregions for MR A,
we essentially incremented the owner's refcount within the instance_init(),
meaning the object will be self-boosted and its refcount can never go down
to zero if the MRs won't get detached properly before object's finalize().
Delete subregions within object's finalize() won't work either, because
finalize() will be invoked only if the refcount goes to zero first. What
is worse, object_finalize() will do object_property_del_all() first before
object_deinit(). Since embeded MRs will be properties of the owner object,
it means they'll be freed _before_ the owner's finalize().
To fix that, teach memory API to stop refcount on MRs that share the same
owner. Because if they share the lifecycle of the owner, then they share
the same lifecycle between themselves, hence the refcount doesn't help but
only introduce troubles.
Meanwhile, allow auto-detachments of MRs during finalize() of MRs even
against its container, as long as they belong to the same owner.
The latter is needed because now it's possible to have MRs' finalize()
happen in any order when they share the same lifespan with a same owner.
In this case, we should allow finalize() to happen in any order of either
the parent or child MR. Loose the mr->container check in MR's finalize()
to allow auto-detach. Double check it shares the same owner.
Proper document this behavior in code.
This patch is heavily based on the work done by Akihiko Odaki:
https://lore.kernel.org/r/CAFEAcA8DV40fGsci76r4yeP1P-SP_QjNRDD2OzPxjx5wRs0GEg@mail.gmail.com
Cc: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Link: https://lore.kernel.org/r/20250826221750.285242-1-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_parser.py')
0 files changed, 0 insertions, 0 deletions