diff options
author | Igor Mammedov <imammedo@redhat.com> | 2017-02-28 12:08:15 +0000 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2017-02-28 12:08:15 +0000 |
commit | dbb74759fae6f521709e16e19cbb7d6fb2307700 (patch) | |
tree | b04dbc8f373c3194018a08915dd69c60b07cc0bd /hw | |
parent | 241999bf4c0dd75d300ceee46f7ad28b3a39fe97 (diff) | |
download | qemu-dbb74759fae6f521709e16e19cbb7d6fb2307700.zip qemu-dbb74759fae6f521709e16e19cbb7d6fb2307700.tar.gz qemu-dbb74759fae6f521709e16e19cbb7d6fb2307700.tar.bz2 |
hw/arm/virt: fix cpu object reference leak
object_new(FOO) returns an object with ref_cnt == 1
and following
object_property_set_bool(cpuobj, true, "realized", NULL)
set parent of cpuobj to '/machine/unattached' which makes
ref_cnt == 2.
Since machvirt_init() doesn't take ownership of cpuobj
returned by object_new() it should explicitly drop
reference to cpuobj when dangling pointer is about to
go out of scope like it's done pc_new_cpu() to avoid
object leak.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 1487253461-269218-1-git-send-email-imammedo@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/arm/virt.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/arm/virt.c b/hw/arm/virt.c index f3440f2..0c270b8 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1378,6 +1378,7 @@ static void machvirt_init(MachineState *machine) } object_property_set_bool(cpuobj, true, "realized", NULL); + object_unref(cpuobj); } fdt_add_timer_nodes(vms); fdt_add_cpu_nodes(vms); |