On Fri, May 11, 2012 at 10:57 PM, Amos Kong
<address@hidden> wrote:
The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.
Start VM with 8 multiple-function block devs, hot-removing
those block devs by 'device_del ...' would cause qemu abort.
| (qemu) device_del virti0-0-0
| (qemu) **
|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
Execute 'device_del $blkid' in monitor
\_handle_user_command()
\_qmp_device_del()
\_qdev_unplug()
\_pci_unplug_device()
| //only one obj(func) is unpluged
v //need process funcs here
object_unparent()
\_object_finalize_child_property()
Guest sets pci dev by ioport write (eject from acpi)
\_kvm_handle_io()
\_pciej_write()
\_acpi_piix_eject_slot()
|
v //all qdevs(funcs) will be free
QTAILQ_FOREACH_SAFE(qdev, &bus->children, sibling, next) {
PCIDevice *dev = PCI_DEVICE(qdev);
if (PCI_SLOT(dev->devfn) == slot) {
qdev_free()
This is a regression bug, it's caused by this commit: 57c9fafe0f759c9f1efa5451662b3627f9bb95e0
Before commit this commit, we free object in qdev_free(), as you can see in above analysis, qdev_free() is called for all the functions.
But after applied this patch, we only release object of one function in pci_unplug_device().
commit 57c9fafe0f759c9f1efa5451662b3627f9bb95e0
Date: Mon Jan 30 08:55:55 2012 -0600
qom: move properties from qdev to object
This is mostly code movement although not entirely. This makes properties part
of the Object base class which means that we can now start using Object in a
meaningful way outside of qdev.
Signed-off-by: Amos Kong <address@hidden>
---
hw/pci.c | 34 ++++++++++++++++++++++++++--------
1 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/hw/pci.c b/hw/pci.c
index b706e69..960cf53 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1520,16 +1520,34 @@ static int pci_qdev_init(DeviceState *qdev)
static int pci_unplug_device(DeviceState *qdev)
{
- PCIDevice *dev = PCI_DEVICE(qdev);
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+ DeviceState *dev, *next;
+ PCIDevice *cur;
+ int ret, slot = PCI_SLOT(PCI_DEVICE(qdev)->devfn);
+ BusState *bus = qdev->parent_bus;
+
+ ret = 0;
+ QTAILQ_FOREACH_SAFE(dev, &bus->children, sibling, next) {
+ cur = PCI_DEVICE(dev);
+
+ if (PCI_SLOT(cur->devfn) == slot) {
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(cur);
+ if (pc->no_hotplug) {
+ qerror_report(QERR_DEVICE_NO_HOTPLUG,
+ object_get_typename(OBJECT(dev)));
+ return -1;
+ }
- if (pc->no_hotplug) {
- qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(dev)));
- return -1;
+ object_unparent(OBJECT(cur));
+ ret = cur->bus->hotplug(cur->bus->hotplug_qdev, cur,
+ PCI_HOTPLUG_DISABLED);
+ if (ret < 0) {
+ qerror_report(QERR_UNDEFINED_ERROR,
+ object_get_typename(OBJECT(dev)));
+ break;
+ }
+ }
}
- object_unparent(OBJECT(dev));
- return dev->bus->hotplug(dev->bus->hotplug_qdev, dev,
- PCI_HOTPLUG_DISABLED);
+ return ret;
}
PCIDevice *pci_create_multifunction(PCIBus *bus, int devfn, bool multifunction,