ivshmem: fix memory backend leak
authorIgor Mammedov <imammedo@redhat.com>
Thu, 1 Nov 2018 10:44:46 +0000 (11:44 +0100)
committerPaolo Bonzini <pbonzini@redhat.com>
Tue, 6 Nov 2018 20:35:05 +0000 (21:35 +0100)
object_new() returns a new backend with refcount == 1 and
then later object_property_add_child() increases refcount to 2
So when ivshmem is destroyed, the backend it has created isn't
destroyed along with it as children cleanup will bring
backend's refcount only to 1, which leaks backend including
resources it is using.

Drop the original reference from object_new() once backend
is attached to its parent.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1541069086-167036-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Fixes: 5503e285041979dd29698ecb41729b3b22622e8d
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
hw/misc/ivshmem.c

index f88910e55c21f183203e323fc10abdab8e06c3f8..ecfd10a29ab0d094d95e40e61ffc94fd6c3d891e 100644 (file)
@@ -1279,6 +1279,7 @@ static void desugar_shm(IVShmemState *s)
     object_property_set_bool(obj, true, "share", &error_abort);
     object_property_add_child(OBJECT(s), "internal-shm-backend", obj,
                               &error_abort);
+    object_unref(obj);
     user_creatable_complete(obj, &error_abort);
     s->hostmem = MEMORY_BACKEND(obj);
 }