From a6de8ed80e1cf47d0f372e0856e6eeb6de9bbf0e Mon Sep 17 00:00:00 2001 From: Amos Kong Date: Sun, 20 May 2012 17:57:45 +0800 Subject: [PATCH] pci: call object_unparent() before free_qdev() Start VM with 8 multiple-function block devs, hot-removing those block devs by 'device_del ...' would cause qemu abort. | (qemu) device_del virti0-0-0 | (qemu) ** |ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) It's a regression introduced by commit 57c9fafe The whole PCI slot should be removed once. Currently only one func is cleaned in pci_unplug_device(), if you try to remove a single func by monitor cmd. free_qdev() are called for all functions in slot, but unparent_delete() is only called for one function. Signed-off-by: XXXX Signed-off-by: Anthony Liguori --- hw/acpi_piix4.c | 1 + hw/pci.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c index 585da4e3eb..0345490ee0 100644 --- a/hw/acpi_piix4.c +++ b/hw/acpi_piix4.c @@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned slots) if (pc->no_hotplug) { slot_free = false; } else { + object_unparent(OBJECT(dev)); qdev_free(qdev); } } diff --git a/hw/pci.c b/hw/pci.c index b706e6980a..c1ebdde91e 100644 --- a/hw/pci.c +++ b/hw/pci.c @@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev) qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(dev))); return -1; } - object_unparent(OBJECT(dev)); return dev->bus->hotplug(dev->bus->hotplug_qdev, dev, PCI_HOTPLUG_DISABLED); } -- 2.11.4.GIT