Commit 81e0ab48 authored Oct 01, 2015 by Paolo Bonzini Committed by Markus Armbruster Oct 09, 2015

hw: do not pass NULL to memory_region_init from instance_init



This causes the region to outlive the object, because it attaches the
region to /machine.  This is not nice for the "realize" method, but
much worse for "instance_init" because it can cause dangling pointers
after a simple object_new/object_unref pair.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>

parent 2e2b8eb7

hw/arm/pxa2xx.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1958,7 +1958,7 @@ static void pxa2xx_fir_instance_init(Object *obj)
		PXA2xxFIrState *s = PXA2XX_FIR(obj);
		SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

		memory_region_init_io(&s->iomem, NULL, &pxa2xx_fir_ops, s,
		memory_region_init_io(&s->iomem, obj, &pxa2xx_fir_ops, s,
		"pxa2xx-fir", 0x1000);
		sysbus_init_mmio(sbd, &s->iomem);
		sysbus_init_irq(sbd, &s->irq);

hw/display/cg3.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -280,12 +280,12 @@ static void cg3_initfn(Object *obj)
		SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
		CG3State *s = CG3(obj);

		memory_region_init_ram(&s->rom, NULL, "cg3.prom", FCODE_MAX_ROM_SIZE,
		memory_region_init_ram(&s->rom, obj, "cg3.prom", FCODE_MAX_ROM_SIZE,
		&error_fatal);
		memory_region_set_readonly(&s->rom, true);
		sysbus_init_mmio(sbd, &s->rom);

		memory_region_init_io(&s->reg, NULL, &cg3_reg_ops, s, "cg3.reg",
		memory_region_init_io(&s->reg, obj, &cg3_reg_ops, s, "cg3.reg",
		CG3_REG_SIZE);
		sysbus_init_mmio(sbd, &s->reg);
		}

hw/display/tcx.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -944,7 +944,7 @@ static void tcx_initfn(Object *obj)
		SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
		TCXState *s = TCX(obj);

		memory_region_init_ram(&s->rom, NULL, "tcx.prom", FCODE_MAX_ROM_SIZE,
		memory_region_init_ram(&s->rom, OBJECT(s), "tcx.prom", FCODE_MAX_ROM_SIZE,
		&error_fatal);
		memory_region_set_readonly(&s->rom, true);
		sysbus_init_mmio(sbd, &s->rom);

hw/misc/arm_integrator_debug.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -79,7 +79,7 @@ static void intdbg_control_init(Object *obj)
		SysBusDevice *sd = SYS_BUS_DEVICE(obj);
		IntegratorDebugState *s = INTEGRATOR_DEBUG(obj);

		memory_region_init_io(&s->iomem, NULL, &intdbg_control_ops,
		memory_region_init_io(&s->iomem, obj, &intdbg_control_ops,
		NULL, "dbg-leds", 0x1000000);
		sysbus_init_mmio(sd, &s->iomem);
		}

hw/misc/macio/cuda.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -713,7 +713,7 @@ static void cuda_initfn(Object *obj)
		CUDAState *s = CUDA(obj);
		int i;

		memory_region_init_io(&s->mem, NULL, &cuda_ops, s, "cuda", 0x2000);
		memory_region_init_io(&s->mem, obj, &cuda_ops, s, "cuda", 0x2000);
		sysbus_init_mmio(d, &s->mem);
		sysbus_init_irq(d, &s->irq);