Re: QOM address space handling

[Paolo Bonzini]

On 21/12/20 19:54, Eduardo Habkost wrote:
> On Sun, Dec 20, 2020 at 10:25:25AM +0100, Paolo Bonzini wrote:
> > On 18/12/20 23:32, Eduardo Habkost wrote:
> > > Who owns the FlatView reference, exactly?
> >
> > The AddressSpace.  The device creates the AddressSpace, which holds a
> > reference to the MemoryRegion through FlatView and AddressSpaceDispatch,
> > which holds a reference to the device.
> >
> > By destroying the address space that it created, the device can break the
> > reference loop.
> >
> > > If the FlatView reference is owned by the MemoryRegion, we have a
> > > reference loop: the device holds a reference to the MemoryRegion,
> > > which owns the FlatView, which holds a reference to the device.
> > > In this case, who owns the reference loop and is responsible for
> > > breaking it?
> >
> > The reference loop is owned by the device, which breaks it through unrealize
> > (called by unparent).
> >
> > instance_finalize by definition cannot break reference loops, so this means
> > that my suggestion of using address_space_init in instance_init was wrong.
>
> Once we fix that, I suggest we add an assertion to make it
> illegal to call object_ref() on an object during instance_init.

It's not necessarily illegal.  You can for example call a function that 
internally does

    object_ref(obj);
    oc->func(obj);
    object_unref(obj);

But perhaps we could assert that refcount == 1 on exit.

> Do we know how many address_space_init() calls in instance_init
> we have today?

I can see them in raven_pcihost_initfn, in sun4?_iommu.c's iommu_init 
and xtensa_cpu_initfn, I think that's all.

Paolo