hw: do not pass NULL to memory_region_init from instance_init

This causes the region to outlive the object, because it attaches the region to /machine. This is not nice for the "realize" method, but much worse for "instance_init" because it can cause dangling pointers after a simple object_new/object_unref pair. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> (cherry picked from commit 81e0ab48dd) Conflicts: hw/display/cg3.c hw/display/tcx.c * removed context dependencies on &error_fatal/&error_abort Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-10-01 10:59:51 +02:00 · 2015-10-01 10:59:51 +02:00 · 243b80c9c5
parent 91232d98da
commit 243b80c9c5
7 changed files with 12 additions and 12 deletions
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@ -1959,7 +1959,7 @@ static void pxa2xx_fir_instance_init(Object *obj)
    PXA2xxFIrState *s = PXA2XX_FIR(obj);
    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

-    memory_region_init_io(&s->iomem, NULL, &pxa2xx_fir_ops, s,
+    memory_region_init_io(&s->iomem, obj, &pxa2xx_fir_ops, s,
                          "pxa2xx-fir", 0x1000);
    sysbus_init_mmio(sbd, &s->iomem);
    sysbus_init_irq(sbd, &s->irq);
--- a/hw/display/cg3.c
+++ b/hw/display/cg3.c
@ -280,12 +280,12 @@ static void cg3_initfn(Object *obj)
    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
    CG3State *s = CG3(obj);

-    memory_region_init_ram(&s->rom, NULL, "cg3.prom", FCODE_MAX_ROM_SIZE,
+    memory_region_init_ram(&s->rom, obj, "cg3.prom", FCODE_MAX_ROM_SIZE,
                           &error_abort);
    memory_region_set_readonly(&s->rom, true);
    sysbus_init_mmio(sbd, &s->rom);

-    memory_region_init_io(&s->reg, NULL, &cg3_reg_ops, s, "cg3.reg",
+    memory_region_init_io(&s->reg, obj, &cg3_reg_ops, s, "cg3.reg",
                          CG3_REG_SIZE);
    sysbus_init_mmio(sbd, &s->reg);
 }
--- a/hw/display/tcx.c
+++ b/hw/display/tcx.c
@ -944,7 +944,7 @@ static void tcx_initfn(Object *obj)
    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
    TCXState *s = TCX(obj);

-    memory_region_init_ram(&s->rom, NULL, "tcx.prom", FCODE_MAX_ROM_SIZE,
+    memory_region_init_ram(&s->rom, OBJECT(s), "tcx.prom", FCODE_MAX_ROM_SIZE,
                           &error_abort);
    memory_region_set_readonly(&s->rom, true);
    sysbus_init_mmio(sbd, &s->rom);
--- a/hw/misc/arm_integrator_debug.c
+++ b/hw/misc/arm_integrator_debug.c
@ -79,7 +79,7 @@ static void intdbg_control_init(Object *obj)
    SysBusDevice *sd = SYS_BUS_DEVICE(obj);
    IntegratorDebugState *s = INTEGRATOR_DEBUG(obj);

-    memory_region_init_io(&s->iomem, NULL, &intdbg_control_ops,
+    memory_region_init_io(&s->iomem, obj, &intdbg_control_ops,
                          NULL, "dbg-leds", 0x1000000);
    sysbus_init_mmio(sd, &s->iomem);
 }
--- a/hw/misc/macio/cuda.c
+++ b/hw/misc/macio/cuda.c
@ -713,7 +713,7 @@ static void cuda_initfn(Object *obj)
    CUDAState *s = CUDA(obj);
    int i;

-    memory_region_init_io(&s->mem, NULL, &cuda_ops, s, "cuda", 0x2000);
+    memory_region_init_io(&s->mem, obj, &cuda_ops, s, "cuda", 0x2000);
    sysbus_init_mmio(d, &s->mem);
    sysbus_init_irq(d, &s->irq);

--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@ -105,10 +105,10 @@ static void macio_escc_legacy_setup(MacIOState *macio_state)
        0xF0, 0xE0,
    };

-    memory_region_init(escc_legacy, NULL, "escc-legacy", 256);
+    memory_region_init(escc_legacy, OBJECT(macio_state), "escc-legacy", 256);
    for (i = 0; i < ARRAY_SIZE(maps); i += 2) {
        MemoryRegion *port = g_new(MemoryRegion, 1);
-        memory_region_init_alias(port, NULL, "escc-legacy-port",
+        memory_region_init_alias(port, OBJECT(macio_state), "escc-legacy-port",
                                 macio_state->escc_mem, maps[i+1], 0x2);
        memory_region_add_subregion(escc_legacy, maps[i], port);
    }
@ -330,7 +330,7 @@ static void macio_instance_init(Object *obj)
    MacIOState *s = MACIO(obj);
    MemoryRegion *dbdma_mem;

-    memory_region_init(&s->bar, NULL, "macio", 0x80000);
+    memory_region_init(&s->bar, obj, "macio", 0x80000);

    object_initialize(&s->cuda, sizeof(s->cuda), TYPE_CUDA);
    qdev_set_parent_bus(DEVICE(&s->cuda), sysbus_get_default());
--- a/hw/pcmcia/pxa2xx.c
+++ b/hw/pcmcia/pxa2xx.c
@ -163,7 +163,7 @@ static void pxa2xx_pcmcia_initfn(Object *obj)
    sysbus_init_mmio(sbd, &s->container_mem);

    /* Socket I/O Memory Space */
-    memory_region_init_io(&s->iomem, NULL, &pxa2xx_pcmcia_io_ops, s,
+    memory_region_init_io(&s->iomem, obj, &pxa2xx_pcmcia_io_ops, s,
                          "pxa2xx-pcmcia-io", 0x04000000);
    memory_region_add_subregion(&s->container_mem, 0x00000000,
                                &s->iomem);
@ -171,13 +171,13 @@ static void pxa2xx_pcmcia_initfn(Object *obj)
    /* Then next 64 MB is reserved */

    /* Socket Attribute Memory Space */
-    memory_region_init_io(&s->attr_iomem, NULL, &pxa2xx_pcmcia_attr_ops, s,
+    memory_region_init_io(&s->attr_iomem, obj, &pxa2xx_pcmcia_attr_ops, s,
                          "pxa2xx-pcmcia-attribute", 0x04000000);
    memory_region_add_subregion(&s->container_mem, 0x08000000,
                                &s->attr_iomem);

    /* Socket Common Memory Space */
-    memory_region_init_io(&s->common_iomem, NULL, &pxa2xx_pcmcia_common_ops, s,
+    memory_region_init_io(&s->common_iomem, obj, &pxa2xx_pcmcia_common_ops, s,
                          "pxa2xx-pcmcia-common", 0x04000000);
    memory_region_add_subregion(&s->container_mem, 0x0c000000,
                                &s->common_iomem);