When aliasing a clock with the qdev_alias_clock() function, a new link property is created on the device aliasing the clock. The link points to the aliased clock and use the OBJ_PROP_LINK_STRONG flag. This property is read only since it does not provide a check callback for modifications. The object_property_add_link() documentation stats that with OBJ_PROP_LINK_STRONG properties, the linked object reference count get decremented when the property is deleted. But it is _not_ incremented on creation (object_property_add_link() does not actually know the link). This commit increments the reference count on the aliased clock to ensure the aliased clock stays alive during the property lifetime, and to avoid a double-free memory error when the property gets deleted. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Luc Michel <luc@lmichel.fr> Message-Id: <20201020091024.320381-1-luc@lmichel.fr> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
		
			
				
	
	
		
			211 lines
		
	
	
		
			5.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			211 lines
		
	
	
		
			5.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Device's clock input and output
 | |
|  *
 | |
|  * Copyright GreenSocs 2016-2020
 | |
|  *
 | |
|  * Authors:
 | |
|  *  Frederic Konrad
 | |
|  *  Damien Hedde
 | |
|  *
 | |
|  * This work is licensed under the terms of the GNU GPL, version 2 or later.
 | |
|  * See the COPYING file in the top-level directory.
 | |
|  */
 | |
| 
 | |
| #include "qemu/osdep.h"
 | |
| #include "qemu/error-report.h"
 | |
| #include "hw/qdev-clock.h"
 | |
| #include "hw/qdev-core.h"
 | |
| #include "qapi/error.h"
 | |
| 
 | |
| /*
 | |
|  * qdev_init_clocklist:
 | |
|  * Add a new clock in a device
 | |
|  */
 | |
| static NamedClockList *qdev_init_clocklist(DeviceState *dev, const char *name,
 | |
|                                            bool output, Clock *clk)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     /*
 | |
|      * Clock must be added before realize() so that we can compute the
 | |
|      * clock's canonical path during device_realize().
 | |
|      */
 | |
|     assert(!dev->realized);
 | |
| 
 | |
|     /*
 | |
|      * The ncl structure is freed by qdev_finalize_clocklist() which will
 | |
|      * be called during @dev's device_finalize().
 | |
|      */
 | |
|     ncl = g_new0(NamedClockList, 1);
 | |
|     ncl->name = g_strdup(name);
 | |
|     ncl->output = output;
 | |
|     ncl->alias = (clk != NULL);
 | |
| 
 | |
|     /*
 | |
|      * Trying to create a clock whose name clashes with some other
 | |
|      * clock or property is a bug in the caller and we will abort().
 | |
|      */
 | |
|     if (clk == NULL) {
 | |
|         clk = CLOCK(object_new(TYPE_CLOCK));
 | |
|         object_property_add_child(OBJECT(dev), name, OBJECT(clk));
 | |
|         if (output) {
 | |
|             /*
 | |
|              * Remove object_new()'s initial reference.
 | |
|              * Note that for inputs, the reference created by object_new()
 | |
|              * will be deleted in qdev_finalize_clocklist().
 | |
|              */
 | |
|             object_unref(OBJECT(clk));
 | |
|         }
 | |
|     } else {
 | |
|         object_property_add_link(OBJECT(dev), name,
 | |
|                                  object_get_typename(OBJECT(clk)),
 | |
|                                  (Object **) &ncl->clock,
 | |
|                                  NULL, OBJ_PROP_LINK_STRONG);
 | |
|         /*
 | |
|          * Since the link property has the OBJ_PROP_LINK_STRONG flag, the clk
 | |
|          * object reference count gets decremented on property deletion.
 | |
|          * However object_property_add_link does not increment it since it
 | |
|          * doesn't know the linked object. Increment it here to ensure the
 | |
|          * aliased clock stays alive during this device life-time.
 | |
|          */
 | |
|         object_ref(OBJECT(clk));
 | |
|     }
 | |
| 
 | |
|     ncl->clock = clk;
 | |
| 
 | |
|     QLIST_INSERT_HEAD(&dev->clocks, ncl, node);
 | |
|     return ncl;
 | |
| }
 | |
| 
 | |
| void qdev_finalize_clocklist(DeviceState *dev)
 | |
| {
 | |
|     /* called by @dev's device_finalize() */
 | |
|     NamedClockList *ncl, *ncl_next;
 | |
| 
 | |
|     QLIST_FOREACH_SAFE(ncl, &dev->clocks, node, ncl_next) {
 | |
|         QLIST_REMOVE(ncl, node);
 | |
|         if (!ncl->output && !ncl->alias) {
 | |
|             /*
 | |
|              * We kept a reference on the input clock to ensure it lives up to
 | |
|              * this point so we can safely remove the callback.
 | |
|              * It avoids having a callback to a deleted object if ncl->clock
 | |
|              * is still referenced somewhere else (eg: by a clock output).
 | |
|              */
 | |
|             clock_clear_callback(ncl->clock);
 | |
|             object_unref(OBJECT(ncl->clock));
 | |
|         }
 | |
|         g_free(ncl->name);
 | |
|         g_free(ncl);
 | |
|     }
 | |
| }
 | |
| 
 | |
| Clock *qdev_init_clock_out(DeviceState *dev, const char *name)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     assert(name);
 | |
| 
 | |
|     ncl = qdev_init_clocklist(dev, name, true, NULL);
 | |
| 
 | |
|     return ncl->clock;
 | |
| }
 | |
| 
 | |
| Clock *qdev_init_clock_in(DeviceState *dev, const char *name,
 | |
|                             ClockCallback *callback, void *opaque)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     assert(name);
 | |
| 
 | |
|     ncl = qdev_init_clocklist(dev, name, false, NULL);
 | |
| 
 | |
|     if (callback) {
 | |
|         clock_set_callback(ncl->clock, callback, opaque);
 | |
|     }
 | |
|     return ncl->clock;
 | |
| }
 | |
| 
 | |
| void qdev_init_clocks(DeviceState *dev, const ClockPortInitArray clocks)
 | |
| {
 | |
|     const struct ClockPortInitElem *elem;
 | |
| 
 | |
|     for (elem = &clocks[0]; elem->name != NULL; elem++) {
 | |
|         Clock **clkp;
 | |
|         /* offset cannot be inside the DeviceState part */
 | |
|         assert(elem->offset > sizeof(DeviceState));
 | |
|         clkp = (Clock **)(((void *) dev) + elem->offset);
 | |
|         if (elem->is_output) {
 | |
|             *clkp = qdev_init_clock_out(dev, elem->name);
 | |
|         } else {
 | |
|             *clkp = qdev_init_clock_in(dev, elem->name, elem->callback, dev);
 | |
|         }
 | |
|     }
 | |
| }
 | |
| 
 | |
| static NamedClockList *qdev_get_clocklist(DeviceState *dev, const char *name)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     QLIST_FOREACH(ncl, &dev->clocks, node) {
 | |
|         if (strcmp(name, ncl->name) == 0) {
 | |
|             return ncl;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     return NULL;
 | |
| }
 | |
| 
 | |
| Clock *qdev_get_clock_in(DeviceState *dev, const char *name)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     assert(name);
 | |
| 
 | |
|     ncl = qdev_get_clocklist(dev, name);
 | |
|     if (!ncl) {
 | |
|         error_report("Can not find clock-in '%s' for device type '%s'",
 | |
|                      name, object_get_typename(OBJECT(dev)));
 | |
|         abort();
 | |
|     }
 | |
|     assert(!ncl->output);
 | |
| 
 | |
|     return ncl->clock;
 | |
| }
 | |
| 
 | |
| Clock *qdev_get_clock_out(DeviceState *dev, const char *name)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     assert(name);
 | |
| 
 | |
|     ncl = qdev_get_clocklist(dev, name);
 | |
|     if (!ncl) {
 | |
|         error_report("Can not find clock-out '%s' for device type '%s'",
 | |
|                      name, object_get_typename(OBJECT(dev)));
 | |
|         abort();
 | |
|     }
 | |
|     assert(ncl->output);
 | |
| 
 | |
|     return ncl->clock;
 | |
| }
 | |
| 
 | |
| Clock *qdev_alias_clock(DeviceState *dev, const char *name,
 | |
|                         DeviceState *alias_dev, const char *alias_name)
 | |
| {
 | |
|     NamedClockList *ncl;
 | |
| 
 | |
|     assert(name && alias_name);
 | |
| 
 | |
|     ncl = qdev_get_clocklist(dev, name);
 | |
| 
 | |
|     qdev_init_clocklist(alias_dev, alias_name, ncl->output, ncl->clock);
 | |
| 
 | |
|     return ncl->clock;
 | |
| }
 | |
| 
 | |
| void qdev_connect_clock_in(DeviceState *dev, const char *name, Clock *source)
 | |
| {
 | |
|     assert(!dev->realized);
 | |
|     clock_set_source(qdev_get_clock_in(dev, name), source);
 | |
| }
 |