From: Igor Mammedov <[email protected]> object_new() returns a new backend with refcount == 1 and then later object_property_add_child() increases refcount to 2 So when ivshmem is destroyed, the backend it has created isn't destroyed along with it as children cleanup will bring backend's refcount only to 1, which leaks backend including resources it is using.
Drop the original reference from object_new() once backend is attached to its parent. Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]> Fixes: 5503e285041979dd29698ecb41729b3b22622e8d Signed-off-by: Paolo Bonzini <[email protected]> --- hw/misc/ivshmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index f88910e..ecfd10a 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -1279,6 +1279,7 @@ static void desugar_shm(IVShmemState *s) object_property_set_bool(obj, true, "share", &error_abort); object_property_add_child(OBJECT(s), "internal-shm-backend", obj, &error_abort); + object_unref(obj); user_creatable_complete(obj, &error_abort); s->hostmem = MEMORY_BACKEND(obj); } -- 1.8.3.1
