QOM reference counting is not designed with an infinite amount of references in mind, trying to take a reference in a loop will overflow the integer. We will then eventually assert when dereferencing, but the real problem is in object_ref so let's assert there to make such issues cleaner and easier to debug.
Some micro-benchmarking shows using fetch and add this is essentially free on x86. Signed-off-by: Michael S. Tsirkin <[email protected]> --- qom/object.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/qom/object.c b/qom/object.c index 4f0677cca9..5db3974f04 100644 --- a/qom/object.c +++ b/qom/object.c @@ -1167,10 +1167,14 @@ GSList *object_class_get_list_sorted(const char *implements_type, Object *object_ref(void *objptr) { Object *obj = OBJECT(objptr); + uint32_t ref; + if (!obj) { return NULL; } - qatomic_inc(&obj->ref); + ref = qatomic_fetch_inc(&obj->ref); + /* Assert waaay before the integer overflows */ + g_assert(ref < INT_MAX); return obj; } -- MST
