All of lore.kernel.org
 help / color / mirror / Atom feed
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: Paolo Bonzini <pbonzini@redhat.com>, Fam Zheng <famz@redhat.com>,
	Eric Blake <eblake@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Hu Tao <hutao@cn.fujitsu.com>,
	Markus Armbruster <armbru@redhat.com>,
	qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>,
	Luiz Capitulino <lcapitulino@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] qapi: Fix crash with enum dealloc when kind is invalid
Date: Thu, 11 Sep 2014 18:02:03 -0500	[thread overview]
Message-ID: <20140911230203.32021.16247@loki> (raw)
In-Reply-To: <5411B34E.2080202@redhat.com>

Quoting Paolo Bonzini (2014-09-11 09:35:58)
> Il 11/09/2014 16:26, Michael Roth ha scritto:
> > Also, the .kind field of a QAPI Union type is something we generate for use
> > by the generated visitor code. In the case of an unspecified discriminator
> > we generated the enum type for that field internally. In the case where it's
> > specified, we use an existing enum instead...
> > 
> > But nothing stops us from generating a new "shadow" enum in this case as well,
> > with the indexes/integer values of the corresponding strings shifted by one so
> > we can reserve the 0 index for _INVALID. I think we can reasonably expect that
> > nothing outside the generated code makes use of those integer values in this
> > special case, and don't have to change all enum types to make that work.
> 
> But how would users fill in structs if you have to use a different enum?

Argh, of course, we do still make direct use of these going in the other
direction. Those users would need to use the "shadow" enum values to make
it work, which is probably way too messy.

> 
> What about making adding visit_start_union/visit_end_union?
> visit_start_union can return false if the visit of the union has to be
> skipped.
> 
> The dealloc visitor can skip it if the data field is NULL; everything
> else can just use a default implementation which always returns true.

I forgot we had a void *data there as well. So we're basically relying
on .data != NULL implying that .kind has been properly initialized,
rather than needing to encode anything into .kind... nice.

I can imagine a case where we allocate memory for a set of union fields
(so .data != NULL) and then leave .kind uninitialized, which can still
lead to segfaults due to improper casts in the dealloc visitor, but I
don't really see a way around that. Even if we reserve .kind == 0 for
this purpose, it's still up to the user or visitor implementation to
0-initialize everything (though that's a bit easier to enforce).

So this seems like a good approach. I've ahead and hacked something up
which I'll send out shortly.

> 
> Paolo

  reply	other threads:[~2014-09-11 23:02 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-10 12:30 [Qemu-devel] [PATCH] qapi: Fix crash with enum dealloc when kind is invalid Fam Zheng
2014-09-10 13:01 ` Paolo Bonzini
2014-09-10 15:02   ` Fam Zheng
2014-09-10 15:32     ` Paolo Bonzini
2014-09-11  0:53       ` Fam Zheng
2014-09-11  4:17         ` Eric Blake
2014-09-11  4:38           ` Fam Zheng
2014-09-11 14:26             ` Michael Roth
2014-09-11 14:35               ` Paolo Bonzini
2014-09-11 23:02                 ` Michael Roth [this message]
2014-09-11  1:01 ` Michael Roth
2014-09-11  1:02 ` [Qemu-devel] [PATCH] tests: add QMP input visitor test for unions with no discriminator Michael Roth
2014-09-11  4:19   ` Eric Blake

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140911230203.32021.16247@loki \
    --to=mdroth@linux.vnet.ibm.com \
    --cc=armbru@redhat.com \
    --cc=eblake@redhat.com \
    --cc=famz@redhat.com \
    --cc=hutao@cn.fujitsu.com \
    --cc=kwolf@redhat.com \
    --cc=lcapitulino@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.