[Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Philippe Mathieu-Daudé]

Hi,

This series convert the chardev::qemu_chr_write() to take unsigned
length argument. To do so I went through all caller and checked if
there are no negative value possible.

I'm having headaches with the Xen backend, talking with Marc-André
he suggested I ask help to the Xen maintainers.

Since the series is becoming quite big, I splitted it:
- part 1: convert qemu_chr_write()
- part 2: convert IOReadHandler

part 1 can be reviewed and merged without part 2.

The git diffstat is not huge, but there are various chardev subsystems
so many maintainers to ask for Ack.

v2: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02200.html
    (from Prasad J Pandit)
Changes requested by Paolo:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html

Please review,

Phil.

Philippe Mathieu-Daudé (25):
  chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc
  chardev: Assert IOCanReadHandler can not be negative
  chardev/wctablet: Use unsigned type to hold unsigned value
  chardev: Let qemu_chr_be_can_write() return a size_t types
  gdbstub: Use size_t for strlen() return value
  gdbstub: Use size_t to hold GDBState::last_packet_len
  gdbstub: Let put_buffer() use size_t
  ui/gtk: Remove pointless cast
  vhost-user: Express sizeof with size_t
  usb-redir: Verify usbredirparser_write get called with positive count
  xen: Let xencons_send() take a 'size' argument
  xen: Let buffer_append() return the size consumed
  RFC xen: Let buffer_append() return a size_t
  virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t
  spapr-vty: Let vty_putchars() use size_t
  tpm: Use size_t to hold sizes
  net/filter-mirror: Use size_t
  s390x/3270: Let insert_IAC_escape_char() use size_t
  s390/ebcdic: Use size_t to iterate over arrays
  s390x/sclp: Use a const variable to improve readability
  s390x/sclp: Use size_t in process_mdb()
  s390x/sclp: Let write_console_data() take a size_t
  hw/ipmi: Assert outlen > outpos
  chardev: Let qemu_chr_fe_write[_all] use size_t type argument
  chardev: Let qemu_chr_write[_all] use size_t

 chardev/baum.c                    |  6 +++---
 chardev/char-fd.c                 |  6 +++---
 chardev/char-fe.c                 |  4 ++--
 chardev/char-io.c                 |  6 +++---
 chardev/char-mux.c                |  3 ++-
 chardev/char-pty.c                |  8 ++++----
 chardev/char-socket.c             | 13 +++++++------
 chardev/char-udp.c                |  8 ++++----
 chardev/char-win.c                |  2 +-
 chardev/char.c                    | 15 +++++++++------
 chardev/msmouse.c                 |  4 ++--
 chardev/spice.c                   |  2 +-
 chardev/trace-events              |  2 +-
 chardev/wctablet.c                |  9 +++++----
 gdbstub.c                         |  8 ++++----
 hw/bt/hci-csr.c                   |  2 +-
 hw/char/sclpconsole-lm.c          | 12 +++++++-----
 hw/char/spapr_vty.c               |  2 +-
 hw/char/terminal3270.c            |  7 ++++---
 hw/char/virtio-console.c          |  2 +-
 hw/char/xen_console.c             | 24 +++++++++++++++---------
 hw/ipmi/ipmi_bmc_extern.c         |  3 ++-
 hw/tpm/tpm_emulator.c             |  7 ++++---
 hw/usb/redirect.c                 |  6 +++++-
 hw/virtio/vhost-user.c            | 14 ++++++++------
 include/chardev/char-fd.h         |  2 +-
 include/chardev/char-fe.h         |  4 ++--
 include/chardev/char-io.h         |  2 +-
 include/chardev/char.h            |  4 ++--
 include/hw/ppc/spapr_vio.h        |  2 +-
 include/hw/s390x/ebcdic.h         |  8 ++++----
 include/hw/virtio/virtio-serial.h |  2 +-
 include/sysemu/replay.h           |  2 +-
 net/filter-mirror.c               |  2 +-
 replay/replay-char.c              |  2 +-
 stubs/replay.c                    |  2 +-
 ui/console.c                      |  6 +++---
 ui/gtk.c                          |  2 +-
 38 files changed, 119 insertions(+), 96 deletions(-)

-- 
2.20.1

[PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Philippe Mathieu-Daudé]

Hi,

This series convert the chardev::qemu_chr_write() to take unsigned
length argument. To do so I went through all caller and checked if
there are no negative value possible.

I'm having headaches with the Xen backend, talking with Marc-André
he suggested I ask help to the Xen maintainers.

Since the series is becoming quite big, I splitted it:
- part 1: convert qemu_chr_write()
- part 2: convert IOReadHandler

part 1 can be reviewed and merged without part 2.

The git diffstat is not huge, but there are various chardev subsystems
so many maintainers to ask for Ack.

v2: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02200.html
    (from Prasad J Pandit)
Changes requested by Paolo:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html

Please review,

Phil.

Philippe Mathieu-Daudé (25):
  chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc
  chardev: Assert IOCanReadHandler can not be negative
  chardev/wctablet: Use unsigned type to hold unsigned value
  chardev: Let qemu_chr_be_can_write() return a size_t types
  gdbstub: Use size_t for strlen() return value
  gdbstub: Use size_t to hold GDBState::last_packet_len
  gdbstub: Let put_buffer() use size_t
  ui/gtk: Remove pointless cast
  vhost-user: Express sizeof with size_t
  usb-redir: Verify usbredirparser_write get called with positive count
  xen: Let xencons_send() take a 'size' argument
  xen: Let buffer_append() return the size consumed
  RFC xen: Let buffer_append() return a size_t
  virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t
  spapr-vty: Let vty_putchars() use size_t
  tpm: Use size_t to hold sizes
  net/filter-mirror: Use size_t
  s390x/3270: Let insert_IAC_escape_char() use size_t
  s390/ebcdic: Use size_t to iterate over arrays
  s390x/sclp: Use a const variable to improve readability
  s390x/sclp: Use size_t in process_mdb()
  s390x/sclp: Let write_console_data() take a size_t
  hw/ipmi: Assert outlen > outpos
  chardev: Let qemu_chr_fe_write[_all] use size_t type argument
  chardev: Let qemu_chr_write[_all] use size_t

 chardev/baum.c                    |  6 +++---
 chardev/char-fd.c                 |  6 +++---
 chardev/char-fe.c                 |  4 ++--
 chardev/char-io.c                 |  6 +++---
 chardev/char-mux.c                |  3 ++-
 chardev/char-pty.c                |  8 ++++----
 chardev/char-socket.c             | 13 +++++++------
 chardev/char-udp.c                |  8 ++++----
 chardev/char-win.c                |  2 +-
 chardev/char.c                    | 15 +++++++++------
 chardev/msmouse.c                 |  4 ++--
 chardev/spice.c                   |  2 +-
 chardev/trace-events              |  2 +-
 chardev/wctablet.c                |  9 +++++----
 gdbstub.c                         |  8 ++++----
 hw/bt/hci-csr.c                   |  2 +-
 hw/char/sclpconsole-lm.c          | 12 +++++++-----
 hw/char/spapr_vty.c               |  2 +-
 hw/char/terminal3270.c            |  7 ++++---
 hw/char/virtio-console.c          |  2 +-
 hw/char/xen_console.c             | 24 +++++++++++++++---------
 hw/ipmi/ipmi_bmc_extern.c         |  3 ++-
 hw/tpm/tpm_emulator.c             |  7 ++++---
 hw/usb/redirect.c                 |  6 +++++-
 hw/virtio/vhost-user.c            | 14 ++++++++------
 include/chardev/char-fd.h         |  2 +-
 include/chardev/char-fe.h         |  4 ++--
 include/chardev/char-io.h         |  2 +-
 include/chardev/char.h            |  4 ++--
 include/hw/ppc/spapr_vio.h        |  2 +-
 include/hw/s390x/ebcdic.h         |  8 ++++----
 include/hw/virtio/virtio-serial.h |  2 +-
 include/sysemu/replay.h           |  2 +-
 net/filter-mirror.c               |  2 +-
 replay/replay-char.c              |  2 +-
 stubs/replay.c                    |  2 +-
 ui/console.c                      |  6 +++---
 ui/gtk.c                          |  2 +-
 38 files changed, 119 insertions(+), 96 deletions(-)

-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 01/25] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc

[Philippe Mathieu-Daudé]

IOWatchPoll::fd_can_read() really is a GSourceFunc type, it simply
returns a boolean value.
Update the backends to return a boolean, whether there is data to
read from the source or not.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char-fd.c         | 4 ++--
 chardev/char-io.c         | 6 +++---
 chardev/char-pty.c        | 4 ++--
 chardev/char-socket.c     | 6 +++---
 chardev/char-udp.c        | 4 ++--
 include/chardev/char-io.h | 2 +-
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/chardev/char-fd.c b/chardev/char-fd.c
index 2c9b2ce567..2421d8e216 100644
--- a/chardev/char-fd.c
+++ b/chardev/char-fd.c
@@ -69,13 +69,13 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
     return TRUE;
 }
 
-static int fd_chr_read_poll(void *opaque)
+static gboolean fd_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     FDChardev *s = FD_CHARDEV(opaque);
 
     s->max_size = qemu_chr_be_can_write(chr);
-    return s->max_size;
+    return s->max_size > 0;
 }
 
 static GSource *fd_chr_add_watch(Chardev *chr, GIOCondition cond)
diff --git a/chardev/char-io.c b/chardev/char-io.c
index 8ced184160..2c1c69098e 100644
--- a/chardev/char-io.c
+++ b/chardev/char-io.c
@@ -30,7 +30,7 @@ typedef struct IOWatchPoll {
     QIOChannel *ioc;
     GSource *src;
 
-    IOCanReadHandler *fd_can_read;
+    GSourceFunc fd_can_read;
     GSourceFunc fd_read;
     void *opaque;
 } IOWatchPoll;
@@ -44,7 +44,7 @@ static gboolean io_watch_poll_prepare(GSource *source,
                                       gint *timeout)
 {
     IOWatchPoll *iwp = io_watch_poll_from_source(source);
-    bool now_active = iwp->fd_can_read(iwp->opaque) > 0;
+    bool now_active = iwp->fd_can_read(iwp->opaque);
     bool was_active = iwp->src != NULL;
     if (was_active == now_active) {
         return FALSE;
@@ -76,7 +76,7 @@ static GSourceFuncs io_watch_poll_funcs = {
 
 GSource *io_add_watch_poll(Chardev *chr,
                         QIOChannel *ioc,
-                        IOCanReadHandler *fd_can_read,
+                        GSourceFunc fd_can_read,
                         QIOChannelFunc fd_read,
                         gpointer user_data,
                         GMainContext *context)
diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index b034332edd..7777f6ddef 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -119,13 +119,13 @@ static GSource *pty_chr_add_watch(Chardev *chr, GIOCondition cond)
     return qio_channel_create_watch(s->ioc, cond);
 }
 
-static int pty_chr_read_poll(void *opaque)
+static gboolean pty_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     PtyChardev *s = PTY_CHARDEV(opaque);
 
     s->read_bytes = qemu_chr_be_can_write(chr);
-    return s->read_bytes;
+    return s->read_bytes > 0;
 }
 
 static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 4fcdd8aedd..262a59b64f 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -147,7 +147,7 @@ static void tcp_chr_accept(QIONetListener *listener,
                            QIOChannelSocket *cioc,
                            void *opaque);
 
-static int tcp_chr_read_poll(void *opaque);
+static gboolean tcp_chr_read_poll(void *opaque);
 static void tcp_chr_disconnect(Chardev *chr);
 
 /* Called with chr_write_lock held.  */
@@ -184,7 +184,7 @@ static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len)
     }
 }
 
-static int tcp_chr_read_poll(void *opaque)
+static gboolean tcp_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     SocketChardev *s = SOCKET_CHARDEV(opaque);
@@ -192,7 +192,7 @@ static int tcp_chr_read_poll(void *opaque)
         return 0;
     }
     s->max_size = qemu_chr_be_can_write(chr);
-    return s->max_size;
+    return s->max_size > 0;
 }
 
 static void tcp_chr_process_IAC_bytes(Chardev *chr,
diff --git a/chardev/char-udp.c b/chardev/char-udp.c
index 097a2f0f42..b6e399e983 100644
--- a/chardev/char-udp.c
+++ b/chardev/char-udp.c
@@ -65,7 +65,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
     }
 }
 
-static int udp_chr_read_poll(void *opaque)
+static gboolean udp_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     UdpChardev *s = UDP_CHARDEV(opaque);
@@ -77,7 +77,7 @@ static int udp_chr_read_poll(void *opaque)
      */
     udp_chr_flush_buffer(s);
 
-    return s->max_size;
+    return s->max_size > 0;
 }
 
 static gboolean udp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
diff --git a/include/chardev/char-io.h b/include/chardev/char-io.h
index 9638da5100..a173874538 100644
--- a/include/chardev/char-io.h
+++ b/include/chardev/char-io.h
@@ -31,7 +31,7 @@
 /* Can only be used for read */
 GSource *io_add_watch_poll(Chardev *chr,
                         QIOChannel *ioc,
-                        IOCanReadHandler *fd_can_read,
+                        GSourceFunc fd_can_read,
                         QIOChannelFunc fd_read,
                         gpointer user_data,
                         GMainContext *context);
-- 
2.20.1

[PATCH v3 01/25] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc

[Philippe Mathieu-Daudé]

IOWatchPoll::fd_can_read() really is a GSourceFunc type, it simply
returns a boolean value.
Update the backends to return a boolean, whether there is data to
read from the source or not.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char-fd.c         | 4 ++--
 chardev/char-io.c         | 6 +++---
 chardev/char-pty.c        | 4 ++--
 chardev/char-socket.c     | 6 +++---
 chardev/char-udp.c        | 4 ++--
 include/chardev/char-io.h | 2 +-
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/chardev/char-fd.c b/chardev/char-fd.c
index 2c9b2ce567..2421d8e216 100644
--- a/chardev/char-fd.c
+++ b/chardev/char-fd.c
@@ -69,13 +69,13 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
     return TRUE;
 }
 
-static int fd_chr_read_poll(void *opaque)
+static gboolean fd_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     FDChardev *s = FD_CHARDEV(opaque);
 
     s->max_size = qemu_chr_be_can_write(chr);
-    return s->max_size;
+    return s->max_size > 0;
 }
 
 static GSource *fd_chr_add_watch(Chardev *chr, GIOCondition cond)
diff --git a/chardev/char-io.c b/chardev/char-io.c
index 8ced184160..2c1c69098e 100644
--- a/chardev/char-io.c
+++ b/chardev/char-io.c
@@ -30,7 +30,7 @@ typedef struct IOWatchPoll {
     QIOChannel *ioc;
     GSource *src;
 
-    IOCanReadHandler *fd_can_read;
+    GSourceFunc fd_can_read;
     GSourceFunc fd_read;
     void *opaque;
 } IOWatchPoll;
@@ -44,7 +44,7 @@ static gboolean io_watch_poll_prepare(GSource *source,
                                       gint *timeout)
 {
     IOWatchPoll *iwp = io_watch_poll_from_source(source);
-    bool now_active = iwp->fd_can_read(iwp->opaque) > 0;
+    bool now_active = iwp->fd_can_read(iwp->opaque);
     bool was_active = iwp->src != NULL;
     if (was_active == now_active) {
         return FALSE;
@@ -76,7 +76,7 @@ static GSourceFuncs io_watch_poll_funcs = {
 
 GSource *io_add_watch_poll(Chardev *chr,
                         QIOChannel *ioc,
-                        IOCanReadHandler *fd_can_read,
+                        GSourceFunc fd_can_read,
                         QIOChannelFunc fd_read,
                         gpointer user_data,
                         GMainContext *context)
diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index b034332edd..7777f6ddef 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -119,13 +119,13 @@ static GSource *pty_chr_add_watch(Chardev *chr, GIOCondition cond)
     return qio_channel_create_watch(s->ioc, cond);
 }
 
-static int pty_chr_read_poll(void *opaque)
+static gboolean pty_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     PtyChardev *s = PTY_CHARDEV(opaque);
 
     s->read_bytes = qemu_chr_be_can_write(chr);
-    return s->read_bytes;
+    return s->read_bytes > 0;
 }
 
 static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 4fcdd8aedd..262a59b64f 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -147,7 +147,7 @@ static void tcp_chr_accept(QIONetListener *listener,
                            QIOChannelSocket *cioc,
                            void *opaque);
 
-static int tcp_chr_read_poll(void *opaque);
+static gboolean tcp_chr_read_poll(void *opaque);
 static void tcp_chr_disconnect(Chardev *chr);
 
 /* Called with chr_write_lock held.  */
@@ -184,7 +184,7 @@ static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len)
     }
 }
 
-static int tcp_chr_read_poll(void *opaque)
+static gboolean tcp_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     SocketChardev *s = SOCKET_CHARDEV(opaque);
@@ -192,7 +192,7 @@ static int tcp_chr_read_poll(void *opaque)
         return 0;
     }
     s->max_size = qemu_chr_be_can_write(chr);
-    return s->max_size;
+    return s->max_size > 0;
 }
 
 static void tcp_chr_process_IAC_bytes(Chardev *chr,
diff --git a/chardev/char-udp.c b/chardev/char-udp.c
index 097a2f0f42..b6e399e983 100644
--- a/chardev/char-udp.c
+++ b/chardev/char-udp.c
@@ -65,7 +65,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
     }
 }
 
-static int udp_chr_read_poll(void *opaque)
+static gboolean udp_chr_read_poll(void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     UdpChardev *s = UDP_CHARDEV(opaque);
@@ -77,7 +77,7 @@ static int udp_chr_read_poll(void *opaque)
      */
     udp_chr_flush_buffer(s);
 
-    return s->max_size;
+    return s->max_size > 0;
 }
 
 static gboolean udp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
diff --git a/include/chardev/char-io.h b/include/chardev/char-io.h
index 9638da5100..a173874538 100644
--- a/include/chardev/char-io.h
+++ b/include/chardev/char-io.h
@@ -31,7 +31,7 @@
 /* Can only be used for read */
 GSource *io_add_watch_poll(Chardev *chr,
                         QIOChannel *ioc,
-                        IOCanReadHandler *fd_can_read,
+                        GSourceFunc fd_can_read,
                         QIOChannelFunc fd_read,
                         gpointer user_data,
                         GMainContext *context);
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Philippe Mathieu-Daudé]

The backend should not return a negative length to read.
We will later change the prototype of IOCanReadHandler to return an
unsigned length. Meanwhile make sure the return length is positive.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/chardev/char.c b/chardev/char.c
index f6d61fa5f8..71ecd32b25 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
 int qemu_chr_be_can_write(Chardev *s)
 {
     CharBackend *be = s->be;
+    int receivable_bytes;
 
     if (!be || !be->chr_can_read) {
         return 0;
     }
 
-    return be->chr_can_read(be->opaque);
+    receivable_bytes = be->chr_can_read(be->opaque);
+    assert(receivable_bytes >= 0);
+    return receivable_bytes;
 }
 
 void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
-- 
2.20.1

[PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Philippe Mathieu-Daudé]

The backend should not return a negative length to read.
We will later change the prototype of IOCanReadHandler to return an
unsigned length. Meanwhile make sure the return length is positive.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/chardev/char.c b/chardev/char.c
index f6d61fa5f8..71ecd32b25 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
 int qemu_chr_be_can_write(Chardev *s)
 {
     CharBackend *be = s->be;
+    int receivable_bytes;
 
     if (!be || !be->chr_can_read) {
         return 0;
     }
 
-    return be->chr_can_read(be->opaque);
+    receivable_bytes = be->chr_can_read(be->opaque);
+    assert(receivable_bytes >= 0);
+    return receivable_bytes;
 }
 
 void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value

[Philippe Mathieu-Daudé]

TabletChardev::query is an array of uint8_t.
Use the same type to hold it (this also silent a -Wsign-conversion
warning in the trace function).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/trace-events | 2 +-
 chardev/wctablet.c   | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/chardev/trace-events b/chardev/trace-events
index d0e5f3bbc1..562bfe70e9 100644
--- a/chardev/trace-events
+++ b/chardev/trace-events
@@ -5,7 +5,7 @@ wct_init(void) ""
 wct_cmd_re(void) ""
 wct_cmd_st(void) ""
 wct_cmd_sp(void) ""
-wct_cmd_ts(int input) "0x%02x"
+wct_cmd_ts(uint8_t input) "0x%02x"
 wct_cmd_other(const char *cmd) "%s"
 wct_speed(int speed) "%d"
 
diff --git a/chardev/wctablet.c b/chardev/wctablet.c
index 35dbd29a33..cf7a08a363 100644
--- a/chardev/wctablet.c
+++ b/chardev/wctablet.c
@@ -207,7 +207,8 @@ static int wctablet_chr_write(struct Chardev *chr,
                               const uint8_t *buf, int len)
 {
     TabletChardev *tablet = WCTABLET_CHARDEV(chr);
-    unsigned int i, clen;
+    size_t i;
+    unsigned int clen;
     char *pos;
 
     if (tablet->line_speed != 9600) {
@@ -269,7 +270,7 @@ static int wctablet_chr_write(struct Chardev *chr,
 
     } else if (strncmp((char *)tablet->query, "TS", 2) == 0 &&
                clen == 3) {
-        unsigned int input = tablet->query[2];
+        uint8_t input = tablet->query[2];
         uint8_t codes[7] = {
             0xa3,
             ((input & 0x80) == 0) ? 0x7e : 0x7f,
-- 
2.20.1

[PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value

[Philippe Mathieu-Daudé]

TabletChardev::query is an array of uint8_t.
Use the same type to hold it (this also silent a -Wsign-conversion
warning in the trace function).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/trace-events | 2 +-
 chardev/wctablet.c   | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/chardev/trace-events b/chardev/trace-events
index d0e5f3bbc1..562bfe70e9 100644
--- a/chardev/trace-events
+++ b/chardev/trace-events
@@ -5,7 +5,7 @@ wct_init(void) ""
 wct_cmd_re(void) ""
 wct_cmd_st(void) ""
 wct_cmd_sp(void) ""
-wct_cmd_ts(int input) "0x%02x"
+wct_cmd_ts(uint8_t input) "0x%02x"
 wct_cmd_other(const char *cmd) "%s"
 wct_speed(int speed) "%d"
 
diff --git a/chardev/wctablet.c b/chardev/wctablet.c
index 35dbd29a33..cf7a08a363 100644
--- a/chardev/wctablet.c
+++ b/chardev/wctablet.c
@@ -207,7 +207,8 @@ static int wctablet_chr_write(struct Chardev *chr,
                               const uint8_t *buf, int len)
 {
     TabletChardev *tablet = WCTABLET_CHARDEV(chr);
-    unsigned int i, clen;
+    size_t i;
+    unsigned int clen;
     char *pos;
 
     if (tablet->line_speed != 9600) {
@@ -269,7 +270,7 @@ static int wctablet_chr_write(struct Chardev *chr,
 
     } else if (strncmp((char *)tablet->query, "TS", 2) == 0 &&
                clen == 3) {
-        unsigned int input = tablet->query[2];
+        uint8_t input = tablet->query[2];
         uint8_t codes[7] = {
             0xa3,
             ((input & 0x80) == 0) ? 0x7e : 0x7f,
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Philippe Mathieu-Daudé]

In the previous commit we added an assert to be sure than
qemu_chr_be_can_write() will never return a negative value.
We can now change its prototype to return a size_t.
Adapt the backends accordingly.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/baum.c            | 6 +++---
 chardev/char-fd.c         | 2 +-
 chardev/char-pty.c        | 4 ++--
 chardev/char-socket.c     | 7 ++++---
 chardev/char-udp.c        | 4 ++--
 chardev/char-win.c        | 2 +-
 chardev/char.c            | 2 +-
 chardev/msmouse.c         | 4 ++--
 chardev/spice.c           | 2 +-
 chardev/wctablet.c        | 4 ++--
 hw/bt/hci-csr.c           | 2 +-
 include/chardev/char-fd.h | 2 +-
 include/chardev/char.h    | 2 +-
 ui/console.c              | 6 +++---
 14 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/chardev/baum.c b/chardev/baum.c
index 78b0c87625..1d69d62158 100644
--- a/chardev/baum.c
+++ b/chardev/baum.c
@@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
 static void baum_chr_accept_input(struct Chardev *chr)
 {
     BaumChardev *baum = BAUM_CHARDEV(chr);
-    int room, first;
+    size_t room, first;
 
     if (!baum->out_buf_used)
         return;
@@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
 {
     Chardev *chr = CHARDEV(baum);
     uint8_t io_buf[1 + 2 * len], *cur = io_buf;
-    int room;
+    size_t room;
     *cur++ = ESC;
     while (len--)
         if ((*cur++ = *buf++) == ESC)
@@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
         /* Fits */
         qemu_chr_be_write(chr, io_buf, len);
     } else {
-        int first;
+        size_t first;
         uint8_t out;
         /* Can't fit all, send what can be, and store the rest. */
         qemu_chr_be_write(chr, io_buf, room);
diff --git a/chardev/char-fd.c b/chardev/char-fd.c
index 2421d8e216..0fe2822869 100644
--- a/chardev/char-fd.c
+++ b/chardev/char-fd.c
@@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     FDChardev *s = FD_CHARDEV(opaque);
-    int len;
+    size_t len;
     uint8_t buf[CHR_READ_BUF_LEN];
     ssize_t ret;
 
diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index 7777f6ddef..eae25f043b 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -34,7 +34,7 @@
 typedef struct {
     Chardev parent;
     QIOChannel *ioc;
-    int read_bytes;
+    size_t read_bytes;
 
     int connected;
     GSource *timer_src;
@@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     PtyChardev *s = PTY_CHARDEV(opaque);
-    gsize len;
+    size_t len;
     uint8_t buf[CHR_READ_BUF_LEN];
     ssize_t ret;
 
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 262a59b64f..4010c343e0 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -60,7 +60,7 @@ typedef struct {
     GSource *hup_source;
     QCryptoTLSCreds *tls_creds;
     TCPChardevState state;
-    int max_size;
+    size_t max_size;
     int do_telnetopt;
     int do_nodelay;
     int *read_msgfds;
@@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
     Chardev *chr = CHARDEV(opaque);
     SocketChardev *s = SOCKET_CHARDEV(opaque);
     uint8_t buf[CHR_READ_BUF_LEN];
-    int len, size;
+    size_t len;
+    int size;
 
     if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
-        s->max_size <= 0) {
+        s->max_size == 0) {
         return TRUE;
     }
     len = sizeof(buf);
diff --git a/chardev/char-udp.c b/chardev/char-udp.c
index b6e399e983..d4f40626e4 100644
--- a/chardev/char-udp.c
+++ b/chardev/char-udp.c
@@ -39,7 +39,7 @@ typedef struct {
     uint8_t buf[CHR_READ_BUF_LEN];
     int bufcnt;
     int bufptr;
-    int max_size;
+    size_t max_size;
 } UdpChardev;
 
 #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
@@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
     Chardev *chr = CHARDEV(s);
 
     while (s->max_size > 0 && s->bufptr < s->bufcnt) {
-        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
+        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);
         qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
         s->bufptr += n;
         s->max_size = qemu_chr_be_can_write(chr);
diff --git a/chardev/char-win.c b/chardev/char-win.c
index 05518e0958..30361e8852 100644
--- a/chardev/char-win.c
+++ b/chardev/char-win.c
@@ -29,7 +29,7 @@
 static void win_chr_read(Chardev *chr, DWORD len)
 {
     WinChardev *s = WIN_CHARDEV(chr);
-    int max_size = qemu_chr_be_can_write(chr);
+    size_t max_size = qemu_chr_be_can_write(chr);
     int ret, err;
     uint8_t buf[CHR_READ_BUF_LEN];
     DWORD size;
diff --git a/chardev/char.c b/chardev/char.c
index 71ecd32b25..3149cd3ba9 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
     return offset;
 }
 
-int qemu_chr_be_can_write(Chardev *s)
+size_t qemu_chr_be_can_write(Chardev *s)
 {
     CharBackend *be = s->be;
     int receivable_bytes;
diff --git a/chardev/msmouse.c b/chardev/msmouse.c
index 0ffd137ce8..cdb6f86037 100644
--- a/chardev/msmouse.c
+++ b/chardev/msmouse.c
@@ -38,7 +38,7 @@ typedef struct {
     bool btns[INPUT_BUTTON__MAX];
     bool btnc[INPUT_BUTTON__MAX];
     uint8_t outbuf[32];
-    int outlen;
+    size_t outlen;
 } MouseChardev;
 
 #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
@@ -48,7 +48,7 @@ typedef struct {
 static void msmouse_chr_accept_input(Chardev *chr)
 {
     MouseChardev *mouse = MOUSE_CHARDEV(chr);
-    int len;
+    size_t len;
 
     len = qemu_chr_be_can_write(chr);
     if (len > mouse->outlen) {
diff --git a/chardev/spice.c b/chardev/spice.c
index 173c257949..ad180a8a13 100644
--- a/chardev/spice.c
+++ b/chardev/spice.c
@@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
     uint8_t* p = (uint8_t*)buf;
 
     while (len > 0) {
-        int can_write = qemu_chr_be_can_write(chr);
+        size_t can_write = qemu_chr_be_can_write(chr);
         last_out = MIN(len, can_write);
         if (last_out <= 0) {
             break;
diff --git a/chardev/wctablet.c b/chardev/wctablet.c
index cf7a08a363..daae570bc7 100644
--- a/chardev/wctablet.c
+++ b/chardev/wctablet.c
@@ -74,7 +74,7 @@ typedef struct {
 
     /* Command to be sent to serial port */
     uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
-    int outlen;
+    size_t outlen;
 
     int line_speed;
     bool send_events;
@@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
 static void wctablet_chr_accept_input(Chardev *chr)
 {
     TabletChardev *tablet = WCTABLET_CHARDEV(chr);
-    int len, canWrite;
+    size_t len, canWrite;
 
     canWrite = qemu_chr_be_can_write(chr);
     len = canWrite;
diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
index fa6660a113..e837a3fa1f 100644
--- a/hw/bt/hci-csr.c
+++ b/hw/bt/hci-csr.c
@@ -38,7 +38,7 @@ struct csrhci_s {
 #define FIFO_LEN	4096
     int out_start;
     int out_len;
-    int out_size;
+    size_t out_size;
     uint8_t outfifo[FIFO_LEN * 2];
     uint8_t inpkt[FIFO_LEN];
     enum {
diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
index e7c2b176f9..36c6b89cee 100644
--- a/include/chardev/char-fd.h
+++ b/include/chardev/char-fd.h
@@ -31,7 +31,7 @@ typedef struct FDChardev {
     Chardev parent;
 
     QIOChannel *ioc_in, *ioc_out;
-    int max_size;
+    size_t max_size;
 } FDChardev;
 
 #define TYPE_CHARDEV_FD "chardev-fd"
diff --git a/include/chardev/char.h b/include/chardev/char.h
index c0b57f7685..0341dd1ba2 100644
--- a/include/chardev/char.h
+++ b/include/chardev/char.h
@@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
  *
  * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
  */
-int qemu_chr_be_can_write(Chardev *s);
+size_t qemu_chr_be_can_write(Chardev *s);
 
 /**
  * qemu_chr_be_write:
diff --git a/ui/console.c b/ui/console.c
index 6d2282d3e9..42f04e2b37 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -61,8 +61,8 @@ enum TTYState {
 
 typedef struct QEMUFIFO {
     uint8_t *buf;
-    int buf_size;
-    int count, wptr, rptr;
+    size_t buf_size, count;
+    int wptr, rptr;
 } QEMUFIFO;
 
 static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
@@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
 static void kbd_send_chars(void *opaque)
 {
     QemuConsole *s = opaque;
-    int len;
+    size_t len;
     uint8_t buf[16];
 
     len = qemu_chr_be_can_write(s->chr);
-- 
2.20.1

[PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Philippe Mathieu-Daudé]

In the previous commit we added an assert to be sure than
qemu_chr_be_can_write() will never return a negative value.
We can now change its prototype to return a size_t.
Adapt the backends accordingly.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/baum.c            | 6 +++---
 chardev/char-fd.c         | 2 +-
 chardev/char-pty.c        | 4 ++--
 chardev/char-socket.c     | 7 ++++---
 chardev/char-udp.c        | 4 ++--
 chardev/char-win.c        | 2 +-
 chardev/char.c            | 2 +-
 chardev/msmouse.c         | 4 ++--
 chardev/spice.c           | 2 +-
 chardev/wctablet.c        | 4 ++--
 hw/bt/hci-csr.c           | 2 +-
 include/chardev/char-fd.h | 2 +-
 include/chardev/char.h    | 2 +-
 ui/console.c              | 6 +++---
 14 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/chardev/baum.c b/chardev/baum.c
index 78b0c87625..1d69d62158 100644
--- a/chardev/baum.c
+++ b/chardev/baum.c
@@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
 static void baum_chr_accept_input(struct Chardev *chr)
 {
     BaumChardev *baum = BAUM_CHARDEV(chr);
-    int room, first;
+    size_t room, first;
 
     if (!baum->out_buf_used)
         return;
@@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
 {
     Chardev *chr = CHARDEV(baum);
     uint8_t io_buf[1 + 2 * len], *cur = io_buf;
-    int room;
+    size_t room;
     *cur++ = ESC;
     while (len--)
         if ((*cur++ = *buf++) == ESC)
@@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
         /* Fits */
         qemu_chr_be_write(chr, io_buf, len);
     } else {
-        int first;
+        size_t first;
         uint8_t out;
         /* Can't fit all, send what can be, and store the rest. */
         qemu_chr_be_write(chr, io_buf, room);
diff --git a/chardev/char-fd.c b/chardev/char-fd.c
index 2421d8e216..0fe2822869 100644
--- a/chardev/char-fd.c
+++ b/chardev/char-fd.c
@@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     FDChardev *s = FD_CHARDEV(opaque);
-    int len;
+    size_t len;
     uint8_t buf[CHR_READ_BUF_LEN];
     ssize_t ret;
 
diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index 7777f6ddef..eae25f043b 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -34,7 +34,7 @@
 typedef struct {
     Chardev parent;
     QIOChannel *ioc;
-    int read_bytes;
+    size_t read_bytes;
 
     int connected;
     GSource *timer_src;
@@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
 {
     Chardev *chr = CHARDEV(opaque);
     PtyChardev *s = PTY_CHARDEV(opaque);
-    gsize len;
+    size_t len;
     uint8_t buf[CHR_READ_BUF_LEN];
     ssize_t ret;
 
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 262a59b64f..4010c343e0 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -60,7 +60,7 @@ typedef struct {
     GSource *hup_source;
     QCryptoTLSCreds *tls_creds;
     TCPChardevState state;
-    int max_size;
+    size_t max_size;
     int do_telnetopt;
     int do_nodelay;
     int *read_msgfds;
@@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
     Chardev *chr = CHARDEV(opaque);
     SocketChardev *s = SOCKET_CHARDEV(opaque);
     uint8_t buf[CHR_READ_BUF_LEN];
-    int len, size;
+    size_t len;
+    int size;
 
     if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
-        s->max_size <= 0) {
+        s->max_size == 0) {
         return TRUE;
     }
     len = sizeof(buf);
diff --git a/chardev/char-udp.c b/chardev/char-udp.c
index b6e399e983..d4f40626e4 100644
--- a/chardev/char-udp.c
+++ b/chardev/char-udp.c
@@ -39,7 +39,7 @@ typedef struct {
     uint8_t buf[CHR_READ_BUF_LEN];
     int bufcnt;
     int bufptr;
-    int max_size;
+    size_t max_size;
 } UdpChardev;
 
 #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
@@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
     Chardev *chr = CHARDEV(s);
 
     while (s->max_size > 0 && s->bufptr < s->bufcnt) {
-        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
+        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);
         qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
         s->bufptr += n;
         s->max_size = qemu_chr_be_can_write(chr);
diff --git a/chardev/char-win.c b/chardev/char-win.c
index 05518e0958..30361e8852 100644
--- a/chardev/char-win.c
+++ b/chardev/char-win.c
@@ -29,7 +29,7 @@
 static void win_chr_read(Chardev *chr, DWORD len)
 {
     WinChardev *s = WIN_CHARDEV(chr);
-    int max_size = qemu_chr_be_can_write(chr);
+    size_t max_size = qemu_chr_be_can_write(chr);
     int ret, err;
     uint8_t buf[CHR_READ_BUF_LEN];
     DWORD size;
diff --git a/chardev/char.c b/chardev/char.c
index 71ecd32b25..3149cd3ba9 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
     return offset;
 }
 
-int qemu_chr_be_can_write(Chardev *s)
+size_t qemu_chr_be_can_write(Chardev *s)
 {
     CharBackend *be = s->be;
     int receivable_bytes;
diff --git a/chardev/msmouse.c b/chardev/msmouse.c
index 0ffd137ce8..cdb6f86037 100644
--- a/chardev/msmouse.c
+++ b/chardev/msmouse.c
@@ -38,7 +38,7 @@ typedef struct {
     bool btns[INPUT_BUTTON__MAX];
     bool btnc[INPUT_BUTTON__MAX];
     uint8_t outbuf[32];
-    int outlen;
+    size_t outlen;
 } MouseChardev;
 
 #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
@@ -48,7 +48,7 @@ typedef struct {
 static void msmouse_chr_accept_input(Chardev *chr)
 {
     MouseChardev *mouse = MOUSE_CHARDEV(chr);
-    int len;
+    size_t len;
 
     len = qemu_chr_be_can_write(chr);
     if (len > mouse->outlen) {
diff --git a/chardev/spice.c b/chardev/spice.c
index 173c257949..ad180a8a13 100644
--- a/chardev/spice.c
+++ b/chardev/spice.c
@@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
     uint8_t* p = (uint8_t*)buf;
 
     while (len > 0) {
-        int can_write = qemu_chr_be_can_write(chr);
+        size_t can_write = qemu_chr_be_can_write(chr);
         last_out = MIN(len, can_write);
         if (last_out <= 0) {
             break;
diff --git a/chardev/wctablet.c b/chardev/wctablet.c
index cf7a08a363..daae570bc7 100644
--- a/chardev/wctablet.c
+++ b/chardev/wctablet.c
@@ -74,7 +74,7 @@ typedef struct {
 
     /* Command to be sent to serial port */
     uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
-    int outlen;
+    size_t outlen;
 
     int line_speed;
     bool send_events;
@@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
 static void wctablet_chr_accept_input(Chardev *chr)
 {
     TabletChardev *tablet = WCTABLET_CHARDEV(chr);
-    int len, canWrite;
+    size_t len, canWrite;
 
     canWrite = qemu_chr_be_can_write(chr);
     len = canWrite;
diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
index fa6660a113..e837a3fa1f 100644
--- a/hw/bt/hci-csr.c
+++ b/hw/bt/hci-csr.c
@@ -38,7 +38,7 @@ struct csrhci_s {
 #define FIFO_LEN	4096
     int out_start;
     int out_len;
-    int out_size;
+    size_t out_size;
     uint8_t outfifo[FIFO_LEN * 2];
     uint8_t inpkt[FIFO_LEN];
     enum {
diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
index e7c2b176f9..36c6b89cee 100644
--- a/include/chardev/char-fd.h
+++ b/include/chardev/char-fd.h
@@ -31,7 +31,7 @@ typedef struct FDChardev {
     Chardev parent;
 
     QIOChannel *ioc_in, *ioc_out;
-    int max_size;
+    size_t max_size;
 } FDChardev;
 
 #define TYPE_CHARDEV_FD "chardev-fd"
diff --git a/include/chardev/char.h b/include/chardev/char.h
index c0b57f7685..0341dd1ba2 100644
--- a/include/chardev/char.h
+++ b/include/chardev/char.h
@@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
  *
  * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
  */
-int qemu_chr_be_can_write(Chardev *s);
+size_t qemu_chr_be_can_write(Chardev *s);
 
 /**
  * qemu_chr_be_write:
diff --git a/ui/console.c b/ui/console.c
index 6d2282d3e9..42f04e2b37 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -61,8 +61,8 @@ enum TTYState {
 
 typedef struct QEMUFIFO {
     uint8_t *buf;
-    int buf_size;
-    int count, wptr, rptr;
+    size_t buf_size, count;
+    int wptr, rptr;
 } QEMUFIFO;
 
 static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
@@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
 static void kbd_send_chars(void *opaque)
 {
     QemuConsole *s = opaque;
-    int len;
+    size_t len;
     uint8_t buf[16];
 
     len = qemu_chr_be_can_write(s->chr);
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 05/25] gdbstub: Use size_t for strlen() return value

[Philippe Mathieu-Daudé]

Since strlen() returns an unsigned value, it is pointless to
convert it to a signed one. Use size_t to hold its return value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index bc774ae992..76eca3bb7e 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1693,7 +1693,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
         }
 #else /* !CONFIG_USER_ONLY */
         else if (strncmp(p, "Rcmd,", 5) == 0) {
-            int len = strlen(p + 5);
+            size_t len = strlen(p + 5);
 
             if ((len % 2) != 0) {
                 put_packet(s, "E01");
-- 
2.20.1

[PATCH v3 05/25] gdbstub: Use size_t for strlen() return value

[Philippe Mathieu-Daudé]

Since strlen() returns an unsigned value, it is pointless to
convert it to a signed one. Use size_t to hold its return value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index bc774ae992..76eca3bb7e 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1693,7 +1693,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
         }
 #else /* !CONFIG_USER_ONLY */
         else if (strncmp(p, "Rcmd,", 5) == 0) {
-            int len = strlen(p + 5);
+            size_t len = strlen(p + 5);
 
             if ((len % 2) != 0) {
                 put_packet(s, "E01");
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 06/25] gdbstub: Use size_t to hold GDBState::last_packet_len

[Philippe Mathieu-Daudé]

In put_packet_binary() we have:

    uint8_t *p;
    for(;;) {
        p = s->last_packet;
        *(p++) = ...
        s->last_packet_len = p - s->last_packet;
        put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);

The 'p' pointer start at s->last_packet, then is only incremented.
Since we have "p >= s->last_packet", we are sure than
"p - s->last_packet >= 0", thus "p - s->last_packet" is positive.

The few other places where s->last_packet_len is set is with constant
positive values.

It makes sense to use size_t to hold last_packet_len values.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index 76eca3bb7e..69340d7cd1 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -323,7 +323,7 @@ typedef struct GDBState {
     int line_sum; /* running checksum */
     int line_csum; /* checksum at the end of the packet */
     uint8_t last_packet[MAX_PACKET_LENGTH + 4];
-    int last_packet_len;
+    size_t last_packet_len;
     int signal;
 #ifdef CONFIG_USER_ONLY
     int fd;
-- 
2.20.1

[PATCH v3 06/25] gdbstub: Use size_t to hold GDBState::last_packet_len

[Philippe Mathieu-Daudé]

In put_packet_binary() we have:

    uint8_t *p;
    for(;;) {
        p = s->last_packet;
        *(p++) = ...
        s->last_packet_len = p - s->last_packet;
        put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);

The 'p' pointer start at s->last_packet, then is only incremented.
Since we have "p >= s->last_packet", we are sure than
"p - s->last_packet >= 0", thus "p - s->last_packet" is positive.

The few other places where s->last_packet_len is set is with constant
positive values.

It makes sense to use size_t to hold last_packet_len values.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index 76eca3bb7e..69340d7cd1 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -323,7 +323,7 @@ typedef struct GDBState {
     int line_sum; /* running checksum */
     int line_csum; /* checksum at the end of the packet */
     uint8_t last_packet[MAX_PACKET_LENGTH + 4];
-    int last_packet_len;
+    size_t last_packet_len;
     int signal;
 #ifdef CONFIG_USER_ONLY
     int fd;
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 07/25] gdbstub: Let put_buffer() use size_t

[Philippe Mathieu-Daudé]

All callers provide a size_t argument, we can safely use size_t
for this function.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 gdbstub.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 69340d7cd1..860e9bb7c7 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -475,10 +475,10 @@ static int gdb_continue_partial(GDBState *s, char *newstates)
     return res;
 }
 
-static void put_buffer(GDBState *s, const uint8_t *buf, int len)
+static void put_buffer(GDBState *s, const uint8_t *buf, size_t len)
 {
 #ifdef CONFIG_USER_ONLY
-    int ret;
+    ssize_t ret;
 
     while (len > 0) {
         ret = send(s->fd, buf, len, 0);
-- 
2.20.1

[PATCH v3 07/25] gdbstub: Let put_buffer() use size_t

[Philippe Mathieu-Daudé]

All callers provide a size_t argument, we can safely use size_t
for this function.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 gdbstub.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 69340d7cd1..860e9bb7c7 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -475,10 +475,10 @@ static int gdb_continue_partial(GDBState *s, char *newstates)
     return res;
 }
 
-static void put_buffer(GDBState *s, const uint8_t *buf, int len)
+static void put_buffer(GDBState *s, const uint8_t *buf, size_t len)
 {
 #ifdef CONFIG_USER_ONLY
-    int ret;
+    ssize_t ret;
 
     while (len > 0) {
         ret = send(s->fd, buf, len, 0);
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 08/25] ui/gtk: Remove pointless cast

[Philippe Mathieu-Daudé]

The 'size' value is of type 'guint' which is already unsigned.
Remove the useless cast.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 ui/gtk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index 949b143e4e..b5879fdece 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1764,7 +1764,7 @@ static gboolean gd_vc_in(VteTerminal *terminal, gchar *text, guint size,
         }
     }
 
-    qemu_chr_be_write(vc->vte.chr, (uint8_t  *)text, (unsigned int)size);
+    qemu_chr_be_write(vc->vte.chr, (uint8_t  *)text, size);
     return TRUE;
 }
 
-- 
2.20.1

[PATCH v3 08/25] ui/gtk: Remove pointless cast

[Philippe Mathieu-Daudé]

The 'size' value is of type 'guint' which is already unsigned.
Remove the useless cast.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 ui/gtk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index 949b143e4e..b5879fdece 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1764,7 +1764,7 @@ static gboolean gd_vc_in(VteTerminal *terminal, gchar *text, guint size,
         }
     }
 
-    qemu_chr_be_write(vc->vte.chr, (uint8_t  *)text, (unsigned int)size);
+    qemu_chr_be_write(vc->vte.chr, (uint8_t  *)text, size);
     return TRUE;
 }
 
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 09/25] vhost-user: Express sizeof with size_t

[Philippe Mathieu-Daudé]

VHOST_USER_HDR_SIZE uses offsetof(), thus is an expression of type
size_t. Update the format string accordingly.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/virtio/vhost-user.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 564a31d12c..2eb7143d3d 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -215,11 +215,12 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
     struct vhost_user *u = dev->opaque;
     CharBackend *chr = u->user->chr;
     uint8_t *p = (uint8_t *) msg;
-    int r, size = VHOST_USER_HDR_SIZE;
+    int r;
+    size_t size = VHOST_USER_HDR_SIZE;
 
     r = qemu_chr_fe_read_all(chr, p, size);
     if (r != size) {
-        error_report("Failed to read msg header. Read %d instead of %d."
+        error_report("Failed to read msg header. Read %d instead of %zu."
                      " Original request %d.", r, size, msg->hdr.request);
         goto fail;
     }
@@ -235,7 +236,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
     /* validate message size is sane */
     if (msg->hdr.size > VHOST_USER_PAYLOAD_SIZE) {
         error_report("Failed to read msg header."
-                " Size %d exceeds the maximum %zu.", msg->hdr.size,
+                " Size %u exceeds the maximum %zu.", msg->hdr.size,
                 VHOST_USER_PAYLOAD_SIZE);
         goto fail;
     }
@@ -246,7 +247,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
         r = qemu_chr_fe_read_all(chr, p, size);
         if (r != size) {
             error_report("Failed to read msg payload."
-                         " Read %d instead of %d.", r, msg->hdr.size);
+                         " Read %d instead of %u.", r, msg->hdr.size);
             goto fail;
         }
     }
@@ -300,7 +301,8 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
 {
     struct vhost_user *u = dev->opaque;
     CharBackend *chr = u->user->chr;
-    int ret, size = VHOST_USER_HDR_SIZE + msg->hdr.size;
+    int ret;
+    size_t size = VHOST_USER_HDR_SIZE + msg->hdr.size;
 
     /*
      * For non-vring specific requests, like VHOST_USER_SET_MEM_TABLE,
@@ -320,7 +322,7 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
     ret = qemu_chr_fe_write_all(chr, (const uint8_t *) msg, size);
     if (ret != size) {
         error_report("Failed to write msg."
-                     " Wrote %d instead of %d.", ret, size);
+                     " Wrote %d instead of %zu.", ret, size);
         return -1;
     }
 
-- 
2.20.1

[PATCH v3 09/25] vhost-user: Express sizeof with size_t

[Philippe Mathieu-Daudé]

VHOST_USER_HDR_SIZE uses offsetof(), thus is an expression of type
size_t. Update the format string accordingly.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/virtio/vhost-user.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 564a31d12c..2eb7143d3d 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -215,11 +215,12 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
     struct vhost_user *u = dev->opaque;
     CharBackend *chr = u->user->chr;
     uint8_t *p = (uint8_t *) msg;
-    int r, size = VHOST_USER_HDR_SIZE;
+    int r;
+    size_t size = VHOST_USER_HDR_SIZE;
 
     r = qemu_chr_fe_read_all(chr, p, size);
     if (r != size) {
-        error_report("Failed to read msg header. Read %d instead of %d."
+        error_report("Failed to read msg header. Read %d instead of %zu."
                      " Original request %d.", r, size, msg->hdr.request);
         goto fail;
     }
@@ -235,7 +236,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
     /* validate message size is sane */
     if (msg->hdr.size > VHOST_USER_PAYLOAD_SIZE) {
         error_report("Failed to read msg header."
-                " Size %d exceeds the maximum %zu.", msg->hdr.size,
+                " Size %u exceeds the maximum %zu.", msg->hdr.size,
                 VHOST_USER_PAYLOAD_SIZE);
         goto fail;
     }
@@ -246,7 +247,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
         r = qemu_chr_fe_read_all(chr, p, size);
         if (r != size) {
             error_report("Failed to read msg payload."
-                         " Read %d instead of %d.", r, msg->hdr.size);
+                         " Read %d instead of %u.", r, msg->hdr.size);
             goto fail;
         }
     }
@@ -300,7 +301,8 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
 {
     struct vhost_user *u = dev->opaque;
     CharBackend *chr = u->user->chr;
-    int ret, size = VHOST_USER_HDR_SIZE + msg->hdr.size;
+    int ret;
+    size_t size = VHOST_USER_HDR_SIZE + msg->hdr.size;
 
     /*
      * For non-vring specific requests, like VHOST_USER_SET_MEM_TABLE,
@@ -320,7 +322,7 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
     ret = qemu_chr_fe_write_all(chr, (const uint8_t *) msg, size);
     if (ret != size) {
         error_report("Failed to write msg."
-                     " Wrote %d instead of %d.", ret, size);
+                     " Wrote %d instead of %zu.", ret, size);
         return -1;
     }
 
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

[Philippe Mathieu-Daudé]

The usbredirparser_write handler should never be called with a negative
size payload, return an error if this is not the case.
Now that we are sure the 'count' value is positive, make it obvious by
casting it to a size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/usb/redirect.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 18a42d1938..131eae2e7e 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -285,7 +285,11 @@ static int usbredir_write(void *priv, uint8_t *data, int count)
         return 0;
     }
 
-    r = qemu_chr_fe_write(&dev->cs, data, count);
+    if (count < 0) {
+        ERROR("Illegal write count: %i\n", count);
+        return 0;
+    }
+    r = qemu_chr_fe_write(&dev->cs, data, (size_t)count);
     if (r < count) {
         if (!dev->watch) {
             dev->watch = qemu_chr_fe_add_watch(&dev->cs, G_IO_OUT | G_IO_HUP,
-- 
2.20.1

[PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

[Philippe Mathieu-Daudé]

The usbredirparser_write handler should never be called with a negative
size payload, return an error if this is not the case.
Now that we are sure the 'count' value is positive, make it obvious by
casting it to a size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/usb/redirect.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 18a42d1938..131eae2e7e 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -285,7 +285,11 @@ static int usbredir_write(void *priv, uint8_t *data, int count)
         return 0;
     }
 
-    r = qemu_chr_fe_write(&dev->cs, data, count);
+    if (count < 0) {
+        ERROR("Illegal write count: %i\n", count);
+        return 0;
+    }
+    r = qemu_chr_fe_write(&dev->cs, data, (size_t)count);
     if (r < count) {
         if (!dev->watch) {
             dev->watch = qemu_chr_fe_add_watch(&dev->cs, G_IO_OUT | G_IO_HUP,
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument

[Philippe Mathieu-Daudé]

The single caller of xencons_send(), con_event() already use the
difference 'con->buffer.size - con->buffer.consumed'.
Deduplicate by passing the difference as an argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/xen_console.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 91f34ef06c..083b2c8e2a 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -144,11 +144,10 @@ static void xencons_receive(void *opaque, const uint8_t *buf, int len)
     xen_pv_send_notify(&con->xendev);
 }
 
-static void xencons_send(struct XenConsole *con)
+static void xencons_send(struct XenConsole *con, ssize_t size)
 {
-    ssize_t len, size;
+    ssize_t len;
 
-    size = con->buffer.size - con->buffer.consumed;
     if (qemu_chr_fe_backend_connected(&con->chr)) {
         len = qemu_chr_fe_write(&con->chr,
                                 con->buffer.data + con->buffer.consumed,
@@ -280,10 +279,13 @@ static void con_disconnect(struct XenLegacyDevice *xendev)
 static void con_event(struct XenLegacyDevice *xendev)
 {
     struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
+    ssize_t size;
 
     buffer_append(con);
-    if (con->buffer.size - con->buffer.consumed)
-        xencons_send(con);
+    size = con->buffer.size - con->buffer.consumed;
+    if (size) {
+        xencons_send(con, size);
+    }
 }
 
 /* -------------------------------------------------------------------- */
-- 
2.20.1

[PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument

[Philippe Mathieu-Daudé]

The single caller of xencons_send(), con_event() already use the
difference 'con->buffer.size - con->buffer.consumed'.
Deduplicate by passing the difference as an argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/xen_console.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 91f34ef06c..083b2c8e2a 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -144,11 +144,10 @@ static void xencons_receive(void *opaque, const uint8_t *buf, int len)
     xen_pv_send_notify(&con->xendev);
 }
 
-static void xencons_send(struct XenConsole *con)
+static void xencons_send(struct XenConsole *con, ssize_t size)
 {
-    ssize_t len, size;
+    ssize_t len;
 
-    size = con->buffer.size - con->buffer.consumed;
     if (qemu_chr_fe_backend_connected(&con->chr)) {
         len = qemu_chr_fe_write(&con->chr,
                                 con->buffer.data + con->buffer.consumed,
@@ -280,10 +279,13 @@ static void con_disconnect(struct XenLegacyDevice *xendev)
 static void con_event(struct XenLegacyDevice *xendev)
 {
     struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
+    ssize_t size;
 
     buffer_append(con);
-    if (con->buffer.size - con->buffer.consumed)
-        xencons_send(con);
+    size = con->buffer.size - con->buffer.consumed;
+    if (size) {
+        xencons_send(con, size);
+    }
 }
 
 /* -------------------------------------------------------------------- */
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 12/25] xen: Let buffer_append() return the size consumed

[Philippe Mathieu-Daudé]

The buffer.size and buffer.consumed fields are only updated within the
buffer_append() body. We can simply let buffer_append() return the
difference (the buffer consumed).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/xen_console.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 083b2c8e2a..1a30014a11 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -48,7 +48,7 @@ struct XenConsole {
     int               backlog;
 };
 
-static void buffer_append(struct XenConsole *con)
+static ssize_t buffer_append(struct XenConsole *con)
 {
     struct buffer *buffer = &con->buffer;
     XENCONS_RING_IDX cons, prod, size;
@@ -59,8 +59,9 @@ static void buffer_append(struct XenConsole *con)
     xen_mb();
 
     size = prod - cons;
-    if ((size == 0) || (size > sizeof(intf->out)))
-        return;
+    if ((size == 0) || (size > sizeof(intf->out))) {
+        goto out;
+    }
 
     if ((buffer->capacity - buffer->size) < size) {
         buffer->capacity += (size + 1024);
@@ -89,6 +90,9 @@ static void buffer_append(struct XenConsole *con)
         if (buffer->consumed > buffer->max_capacity - over)
             buffer->consumed = buffer->max_capacity - over;
     }
+
+ out:
+    return buffer->size - buffer->consumed;
 }
 
 static void buffer_advance(struct buffer *buffer, size_t len)
@@ -281,8 +285,7 @@ static void con_event(struct XenLegacyDevice *xendev)
     struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
     ssize_t size;
 
-    buffer_append(con);
-    size = con->buffer.size - con->buffer.consumed;
+    size = buffer_append(con);
     if (size) {
         xencons_send(con, size);
     }
-- 
2.20.1

[PATCH v3 12/25] xen: Let buffer_append() return the size consumed

[Philippe Mathieu-Daudé]

The buffer.size and buffer.consumed fields are only updated within the
buffer_append() body. We can simply let buffer_append() return the
difference (the buffer consumed).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/xen_console.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 083b2c8e2a..1a30014a11 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -48,7 +48,7 @@ struct XenConsole {
     int               backlog;
 };
 
-static void buffer_append(struct XenConsole *con)
+static ssize_t buffer_append(struct XenConsole *con)
 {
     struct buffer *buffer = &con->buffer;
     XENCONS_RING_IDX cons, prod, size;
@@ -59,8 +59,9 @@ static void buffer_append(struct XenConsole *con)
     xen_mb();
 
     size = prod - cons;
-    if ((size == 0) || (size > sizeof(intf->out)))
-        return;
+    if ((size == 0) || (size > sizeof(intf->out))) {
+        goto out;
+    }
 
     if ((buffer->capacity - buffer->size) < size) {
         buffer->capacity += (size + 1024);
@@ -89,6 +90,9 @@ static void buffer_append(struct XenConsole *con)
         if (buffer->consumed > buffer->max_capacity - over)
             buffer->consumed = buffer->max_capacity - over;
     }
+
+ out:
+    return buffer->size - buffer->consumed;
 }
 
 static void buffer_advance(struct buffer *buffer, size_t len)
@@ -281,8 +285,7 @@ static void con_event(struct XenLegacyDevice *xendev)
     struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
     ssize_t size;
 
-    buffer_append(con);
-    size = con->buffer.size - con->buffer.consumed;
+    size = buffer_append(con);
     if (size) {
         xencons_send(con, size);
     }
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [RFC PATCH v3 13/25] xen: Let buffer_append() return a size_t

[Philippe Mathieu-Daudé]

To the Xen team: this is not trivial to me to demonstrate
this assertion can never happen, but then the whole series
is justified and I can convert qemu_chr_fe_write() to use
size_t argument.
Can you help me here?

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/xen_console.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 1a30014a11..5b672a5a24 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -92,6 +92,7 @@ static ssize_t buffer_append(struct XenConsole *con)
     }
 
  out:
+    assert(buffer->size >= buffer->consumed);
     return buffer->size - buffer->consumed;
 }
 
-- 
2.20.1

[RFC PATCH v3 13/25] xen: Let buffer_append() return a size_t

[Philippe Mathieu-Daudé]

To the Xen team: this is not trivial to me to demonstrate
this assertion can never happen, but then the whole series
is justified and I can convert qemu_chr_fe_write() to use
size_t argument.
Can you help me here?

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/xen_console.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 1a30014a11..5b672a5a24 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -92,6 +92,7 @@ static ssize_t buffer_append(struct XenConsole *con)
     }
 
  out:
+    assert(buffer->size >= buffer->consumed);
     return buffer->size - buffer->consumed;
 }
 
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 14/25] virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t

[Philippe Mathieu-Daudé]

Both callers in hw/char/virtio-serial-bus.c provide unsigned values,
even the trace event display an unsigned value.
Convert the have_data() handler to take an unsigned value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
It is funny/scary that there are big comments about how to treat
errors to set the return value, then the return value is simply
ignored by the caller.
---
 hw/char/virtio-console.c          | 2 +-
 include/hw/virtio/virtio-serial.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/char/virtio-console.c b/hw/char/virtio-console.c
index 2cbe1d4ed5..19639dca3b 100644
--- a/hw/char/virtio-console.c
+++ b/hw/char/virtio-console.c
@@ -45,7 +45,7 @@ static gboolean chr_write_unblocked(GIOChannel *chan, GIOCondition cond,
 
 /* Callback function that's called when the guest sends us data */
 static ssize_t flush_buf(VirtIOSerialPort *port,
-                         const uint8_t *buf, ssize_t len)
+                         const uint8_t *buf, size_t len)
 {
     VirtConsole *vcon = VIRTIO_CONSOLE(port);
     ssize_t ret;
diff --git a/include/hw/virtio/virtio-serial.h b/include/hw/virtio/virtio-serial.h
index 12657a9f39..f1a5ccf4f7 100644
--- a/include/hw/virtio/virtio-serial.h
+++ b/include/hw/virtio/virtio-serial.h
@@ -81,7 +81,7 @@ typedef struct VirtIOSerialPortClass {
      * 'len'.  In this case, throttling will be enabled for this port.
      */
     ssize_t (*have_data)(VirtIOSerialPort *port, const uint8_t *buf,
-                         ssize_t len);
+                         size_t len);
 } VirtIOSerialPortClass;
 
 /*
-- 
2.20.1

[PATCH v3 14/25] virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t

[Philippe Mathieu-Daudé]

Both callers in hw/char/virtio-serial-bus.c provide unsigned values,
even the trace event display an unsigned value.
Convert the have_data() handler to take an unsigned value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
It is funny/scary that there are big comments about how to treat
errors to set the return value, then the return value is simply
ignored by the caller.
---
 hw/char/virtio-console.c          | 2 +-
 include/hw/virtio/virtio-serial.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/char/virtio-console.c b/hw/char/virtio-console.c
index 2cbe1d4ed5..19639dca3b 100644
--- a/hw/char/virtio-console.c
+++ b/hw/char/virtio-console.c
@@ -45,7 +45,7 @@ static gboolean chr_write_unblocked(GIOChannel *chan, GIOCondition cond,
 
 /* Callback function that's called when the guest sends us data */
 static ssize_t flush_buf(VirtIOSerialPort *port,
-                         const uint8_t *buf, ssize_t len)
+                         const uint8_t *buf, size_t len)
 {
     VirtConsole *vcon = VIRTIO_CONSOLE(port);
     ssize_t ret;
diff --git a/include/hw/virtio/virtio-serial.h b/include/hw/virtio/virtio-serial.h
index 12657a9f39..f1a5ccf4f7 100644
--- a/include/hw/virtio/virtio-serial.h
+++ b/include/hw/virtio/virtio-serial.h
@@ -81,7 +81,7 @@ typedef struct VirtIOSerialPortClass {
      * 'len'.  In this case, throttling will be enabled for this port.
      */
     ssize_t (*have_data)(VirtIOSerialPort *port, const uint8_t *buf,
-                         ssize_t len);
+                         size_t len);
 } VirtIOSerialPortClass;
 
 /*
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 15/25] spapr-vty: Let vty_putchars() use size_t

[Philippe Mathieu-Daudé]

Both callers (h_put_term_char and rtas_display_character) use
an unsigned value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/spapr_vty.c        | 2 +-
 include/hw/ppc/spapr_vio.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
index 6748334ded..92b8c40410 100644
--- a/hw/char/spapr_vty.c
+++ b/hw/char/spapr_vty.c
@@ -83,7 +83,7 @@ static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
     return n;
 }
 
-void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len)
 {
     VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
 
diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index e8b006d18f..ed79d2f380 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -126,7 +126,7 @@ static inline int spapr_vio_dma_set(VIOsPAPRDevice *dev, uint64_t taddr,
 int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq);
 
 VIOsPAPRDevice *vty_lookup(sPAPRMachineState *spapr, target_ulong reg);
-void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len);
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len);
 void spapr_vty_create(VIOsPAPRBus *bus, Chardev *chardev);
 void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd);
 void spapr_vscsi_create(VIOsPAPRBus *bus);
-- 
2.20.1

[PATCH v3 15/25] spapr-vty: Let vty_putchars() use size_t

[Philippe Mathieu-Daudé]

Both callers (h_put_term_char and rtas_display_character) use
an unsigned value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/spapr_vty.c        | 2 +-
 include/hw/ppc/spapr_vio.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
index 6748334ded..92b8c40410 100644
--- a/hw/char/spapr_vty.c
+++ b/hw/char/spapr_vty.c
@@ -83,7 +83,7 @@ static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
     return n;
 }
 
-void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len)
 {
     VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
 
diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index e8b006d18f..ed79d2f380 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -126,7 +126,7 @@ static inline int spapr_vio_dma_set(VIOsPAPRDevice *dev, uint64_t taddr,
 int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq);
 
 VIOsPAPRDevice *vty_lookup(sPAPRMachineState *spapr, target_ulong reg);
-void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len);
+void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len);
 void spapr_vty_create(VIOsPAPRBus *bus, Chardev *chardev);
 void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd);
 void spapr_vscsi_create(VIOsPAPRBus *bus);
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 16/25] tpm: Use size_t to hold sizes

[Philippe Mathieu-Daudé]

Avoid to use a signed type to hold an unsigned value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/tpm/tpm_emulator.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 70f4b10284..931e56f6ed 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -87,17 +87,18 @@ static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg,
 {
     CharBackend *dev = &tpm->ctrl_chr;
     uint32_t cmd_no = cpu_to_be32(cmd);
-    ssize_t n = sizeof(uint32_t) + msg_len_in;
+    size_t sz = sizeof(uint32_t) + msg_len_in;
+    ssize_t n;
     uint8_t *buf = NULL;
     int ret = -1;
 
     qemu_mutex_lock(&tpm->mutex);
 
-    buf = g_alloca(n);
+    buf = g_alloca(sz);
     memcpy(buf, &cmd_no, sizeof(cmd_no));
     memcpy(buf + sizeof(cmd_no), msg, msg_len_in);
 
-    n = qemu_chr_fe_write_all(dev, buf, n);
+    n = qemu_chr_fe_write_all(dev, buf, sz);
     if (n <= 0) {
         goto end;
     }
-- 
2.20.1

[PATCH v3 16/25] tpm: Use size_t to hold sizes

[Philippe Mathieu-Daudé]

Avoid to use a signed type to hold an unsigned value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/tpm/tpm_emulator.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 70f4b10284..931e56f6ed 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -87,17 +87,18 @@ static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg,
 {
     CharBackend *dev = &tpm->ctrl_chr;
     uint32_t cmd_no = cpu_to_be32(cmd);
-    ssize_t n = sizeof(uint32_t) + msg_len_in;
+    size_t sz = sizeof(uint32_t) + msg_len_in;
+    ssize_t n;
     uint8_t *buf = NULL;
     int ret = -1;
 
     qemu_mutex_lock(&tpm->mutex);
 
-    buf = g_alloca(n);
+    buf = g_alloca(sz);
     memcpy(buf, &cmd_no, sizeof(cmd_no));
     memcpy(buf + sizeof(cmd_no), msg, msg_len_in);
 
-    n = qemu_chr_fe_write_all(dev, buf, n);
+    n = qemu_chr_fe_write_all(dev, buf, sz);
     if (n <= 0) {
         goto end;
     }
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 17/25] net/filter-mirror: Use size_t

[Philippe Mathieu-Daudé]

Since iov_size() returns a size_t, no need to use a signed type.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 net/filter-mirror.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 3a61cf21e8..97b52d0544 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -48,7 +48,7 @@ static int filter_send(MirrorState *s,
 {
     NetFilterState *nf = NETFILTER(s);
     int ret = 0;
-    ssize_t size = 0;
+    size_t size = 0;
     uint32_t len = 0;
     char *buf;
 
-- 
2.20.1

[PATCH v3 17/25] net/filter-mirror: Use size_t

[Philippe Mathieu-Daudé]

Since iov_size() returns a size_t, no need to use a signed type.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 net/filter-mirror.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 3a61cf21e8..97b52d0544 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -48,7 +48,7 @@ static int filter_send(MirrorState *s,
 {
     NetFilterState *nf = NETFILTER(s);
     int ret = 0;
-    ssize_t size = 0;
+    size_t size = 0;
     uint32_t len = 0;
     char *buf;
 
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 18/25] s390x/3270: Let insert_IAC_escape_char() use size_t

[Philippe Mathieu-Daudé]

This function takes size_t argument and return a size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/terminal3270.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/terminal3270.c b/hw/char/terminal3270.c
index 35b079d5c4..1cb48a3c6f 100644
--- a/hw/char/terminal3270.c
+++ b/hw/char/terminal3270.c
@@ -199,9 +199,10 @@ static int read_payload_3270(EmulatedCcw3270Device *dev)
 }
 
 /* TN3270 uses binary transmission, which needs escape IAC to IAC IAC */
-static int insert_IAC_escape_char(uint8_t *outv, int out_len)
+static size_t insert_IAC_escape_char(uint8_t *outv, size_t out_len)
 {
-    int IAC_num = 0, new_out_len, i, j;
+    size_t new_out_len;
+    int IAC_num = 0, i, j;
 
     for (i = 0; i < out_len; i++) {
         if (outv[i] == IAC) {
@@ -232,7 +233,7 @@ static int write_payload_3270(EmulatedCcw3270Device *dev, uint8_t cmd)
     int count = ccw_dstream_avail(get_cds(t));
     int bound = (OUTPUT_BUFFER_SIZE - 3) / 2;
     int len = MIN(count, bound);
-    int out_len = 0;
+    size_t out_len = 0;
 
     if (!t->handshake_done) {
         if (!(t->outv[0] == IAC && t->outv[1] != IAC)) {
-- 
2.20.1

[PATCH v3 18/25] s390x/3270: Let insert_IAC_escape_char() use size_t

[Philippe Mathieu-Daudé]

This function takes size_t argument and return a size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/terminal3270.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/terminal3270.c b/hw/char/terminal3270.c
index 35b079d5c4..1cb48a3c6f 100644
--- a/hw/char/terminal3270.c
+++ b/hw/char/terminal3270.c
@@ -199,9 +199,10 @@ static int read_payload_3270(EmulatedCcw3270Device *dev)
 }
 
 /* TN3270 uses binary transmission, which needs escape IAC to IAC IAC */
-static int insert_IAC_escape_char(uint8_t *outv, int out_len)
+static size_t insert_IAC_escape_char(uint8_t *outv, size_t out_len)
 {
-    int IAC_num = 0, new_out_len, i, j;
+    size_t new_out_len;
+    int IAC_num = 0, i, j;
 
     for (i = 0; i < out_len; i++) {
         if (outv[i] == IAC) {
@@ -232,7 +233,7 @@ static int write_payload_3270(EmulatedCcw3270Device *dev, uint8_t cmd)
     int count = ccw_dstream_avail(get_cds(t));
     int bound = (OUTPUT_BUFFER_SIZE - 3) / 2;
     int len = MIN(count, bound);
-    int out_len = 0;
+    size_t out_len = 0;
 
     if (!t->handshake_done) {
         if (!(t->outv[0] == IAC && t->outv[1] != IAC)) {
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 include/hw/s390x/ebcdic.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/hw/s390x/ebcdic.h b/include/hw/s390x/ebcdic.h
index 69a04cab62..d89174e113 100644
--- a/include/hw/s390x/ebcdic.h
+++ b/include/hw/s390x/ebcdic.h
@@ -83,18 +83,18 @@ static const uint8_t ascii2ebcdic[] = {
     0x90, 0x3F, 0x3F, 0x3F, 0x3F, 0xEA, 0x3F, 0xFF
 };
 
-static inline void ebcdic_put(uint8_t *p, const char *ascii, int len)
+static inline void ebcdic_put(uint8_t *p, const char *ascii, size_t len)
 {
-    int i;
+    size_t i;
 
     for (i = 0; i < len; i++) {
         p[i] = ascii2ebcdic[(uint8_t)ascii[i]];
     }
 }
 
-static inline void ascii_put(uint8_t *p, const char *ebcdic, int len)
+static inline void ascii_put(uint8_t *p, const char *ebcdic, size_t len)
 {
-    int i;
+    size_t i;
 
     for (i = 0; i < len; i++) {
         p[i] = ebcdic2ascii[(uint8_t)ebcdic[i]];
-- 
2.20.1

[PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 include/hw/s390x/ebcdic.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/hw/s390x/ebcdic.h b/include/hw/s390x/ebcdic.h
index 69a04cab62..d89174e113 100644
--- a/include/hw/s390x/ebcdic.h
+++ b/include/hw/s390x/ebcdic.h
@@ -83,18 +83,18 @@ static const uint8_t ascii2ebcdic[] = {
     0x90, 0x3F, 0x3F, 0x3F, 0x3F, 0xEA, 0x3F, 0xFF
 };
 
-static inline void ebcdic_put(uint8_t *p, const char *ascii, int len)
+static inline void ebcdic_put(uint8_t *p, const char *ascii, size_t len)
 {
-    int i;
+    size_t i;
 
     for (i = 0; i < len; i++) {
         p[i] = ascii2ebcdic[(uint8_t)ascii[i]];
     }
 }
 
-static inline void ascii_put(uint8_t *p, const char *ebcdic, int len)
+static inline void ascii_put(uint8_t *p, const char *ebcdic, size_t len)
 {
-    int i;
+    size_t i;
 
     for (i = 0; i < len; i++) {
         p[i] = ebcdic2ascii[(uint8_t)ebcdic[i]];
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 20/25] s390x/sclp: Use a const variable to improve readability

[Philippe Mathieu-Daudé]

We will reuse this variable in the next patch.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/sclpconsole-lm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index dbc91a1e5b..49543e2c83 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -210,13 +210,14 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
     int rc;
     int len;
     uint8_t buffer[SIZE_BUFFER];
-
-    len = be16_to_cpu(mdbo->length);
-    len -= sizeof(mdbo->length) + sizeof(mdbo->type)
+    const size_t hlen = sizeof(mdbo->length)
+            + sizeof(mdbo->type)
             + sizeof(mdbo->mto.line_type_flags)
             + sizeof(mdbo->mto.alarm_control)
             + sizeof(mdbo->mto._reserved);
 
+    len = be16_to_cpu(mdbo->length);
+    len -= hlen;
     assert(len <= SIZE_BUFFER);
 
     /* convert EBCDIC SCLP contents to ASCII console message */
-- 
2.20.1

[PATCH v3 20/25] s390x/sclp: Use a const variable to improve readability

[Philippe Mathieu-Daudé]

We will reuse this variable in the next patch.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/sclpconsole-lm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index dbc91a1e5b..49543e2c83 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -210,13 +210,14 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
     int rc;
     int len;
     uint8_t buffer[SIZE_BUFFER];
-
-    len = be16_to_cpu(mdbo->length);
-    len -= sizeof(mdbo->length) + sizeof(mdbo->type)
+    const size_t hlen = sizeof(mdbo->length)
+            + sizeof(mdbo->type)
             + sizeof(mdbo->mto.line_type_flags)
             + sizeof(mdbo->mto.alarm_control)
             + sizeof(mdbo->mto._reserved);
 
+    len = be16_to_cpu(mdbo->length);
+    len -= hlen;
     assert(len <= SIZE_BUFFER);
 
     /* convert EBCDIC SCLP contents to ASCII console message */
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 21/25] s390x/sclp: Use size_t in process_mdb()

[Philippe Mathieu-Daudé]

Since it is unlikely we have sizeof(mdbo->mto.message) < 0,
we can convert this variable to an unsigned type.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/sclpconsole-lm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 49543e2c83..48c76d863e 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -208,7 +208,7 @@ static int write_console_data(SCLPEvent *event, const uint8_t *buf, int len)
 static int process_mdb(SCLPEvent *event, MDBO *mdbo)
 {
     int rc;
-    int len;
+    uint16_t len;
     uint8_t buffer[SIZE_BUFFER];
     const size_t hlen = sizeof(mdbo->length)
             + sizeof(mdbo->type)
@@ -217,6 +217,7 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
             + sizeof(mdbo->mto._reserved);
 
     len = be16_to_cpu(mdbo->length);
+    assert(len >= hlen);
     len -= hlen;
     assert(len <= SIZE_BUFFER);
 
-- 
2.20.1

[PATCH v3 21/25] s390x/sclp: Use size_t in process_mdb()

[Philippe Mathieu-Daudé]

Since it is unlikely we have sizeof(mdbo->mto.message) < 0,
we can convert this variable to an unsigned type.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/sclpconsole-lm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 49543e2c83..48c76d863e 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -208,7 +208,7 @@ static int write_console_data(SCLPEvent *event, const uint8_t *buf, int len)
 static int process_mdb(SCLPEvent *event, MDBO *mdbo)
 {
     int rc;
-    int len;
+    uint16_t len;
     uint8_t buffer[SIZE_BUFFER];
     const size_t hlen = sizeof(mdbo->length)
             + sizeof(mdbo->type)
@@ -217,6 +217,7 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
             + sizeof(mdbo->mto._reserved);
 
     len = be16_to_cpu(mdbo->length);
+    assert(len >= hlen);
     len -= hlen;
     assert(len <= SIZE_BUFFER);
 
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 22/25] s390x/sclp: Let write_console_data() take a size_t

[Philippe Mathieu-Daudé]

Since all callers provide an unsigned value, we can safely
use a size_t argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/sclpconsole-lm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 48c76d863e..290d3118a5 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -191,7 +191,7 @@ static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
  *  - write console data to character layer
  *  returns < 0 if an error occurred
  */
-static int write_console_data(SCLPEvent *event, const uint8_t *buf, int len)
+static int write_console_data(SCLPEvent *event, const uint8_t *buf, size_t len)
 {
     SCLPConsoleLM *scon = SCLPLM_CONSOLE(event);
 
-- 
2.20.1

[PATCH v3 22/25] s390x/sclp: Let write_console_data() take a size_t

[Philippe Mathieu-Daudé]

Since all callers provide an unsigned value, we can safely
use a size_t argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/char/sclpconsole-lm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
index 48c76d863e..290d3118a5 100644
--- a/hw/char/sclpconsole-lm.c
+++ b/hw/char/sclpconsole-lm.c
@@ -191,7 +191,7 @@ static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
  *  - write console data to character layer
  *  returns < 0 if an error occurred
  */
-static int write_console_data(SCLPEvent *event, const uint8_t *buf, int len)
+static int write_console_data(SCLPEvent *event, const uint8_t *buf, size_t len)
 {
     SCLPConsoleLM *scon = SCLPLM_CONSOLE(event);
 
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos

[Philippe Mathieu-Daudé]

A througfull audit show that all time data is added to outbuf[],
'outlen' is incremented. Then at creation and each time
continue_send() returns it pass thru check_reset which resets
'outpos', thus we always have 'outlen >= outpos'.
Also due to the check on entry, we know outlen != 0.
We can then add an assertion on 'outlen > outpos', which will
helps the next patch to safely convert 'outlen - outpos' as an
unsigned type (size_t).

Make this assertion explicit by casting 'outlen - outpos' size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/ipmi/ipmi_bmc_extern.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
index bf0b7ee0f5..ca61b04942 100644
--- a/hw/ipmi/ipmi_bmc_extern.c
+++ b/hw/ipmi/ipmi_bmc_extern.c
@@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
         goto check_reset;
     }
  send:
+    assert(ibe->outlen > ibe->outpos);
     ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
-                            ibe->outlen - ibe->outpos);
+                            (size_t)(ibe->outlen - ibe->outpos));
     if (ret > 0) {
         ibe->outpos += ret;
     }
-- 
2.20.1

[PATCH v3 23/25] hw/ipmi: Assert outlen > outpos

[Philippe Mathieu-Daudé]

A througfull audit show that all time data is added to outbuf[],
'outlen' is incremented. Then at creation and each time
continue_send() returns it pass thru check_reset which resets
'outpos', thus we always have 'outlen >= outpos'.
Also due to the check on entry, we know outlen != 0.
We can then add an assertion on 'outlen > outpos', which will
helps the next patch to safely convert 'outlen - outpos' as an
unsigned type (size_t).

Make this assertion explicit by casting 'outlen - outpos' size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/ipmi/ipmi_bmc_extern.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
index bf0b7ee0f5..ca61b04942 100644
--- a/hw/ipmi/ipmi_bmc_extern.c
+++ b/hw/ipmi/ipmi_bmc_extern.c
@@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
         goto check_reset;
     }
  send:
+    assert(ibe->outlen > ibe->outpos);
     ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
-                            ibe->outlen - ibe->outpos);
+                            (size_t)(ibe->outlen - ibe->outpos));
     if (ret > 0) {
         ibe->outpos += ret;
     }
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 24/25] chardev: Let qemu_chr_fe_write[_all] use size_t type argument

[Philippe Mathieu-Daudé]

All caller have been audited and call these functions with
unsigned arguments.

Most of them use a size_t argument, or directly pass sizeof().

One case is unclear: the mux_chr_write() call in chardev/char-mux.c.
There we add an assert (which will be removed in few patches) and
cast the parameter as size_t to make explicit this value is unsigned.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char-fe.c         | 4 ++--
 chardev/char-mux.c        | 3 ++-
 include/chardev/char-fe.h | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/chardev/char-fe.c b/chardev/char-fe.c
index f3530a90e6..ab2a01709d 100644
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@@ -31,7 +31,7 @@
 #include "chardev/char-io.h"
 #include "chardev/char-mux.h"
 
-int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
+int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len)
 {
     Chardev *s = be->chr;
 
@@ -42,7 +42,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
     return qemu_chr_write(s, buf, len, false);
 }
 
-int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len)
+int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len)
 {
     Chardev *s = be->chr;
 
diff --git a/chardev/char-mux.c b/chardev/char-mux.c
index 23aa82125d..7a3ff21db4 100644
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -38,7 +38,8 @@ static int mux_chr_write(Chardev *chr, const uint8_t *buf, int len)
     MuxChardev *d = MUX_CHARDEV(chr);
     int ret;
     if (!d->timestamps) {
-        ret = qemu_chr_fe_write(&d->chr, buf, len);
+        assert(len >= 0);
+        ret = qemu_chr_fe_write(&d->chr, buf, (size_t)len);
     } else {
         int i;
 
diff --git a/include/chardev/char-fe.h b/include/chardev/char-fe.h
index aa1b864ccd..5fb2c2e7ec 100644
--- a/include/chardev/char-fe.h
+++ b/include/chardev/char-fe.h
@@ -203,7 +203,7 @@ guint qemu_chr_fe_add_watch(CharBackend *be, GIOCondition cond,
  *
  * Returns: the number of bytes consumed (0 if no associated Chardev)
  */
-int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
+int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len);
 
 /**
  * qemu_chr_fe_write_all:
@@ -217,7 +217,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
  *
  * Returns: the number of bytes consumed (0 if no associated Chardev)
  */
-int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len);
+int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len);
 
 /**
  * qemu_chr_fe_read_all:
-- 
2.20.1

[PATCH v3 24/25] chardev: Let qemu_chr_fe_write[_all] use size_t type argument

[Philippe Mathieu-Daudé]

All caller have been audited and call these functions with
unsigned arguments.

Most of them use a size_t argument, or directly pass sizeof().

One case is unclear: the mux_chr_write() call in chardev/char-mux.c.
There we add an assert (which will be removed in few patches) and
cast the parameter as size_t to make explicit this value is unsigned.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char-fe.c         | 4 ++--
 chardev/char-mux.c        | 3 ++-
 include/chardev/char-fe.h | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/chardev/char-fe.c b/chardev/char-fe.c
index f3530a90e6..ab2a01709d 100644
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@@ -31,7 +31,7 @@
 #include "chardev/char-io.h"
 #include "chardev/char-mux.h"
 
-int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
+int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len)
 {
     Chardev *s = be->chr;
 
@@ -42,7 +42,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
     return qemu_chr_write(s, buf, len, false);
 }
 
-int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len)
+int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len)
 {
     Chardev *s = be->chr;
 
diff --git a/chardev/char-mux.c b/chardev/char-mux.c
index 23aa82125d..7a3ff21db4 100644
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -38,7 +38,8 @@ static int mux_chr_write(Chardev *chr, const uint8_t *buf, int len)
     MuxChardev *d = MUX_CHARDEV(chr);
     int ret;
     if (!d->timestamps) {
-        ret = qemu_chr_fe_write(&d->chr, buf, len);
+        assert(len >= 0);
+        ret = qemu_chr_fe_write(&d->chr, buf, (size_t)len);
     } else {
         int i;
 
diff --git a/include/chardev/char-fe.h b/include/chardev/char-fe.h
index aa1b864ccd..5fb2c2e7ec 100644
--- a/include/chardev/char-fe.h
+++ b/include/chardev/char-fe.h
@@ -203,7 +203,7 @@ guint qemu_chr_fe_add_watch(CharBackend *be, GIOCondition cond,
  *
  * Returns: the number of bytes consumed (0 if no associated Chardev)
  */
-int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
+int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len);
 
 /**
  * qemu_chr_fe_write_all:
@@ -217,7 +217,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
  *
  * Returns: the number of bytes consumed (0 if no associated Chardev)
  */
-int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len);
+int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len);
 
 /**
  * qemu_chr_fe_read_all:
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Philippe Mathieu-Daudé]

We now know all callers use a size_t argument. We can
convert qemu_chr_write() and qemu_chr_write_all() to
use a size_t argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char.c          | 8 ++++----
 include/chardev/char.h  | 2 +-
 include/sysemu/replay.h | 2 +-
 replay/replay-char.c    | 2 +-
 stubs/replay.c          | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/chardev/char.c b/chardev/char.c
index 3149cd3ba9..8f1f56a802 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -99,8 +99,8 @@ static void qemu_chr_write_log(Chardev *s, const uint8_t *buf, size_t len)
 }
 
 static int qemu_chr_write_buffer(Chardev *s,
-                                 const uint8_t *buf, int len,
-                                 int *offset, bool write_all)
+                                 const uint8_t *buf, size_t len,
+                                 size_t *offset, bool write_all)
 {
     ChardevClass *cc = CHARDEV_GET_CLASS(s);
     int res = 0;
@@ -132,9 +132,9 @@ static int qemu_chr_write_buffer(Chardev *s,
     return res;
 }
 
-int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
+int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all)
 {
-    int offset = 0;
+    size_t offset = 0;
     int res;
 
     if (qemu_chr_replay(s) && replay_mode == REPLAY_MODE_PLAY) {
diff --git a/include/chardev/char.h b/include/chardev/char.h
index 0341dd1ba2..2e3b5a15ca 100644
--- a/include/chardev/char.h
+++ b/include/chardev/char.h
@@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
                           ChardevFeature feature);
 QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
                                 bool permit_mux_mon);
-int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
+int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);
 #define qemu_chr_write_all(s, buf, len) qemu_chr_write(s, buf, len, true)
 int qemu_chr_wait_connected(Chardev *chr, Error **errp);
 
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 3a7c58e423..334944715d 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -158,7 +158,7 @@ void replay_chr_be_write(struct Chardev *s, uint8_t *buf, int len);
 /*! Writes char write return value to the replay log. */
 void replay_char_write_event_save(int res, int offset);
 /*! Reads char write return value from the replay log. */
-void replay_char_write_event_load(int *res, int *offset);
+void replay_char_write_event_load(int *res, size_t *offset);
 /*! Reads information about read_all character event. */
 int replay_char_read_all_load(uint8_t *buf);
 /*! Writes character read_all error code into the replay log. */
diff --git a/replay/replay-char.c b/replay/replay-char.c
index 736cc8c2e6..f0308578eb 100644
--- a/replay/replay-char.c
+++ b/replay/replay-char.c
@@ -104,7 +104,7 @@ void replay_char_write_event_save(int res, int offset)
     replay_put_dword(offset);
 }
 
-void replay_char_write_event_load(int *res, int *offset)
+void replay_char_write_event_load(int *res, size_t *offset)
 {
     g_assert(replay_mutex_locked());
 
diff --git a/stubs/replay.c b/stubs/replay.c
index 4ac607895d..cf584d3191 100644
--- a/stubs/replay.c
+++ b/stubs/replay.c
@@ -44,7 +44,7 @@ void replay_char_write_event_save(int res, int offset)
     abort();
 }
 
-void replay_char_write_event_load(int *res, int *offset)
+void replay_char_write_event_load(int *res, size_t *offset)
 {
     abort();
 }
-- 
2.20.1

[PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Philippe Mathieu-Daudé]

We now know all callers use a size_t argument. We can
convert qemu_chr_write() and qemu_chr_write_all() to
use a size_t argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 chardev/char.c          | 8 ++++----
 include/chardev/char.h  | 2 +-
 include/sysemu/replay.h | 2 +-
 replay/replay-char.c    | 2 +-
 stubs/replay.c          | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/chardev/char.c b/chardev/char.c
index 3149cd3ba9..8f1f56a802 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -99,8 +99,8 @@ static void qemu_chr_write_log(Chardev *s, const uint8_t *buf, size_t len)
 }
 
 static int qemu_chr_write_buffer(Chardev *s,
-                                 const uint8_t *buf, int len,
-                                 int *offset, bool write_all)
+                                 const uint8_t *buf, size_t len,
+                                 size_t *offset, bool write_all)
 {
     ChardevClass *cc = CHARDEV_GET_CLASS(s);
     int res = 0;
@@ -132,9 +132,9 @@ static int qemu_chr_write_buffer(Chardev *s,
     return res;
 }
 
-int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
+int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all)
 {
-    int offset = 0;
+    size_t offset = 0;
     int res;
 
     if (qemu_chr_replay(s) && replay_mode == REPLAY_MODE_PLAY) {
diff --git a/include/chardev/char.h b/include/chardev/char.h
index 0341dd1ba2..2e3b5a15ca 100644
--- a/include/chardev/char.h
+++ b/include/chardev/char.h
@@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
                           ChardevFeature feature);
 QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
                                 bool permit_mux_mon);
-int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
+int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);
 #define qemu_chr_write_all(s, buf, len) qemu_chr_write(s, buf, len, true)
 int qemu_chr_wait_connected(Chardev *chr, Error **errp);
 
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 3a7c58e423..334944715d 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -158,7 +158,7 @@ void replay_chr_be_write(struct Chardev *s, uint8_t *buf, int len);
 /*! Writes char write return value to the replay log. */
 void replay_char_write_event_save(int res, int offset);
 /*! Reads char write return value from the replay log. */
-void replay_char_write_event_load(int *res, int *offset);
+void replay_char_write_event_load(int *res, size_t *offset);
 /*! Reads information about read_all character event. */
 int replay_char_read_all_load(uint8_t *buf);
 /*! Writes character read_all error code into the replay log. */
diff --git a/replay/replay-char.c b/replay/replay-char.c
index 736cc8c2e6..f0308578eb 100644
--- a/replay/replay-char.c
+++ b/replay/replay-char.c
@@ -104,7 +104,7 @@ void replay_char_write_event_save(int res, int offset)
     replay_put_dword(offset);
 }
 
-void replay_char_write_event_load(int *res, int *offset)
+void replay_char_write_event_load(int *res, size_t *offset)
 {
     g_assert(replay_mutex_locked());
 
diff --git a/stubs/replay.c b/stubs/replay.c
index 4ac607895d..cf584d3191 100644
--- a/stubs/replay.c
+++ b/stubs/replay.c
@@ -44,7 +44,7 @@ void replay_char_write_event_save(int res, int offset)
     abort();
 }
 
-void replay_char_write_event_load(int *res, int *offset)
+void replay_char_write_event_load(int *res, size_t *offset)
 {
     abort();
 }
-- 
2.20.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 15/25] spapr-vty: Let vty_putchars() use size_t

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 1833 bytes --]

On Wed, Feb 20, 2019 at 02:02:22AM +0100, Philippe Mathieu-Daudé wrote:
> Both callers (h_put_term_char and rtas_display_character) use
> an unsigned value.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Acked-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  hw/char/spapr_vty.c        | 2 +-
>  include/hw/ppc/spapr_vio.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
> index 6748334ded..92b8c40410 100644
> --- a/hw/char/spapr_vty.c
> +++ b/hw/char/spapr_vty.c
> @@ -83,7 +83,7 @@ static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
>      return n;
>  }
>  
> -void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
> +void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len)
>  {
>      VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
>  
> diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
> index e8b006d18f..ed79d2f380 100644
> --- a/include/hw/ppc/spapr_vio.h
> +++ b/include/hw/ppc/spapr_vio.h
> @@ -126,7 +126,7 @@ static inline int spapr_vio_dma_set(VIOsPAPRDevice *dev, uint64_t taddr,
>  int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq);
>  
>  VIOsPAPRDevice *vty_lookup(sPAPRMachineState *spapr, target_ulong reg);
> -void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len);
> +void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len);
>  void spapr_vty_create(VIOsPAPRBus *bus, Chardev *chardev);
>  void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd);
>  void spapr_vscsi_create(VIOsPAPRBus *bus);

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v3 15/25] spapr-vty: Let vty_putchars() use size_t

[David Gibson]

[-- Attachment #1.1: Type: text/plain, Size: 1833 bytes --]

On Wed, Feb 20, 2019 at 02:02:22AM +0100, Philippe Mathieu-Daudé wrote:
> Both callers (h_put_term_char and rtas_display_character) use
> an unsigned value.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Acked-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  hw/char/spapr_vty.c        | 2 +-
>  include/hw/ppc/spapr_vio.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
> index 6748334ded..92b8c40410 100644
> --- a/hw/char/spapr_vty.c
> +++ b/hw/char/spapr_vty.c
> @@ -83,7 +83,7 @@ static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
>      return n;
>  }
>  
> -void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len)
> +void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len)
>  {
>      VIOsPAPRVTYDevice *dev = VIO_SPAPR_VTY_DEVICE(sdev);
>  
> diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
> index e8b006d18f..ed79d2f380 100644
> --- a/include/hw/ppc/spapr_vio.h
> +++ b/include/hw/ppc/spapr_vio.h
> @@ -126,7 +126,7 @@ static inline int spapr_vio_dma_set(VIOsPAPRDevice *dev, uint64_t taddr,
>  int spapr_vio_send_crq(VIOsPAPRDevice *dev, uint8_t *crq);
>  
>  VIOsPAPRDevice *vty_lookup(sPAPRMachineState *spapr, target_ulong reg);
> -void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len);
> +void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, size_t len);
>  void spapr_vty_create(VIOsPAPRBus *bus, Chardev *chardev);
>  void spapr_vlan_create(VIOsPAPRBus *bus, NICInfo *nd);
>  void spapr_vscsi_create(VIOsPAPRBus *bus);

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 157 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value

[Gerd Hoffmann]

On Wed, Feb 20, 2019 at 02:02:10AM +0100, Philippe Mathieu-Daudé wrote:
> TabletChardev::query is an array of uint8_t.
> Use the same type to hold it (this also silent a -Wsign-conversion
> warning in the trace function).
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

> ---
>  chardev/trace-events | 2 +-
>  chardev/wctablet.c   | 5 +++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/chardev/trace-events b/chardev/trace-events
> index d0e5f3bbc1..562bfe70e9 100644
> --- a/chardev/trace-events
> +++ b/chardev/trace-events
> @@ -5,7 +5,7 @@ wct_init(void) ""
>  wct_cmd_re(void) ""
>  wct_cmd_st(void) ""
>  wct_cmd_sp(void) ""
> -wct_cmd_ts(int input) "0x%02x"
> +wct_cmd_ts(uint8_t input) "0x%02x"
>  wct_cmd_other(const char *cmd) "%s"
>  wct_speed(int speed) "%d"
>  
> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> index 35dbd29a33..cf7a08a363 100644
> --- a/chardev/wctablet.c
> +++ b/chardev/wctablet.c
> @@ -207,7 +207,8 @@ static int wctablet_chr_write(struct Chardev *chr,
>                                const uint8_t *buf, int len)
>  {
>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> -    unsigned int i, clen;
> +    size_t i;
> +    unsigned int clen;
>      char *pos;
>  
>      if (tablet->line_speed != 9600) {
> @@ -269,7 +270,7 @@ static int wctablet_chr_write(struct Chardev *chr,
>  
>      } else if (strncmp((char *)tablet->query, "TS", 2) == 0 &&
>                 clen == 3) {
> -        unsigned int input = tablet->query[2];
> +        uint8_t input = tablet->query[2];
>          uint8_t codes[7] = {
>              0xa3,
>              ((input & 0x80) == 0) ? 0x7e : 0x7f,
> -- 
> 2.20.1
> 

Re: [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value

[Gerd Hoffmann]

On Wed, Feb 20, 2019 at 02:02:10AM +0100, Philippe Mathieu-Daudé wrote:
> TabletChardev::query is an array of uint8_t.
> Use the same type to hold it (this also silent a -Wsign-conversion
> warning in the trace function).
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

> ---
>  chardev/trace-events | 2 +-
>  chardev/wctablet.c   | 5 +++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/chardev/trace-events b/chardev/trace-events
> index d0e5f3bbc1..562bfe70e9 100644
> --- a/chardev/trace-events
> +++ b/chardev/trace-events
> @@ -5,7 +5,7 @@ wct_init(void) ""
>  wct_cmd_re(void) ""
>  wct_cmd_st(void) ""
>  wct_cmd_sp(void) ""
> -wct_cmd_ts(int input) "0x%02x"
> +wct_cmd_ts(uint8_t input) "0x%02x"
>  wct_cmd_other(const char *cmd) "%s"
>  wct_speed(int speed) "%d"
>  
> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> index 35dbd29a33..cf7a08a363 100644
> --- a/chardev/wctablet.c
> +++ b/chardev/wctablet.c
> @@ -207,7 +207,8 @@ static int wctablet_chr_write(struct Chardev *chr,
>                                const uint8_t *buf, int len)
>  {
>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> -    unsigned int i, clen;
> +    size_t i;
> +    unsigned int clen;
>      char *pos;
>  
>      if (tablet->line_speed != 9600) {
> @@ -269,7 +270,7 @@ static int wctablet_chr_write(struct Chardev *chr,
>  
>      } else if (strncmp((char *)tablet->query, "TS", 2) == 0 &&
>                 clen == 3) {
> -        unsigned int input = tablet->query[2];
> +        uint8_t input = tablet->query[2];
>          uint8_t codes[7] = {
>              0xa3,
>              ((input & 0x80) == 0) ? 0x7e : 0x7f,
> -- 
> 2.20.1
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 08/25] ui/gtk: Remove pointless cast

[Gerd Hoffmann]

On Wed, Feb 20, 2019 at 02:02:15AM +0100, Philippe Mathieu-Daudé wrote:
> The 'size' value is of type 'guint' which is already unsigned.
> Remove the useless cast.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

Re: [PATCH v3 08/25] ui/gtk: Remove pointless cast

[Gerd Hoffmann]

On Wed, Feb 20, 2019 at 02:02:15AM +0100, Philippe Mathieu-Daudé wrote:
> The 'size' value is of type 'guint' which is already unsigned.
> Remove the useless cast.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

[Gerd Hoffmann]

On Wed, Feb 20, 2019 at 02:02:17AM +0100, Philippe Mathieu-Daudé wrote:
> The usbredirparser_write handler should never be called with a negative
> size payload, return an error if this is not the case.
> Now that we are sure the 'count' value is positive, make it obvious by
> casting it to a size_t.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

Re: [PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

[Gerd Hoffmann]

On Wed, Feb 20, 2019 at 02:02:17AM +0100, Philippe Mathieu-Daudé wrote:
> The usbredirparser_write handler should never be called with a negative
> size payload, return an error if this is not the case.
> Now that we are sure the 'count' value is positive, make it obvious by
> casting it to a size_t.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 18/25] s390x/3270: Let insert_IAC_escape_char() use size_t

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:25 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> This function takes size_t argument and return a size_t.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/terminal3270.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

Re: [PATCH v3 18/25] s390x/3270: Let insert_IAC_escape_char() use size_t

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:25 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> This function takes size_t argument and return a size_t.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/terminal3270.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:26 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  include/hw/s390x/ebcdic.h | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/include/hw/s390x/ebcdic.h b/include/hw/s390x/ebcdic.h
> index 69a04cab62..d89174e113 100644
> --- a/include/hw/s390x/ebcdic.h
> +++ b/include/hw/s390x/ebcdic.h
> @@ -83,18 +83,18 @@ static const uint8_t ascii2ebcdic[] = {
>      0x90, 0x3F, 0x3F, 0x3F, 0x3F, 0xEA, 0x3F, 0xFF
>  };
>  
> -static inline void ebcdic_put(uint8_t *p, const char *ascii, int len)
> +static inline void ebcdic_put(uint8_t *p, const char *ascii, size_t len)
>  {
> -    int i;
> +    size_t i;
>  
>      for (i = 0; i < len; i++) {
>          p[i] = ascii2ebcdic[(uint8_t)ascii[i]];
>      }
>  }
>  
> -static inline void ascii_put(uint8_t *p, const char *ebcdic, int len)
> +static inline void ascii_put(uint8_t *p, const char *ebcdic, size_t len)
>  {
> -    int i;
> +    size_t i;
>  
>      for (i = 0; i < len; i++) {
>          p[i] = ebcdic2ascii[(uint8_t)ebcdic[i]];

Making the passed len parameter a size_t makes sense; but using a
size_t as an array iterator looks a bit unidiomatic... it's not wrong,
though.

Acked-by: Cornelia Huck <cohuck@redhat.com>

Re: [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:26 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  include/hw/s390x/ebcdic.h | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/include/hw/s390x/ebcdic.h b/include/hw/s390x/ebcdic.h
> index 69a04cab62..d89174e113 100644
> --- a/include/hw/s390x/ebcdic.h
> +++ b/include/hw/s390x/ebcdic.h
> @@ -83,18 +83,18 @@ static const uint8_t ascii2ebcdic[] = {
>      0x90, 0x3F, 0x3F, 0x3F, 0x3F, 0xEA, 0x3F, 0xFF
>  };
>  
> -static inline void ebcdic_put(uint8_t *p, const char *ascii, int len)
> +static inline void ebcdic_put(uint8_t *p, const char *ascii, size_t len)
>  {
> -    int i;
> +    size_t i;
>  
>      for (i = 0; i < len; i++) {
>          p[i] = ascii2ebcdic[(uint8_t)ascii[i]];
>      }
>  }
>  
> -static inline void ascii_put(uint8_t *p, const char *ebcdic, int len)
> +static inline void ascii_put(uint8_t *p, const char *ebcdic, size_t len)
>  {
> -    int i;
> +    size_t i;
>  
>      for (i = 0; i < len; i++) {
>          p[i] = ebcdic2ascii[(uint8_t)ebcdic[i]];

Making the passed len parameter a size_t makes sense; but using a
size_t as an array iterator looks a bit unidiomatic... it's not wrong,
though.

Acked-by: Cornelia Huck <cohuck@redhat.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 01/25] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> IOWatchPoll::fd_can_read() really is a GSourceFunc type, it simply
> returns a boolean value.
> Update the backends to return a boolean, whether there is data to
> read from the source or not.
>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/char-fd.c         | 4 ++--
>  chardev/char-io.c         | 6 +++---
>  chardev/char-pty.c        | 4 ++--
>  chardev/char-socket.c     | 6 +++---
>  chardev/char-udp.c        | 4 ++--
>  include/chardev/char-io.h | 2 +-
>  6 files changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> index 2c9b2ce567..2421d8e216 100644
> --- a/chardev/char-fd.c
> +++ b/chardev/char-fd.c
> @@ -69,13 +69,13 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>      return TRUE;
>  }
>
> -static int fd_chr_read_poll(void *opaque)
> +static gboolean fd_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      FDChardev *s = FD_CHARDEV(opaque);
>
>      s->max_size = qemu_chr_be_can_write(chr);
> -    return s->max_size;
> +    return s->max_size > 0;
>  }
>
>  static GSource *fd_chr_add_watch(Chardev *chr, GIOCondition cond)
> diff --git a/chardev/char-io.c b/chardev/char-io.c
> index 8ced184160..2c1c69098e 100644
> --- a/chardev/char-io.c
> +++ b/chardev/char-io.c
> @@ -30,7 +30,7 @@ typedef struct IOWatchPoll {
>      QIOChannel *ioc;
>      GSource *src;
>
> -    IOCanReadHandler *fd_can_read;
> +    GSourceFunc fd_can_read;
>      GSourceFunc fd_read;
>      void *opaque;
>  } IOWatchPoll;
> @@ -44,7 +44,7 @@ static gboolean io_watch_poll_prepare(GSource *source,
>                                        gint *timeout)
>  {
>      IOWatchPoll *iwp = io_watch_poll_from_source(source);
> -    bool now_active = iwp->fd_can_read(iwp->opaque) > 0;
> +    bool now_active = iwp->fd_can_read(iwp->opaque);
>      bool was_active = iwp->src != NULL;
>      if (was_active == now_active) {
>          return FALSE;
> @@ -76,7 +76,7 @@ static GSourceFuncs io_watch_poll_funcs = {
>
>  GSource *io_add_watch_poll(Chardev *chr,
>                          QIOChannel *ioc,
> -                        IOCanReadHandler *fd_can_read,
> +                        GSourceFunc fd_can_read,
>                          QIOChannelFunc fd_read,
>                          gpointer user_data,
>                          GMainContext *context)
> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> index b034332edd..7777f6ddef 100644
> --- a/chardev/char-pty.c
> +++ b/chardev/char-pty.c
> @@ -119,13 +119,13 @@ static GSource *pty_chr_add_watch(Chardev *chr, GIOCondition cond)
>      return qio_channel_create_watch(s->ioc, cond);
>  }
>
> -static int pty_chr_read_poll(void *opaque)
> +static gboolean pty_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      PtyChardev *s = PTY_CHARDEV(opaque);
>
>      s->read_bytes = qemu_chr_be_can_write(chr);
> -    return s->read_bytes;
> +    return s->read_bytes > 0;
>  }
>
>  static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> index 4fcdd8aedd..262a59b64f 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> @@ -147,7 +147,7 @@ static void tcp_chr_accept(QIONetListener *listener,
>                             QIOChannelSocket *cioc,
>                             void *opaque);
>
> -static int tcp_chr_read_poll(void *opaque);
> +static gboolean tcp_chr_read_poll(void *opaque);
>  static void tcp_chr_disconnect(Chardev *chr);
>
>  /* Called with chr_write_lock held.  */
> @@ -184,7 +184,7 @@ static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len)
>      }
>  }
>
> -static int tcp_chr_read_poll(void *opaque)
> +static gboolean tcp_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      SocketChardev *s = SOCKET_CHARDEV(opaque);
> @@ -192,7 +192,7 @@ static int tcp_chr_read_poll(void *opaque)
>          return 0;
>      }
>      s->max_size = qemu_chr_be_can_write(chr);
> -    return s->max_size;
> +    return s->max_size > 0;
>  }
>
>  static void tcp_chr_process_IAC_bytes(Chardev *chr,
> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
> index 097a2f0f42..b6e399e983 100644
> --- a/chardev/char-udp.c
> +++ b/chardev/char-udp.c
> @@ -65,7 +65,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
>      }
>  }
>
> -static int udp_chr_read_poll(void *opaque)
> +static gboolean udp_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      UdpChardev *s = UDP_CHARDEV(opaque);
> @@ -77,7 +77,7 @@ static int udp_chr_read_poll(void *opaque)
>       */
>      udp_chr_flush_buffer(s);
>
> -    return s->max_size;
> +    return s->max_size > 0;
>  }
>
>  static gboolean udp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> diff --git a/include/chardev/char-io.h b/include/chardev/char-io.h
> index 9638da5100..a173874538 100644
> --- a/include/chardev/char-io.h
> +++ b/include/chardev/char-io.h
> @@ -31,7 +31,7 @@
>  /* Can only be used for read */
>  GSource *io_add_watch_poll(Chardev *chr,
>                          QIOChannel *ioc,
> -                        IOCanReadHandler *fd_can_read,
> +                        GSourceFunc fd_can_read,
>                          QIOChannelFunc fd_read,
>                          gpointer user_data,
>                          GMainContext *context);
> --
> 2.20.1
>

Re: [PATCH v3 01/25] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> IOWatchPoll::fd_can_read() really is a GSourceFunc type, it simply
> returns a boolean value.
> Update the backends to return a boolean, whether there is data to
> read from the source or not.
>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/char-fd.c         | 4 ++--
>  chardev/char-io.c         | 6 +++---
>  chardev/char-pty.c        | 4 ++--
>  chardev/char-socket.c     | 6 +++---
>  chardev/char-udp.c        | 4 ++--
>  include/chardev/char-io.h | 2 +-
>  6 files changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> index 2c9b2ce567..2421d8e216 100644
> --- a/chardev/char-fd.c
> +++ b/chardev/char-fd.c
> @@ -69,13 +69,13 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>      return TRUE;
>  }
>
> -static int fd_chr_read_poll(void *opaque)
> +static gboolean fd_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      FDChardev *s = FD_CHARDEV(opaque);
>
>      s->max_size = qemu_chr_be_can_write(chr);
> -    return s->max_size;
> +    return s->max_size > 0;
>  }
>
>  static GSource *fd_chr_add_watch(Chardev *chr, GIOCondition cond)
> diff --git a/chardev/char-io.c b/chardev/char-io.c
> index 8ced184160..2c1c69098e 100644
> --- a/chardev/char-io.c
> +++ b/chardev/char-io.c
> @@ -30,7 +30,7 @@ typedef struct IOWatchPoll {
>      QIOChannel *ioc;
>      GSource *src;
>
> -    IOCanReadHandler *fd_can_read;
> +    GSourceFunc fd_can_read;
>      GSourceFunc fd_read;
>      void *opaque;
>  } IOWatchPoll;
> @@ -44,7 +44,7 @@ static gboolean io_watch_poll_prepare(GSource *source,
>                                        gint *timeout)
>  {
>      IOWatchPoll *iwp = io_watch_poll_from_source(source);
> -    bool now_active = iwp->fd_can_read(iwp->opaque) > 0;
> +    bool now_active = iwp->fd_can_read(iwp->opaque);
>      bool was_active = iwp->src != NULL;
>      if (was_active == now_active) {
>          return FALSE;
> @@ -76,7 +76,7 @@ static GSourceFuncs io_watch_poll_funcs = {
>
>  GSource *io_add_watch_poll(Chardev *chr,
>                          QIOChannel *ioc,
> -                        IOCanReadHandler *fd_can_read,
> +                        GSourceFunc fd_can_read,
>                          QIOChannelFunc fd_read,
>                          gpointer user_data,
>                          GMainContext *context)
> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> index b034332edd..7777f6ddef 100644
> --- a/chardev/char-pty.c
> +++ b/chardev/char-pty.c
> @@ -119,13 +119,13 @@ static GSource *pty_chr_add_watch(Chardev *chr, GIOCondition cond)
>      return qio_channel_create_watch(s->ioc, cond);
>  }
>
> -static int pty_chr_read_poll(void *opaque)
> +static gboolean pty_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      PtyChardev *s = PTY_CHARDEV(opaque);
>
>      s->read_bytes = qemu_chr_be_can_write(chr);
> -    return s->read_bytes;
> +    return s->read_bytes > 0;
>  }
>
>  static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> index 4fcdd8aedd..262a59b64f 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> @@ -147,7 +147,7 @@ static void tcp_chr_accept(QIONetListener *listener,
>                             QIOChannelSocket *cioc,
>                             void *opaque);
>
> -static int tcp_chr_read_poll(void *opaque);
> +static gboolean tcp_chr_read_poll(void *opaque);
>  static void tcp_chr_disconnect(Chardev *chr);
>
>  /* Called with chr_write_lock held.  */
> @@ -184,7 +184,7 @@ static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len)
>      }
>  }
>
> -static int tcp_chr_read_poll(void *opaque)
> +static gboolean tcp_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      SocketChardev *s = SOCKET_CHARDEV(opaque);
> @@ -192,7 +192,7 @@ static int tcp_chr_read_poll(void *opaque)
>          return 0;
>      }
>      s->max_size = qemu_chr_be_can_write(chr);
> -    return s->max_size;
> +    return s->max_size > 0;
>  }
>
>  static void tcp_chr_process_IAC_bytes(Chardev *chr,
> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
> index 097a2f0f42..b6e399e983 100644
> --- a/chardev/char-udp.c
> +++ b/chardev/char-udp.c
> @@ -65,7 +65,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
>      }
>  }
>
> -static int udp_chr_read_poll(void *opaque)
> +static gboolean udp_chr_read_poll(void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      UdpChardev *s = UDP_CHARDEV(opaque);
> @@ -77,7 +77,7 @@ static int udp_chr_read_poll(void *opaque)
>       */
>      udp_chr_flush_buffer(s);
>
> -    return s->max_size;
> +    return s->max_size > 0;
>  }
>
>  static gboolean udp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> diff --git a/include/chardev/char-io.h b/include/chardev/char-io.h
> index 9638da5100..a173874538 100644
> --- a/include/chardev/char-io.h
> +++ b/include/chardev/char-io.h
> @@ -31,7 +31,7 @@
>  /* Can only be used for read */
>  GSource *io_add_watch_poll(Chardev *chr,
>                          QIOChannel *ioc,
> -                        IOCanReadHandler *fd_can_read,
> +                        GSourceFunc fd_can_read,
>                          QIOChannelFunc fd_read,
>                          gpointer user_data,
>                          GMainContext *context);
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> The backend should not return a negative length to read.
> We will later change the prototype of IOCanReadHandler to return an
> unsigned length. Meanwhile make sure the return length is positive.
>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

In such patch, you should do extensive review of existing callbacks,
or find a convincing argument that this can't break.

The problem is there are a lot of can_read callbacks, and it's not
trivial. The *first* of git-grep is rng_egd_chr_can_read()

 57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
 58         size += req->size - req->offset;
 59     }
 60
 61     return size;

Clearly not obvious if it returns >= 0.

Another approach is to look at the caller and the return value
handling. If none handle negative values (or would have wrong
behaviour with negative values), the assert() is perhaps justified, as
it could prevent from doing more harm.

> ---
>  chardev/char.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/chardev/char.c b/chardev/char.c
> index f6d61fa5f8..71ecd32b25 100644
> --- a/chardev/char.c
> +++ b/chardev/char.c
> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>  int qemu_chr_be_can_write(Chardev *s)
>  {
>      CharBackend *be = s->be;
> +    int receivable_bytes;
>
>      if (!be || !be->chr_can_read) {
>          return 0;
>      }
>
> -    return be->chr_can_read(be->opaque);
> +    receivable_bytes = be->chr_can_read(be->opaque);
> +    assert(receivable_bytes >= 0);
> +    return receivable_bytes;
>  }
>
>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
> --
> 2.20.1
>

Re: [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> The backend should not return a negative length to read.
> We will later change the prototype of IOCanReadHandler to return an
> unsigned length. Meanwhile make sure the return length is positive.
>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

In such patch, you should do extensive review of existing callbacks,
or find a convincing argument that this can't break.

The problem is there are a lot of can_read callbacks, and it's not
trivial. The *first* of git-grep is rng_egd_chr_can_read()

 57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
 58         size += req->size - req->offset;
 59     }
 60
 61     return size;

Clearly not obvious if it returns >= 0.

Another approach is to look at the caller and the return value
handling. If none handle negative values (or would have wrong
behaviour with negative values), the assert() is perhaps justified, as
it could prevent from doing more harm.

> ---
>  chardev/char.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/chardev/char.c b/chardev/char.c
> index f6d61fa5f8..71ecd32b25 100644
> --- a/chardev/char.c
> +++ b/chardev/char.c
> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>  int qemu_chr_be_can_write(Chardev *s)
>  {
>      CharBackend *be = s->be;
> +    int receivable_bytes;
>
>      if (!be || !be->chr_can_read) {
>          return 0;
>      }
>
> -    return be->chr_can_read(be->opaque);
> +    receivable_bytes = be->chr_can_read(be->opaque);
> +    assert(receivable_bytes >= 0);
> +    return receivable_bytes;
>  }
>
>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> TabletChardev::query is an array of uint8_t.
> Use the same type to hold it (this also silent a -Wsign-conversion
> warning in the trace function).
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/trace-events | 2 +-
>  chardev/wctablet.c   | 5 +++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/chardev/trace-events b/chardev/trace-events
> index d0e5f3bbc1..562bfe70e9 100644
> --- a/chardev/trace-events
> +++ b/chardev/trace-events
> @@ -5,7 +5,7 @@ wct_init(void) ""
>  wct_cmd_re(void) ""
>  wct_cmd_st(void) ""
>  wct_cmd_sp(void) ""
> -wct_cmd_ts(int input) "0x%02x"
> +wct_cmd_ts(uint8_t input) "0x%02x"
>  wct_cmd_other(const char *cmd) "%s"
>  wct_speed(int speed) "%d"
>
> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> index 35dbd29a33..cf7a08a363 100644
> --- a/chardev/wctablet.c
> +++ b/chardev/wctablet.c
> @@ -207,7 +207,8 @@ static int wctablet_chr_write(struct Chardev *chr,
>                                const uint8_t *buf, int len)
>  {
>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> -    unsigned int i, clen;
> +    size_t i;
> +    unsigned int clen;
>      char *pos;
>
>      if (tablet->line_speed != 9600) {
> @@ -269,7 +270,7 @@ static int wctablet_chr_write(struct Chardev *chr,
>
>      } else if (strncmp((char *)tablet->query, "TS", 2) == 0 &&
>                 clen == 3) {
> -        unsigned int input = tablet->query[2];
> +        uint8_t input = tablet->query[2];
>          uint8_t codes[7] = {
>              0xa3,
>              ((input & 0x80) == 0) ? 0x7e : 0x7f,
> --
> 2.20.1
>

Re: [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> TabletChardev::query is an array of uint8_t.
> Use the same type to hold it (this also silent a -Wsign-conversion
> warning in the trace function).
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/trace-events | 2 +-
>  chardev/wctablet.c   | 5 +++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/chardev/trace-events b/chardev/trace-events
> index d0e5f3bbc1..562bfe70e9 100644
> --- a/chardev/trace-events
> +++ b/chardev/trace-events
> @@ -5,7 +5,7 @@ wct_init(void) ""
>  wct_cmd_re(void) ""
>  wct_cmd_st(void) ""
>  wct_cmd_sp(void) ""
> -wct_cmd_ts(int input) "0x%02x"
> +wct_cmd_ts(uint8_t input) "0x%02x"
>  wct_cmd_other(const char *cmd) "%s"
>  wct_speed(int speed) "%d"
>
> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> index 35dbd29a33..cf7a08a363 100644
> --- a/chardev/wctablet.c
> +++ b/chardev/wctablet.c
> @@ -207,7 +207,8 @@ static int wctablet_chr_write(struct Chardev *chr,
>                                const uint8_t *buf, int len)
>  {
>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> -    unsigned int i, clen;
> +    size_t i;
> +    unsigned int clen;
>      char *pos;
>
>      if (tablet->line_speed != 9600) {
> @@ -269,7 +270,7 @@ static int wctablet_chr_write(struct Chardev *chr,
>
>      } else if (strncmp((char *)tablet->query, "TS", 2) == 0 &&
>                 clen == 3) {
> -        unsigned int input = tablet->query[2];
> +        uint8_t input = tablet->query[2];
>          uint8_t codes[7] = {
>              0xa3,
>              ((input & 0x80) == 0) ? 0x7e : 0x7f,
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Daniel P. Berrangé]

On Wed, Feb 20, 2019 at 02:02:32AM +0100, Philippe Mathieu-Daudé wrote:

> diff --git a/include/chardev/char.h b/include/chardev/char.h
> index 0341dd1ba2..2e3b5a15ca 100644
> --- a/include/chardev/char.h
> +++ b/include/chardev/char.h
> @@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
>                            ChardevFeature feature);
>  QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
>                                  bool permit_mux_mon);
> -int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
> +int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);

Seeing this cleanup reminds me that I think we ought to change
the chardev read & write functions to take "void *buf" instead.
as is done for regular libc  read/write functions. This would
avoid casts in the callers between char */uint8_t *

Something to think about for a future cleanup job....same applies
for the QIOChannel APIs which take a 'char *buf', annoyingly
different from the chardev APIs :-( Both ought to have void *buf


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Daniel P. Berrangé]

On Wed, Feb 20, 2019 at 02:02:32AM +0100, Philippe Mathieu-Daudé wrote:

> diff --git a/include/chardev/char.h b/include/chardev/char.h
> index 0341dd1ba2..2e3b5a15ca 100644
> --- a/include/chardev/char.h
> +++ b/include/chardev/char.h
> @@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
>                            ChardevFeature feature);
>  QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
>                                  bool permit_mux_mon);
> -int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
> +int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);

Seeing this cleanup reminds me that I think we ought to change
the chardev read & write functions to take "void *buf" instead.
as is done for regular libc  read/write functions. This would
avoid casts in the callers between char */uint8_t *

Something to think about for a future cleanup job....same applies
for the QIOChannel APIs which take a 'char *buf', annoyingly
different from the chardev APIs :-( Both ought to have void *buf


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> In the previous commit we added an assert to be sure than
> qemu_chr_be_can_write() will never return a negative value.
> We can now change its prototype to return a size_t.
> Adapt the backends accordingly.

Each variable you change to an unsigned type, we should check it isn't
used with negative values.

>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  chardev/baum.c            | 6 +++---
>  chardev/char-fd.c         | 2 +-
>  chardev/char-pty.c        | 4 ++--
>  chardev/char-socket.c     | 7 ++++---
>  chardev/char-udp.c        | 4 ++--
>  chardev/char-win.c        | 2 +-
>  chardev/char.c            | 2 +-
>  chardev/msmouse.c         | 4 ++--
>  chardev/spice.c           | 2 +-
>  chardev/wctablet.c        | 4 ++--
>  hw/bt/hci-csr.c           | 2 +-
>  include/chardev/char-fd.h | 2 +-
>  include/chardev/char.h    | 2 +-
>  ui/console.c              | 6 +++---
>  14 files changed, 25 insertions(+), 24 deletions(-)
>
> diff --git a/chardev/baum.c b/chardev/baum.c
> index 78b0c87625..1d69d62158 100644
> --- a/chardev/baum.c
> +++ b/chardev/baum.c
> @@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
>  static void baum_chr_accept_input(struct Chardev *chr)
>  {
>      BaumChardev *baum = BAUM_CHARDEV(chr);
> -    int room, first;
> +    size_t room, first;
>
>      if (!baum->out_buf_used)
>          return;
> @@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>  {
>      Chardev *chr = CHARDEV(baum);
>      uint8_t io_buf[1 + 2 * len], *cur = io_buf;
> -    int room;
> +    size_t room;
>      *cur++ = ESC;
>      while (len--)
>          if ((*cur++ = *buf++) == ESC)
> @@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>          /* Fits */
>          qemu_chr_be_write(chr, io_buf, len);
>      } else {
> -        int first;
> +        size_t first;
>          uint8_t out;
>          /* Can't fit all, send what can be, and store the rest. */
>          qemu_chr_be_write(chr, io_buf, room);

baum room & first are only used for non-negative capacity values. ack

> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> index 2421d8e216..0fe2822869 100644
> --- a/chardev/char-fd.c
> +++ b/chardev/char-fd.c
> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      FDChardev *s = FD_CHARDEV(opaque);
> -    int len;
> +    size_t len;
>      uint8_t buf[CHR_READ_BUF_LEN];
>      ssize_t ret;
>

fd len is only used for non-negative buffer size. ack

> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> index 7777f6ddef..eae25f043b 100644
> --- a/chardev/char-pty.c
> +++ b/chardev/char-pty.c
> @@ -34,7 +34,7 @@
>  typedef struct {
>      Chardev parent;
>      QIOChannel *ioc;
> -    int read_bytes;
> +    size_t read_bytes;
>

Only set with values returned from qemu_chr_be_can_write(), ack

>      int connected;
>      GSource *timer_src;
> @@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      PtyChardev *s = PTY_CHARDEV(opaque);
> -    gsize len;
> +    size_t len;
>      uint8_t buf[CHR_READ_BUF_LEN];
>      ssize_t ret;

pty len is only used for non-negative buffer size. ack

> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> index 262a59b64f..4010c343e0 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> @@ -60,7 +60,7 @@ typedef struct {
>      GSource *hup_source;
>      QCryptoTLSCreds *tls_creds;
>      TCPChardevState state;
> -    int max_size;
> +    size_t max_size;

Only set with values returned from qemu_chr_be_can_write(), ack

>      int do_telnetopt;
>      int do_nodelay;
>      int *read_msgfds;
> @@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>      Chardev *chr = CHARDEV(opaque);
>      SocketChardev *s = SOCKET_CHARDEV(opaque);
>      uint8_t buf[CHR_READ_BUF_LEN];
> -    int len, size;
> +    size_t len;

len is only used for non-negative buffer size. ack

> +    int size;
>
>      if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
> -        s->max_size <= 0) {
> +        s->max_size == 0) {
>          return TRUE;
>      }
>      len = sizeof(buf);
> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
> index b6e399e983..d4f40626e4 100644
> --- a/chardev/char-udp.c
> +++ b/chardev/char-udp.c
> @@ -39,7 +39,7 @@ typedef struct {
>      uint8_t buf[CHR_READ_BUF_LEN];
>      int bufcnt;
>      int bufptr;
> -    int max_size;
> +    size_t max_size;

Only set with values returned from qemu_chr_be_can_write(), ack

>  } UdpChardev;
>
>  #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
> @@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
>      Chardev *chr = CHARDEV(s);
>
>      while (s->max_size > 0 && s->bufptr < s->bufcnt) {
> -        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
> +        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);

the while() condition ensures the value will be > 0. ack

>          qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
>          s->bufptr += n;
>          s->max_size = qemu_chr_be_can_write(chr);
> diff --git a/chardev/char-win.c b/chardev/char-win.c
> index 05518e0958..30361e8852 100644
> --- a/chardev/char-win.c
> +++ b/chardev/char-win.c
> @@ -29,7 +29,7 @@
>  static void win_chr_read(Chardev *chr, DWORD len)
>  {
>      WinChardev *s = WIN_CHARDEV(chr);
> -    int max_size = qemu_chr_be_can_write(chr);
> +    size_t max_size = qemu_chr_be_can_write(chr);

unmodified, ack

>      int ret, err;
>      uint8_t buf[CHR_READ_BUF_LEN];
>      DWORD size;
> diff --git a/chardev/char.c b/chardev/char.c
> index 71ecd32b25..3149cd3ba9 100644
> --- a/chardev/char.c
> +++ b/chardev/char.c
> @@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>      return offset;
>  }
>
> -int qemu_chr_be_can_write(Chardev *s)
> +size_t qemu_chr_be_can_write(Chardev *s)
>  {
>      CharBackend *be = s->be;
>      int receivable_bytes;
> diff --git a/chardev/msmouse.c b/chardev/msmouse.c
> index 0ffd137ce8..cdb6f86037 100644
> --- a/chardev/msmouse.c
> +++ b/chardev/msmouse.c
> @@ -38,7 +38,7 @@ typedef struct {
>      bool btns[INPUT_BUTTON__MAX];
>      bool btnc[INPUT_BUTTON__MAX];
>      uint8_t outbuf[32];
> -    int outlen;
> +    size_t outlen;

outlen is only used as non-negative buffer size, ack

>  } MouseChardev;
>
>  #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
> @@ -48,7 +48,7 @@ typedef struct {
>  static void msmouse_chr_accept_input(Chardev *chr)
>  {
>      MouseChardev *mouse = MOUSE_CHARDEV(chr);
> -    int len;
> +    size_t len;
>
>      len = qemu_chr_be_can_write(chr);

same

>      if (len > mouse->outlen) {
> diff --git a/chardev/spice.c b/chardev/spice.c
> index 173c257949..ad180a8a13 100644
> --- a/chardev/spice.c
> +++ b/chardev/spice.c
> @@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
>      uint8_t* p = (uint8_t*)buf;
>
>      while (len > 0) {
> -        int can_write = qemu_chr_be_can_write(chr);
> +        size_t can_write = qemu_chr_be_can_write(chr);

unmodified value, ack

>          last_out = MIN(len, can_write);
>          if (last_out <= 0) {
>              break;
> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> index cf7a08a363..daae570bc7 100644
> --- a/chardev/wctablet.c
> +++ b/chardev/wctablet.c
> @@ -74,7 +74,7 @@ typedef struct {
>
>      /* Command to be sent to serial port */
>      uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
> -    int outlen;
> +    size_t outlen;

Used as non-negative buffer size only, ack
>
>      int line_speed;
>      bool send_events;
> @@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
>  static void wctablet_chr_accept_input(Chardev *chr)
>  {
>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> -    int len, canWrite;
> +    size_t len, canWrite;

Used as non-negative buffer size only, ack

>
>      canWrite = qemu_chr_be_can_write(chr);
>      len = canWrite;
> diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
> index fa6660a113..e837a3fa1f 100644
> --- a/hw/bt/hci-csr.c
> +++ b/hw/bt/hci-csr.c
> @@ -38,7 +38,7 @@ struct csrhci_s {
>  #define FIFO_LEN       4096
>      int out_start;
>      int out_len;
> -    int out_size;
> +    size_t out_size;

Used as non-negative buffer size only, ack

>      uint8_t outfifo[FIFO_LEN * 2];
>      uint8_t inpkt[FIFO_LEN];
>      enum {
> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
> index e7c2b176f9..36c6b89cee 100644
> --- a/include/chardev/char-fd.h
> +++ b/include/chardev/char-fd.h
> @@ -31,7 +31,7 @@ typedef struct FDChardev {
>      Chardev parent;
>
>      QIOChannel *ioc_in, *ioc_out;
> -    int max_size;
> +    size_t max_size;

Only set with values returned from qemu_chr_be_can_write(), ack

>  } FDChardev;
>
>  #define TYPE_CHARDEV_FD "chardev-fd"
> diff --git a/include/chardev/char.h b/include/chardev/char.h
> index c0b57f7685..0341dd1ba2 100644
> --- a/include/chardev/char.h
> +++ b/include/chardev/char.h
> @@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
>   *
>   * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
>   */
> -int qemu_chr_be_can_write(Chardev *s);
> +size_t qemu_chr_be_can_write(Chardev *s);
>
>  /**
>   * qemu_chr_be_write:
> diff --git a/ui/console.c b/ui/console.c
> index 6d2282d3e9..42f04e2b37 100644
> --- a/ui/console.c
> +++ b/ui/console.c
> @@ -61,8 +61,8 @@ enum TTYState {
>
>  typedef struct QEMUFIFO {
>      uint8_t *buf;
> -    int buf_size;
> -    int count, wptr, rptr;
> +    size_t buf_size, count;
> +    int wptr, rptr;

Only used as non-negative buffer size, ack

>  } QEMUFIFO;
>
>  static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
> @@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
>  static void kbd_send_chars(void *opaque)
>  {
>      QemuConsole *s = opaque;
> -    int len;
> +    size_t len;

Only used as non-negative buffer size, ack

>      uint8_t buf[16];
>
>      len = qemu_chr_be_can_write(s->chr);
> --
> 2.20.1
>

That was painful, hopefully I didn't miss something...

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Re: [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> In the previous commit we added an assert to be sure than
> qemu_chr_be_can_write() will never return a negative value.
> We can now change its prototype to return a size_t.
> Adapt the backends accordingly.

Each variable you change to an unsigned type, we should check it isn't
used with negative values.

>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  chardev/baum.c            | 6 +++---
>  chardev/char-fd.c         | 2 +-
>  chardev/char-pty.c        | 4 ++--
>  chardev/char-socket.c     | 7 ++++---
>  chardev/char-udp.c        | 4 ++--
>  chardev/char-win.c        | 2 +-
>  chardev/char.c            | 2 +-
>  chardev/msmouse.c         | 4 ++--
>  chardev/spice.c           | 2 +-
>  chardev/wctablet.c        | 4 ++--
>  hw/bt/hci-csr.c           | 2 +-
>  include/chardev/char-fd.h | 2 +-
>  include/chardev/char.h    | 2 +-
>  ui/console.c              | 6 +++---
>  14 files changed, 25 insertions(+), 24 deletions(-)
>
> diff --git a/chardev/baum.c b/chardev/baum.c
> index 78b0c87625..1d69d62158 100644
> --- a/chardev/baum.c
> +++ b/chardev/baum.c
> @@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
>  static void baum_chr_accept_input(struct Chardev *chr)
>  {
>      BaumChardev *baum = BAUM_CHARDEV(chr);
> -    int room, first;
> +    size_t room, first;
>
>      if (!baum->out_buf_used)
>          return;
> @@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>  {
>      Chardev *chr = CHARDEV(baum);
>      uint8_t io_buf[1 + 2 * len], *cur = io_buf;
> -    int room;
> +    size_t room;
>      *cur++ = ESC;
>      while (len--)
>          if ((*cur++ = *buf++) == ESC)
> @@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>          /* Fits */
>          qemu_chr_be_write(chr, io_buf, len);
>      } else {
> -        int first;
> +        size_t first;
>          uint8_t out;
>          /* Can't fit all, send what can be, and store the rest. */
>          qemu_chr_be_write(chr, io_buf, room);

baum room & first are only used for non-negative capacity values. ack

> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> index 2421d8e216..0fe2822869 100644
> --- a/chardev/char-fd.c
> +++ b/chardev/char-fd.c
> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      FDChardev *s = FD_CHARDEV(opaque);
> -    int len;
> +    size_t len;
>      uint8_t buf[CHR_READ_BUF_LEN];
>      ssize_t ret;
>

fd len is only used for non-negative buffer size. ack

> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> index 7777f6ddef..eae25f043b 100644
> --- a/chardev/char-pty.c
> +++ b/chardev/char-pty.c
> @@ -34,7 +34,7 @@
>  typedef struct {
>      Chardev parent;
>      QIOChannel *ioc;
> -    int read_bytes;
> +    size_t read_bytes;
>

Only set with values returned from qemu_chr_be_can_write(), ack

>      int connected;
>      GSource *timer_src;
> @@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>  {
>      Chardev *chr = CHARDEV(opaque);
>      PtyChardev *s = PTY_CHARDEV(opaque);
> -    gsize len;
> +    size_t len;
>      uint8_t buf[CHR_READ_BUF_LEN];
>      ssize_t ret;

pty len is only used for non-negative buffer size. ack

> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> index 262a59b64f..4010c343e0 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> @@ -60,7 +60,7 @@ typedef struct {
>      GSource *hup_source;
>      QCryptoTLSCreds *tls_creds;
>      TCPChardevState state;
> -    int max_size;
> +    size_t max_size;

Only set with values returned from qemu_chr_be_can_write(), ack

>      int do_telnetopt;
>      int do_nodelay;
>      int *read_msgfds;
> @@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>      Chardev *chr = CHARDEV(opaque);
>      SocketChardev *s = SOCKET_CHARDEV(opaque);
>      uint8_t buf[CHR_READ_BUF_LEN];
> -    int len, size;
> +    size_t len;

len is only used for non-negative buffer size. ack

> +    int size;
>
>      if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
> -        s->max_size <= 0) {
> +        s->max_size == 0) {
>          return TRUE;
>      }
>      len = sizeof(buf);
> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
> index b6e399e983..d4f40626e4 100644
> --- a/chardev/char-udp.c
> +++ b/chardev/char-udp.c
> @@ -39,7 +39,7 @@ typedef struct {
>      uint8_t buf[CHR_READ_BUF_LEN];
>      int bufcnt;
>      int bufptr;
> -    int max_size;
> +    size_t max_size;

Only set with values returned from qemu_chr_be_can_write(), ack

>  } UdpChardev;
>
>  #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
> @@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
>      Chardev *chr = CHARDEV(s);
>
>      while (s->max_size > 0 && s->bufptr < s->bufcnt) {
> -        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
> +        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);

the while() condition ensures the value will be > 0. ack

>          qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
>          s->bufptr += n;
>          s->max_size = qemu_chr_be_can_write(chr);
> diff --git a/chardev/char-win.c b/chardev/char-win.c
> index 05518e0958..30361e8852 100644
> --- a/chardev/char-win.c
> +++ b/chardev/char-win.c
> @@ -29,7 +29,7 @@
>  static void win_chr_read(Chardev *chr, DWORD len)
>  {
>      WinChardev *s = WIN_CHARDEV(chr);
> -    int max_size = qemu_chr_be_can_write(chr);
> +    size_t max_size = qemu_chr_be_can_write(chr);

unmodified, ack

>      int ret, err;
>      uint8_t buf[CHR_READ_BUF_LEN];
>      DWORD size;
> diff --git a/chardev/char.c b/chardev/char.c
> index 71ecd32b25..3149cd3ba9 100644
> --- a/chardev/char.c
> +++ b/chardev/char.c
> @@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>      return offset;
>  }
>
> -int qemu_chr_be_can_write(Chardev *s)
> +size_t qemu_chr_be_can_write(Chardev *s)
>  {
>      CharBackend *be = s->be;
>      int receivable_bytes;
> diff --git a/chardev/msmouse.c b/chardev/msmouse.c
> index 0ffd137ce8..cdb6f86037 100644
> --- a/chardev/msmouse.c
> +++ b/chardev/msmouse.c
> @@ -38,7 +38,7 @@ typedef struct {
>      bool btns[INPUT_BUTTON__MAX];
>      bool btnc[INPUT_BUTTON__MAX];
>      uint8_t outbuf[32];
> -    int outlen;
> +    size_t outlen;

outlen is only used as non-negative buffer size, ack

>  } MouseChardev;
>
>  #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
> @@ -48,7 +48,7 @@ typedef struct {
>  static void msmouse_chr_accept_input(Chardev *chr)
>  {
>      MouseChardev *mouse = MOUSE_CHARDEV(chr);
> -    int len;
> +    size_t len;
>
>      len = qemu_chr_be_can_write(chr);

same

>      if (len > mouse->outlen) {
> diff --git a/chardev/spice.c b/chardev/spice.c
> index 173c257949..ad180a8a13 100644
> --- a/chardev/spice.c
> +++ b/chardev/spice.c
> @@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
>      uint8_t* p = (uint8_t*)buf;
>
>      while (len > 0) {
> -        int can_write = qemu_chr_be_can_write(chr);
> +        size_t can_write = qemu_chr_be_can_write(chr);

unmodified value, ack

>          last_out = MIN(len, can_write);
>          if (last_out <= 0) {
>              break;
> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> index cf7a08a363..daae570bc7 100644
> --- a/chardev/wctablet.c
> +++ b/chardev/wctablet.c
> @@ -74,7 +74,7 @@ typedef struct {
>
>      /* Command to be sent to serial port */
>      uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
> -    int outlen;
> +    size_t outlen;

Used as non-negative buffer size only, ack
>
>      int line_speed;
>      bool send_events;
> @@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
>  static void wctablet_chr_accept_input(Chardev *chr)
>  {
>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> -    int len, canWrite;
> +    size_t len, canWrite;

Used as non-negative buffer size only, ack

>
>      canWrite = qemu_chr_be_can_write(chr);
>      len = canWrite;
> diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
> index fa6660a113..e837a3fa1f 100644
> --- a/hw/bt/hci-csr.c
> +++ b/hw/bt/hci-csr.c
> @@ -38,7 +38,7 @@ struct csrhci_s {
>  #define FIFO_LEN       4096
>      int out_start;
>      int out_len;
> -    int out_size;
> +    size_t out_size;

Used as non-negative buffer size only, ack

>      uint8_t outfifo[FIFO_LEN * 2];
>      uint8_t inpkt[FIFO_LEN];
>      enum {
> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
> index e7c2b176f9..36c6b89cee 100644
> --- a/include/chardev/char-fd.h
> +++ b/include/chardev/char-fd.h
> @@ -31,7 +31,7 @@ typedef struct FDChardev {
>      Chardev parent;
>
>      QIOChannel *ioc_in, *ioc_out;
> -    int max_size;
> +    size_t max_size;

Only set with values returned from qemu_chr_be_can_write(), ack

>  } FDChardev;
>
>  #define TYPE_CHARDEV_FD "chardev-fd"
> diff --git a/include/chardev/char.h b/include/chardev/char.h
> index c0b57f7685..0341dd1ba2 100644
> --- a/include/chardev/char.h
> +++ b/include/chardev/char.h
> @@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
>   *
>   * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
>   */
> -int qemu_chr_be_can_write(Chardev *s);
> +size_t qemu_chr_be_can_write(Chardev *s);
>
>  /**
>   * qemu_chr_be_write:
> diff --git a/ui/console.c b/ui/console.c
> index 6d2282d3e9..42f04e2b37 100644
> --- a/ui/console.c
> +++ b/ui/console.c
> @@ -61,8 +61,8 @@ enum TTYState {
>
>  typedef struct QEMUFIFO {
>      uint8_t *buf;
> -    int buf_size;
> -    int count, wptr, rptr;
> +    size_t buf_size, count;
> +    int wptr, rptr;

Only used as non-negative buffer size, ack

>  } QEMUFIFO;
>
>  static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
> @@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
>  static void kbd_send_chars(void *opaque)
>  {
>      QemuConsole *s = opaque;
> -    int len;
> +    size_t len;

Only used as non-negative buffer size, ack

>      uint8_t buf[16];
>
>      len = qemu_chr_be_can_write(s->chr);
> --
> 2.20.1
>

That was painful, hopefully I didn't miss something...

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 11:39 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Wed, Feb 20, 2019 at 02:02:32AM +0100, Philippe Mathieu-Daudé wrote:
>
> > diff --git a/include/chardev/char.h b/include/chardev/char.h
> > index 0341dd1ba2..2e3b5a15ca 100644
> > --- a/include/chardev/char.h
> > +++ b/include/chardev/char.h
> > @@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
> >                            ChardevFeature feature);
> >  QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
> >                                  bool permit_mux_mon);
> > -int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
> > +int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);
>
> Seeing this cleanup reminds me that I think we ought to change
> the chardev read & write functions to take "void *buf" instead.
> as is done for regular libc  read/write functions. This would
> avoid casts in the callers between char */uint8_t *
>
> Something to think about for a future cleanup job....same applies
> for the QIOChannel APIs which take a 'char *buf', annoyingly
> different from the chardev APIs :-( Both ought to have void *buf

I fully agree, and I started that conversion some time ago, and lost
it somewhere. That should be easier than changing the sign of return
values though!

>
>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 11:39 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Wed, Feb 20, 2019 at 02:02:32AM +0100, Philippe Mathieu-Daudé wrote:
>
> > diff --git a/include/chardev/char.h b/include/chardev/char.h
> > index 0341dd1ba2..2e3b5a15ca 100644
> > --- a/include/chardev/char.h
> > +++ b/include/chardev/char.h
> > @@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
> >                            ChardevFeature feature);
> >  QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
> >                                  bool permit_mux_mon);
> > -int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
> > +int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);
>
> Seeing this cleanup reminds me that I think we ought to change
> the chardev read & write functions to take "void *buf" instead.
> as is done for regular libc  read/write functions. This would
> avoid casts in the callers between char */uint8_t *
>
> Something to think about for a future cleanup job....same applies
> for the QIOChannel APIs which take a 'char *buf', annoyingly
> different from the chardev APIs :-( Both ought to have void *buf

I fully agree, and I started that conversion some time ago, and lost
it somewhere. That should be easier than changing the sign of return
values though!

>
>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 20/25] s390x/sclp: Use a const variable to improve readability

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:27 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> We will reuse this variable in the next patch.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/sclpconsole-lm.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
> index dbc91a1e5b..49543e2c83 100644
> --- a/hw/char/sclpconsole-lm.c
> +++ b/hw/char/sclpconsole-lm.c
> @@ -210,13 +210,14 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
>      int rc;
>      int len;
>      uint8_t buffer[SIZE_BUFFER];
> -
> -    len = be16_to_cpu(mdbo->length);
> -    len -= sizeof(mdbo->length) + sizeof(mdbo->type)
> +    const size_t hlen = sizeof(mdbo->length)
> +            + sizeof(mdbo->type)
>              + sizeof(mdbo->mto.line_type_flags)
>              + sizeof(mdbo->mto.alarm_control)
>              + sizeof(mdbo->mto._reserved);
>  
> +    len = be16_to_cpu(mdbo->length);
> +    len -= hlen;
>      assert(len <= SIZE_BUFFER);
>  
>      /* convert EBCDIC SCLP contents to ASCII console message */

I'd probably merge this with the next patch, though.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

Re: [PATCH v3 20/25] s390x/sclp: Use a const variable to improve readability

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:27 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> We will reuse this variable in the next patch.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/sclpconsole-lm.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
> index dbc91a1e5b..49543e2c83 100644
> --- a/hw/char/sclpconsole-lm.c
> +++ b/hw/char/sclpconsole-lm.c
> @@ -210,13 +210,14 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
>      int rc;
>      int len;
>      uint8_t buffer[SIZE_BUFFER];
> -
> -    len = be16_to_cpu(mdbo->length);
> -    len -= sizeof(mdbo->length) + sizeof(mdbo->type)
> +    const size_t hlen = sizeof(mdbo->length)
> +            + sizeof(mdbo->type)
>              + sizeof(mdbo->mto.line_type_flags)
>              + sizeof(mdbo->mto.alarm_control)
>              + sizeof(mdbo->mto._reserved);
>  
> +    len = be16_to_cpu(mdbo->length);
> +    len -= hlen;
>      assert(len <= SIZE_BUFFER);
>  
>      /* convert EBCDIC SCLP contents to ASCII console message */

I'd probably merge this with the next patch, though.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:02 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Hi,
>
> This series convert the chardev::qemu_chr_write() to take unsigned
> length argument. To do so I went through all caller and checked if
> there are no negative value possible.


Changing signedness is problematic and can easily introduce bugs that
are easy to miss during review.

I agree with Cornelia about idiomatic use of int. Changing "int" for
"size_t" isn't systematically a clear win.

Even Google C++ style recommends to avoid unsigned types "(except for
representing bitfields or modular arithmetic). Do not use an unsigned
type merely to assert that a variable is non-negative."
https://google.github.io/styleguide/cppguide.html#Integer_Types - see rationale

Since Paolo you suggested the change, could you give some convincing
arguments that it's worth taking the plunge?

thanks

>
> I'm having headaches with the Xen backend, talking with Marc-André
> he suggested I ask help to the Xen maintainers.
>
> Since the series is becoming quite big, I splitted it:
> - part 1: convert qemu_chr_write()
> - part 2: convert IOReadHandler
>
> part 1 can be reviewed and merged without part 2.
>
> The git diffstat is not huge, but there are various chardev subsystems
> so many maintainers to ask for Ack.
>
> v2: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
> v1: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02200.html
>     (from Prasad J Pandit)
> Changes requested by Paolo:
> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html
>
> Please review,
>
> Phil.
>
> Philippe Mathieu-Daudé (25):
>   chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc
>   chardev: Assert IOCanReadHandler can not be negative
>   chardev/wctablet: Use unsigned type to hold unsigned value
>   chardev: Let qemu_chr_be_can_write() return a size_t types
>   gdbstub: Use size_t for strlen() return value
>   gdbstub: Use size_t to hold GDBState::last_packet_len
>   gdbstub: Let put_buffer() use size_t
>   ui/gtk: Remove pointless cast
>   vhost-user: Express sizeof with size_t
>   usb-redir: Verify usbredirparser_write get called with positive count
>   xen: Let xencons_send() take a 'size' argument
>   xen: Let buffer_append() return the size consumed
>   RFC xen: Let buffer_append() return a size_t
>   virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t
>   spapr-vty: Let vty_putchars() use size_t
>   tpm: Use size_t to hold sizes
>   net/filter-mirror: Use size_t
>   s390x/3270: Let insert_IAC_escape_char() use size_t
>   s390/ebcdic: Use size_t to iterate over arrays
>   s390x/sclp: Use a const variable to improve readability
>   s390x/sclp: Use size_t in process_mdb()
>   s390x/sclp: Let write_console_data() take a size_t
>   hw/ipmi: Assert outlen > outpos
>   chardev: Let qemu_chr_fe_write[_all] use size_t type argument
>   chardev: Let qemu_chr_write[_all] use size_t
>
>  chardev/baum.c                    |  6 +++---
>  chardev/char-fd.c                 |  6 +++---
>  chardev/char-fe.c                 |  4 ++--
>  chardev/char-io.c                 |  6 +++---
>  chardev/char-mux.c                |  3 ++-
>  chardev/char-pty.c                |  8 ++++----
>  chardev/char-socket.c             | 13 +++++++------
>  chardev/char-udp.c                |  8 ++++----
>  chardev/char-win.c                |  2 +-
>  chardev/char.c                    | 15 +++++++++------
>  chardev/msmouse.c                 |  4 ++--
>  chardev/spice.c                   |  2 +-
>  chardev/trace-events              |  2 +-
>  chardev/wctablet.c                |  9 +++++----
>  gdbstub.c                         |  8 ++++----
>  hw/bt/hci-csr.c                   |  2 +-
>  hw/char/sclpconsole-lm.c          | 12 +++++++-----
>  hw/char/spapr_vty.c               |  2 +-
>  hw/char/terminal3270.c            |  7 ++++---
>  hw/char/virtio-console.c          |  2 +-
>  hw/char/xen_console.c             | 24 +++++++++++++++---------
>  hw/ipmi/ipmi_bmc_extern.c         |  3 ++-
>  hw/tpm/tpm_emulator.c             |  7 ++++---
>  hw/usb/redirect.c                 |  6 +++++-
>  hw/virtio/vhost-user.c            | 14 ++++++++------
>  include/chardev/char-fd.h         |  2 +-
>  include/chardev/char-fe.h         |  4 ++--
>  include/chardev/char-io.h         |  2 +-
>  include/chardev/char.h            |  4 ++--
>  include/hw/ppc/spapr_vio.h        |  2 +-
>  include/hw/s390x/ebcdic.h         |  8 ++++----
>  include/hw/virtio/virtio-serial.h |  2 +-
>  include/sysemu/replay.h           |  2 +-
>  net/filter-mirror.c               |  2 +-
>  replay/replay-char.c              |  2 +-
>  stubs/replay.c                    |  2 +-
>  ui/console.c                      |  6 +++---
>  ui/gtk.c                          |  2 +-
>  38 files changed, 119 insertions(+), 96 deletions(-)
>
> --
> 2.20.1
>

Re: [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:02 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Hi,
>
> This series convert the chardev::qemu_chr_write() to take unsigned
> length argument. To do so I went through all caller and checked if
> there are no negative value possible.


Changing signedness is problematic and can easily introduce bugs that
are easy to miss during review.

I agree with Cornelia about idiomatic use of int. Changing "int" for
"size_t" isn't systematically a clear win.

Even Google C++ style recommends to avoid unsigned types "(except for
representing bitfields or modular arithmetic). Do not use an unsigned
type merely to assert that a variable is non-negative."
https://google.github.io/styleguide/cppguide.html#Integer_Types - see rationale

Since Paolo you suggested the change, could you give some convincing
arguments that it's worth taking the plunge?

thanks

>
> I'm having headaches with the Xen backend, talking with Marc-André
> he suggested I ask help to the Xen maintainers.
>
> Since the series is becoming quite big, I splitted it:
> - part 1: convert qemu_chr_write()
> - part 2: convert IOReadHandler
>
> part 1 can be reviewed and merged without part 2.
>
> The git diffstat is not huge, but there are various chardev subsystems
> so many maintainers to ask for Ack.
>
> v2: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
> v1: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02200.html
>     (from Prasad J Pandit)
> Changes requested by Paolo:
> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html
>
> Please review,
>
> Phil.
>
> Philippe Mathieu-Daudé (25):
>   chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc
>   chardev: Assert IOCanReadHandler can not be negative
>   chardev/wctablet: Use unsigned type to hold unsigned value
>   chardev: Let qemu_chr_be_can_write() return a size_t types
>   gdbstub: Use size_t for strlen() return value
>   gdbstub: Use size_t to hold GDBState::last_packet_len
>   gdbstub: Let put_buffer() use size_t
>   ui/gtk: Remove pointless cast
>   vhost-user: Express sizeof with size_t
>   usb-redir: Verify usbredirparser_write get called with positive count
>   xen: Let xencons_send() take a 'size' argument
>   xen: Let buffer_append() return the size consumed
>   RFC xen: Let buffer_append() return a size_t
>   virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t
>   spapr-vty: Let vty_putchars() use size_t
>   tpm: Use size_t to hold sizes
>   net/filter-mirror: Use size_t
>   s390x/3270: Let insert_IAC_escape_char() use size_t
>   s390/ebcdic: Use size_t to iterate over arrays
>   s390x/sclp: Use a const variable to improve readability
>   s390x/sclp: Use size_t in process_mdb()
>   s390x/sclp: Let write_console_data() take a size_t
>   hw/ipmi: Assert outlen > outpos
>   chardev: Let qemu_chr_fe_write[_all] use size_t type argument
>   chardev: Let qemu_chr_write[_all] use size_t
>
>  chardev/baum.c                    |  6 +++---
>  chardev/char-fd.c                 |  6 +++---
>  chardev/char-fe.c                 |  4 ++--
>  chardev/char-io.c                 |  6 +++---
>  chardev/char-mux.c                |  3 ++-
>  chardev/char-pty.c                |  8 ++++----
>  chardev/char-socket.c             | 13 +++++++------
>  chardev/char-udp.c                |  8 ++++----
>  chardev/char-win.c                |  2 +-
>  chardev/char.c                    | 15 +++++++++------
>  chardev/msmouse.c                 |  4 ++--
>  chardev/spice.c                   |  2 +-
>  chardev/trace-events              |  2 +-
>  chardev/wctablet.c                |  9 +++++----
>  gdbstub.c                         |  8 ++++----
>  hw/bt/hci-csr.c                   |  2 +-
>  hw/char/sclpconsole-lm.c          | 12 +++++++-----
>  hw/char/spapr_vty.c               |  2 +-
>  hw/char/terminal3270.c            |  7 ++++---
>  hw/char/virtio-console.c          |  2 +-
>  hw/char/xen_console.c             | 24 +++++++++++++++---------
>  hw/ipmi/ipmi_bmc_extern.c         |  3 ++-
>  hw/tpm/tpm_emulator.c             |  7 ++++---
>  hw/usb/redirect.c                 |  6 +++++-
>  hw/virtio/vhost-user.c            | 14 ++++++++------
>  include/chardev/char-fd.h         |  2 +-
>  include/chardev/char-fe.h         |  4 ++--
>  include/chardev/char-io.h         |  2 +-
>  include/chardev/char.h            |  4 ++--
>  include/hw/ppc/spapr_vio.h        |  2 +-
>  include/hw/s390x/ebcdic.h         |  8 ++++----
>  include/hw/virtio/virtio-serial.h |  2 +-
>  include/sysemu/replay.h           |  2 +-
>  net/filter-mirror.c               |  2 +-
>  replay/replay-char.c              |  2 +-
>  stubs/replay.c                    |  2 +-
>  ui/console.c                      |  6 +++---
>  ui/gtk.c                          |  2 +-
>  38 files changed, 119 insertions(+), 96 deletions(-)
>
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 21/25] s390x/sclp: Use size_t in process_mdb()

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:28 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> Since it is unlikely we have sizeof(mdbo->mto.message) < 0,
> we can convert this variable to an unsigned type.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/sclpconsole-lm.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

Re: [PATCH v3 21/25] s390x/sclp: Use size_t in process_mdb()

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:28 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> Since it is unlikely we have sizeof(mdbo->mto.message) < 0,
> we can convert this variable to an unsigned type.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/sclpconsole-lm.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 22/25] s390x/sclp: Let write_console_data() take a size_t

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:29 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> Since all callers provide an unsigned value, we can safely
> use a size_t argument.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/sclpconsole-lm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

Re: [PATCH v3 22/25] s390x/sclp: Let write_console_data() take a size_t

[Cornelia Huck]

On Wed, 20 Feb 2019 02:02:29 +0100
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> Since all callers provide an unsigned value, we can safely
> use a size_t argument.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/sclpconsole-lm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 05/25] gdbstub: Use size_t for strlen() return value

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Since strlen() returns an unsigned value, it is pointless to
> convert it to a signed one. Use size_t to hold its return value.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

(it looks like the variable is hiding len from outer scope btw)

> ---
>  gdbstub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index bc774ae992..76eca3bb7e 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1693,7 +1693,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
>          }
>  #else /* !CONFIG_USER_ONLY */
>          else if (strncmp(p, "Rcmd,", 5) == 0) {
> -            int len = strlen(p + 5);
> +            size_t len = strlen(p + 5);
>
>              if ((len % 2) != 0) {
>                  put_packet(s, "E01");
> --
> 2.20.1
>

Re: [PATCH v3 05/25] gdbstub: Use size_t for strlen() return value

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Since strlen() returns an unsigned value, it is pointless to
> convert it to a signed one. Use size_t to hold its return value.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

(it looks like the variable is hiding len from outer scope btw)

> ---
>  gdbstub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index bc774ae992..76eca3bb7e 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1693,7 +1693,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
>          }
>  #else /* !CONFIG_USER_ONLY */
>          else if (strncmp(p, "Rcmd,", 5) == 0) {
> -            int len = strlen(p + 5);
> +            size_t len = strlen(p + 5);
>
>              if ((len % 2) != 0) {
>                  put_packet(s, "E01");
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Cornelia Huck]

On Wed, 20 Feb 2019 11:53:42 +0100
Marc-André Lureau <marcandre.lureau@redhat.com> wrote:

> Hi
> 
> On Wed, Feb 20, 2019 at 2:02 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
> >
> > Hi,
> >
> > This series convert the chardev::qemu_chr_write() to take unsigned
> > length argument. To do so I went through all caller and checked if
> > there are no negative value possible.  
> 
> 
> Changing signedness is problematic and can easily introduce bugs that
> are easy to miss during review.
> 
> I agree with Cornelia about idiomatic use of int. Changing "int" for
> "size_t" isn't systematically a clear win.
> 
> Even Google C++ style recommends to avoid unsigned types "(except for
> representing bitfields or modular arithmetic). Do not use an unsigned
> type merely to assert that a variable is non-negative."
> https://google.github.io/styleguide/cppguide.html#Integer_Types - see rationale
> 
> Since Paolo you suggested the change, could you give some convincing
> arguments that it's worth taking the plunge?

FWIW, using an explicitly unsigned type for a length sounds fine; but
not all conversions are really convincing (albeit not wrong).

Re: [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Cornelia Huck]

On Wed, 20 Feb 2019 11:53:42 +0100
Marc-André Lureau <marcandre.lureau@redhat.com> wrote:

> Hi
> 
> On Wed, Feb 20, 2019 at 2:02 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
> >
> > Hi,
> >
> > This series convert the chardev::qemu_chr_write() to take unsigned
> > length argument. To do so I went through all caller and checked if
> > there are no negative value possible.  
> 
> 
> Changing signedness is problematic and can easily introduce bugs that
> are easy to miss during review.
> 
> I agree with Cornelia about idiomatic use of int. Changing "int" for
> "size_t" isn't systematically a clear win.
> 
> Even Google C++ style recommends to avoid unsigned types "(except for
> representing bitfields or modular arithmetic). Do not use an unsigned
> type merely to assert that a variable is non-negative."
> https://google.github.io/styleguide/cppguide.html#Integer_Types - see rationale
> 
> Since Paolo you suggested the change, could you give some convincing
> arguments that it's worth taking the plunge?

FWIW, using an explicitly unsigned type for a length sounds fine; but
not all conversions are really convincing (albeit not wrong).

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 06/25] gdbstub: Use size_t to hold GDBState::last_packet_len

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> In put_packet_binary() we have:
>
>     uint8_t *p;
>     for(;;) {
>         p = s->last_packet;
>         *(p++) = ...
>         s->last_packet_len = p - s->last_packet;
>         put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
>
> The 'p' pointer start at s->last_packet, then is only incremented.
> Since we have "p >= s->last_packet", we are sure than
> "p - s->last_packet >= 0", thus "p - s->last_packet" is positive.
>
> The few other places where s->last_packet_len is set is with constant
> positive values.
>
> It makes sense to use size_t to hold last_packet_len values.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  gdbstub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 76eca3bb7e..69340d7cd1 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -323,7 +323,7 @@ typedef struct GDBState {
>      int line_sum; /* running checksum */
>      int line_csum; /* checksum at the end of the packet */
>      uint8_t last_packet[MAX_PACKET_LENGTH + 4];
> -    int last_packet_len;
> +    size_t last_packet_len;
>      int signal;
>  #ifdef CONFIG_USER_ONLY
>      int fd;
> --
> 2.20.1
>

Re: [PATCH v3 06/25] gdbstub: Use size_t to hold GDBState::last_packet_len

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> In put_packet_binary() we have:
>
>     uint8_t *p;
>     for(;;) {
>         p = s->last_packet;
>         *(p++) = ...
>         s->last_packet_len = p - s->last_packet;
>         put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
>
> The 'p' pointer start at s->last_packet, then is only incremented.
> Since we have "p >= s->last_packet", we are sure than
> "p - s->last_packet >= 0", thus "p - s->last_packet" is positive.
>
> The few other places where s->last_packet_len is set is with constant
> positive values.
>
> It makes sense to use size_t to hold last_packet_len values.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  gdbstub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 76eca3bb7e..69340d7cd1 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -323,7 +323,7 @@ typedef struct GDBState {
>      int line_sum; /* running checksum */
>      int line_csum; /* checksum at the end of the packet */
>      uint8_t last_packet[MAX_PACKET_LENGTH + 4];
> -    int last_packet_len;
> +    size_t last_packet_len;
>      int signal;
>  #ifdef CONFIG_USER_ONLY
>      int fd;
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 07/25] gdbstub: Let put_buffer() use size_t

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> All callers provide a size_t argument, we can safely use size_t
> for this function.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  gdbstub.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 69340d7cd1..860e9bb7c7 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -475,10 +475,10 @@ static int gdb_continue_partial(GDBState *s, char *newstates)
>      return res;
>  }
>
> -static void put_buffer(GDBState *s, const uint8_t *buf, int len)
> +static void put_buffer(GDBState *s, const uint8_t *buf, size_t len)
>  {
>  #ifdef CONFIG_USER_ONLY
> -    int ret;
> +    ssize_t ret;
>
>      while (len > 0) {
>          ret = send(s->fd, buf, len, 0);
> --
> 2.20.1
>

Re: [PATCH v3 07/25] gdbstub: Let put_buffer() use size_t

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> All callers provide a size_t argument, we can safely use size_t
> for this function.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  gdbstub.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 69340d7cd1..860e9bb7c7 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -475,10 +475,10 @@ static int gdb_continue_partial(GDBState *s, char *newstates)
>      return res;
>  }
>
> -static void put_buffer(GDBState *s, const uint8_t *buf, int len)
> +static void put_buffer(GDBState *s, const uint8_t *buf, size_t len)
>  {
>  #ifdef CONFIG_USER_ONLY
> -    int ret;
> +    ssize_t ret;
>
>      while (len > 0) {
>          ret = send(s->fd, buf, len, 0);
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 09/25] vhost-user: Express sizeof with size_t

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:05 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> VHOST_USER_HDR_SIZE uses offsetof(), thus is an expression of type
> size_t. Update the format string accordingly.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  hw/virtio/vhost-user.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 564a31d12c..2eb7143d3d 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -215,11 +215,12 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
>      struct vhost_user *u = dev->opaque;
>      CharBackend *chr = u->user->chr;
>      uint8_t *p = (uint8_t *) msg;
> -    int r, size = VHOST_USER_HDR_SIZE;
> +    int r;
> +    size_t size = VHOST_USER_HDR_SIZE;
>
>      r = qemu_chr_fe_read_all(chr, p, size);
>      if (r != size) {
> -        error_report("Failed to read msg header. Read %d instead of %d."
> +        error_report("Failed to read msg header. Read %d instead of %zu."
>                       " Original request %d.", r, size, msg->hdr.request);
>          goto fail;
>      }
> @@ -235,7 +236,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
>      /* validate message size is sane */
>      if (msg->hdr.size > VHOST_USER_PAYLOAD_SIZE) {
>          error_report("Failed to read msg header."
> -                " Size %d exceeds the maximum %zu.", msg->hdr.size,
> +                " Size %u exceeds the maximum %zu.", msg->hdr.size,
>                  VHOST_USER_PAYLOAD_SIZE);
>          goto fail;
>      }
> @@ -246,7 +247,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
>          r = qemu_chr_fe_read_all(chr, p, size);
>          if (r != size) {
>              error_report("Failed to read msg payload."
> -                         " Read %d instead of %d.", r, msg->hdr.size);
> +                         " Read %d instead of %u.", r, msg->hdr.size);
>              goto fail;
>          }
>      }
> @@ -300,7 +301,8 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
>  {
>      struct vhost_user *u = dev->opaque;
>      CharBackend *chr = u->user->chr;
> -    int ret, size = VHOST_USER_HDR_SIZE + msg->hdr.size;
> +    int ret;
> +    size_t size = VHOST_USER_HDR_SIZE + msg->hdr.size;
>
>      /*
>       * For non-vring specific requests, like VHOST_USER_SET_MEM_TABLE,
> @@ -320,7 +322,7 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
>      ret = qemu_chr_fe_write_all(chr, (const uint8_t *) msg, size);
>      if (ret != size) {
>          error_report("Failed to write msg."
> -                     " Wrote %d instead of %d.", ret, size);
> +                     " Wrote %d instead of %zu.", ret, size);
>          return -1;
>      }
>
> --
> 2.20.1
>

Re: [PATCH v3 09/25] vhost-user: Express sizeof with size_t

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:05 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> VHOST_USER_HDR_SIZE uses offsetof(), thus is an expression of type
> size_t. Update the format string accordingly.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  hw/virtio/vhost-user.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 564a31d12c..2eb7143d3d 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -215,11 +215,12 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
>      struct vhost_user *u = dev->opaque;
>      CharBackend *chr = u->user->chr;
>      uint8_t *p = (uint8_t *) msg;
> -    int r, size = VHOST_USER_HDR_SIZE;
> +    int r;
> +    size_t size = VHOST_USER_HDR_SIZE;
>
>      r = qemu_chr_fe_read_all(chr, p, size);
>      if (r != size) {
> -        error_report("Failed to read msg header. Read %d instead of %d."
> +        error_report("Failed to read msg header. Read %d instead of %zu."
>                       " Original request %d.", r, size, msg->hdr.request);
>          goto fail;
>      }
> @@ -235,7 +236,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
>      /* validate message size is sane */
>      if (msg->hdr.size > VHOST_USER_PAYLOAD_SIZE) {
>          error_report("Failed to read msg header."
> -                " Size %d exceeds the maximum %zu.", msg->hdr.size,
> +                " Size %u exceeds the maximum %zu.", msg->hdr.size,
>                  VHOST_USER_PAYLOAD_SIZE);
>          goto fail;
>      }
> @@ -246,7 +247,7 @@ static int vhost_user_read(struct vhost_dev *dev, VhostUserMsg *msg)
>          r = qemu_chr_fe_read_all(chr, p, size);
>          if (r != size) {
>              error_report("Failed to read msg payload."
> -                         " Read %d instead of %d.", r, msg->hdr.size);
> +                         " Read %d instead of %u.", r, msg->hdr.size);
>              goto fail;
>          }
>      }
> @@ -300,7 +301,8 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
>  {
>      struct vhost_user *u = dev->opaque;
>      CharBackend *chr = u->user->chr;
> -    int ret, size = VHOST_USER_HDR_SIZE + msg->hdr.size;
> +    int ret;
> +    size_t size = VHOST_USER_HDR_SIZE + msg->hdr.size;
>
>      /*
>       * For non-vring specific requests, like VHOST_USER_SET_MEM_TABLE,
> @@ -320,7 +322,7 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
>      ret = qemu_chr_fe_write_all(chr, (const uint8_t *) msg, size);
>      if (ret != size) {
>          error_report("Failed to write msg."
> -                     " Wrote %d instead of %d.", ret, size);
> +                     " Wrote %d instead of %zu.", ret, size);
>          return -1;
>      }
>
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:05 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> The single caller of xencons_send(), con_event() already use the
> difference 'con->buffer.size - con->buffer.consumed'.
> Deduplicate by passing the difference as an argument.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  hw/char/xen_console.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 91f34ef06c..083b2c8e2a 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -144,11 +144,10 @@ static void xencons_receive(void *opaque, const uint8_t *buf, int len)
>      xen_pv_send_notify(&con->xendev);
>  }
>
> -static void xencons_send(struct XenConsole *con)
> +static void xencons_send(struct XenConsole *con, ssize_t size)
>  {
> -    ssize_t len, size;
> +    ssize_t len;
>
> -    size = con->buffer.size - con->buffer.consumed;
>      if (qemu_chr_fe_backend_connected(&con->chr)) {
>          len = qemu_chr_fe_write(&con->chr,
>                                  con->buffer.data + con->buffer.consumed,
> @@ -280,10 +279,13 @@ static void con_disconnect(struct XenLegacyDevice *xendev)
>  static void con_event(struct XenLegacyDevice *xendev)
>  {
>      struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
> +    ssize_t size;
>
>      buffer_append(con);
> -    if (con->buffer.size - con->buffer.consumed)
> -        xencons_send(con);
> +    size = con->buffer.size - con->buffer.consumed;
> +    if (size) {
> +        xencons_send(con, size);
> +    }
>  }
>
>  /* -------------------------------------------------------------------- */
> --
> 2.20.1
>

Re: [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:05 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> The single caller of xencons_send(), con_event() already use the
> difference 'con->buffer.size - con->buffer.consumed'.
> Deduplicate by passing the difference as an argument.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  hw/char/xen_console.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 91f34ef06c..083b2c8e2a 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -144,11 +144,10 @@ static void xencons_receive(void *opaque, const uint8_t *buf, int len)
>      xen_pv_send_notify(&con->xendev);
>  }
>
> -static void xencons_send(struct XenConsole *con)
> +static void xencons_send(struct XenConsole *con, ssize_t size)
>  {
> -    ssize_t len, size;
> +    ssize_t len;
>
> -    size = con->buffer.size - con->buffer.consumed;
>      if (qemu_chr_fe_backend_connected(&con->chr)) {
>          len = qemu_chr_fe_write(&con->chr,
>                                  con->buffer.data + con->buffer.consumed,
> @@ -280,10 +279,13 @@ static void con_disconnect(struct XenLegacyDevice *xendev)
>  static void con_event(struct XenLegacyDevice *xendev)
>  {
>      struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
> +    ssize_t size;
>
>      buffer_append(con);
> -    if (con->buffer.size - con->buffer.consumed)
> -        xencons_send(con);
> +    size = con->buffer.size - con->buffer.consumed;
> +    if (size) {
> +        xencons_send(con, size);
> +    }
>  }
>
>  /* -------------------------------------------------------------------- */
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Philippe Mathieu-Daudé]

On 2/20/19 11:03 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
>>
>> The backend should not return a negative length to read.
>> We will later change the prototype of IOCanReadHandler to return an
>> unsigned length. Meanwhile make sure the return length is positive.
>>
>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
> In such patch, you should do extensive review of existing callbacks,
> or find a convincing argument that this can't break.

Argh I missed that.

> The problem is there are a lot of can_read callbacks, and it's not
> trivial. The *first* of git-grep is rng_egd_chr_can_read()
> 
>  57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
>  58         size += req->size - req->offset;
>  59     }
>  60
>  61     return size;
> 
> Clearly not obvious if it returns >= 0.
> 
> Another approach is to look at the caller and the return value
> handling. If none handle negative values (or would have wrong
> behaviour with negative values), the assert() is perhaps justified, as
> it could prevent from doing more harm.

I'll go and audit all of them.

Thanks for the review!

Phil.

>> ---
>>  chardev/char.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/chardev/char.c b/chardev/char.c
>> index f6d61fa5f8..71ecd32b25 100644
>> --- a/chardev/char.c
>> +++ b/chardev/char.c
>> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>>  int qemu_chr_be_can_write(Chardev *s)
>>  {
>>      CharBackend *be = s->be;
>> +    int receivable_bytes;
>>
>>      if (!be || !be->chr_can_read) {
>>          return 0;
>>      }
>>
>> -    return be->chr_can_read(be->opaque);
>> +    receivable_bytes = be->chr_can_read(be->opaque);
>> +    assert(receivable_bytes >= 0);
>> +    return receivable_bytes;
>>  }
>>
>>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
>> --
>> 2.20.1
>>

Re: [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Philippe Mathieu-Daudé]

On 2/20/19 11:03 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
>>
>> The backend should not return a negative length to read.
>> We will later change the prototype of IOCanReadHandler to return an
>> unsigned length. Meanwhile make sure the return length is positive.
>>
>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
> In such patch, you should do extensive review of existing callbacks,
> or find a convincing argument that this can't break.

Argh I missed that.

> The problem is there are a lot of can_read callbacks, and it's not
> trivial. The *first* of git-grep is rng_egd_chr_can_read()
> 
>  57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
>  58         size += req->size - req->offset;
>  59     }
>  60
>  61     return size;
> 
> Clearly not obvious if it returns >= 0.
> 
> Another approach is to look at the caller and the return value
> handling. If none handle negative values (or would have wrong
> behaviour with negative values), the assert() is perhaps justified, as
> it could prevent from doing more harm.

I'll go and audit all of them.

Thanks for the review!

Phil.

>> ---
>>  chardev/char.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/chardev/char.c b/chardev/char.c
>> index f6d61fa5f8..71ecd32b25 100644
>> --- a/chardev/char.c
>> +++ b/chardev/char.c
>> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>>  int qemu_chr_be_can_write(Chardev *s)
>>  {
>>      CharBackend *be = s->be;
>> +    int receivable_bytes;
>>
>>      if (!be || !be->chr_can_read) {
>>          return 0;
>>      }
>>
>> -    return be->chr_can_read(be->opaque);
>> +    receivable_bytes = be->chr_can_read(be->opaque);
>> +    assert(receivable_bytes >= 0);
>> +    return receivable_bytes;
>>  }
>>
>>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
>> --
>> 2.20.1
>>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 12/25] xen: Let buffer_append() return the size consumed

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:06 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> The buffer.size and buffer.consumed fields are only updated within the
> buffer_append() body. We can simply let buffer_append() return the
> difference (the buffer consumed).
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

This is weird, why not introduce a buffer_size() function instead?

> ---
>  hw/char/xen_console.c | 13 ++++++++-----
>  1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 083b2c8e2a..1a30014a11 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -48,7 +48,7 @@ struct XenConsole {
>      int               backlog;
>  };
>
> -static void buffer_append(struct XenConsole *con)
> +static ssize_t buffer_append(struct XenConsole *con)
>  {
>      struct buffer *buffer = &con->buffer;
>      XENCONS_RING_IDX cons, prod, size;
> @@ -59,8 +59,9 @@ static void buffer_append(struct XenConsole *con)
>      xen_mb();
>
>      size = prod - cons;
> -    if ((size == 0) || (size > sizeof(intf->out)))
> -        return;
> +    if ((size == 0) || (size > sizeof(intf->out))) {
> +        goto out;
> +    }
>
>      if ((buffer->capacity - buffer->size) < size) {
>          buffer->capacity += (size + 1024);
> @@ -89,6 +90,9 @@ static void buffer_append(struct XenConsole *con)
>          if (buffer->consumed > buffer->max_capacity - over)
>              buffer->consumed = buffer->max_capacity - over;
>      }
> +
> + out:
> +    return buffer->size - buffer->consumed;
>  }
>
>  static void buffer_advance(struct buffer *buffer, size_t len)
> @@ -281,8 +285,7 @@ static void con_event(struct XenLegacyDevice *xendev)
>      struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
>      ssize_t size;
>
> -    buffer_append(con);
> -    size = con->buffer.size - con->buffer.consumed;
> +    size = buffer_append(con);
>      if (size) {
>          xencons_send(con, size);
>      }
> --
> 2.20.1
>

Re: [PATCH v3 12/25] xen: Let buffer_append() return the size consumed

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:06 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> The buffer.size and buffer.consumed fields are only updated within the
> buffer_append() body. We can simply let buffer_append() return the
> difference (the buffer consumed).
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

This is weird, why not introduce a buffer_size() function instead?

> ---
>  hw/char/xen_console.c | 13 ++++++++-----
>  1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 083b2c8e2a..1a30014a11 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -48,7 +48,7 @@ struct XenConsole {
>      int               backlog;
>  };
>
> -static void buffer_append(struct XenConsole *con)
> +static ssize_t buffer_append(struct XenConsole *con)
>  {
>      struct buffer *buffer = &con->buffer;
>      XENCONS_RING_IDX cons, prod, size;
> @@ -59,8 +59,9 @@ static void buffer_append(struct XenConsole *con)
>      xen_mb();
>
>      size = prod - cons;
> -    if ((size == 0) || (size > sizeof(intf->out)))
> -        return;
> +    if ((size == 0) || (size > sizeof(intf->out))) {
> +        goto out;
> +    }
>
>      if ((buffer->capacity - buffer->size) < size) {
>          buffer->capacity += (size + 1024);
> @@ -89,6 +90,9 @@ static void buffer_append(struct XenConsole *con)
>          if (buffer->consumed > buffer->max_capacity - over)
>              buffer->consumed = buffer->max_capacity - over;
>      }
> +
> + out:
> +    return buffer->size - buffer->consumed;
>  }
>
>  static void buffer_advance(struct buffer *buffer, size_t len)
> @@ -281,8 +285,7 @@ static void con_event(struct XenLegacyDevice *xendev)
>      struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
>      ssize_t size;
>
> -    buffer_append(con);
> -    size = con->buffer.size - con->buffer.consumed;
> +    size = buffer_append(con);
>      if (size) {
>          xencons_send(con, size);
>      }
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 14/25] virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:06 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Both callers in hw/char/virtio-serial-bus.c provide unsigned values,
> even the trace event display an unsigned value.
> Convert the have_data() handler to take an unsigned value.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
> It is funny/scary that there are big comments about how to treat
> errors to set the return value, then the return value is simply
> ignored by the caller.

have_data() return value? yes, the code may have change and the
comment doesn't seem to reflect accurately what's going on.

> ---
>  hw/char/virtio-console.c          | 2 +-
>  include/hw/virtio/virtio-serial.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/char/virtio-console.c b/hw/char/virtio-console.c
> index 2cbe1d4ed5..19639dca3b 100644
> --- a/hw/char/virtio-console.c
> +++ b/hw/char/virtio-console.c
> @@ -45,7 +45,7 @@ static gboolean chr_write_unblocked(GIOChannel *chan, GIOCondition cond,
>
>  /* Callback function that's called when the guest sends us data */
>  static ssize_t flush_buf(VirtIOSerialPort *port,
> -                         const uint8_t *buf, ssize_t len)
> +                         const uint8_t *buf, size_t len)
>  {
>      VirtConsole *vcon = VIRTIO_CONSOLE(port);
>      ssize_t ret;
> diff --git a/include/hw/virtio/virtio-serial.h b/include/hw/virtio/virtio-serial.h
> index 12657a9f39..f1a5ccf4f7 100644
> --- a/include/hw/virtio/virtio-serial.h
> +++ b/include/hw/virtio/virtio-serial.h
> @@ -81,7 +81,7 @@ typedef struct VirtIOSerialPortClass {
>       * 'len'.  In this case, throttling will be enabled for this port.
>       */
>      ssize_t (*have_data)(VirtIOSerialPort *port, const uint8_t *buf,
> -                         ssize_t len);
> +                         size_t len);
>  } VirtIOSerialPortClass;
>
>  /*
> --
> 2.20.1
>

Re: [PATCH v3 14/25] virtio-serial: Let VirtIOSerialPortClass::have_data() use size_t

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:06 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Both callers in hw/char/virtio-serial-bus.c provide unsigned values,
> even the trace event display an unsigned value.
> Convert the have_data() handler to take an unsigned value.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
> It is funny/scary that there are big comments about how to treat
> errors to set the return value, then the return value is simply
> ignored by the caller.

have_data() return value? yes, the code may have change and the
comment doesn't seem to reflect accurately what's going on.

> ---
>  hw/char/virtio-console.c          | 2 +-
>  include/hw/virtio/virtio-serial.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/char/virtio-console.c b/hw/char/virtio-console.c
> index 2cbe1d4ed5..19639dca3b 100644
> --- a/hw/char/virtio-console.c
> +++ b/hw/char/virtio-console.c
> @@ -45,7 +45,7 @@ static gboolean chr_write_unblocked(GIOChannel *chan, GIOCondition cond,
>
>  /* Callback function that's called when the guest sends us data */
>  static ssize_t flush_buf(VirtIOSerialPort *port,
> -                         const uint8_t *buf, ssize_t len)
> +                         const uint8_t *buf, size_t len)
>  {
>      VirtConsole *vcon = VIRTIO_CONSOLE(port);
>      ssize_t ret;
> diff --git a/include/hw/virtio/virtio-serial.h b/include/hw/virtio/virtio-serial.h
> index 12657a9f39..f1a5ccf4f7 100644
> --- a/include/hw/virtio/virtio-serial.h
> +++ b/include/hw/virtio/virtio-serial.h
> @@ -81,7 +81,7 @@ typedef struct VirtIOSerialPortClass {
>       * 'len'.  In this case, throttling will be enabled for this port.
>       */
>      ssize_t (*have_data)(VirtIOSerialPort *port, const uint8_t *buf,
> -                         ssize_t len);
> +                         size_t len);
>  } VirtIOSerialPortClass;
>
>  /*
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 16/25] tpm: Use size_t to hold sizes

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:06 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Avoid to use a signed type to hold an unsigned value.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  hw/tpm/tpm_emulator.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 70f4b10284..931e56f6ed 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -87,17 +87,18 @@ static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg,
>  {
>      CharBackend *dev = &tpm->ctrl_chr;
>      uint32_t cmd_no = cpu_to_be32(cmd);
> -    ssize_t n = sizeof(uint32_t) + msg_len_in;
> +    size_t sz = sizeof(uint32_t) + msg_len_in;
> +    ssize_t n;
>      uint8_t *buf = NULL;
>      int ret = -1;
>
>      qemu_mutex_lock(&tpm->mutex);
>
> -    buf = g_alloca(n);
> +    buf = g_alloca(sz);
>      memcpy(buf, &cmd_no, sizeof(cmd_no));
>      memcpy(buf + sizeof(cmd_no), msg, msg_len_in);
>
> -    n = qemu_chr_fe_write_all(dev, buf, n);
> +    n = qemu_chr_fe_write_all(dev, buf, sz);
>      if (n <= 0) {
>          goto end;
>      }
> --
> 2.20.1
>

Re: [PATCH v3 16/25] tpm: Use size_t to hold sizes

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:06 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Avoid to use a signed type to hold an unsigned value.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  hw/tpm/tpm_emulator.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> index 70f4b10284..931e56f6ed 100644
> --- a/hw/tpm/tpm_emulator.c
> +++ b/hw/tpm/tpm_emulator.c
> @@ -87,17 +87,18 @@ static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg,
>  {
>      CharBackend *dev = &tpm->ctrl_chr;
>      uint32_t cmd_no = cpu_to_be32(cmd);
> -    ssize_t n = sizeof(uint32_t) + msg_len_in;
> +    size_t sz = sizeof(uint32_t) + msg_len_in;
> +    ssize_t n;
>      uint8_t *buf = NULL;
>      int ret = -1;
>
>      qemu_mutex_lock(&tpm->mutex);
>
> -    buf = g_alloca(n);
> +    buf = g_alloca(sz);
>      memcpy(buf, &cmd_no, sizeof(cmd_no));
>      memcpy(buf + sizeof(cmd_no), msg, msg_len_in);
>
> -    n = qemu_chr_fe_write_all(dev, buf, n);
> +    n = qemu_chr_fe_write_all(dev, buf, sz);
>      if (n <= 0) {
>          goto end;
>      }
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 17/25] net/filter-mirror: Use size_t

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:07 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Since iov_size() returns a size_t, no need to use a signed type.

And it is the variable only purpose.

>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  net/filter-mirror.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> index 3a61cf21e8..97b52d0544 100644
> --- a/net/filter-mirror.c
> +++ b/net/filter-mirror.c
> @@ -48,7 +48,7 @@ static int filter_send(MirrorState *s,
>  {
>      NetFilterState *nf = NETFILTER(s);
>      int ret = 0;
> -    ssize_t size = 0;
> +    size_t size = 0;
>      uint32_t len = 0;
>      char *buf;
>
> --
> 2.20.1
>

Re: [PATCH v3 17/25] net/filter-mirror: Use size_t

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:07 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> Since iov_size() returns a size_t, no need to use a signed type.

And it is the variable only purpose.

>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  net/filter-mirror.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> index 3a61cf21e8..97b52d0544 100644
> --- a/net/filter-mirror.c
> +++ b/net/filter-mirror.c
> @@ -48,7 +48,7 @@ static int filter_send(MirrorState *s,
>  {
>      NetFilterState *nf = NETFILTER(s);
>      int ret = 0;
> -    ssize_t size = 0;
> +    size_t size = 0;
>      uint32_t len = 0;
>      char *buf;
>
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Philippe Mathieu-Daudé]

On 2/20/19 11:40 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
>>
>> In the previous commit we added an assert to be sure than
>> qemu_chr_be_can_write() will never return a negative value.
>> We can now change its prototype to return a size_t.
>> Adapt the backends accordingly.
> 
> Each variable you change to an unsigned type, we should check it isn't
> used with negative values.

Fortunately the preprocessor can help here!

Oh I forgot to write down the steps I ran:

  # enable warnings
  $ configure \
    --extra-cflags='-Wtype-limits -Wsign-conversion -Wsign-compare' \
    --disable-werror

  # since there are many sign abuse, build blindly
  $ make 2>/dev/null

  # now refresh the source we modified
  $ git diff --name-only origin/master \
      | egrep \.c\$ \
      | xargs touch

  # build again and carefully watch the warnings
  # (there are many unuseful #include warnings, ignore them)
  $ make

>>
>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  chardev/baum.c            | 6 +++---
>>  chardev/char-fd.c         | 2 +-
>>  chardev/char-pty.c        | 4 ++--
>>  chardev/char-socket.c     | 7 ++++---
>>  chardev/char-udp.c        | 4 ++--
>>  chardev/char-win.c        | 2 +-
>>  chardev/char.c            | 2 +-
>>  chardev/msmouse.c         | 4 ++--
>>  chardev/spice.c           | 2 +-
>>  chardev/wctablet.c        | 4 ++--
>>  hw/bt/hci-csr.c           | 2 +-
>>  include/chardev/char-fd.h | 2 +-
>>  include/chardev/char.h    | 2 +-
>>  ui/console.c              | 6 +++---
>>  14 files changed, 25 insertions(+), 24 deletions(-)
>>
>> diff --git a/chardev/baum.c b/chardev/baum.c
>> index 78b0c87625..1d69d62158 100644
>> --- a/chardev/baum.c
>> +++ b/chardev/baum.c
>> @@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
>>  static void baum_chr_accept_input(struct Chardev *chr)
>>  {
>>      BaumChardev *baum = BAUM_CHARDEV(chr);
>> -    int room, first;
>> +    size_t room, first;
>>
>>      if (!baum->out_buf_used)
>>          return;
>> @@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>>  {
>>      Chardev *chr = CHARDEV(baum);
>>      uint8_t io_buf[1 + 2 * len], *cur = io_buf;
>> -    int room;
>> +    size_t room;
>>      *cur++ = ESC;
>>      while (len--)
>>          if ((*cur++ = *buf++) == ESC)
>> @@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>>          /* Fits */
>>          qemu_chr_be_write(chr, io_buf, len);
>>      } else {
>> -        int first;
>> +        size_t first;
>>          uint8_t out;
>>          /* Can't fit all, send what can be, and store the rest. */
>>          qemu_chr_be_write(chr, io_buf, room);
> 
> baum room & first are only used for non-negative capacity values. ack
> 
>> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
>> index 2421d8e216..0fe2822869 100644
>> --- a/chardev/char-fd.c
>> +++ b/chardev/char-fd.c
>> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>>  {
>>      Chardev *chr = CHARDEV(opaque);
>>      FDChardev *s = FD_CHARDEV(opaque);
>> -    int len;
>> +    size_t len;
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      ssize_t ret;
>>
> 
> fd len is only used for non-negative buffer size. ack
> 
>> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
>> index 7777f6ddef..eae25f043b 100644
>> --- a/chardev/char-pty.c
>> +++ b/chardev/char-pty.c
>> @@ -34,7 +34,7 @@
>>  typedef struct {
>>      Chardev parent;
>>      QIOChannel *ioc;
>> -    int read_bytes;
>> +    size_t read_bytes;
>>
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>      int connected;
>>      GSource *timer_src;
>> @@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>>  {
>>      Chardev *chr = CHARDEV(opaque);
>>      PtyChardev *s = PTY_CHARDEV(opaque);
>> -    gsize len;
>> +    size_t len;
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      ssize_t ret;
> 
> pty len is only used for non-negative buffer size. ack
> 
>> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
>> index 262a59b64f..4010c343e0 100644
>> --- a/chardev/char-socket.c
>> +++ b/chardev/char-socket.c
>> @@ -60,7 +60,7 @@ typedef struct {
>>      GSource *hup_source;
>>      QCryptoTLSCreds *tls_creds;
>>      TCPChardevState state;
>> -    int max_size;
>> +    size_t max_size;
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>      int do_telnetopt;
>>      int do_nodelay;
>>      int *read_msgfds;
>> @@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>>      Chardev *chr = CHARDEV(opaque);
>>      SocketChardev *s = SOCKET_CHARDEV(opaque);
>>      uint8_t buf[CHR_READ_BUF_LEN];
>> -    int len, size;
>> +    size_t len;
> 
> len is only used for non-negative buffer size. ack
> 
>> +    int size;
>>
>>      if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
>> -        s->max_size <= 0) {
>> +        s->max_size == 0) {
>>          return TRUE;
>>      }
>>      len = sizeof(buf);
>> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
>> index b6e399e983..d4f40626e4 100644
>> --- a/chardev/char-udp.c
>> +++ b/chardev/char-udp.c
>> @@ -39,7 +39,7 @@ typedef struct {
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      int bufcnt;
>>      int bufptr;
>> -    int max_size;
>> +    size_t max_size;
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>  } UdpChardev;
>>
>>  #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
>> @@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
>>      Chardev *chr = CHARDEV(s);
>>
>>      while (s->max_size > 0 && s->bufptr < s->bufcnt) {
>> -        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
>> +        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);
> 
> the while() condition ensures the value will be > 0. ack
> 
>>          qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
>>          s->bufptr += n;
>>          s->max_size = qemu_chr_be_can_write(chr);
>> diff --git a/chardev/char-win.c b/chardev/char-win.c
>> index 05518e0958..30361e8852 100644
>> --- a/chardev/char-win.c
>> +++ b/chardev/char-win.c
>> @@ -29,7 +29,7 @@
>>  static void win_chr_read(Chardev *chr, DWORD len)
>>  {
>>      WinChardev *s = WIN_CHARDEV(chr);
>> -    int max_size = qemu_chr_be_can_write(chr);
>> +    size_t max_size = qemu_chr_be_can_write(chr);
> 
> unmodified, ack
> 
>>      int ret, err;
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      DWORD size;
>> diff --git a/chardev/char.c b/chardev/char.c
>> index 71ecd32b25..3149cd3ba9 100644
>> --- a/chardev/char.c
>> +++ b/chardev/char.c
>> @@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>>      return offset;
>>  }
>>
>> -int qemu_chr_be_can_write(Chardev *s)
>> +size_t qemu_chr_be_can_write(Chardev *s)
>>  {
>>      CharBackend *be = s->be;
>>      int receivable_bytes;
>> diff --git a/chardev/msmouse.c b/chardev/msmouse.c
>> index 0ffd137ce8..cdb6f86037 100644
>> --- a/chardev/msmouse.c
>> +++ b/chardev/msmouse.c
>> @@ -38,7 +38,7 @@ typedef struct {
>>      bool btns[INPUT_BUTTON__MAX];
>>      bool btnc[INPUT_BUTTON__MAX];
>>      uint8_t outbuf[32];
>> -    int outlen;
>> +    size_t outlen;
> 
> outlen is only used as non-negative buffer size, ack
> 
>>  } MouseChardev;
>>
>>  #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
>> @@ -48,7 +48,7 @@ typedef struct {
>>  static void msmouse_chr_accept_input(Chardev *chr)
>>  {
>>      MouseChardev *mouse = MOUSE_CHARDEV(chr);
>> -    int len;
>> +    size_t len;
>>
>>      len = qemu_chr_be_can_write(chr);
> 
> same
> 
>>      if (len > mouse->outlen) {
>> diff --git a/chardev/spice.c b/chardev/spice.c
>> index 173c257949..ad180a8a13 100644
>> --- a/chardev/spice.c
>> +++ b/chardev/spice.c
>> @@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
>>      uint8_t* p = (uint8_t*)buf;
>>
>>      while (len > 0) {
>> -        int can_write = qemu_chr_be_can_write(chr);
>> +        size_t can_write = qemu_chr_be_can_write(chr);
> 
> unmodified value, ack
> 
>>          last_out = MIN(len, can_write);
>>          if (last_out <= 0) {
>>              break;
>> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
>> index cf7a08a363..daae570bc7 100644
>> --- a/chardev/wctablet.c
>> +++ b/chardev/wctablet.c
>> @@ -74,7 +74,7 @@ typedef struct {
>>
>>      /* Command to be sent to serial port */
>>      uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
>> -    int outlen;
>> +    size_t outlen;
> 
> Used as non-negative buffer size only, ack
>>
>>      int line_speed;
>>      bool send_events;
>> @@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
>>  static void wctablet_chr_accept_input(Chardev *chr)
>>  {
>>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
>> -    int len, canWrite;
>> +    size_t len, canWrite;
> 
> Used as non-negative buffer size only, ack
> 
>>
>>      canWrite = qemu_chr_be_can_write(chr);
>>      len = canWrite;
>> diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
>> index fa6660a113..e837a3fa1f 100644
>> --- a/hw/bt/hci-csr.c
>> +++ b/hw/bt/hci-csr.c
>> @@ -38,7 +38,7 @@ struct csrhci_s {
>>  #define FIFO_LEN       4096
>>      int out_start;
>>      int out_len;
>> -    int out_size;
>> +    size_t out_size;
> 
> Used as non-negative buffer size only, ack
> 
>>      uint8_t outfifo[FIFO_LEN * 2];
>>      uint8_t inpkt[FIFO_LEN];
>>      enum {
>> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
>> index e7c2b176f9..36c6b89cee 100644
>> --- a/include/chardev/char-fd.h
>> +++ b/include/chardev/char-fd.h
>> @@ -31,7 +31,7 @@ typedef struct FDChardev {
>>      Chardev parent;
>>
>>      QIOChannel *ioc_in, *ioc_out;
>> -    int max_size;
>> +    size_t max_size;
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>  } FDChardev;
>>
>>  #define TYPE_CHARDEV_FD "chardev-fd"
>> diff --git a/include/chardev/char.h b/include/chardev/char.h
>> index c0b57f7685..0341dd1ba2 100644
>> --- a/include/chardev/char.h
>> +++ b/include/chardev/char.h
>> @@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
>>   *
>>   * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
>>   */
>> -int qemu_chr_be_can_write(Chardev *s);
>> +size_t qemu_chr_be_can_write(Chardev *s);
>>
>>  /**
>>   * qemu_chr_be_write:
>> diff --git a/ui/console.c b/ui/console.c
>> index 6d2282d3e9..42f04e2b37 100644
>> --- a/ui/console.c
>> +++ b/ui/console.c
>> @@ -61,8 +61,8 @@ enum TTYState {
>>
>>  typedef struct QEMUFIFO {
>>      uint8_t *buf;
>> -    int buf_size;
>> -    int count, wptr, rptr;
>> +    size_t buf_size, count;
>> +    int wptr, rptr;
> 
> Only used as non-negative buffer size, ack
> 
>>  } QEMUFIFO;
>>
>>  static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
>> @@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
>>  static void kbd_send_chars(void *opaque)
>>  {
>>      QemuConsole *s = opaque;
>> -    int len;
>> +    size_t len;
> 
> Only used as non-negative buffer size, ack
> 
>>      uint8_t buf[16];
>>
>>      len = qemu_chr_be_can_write(s->chr);
>> --
>> 2.20.1
>>
> 
> That was painful, hopefully I didn't miss something...

As is this series and its rebases...

I hope you will still be as willingful to review the follow up series
(part #2) which is worst.

I felt this is pointless to write the same detailed review you did in
the commit message, because the reviewer still has to go to each patch
and verify.

> 
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> 

Thanks a lot!

Phil.

Re: [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Philippe Mathieu-Daudé]

On 2/20/19 11:40 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
>>
>> In the previous commit we added an assert to be sure than
>> qemu_chr_be_can_write() will never return a negative value.
>> We can now change its prototype to return a size_t.
>> Adapt the backends accordingly.
> 
> Each variable you change to an unsigned type, we should check it isn't
> used with negative values.

Fortunately the preprocessor can help here!

Oh I forgot to write down the steps I ran:

  # enable warnings
  $ configure \
    --extra-cflags='-Wtype-limits -Wsign-conversion -Wsign-compare' \
    --disable-werror

  # since there are many sign abuse, build blindly
  $ make 2>/dev/null

  # now refresh the source we modified
  $ git diff --name-only origin/master \
      | egrep \.c\$ \
      | xargs touch

  # build again and carefully watch the warnings
  # (there are many unuseful #include warnings, ignore them)
  $ make

>>
>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  chardev/baum.c            | 6 +++---
>>  chardev/char-fd.c         | 2 +-
>>  chardev/char-pty.c        | 4 ++--
>>  chardev/char-socket.c     | 7 ++++---
>>  chardev/char-udp.c        | 4 ++--
>>  chardev/char-win.c        | 2 +-
>>  chardev/char.c            | 2 +-
>>  chardev/msmouse.c         | 4 ++--
>>  chardev/spice.c           | 2 +-
>>  chardev/wctablet.c        | 4 ++--
>>  hw/bt/hci-csr.c           | 2 +-
>>  include/chardev/char-fd.h | 2 +-
>>  include/chardev/char.h    | 2 +-
>>  ui/console.c              | 6 +++---
>>  14 files changed, 25 insertions(+), 24 deletions(-)
>>
>> diff --git a/chardev/baum.c b/chardev/baum.c
>> index 78b0c87625..1d69d62158 100644
>> --- a/chardev/baum.c
>> +++ b/chardev/baum.c
>> @@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
>>  static void baum_chr_accept_input(struct Chardev *chr)
>>  {
>>      BaumChardev *baum = BAUM_CHARDEV(chr);
>> -    int room, first;
>> +    size_t room, first;
>>
>>      if (!baum->out_buf_used)
>>          return;
>> @@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>>  {
>>      Chardev *chr = CHARDEV(baum);
>>      uint8_t io_buf[1 + 2 * len], *cur = io_buf;
>> -    int room;
>> +    size_t room;
>>      *cur++ = ESC;
>>      while (len--)
>>          if ((*cur++ = *buf++) == ESC)
>> @@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
>>          /* Fits */
>>          qemu_chr_be_write(chr, io_buf, len);
>>      } else {
>> -        int first;
>> +        size_t first;
>>          uint8_t out;
>>          /* Can't fit all, send what can be, and store the rest. */
>>          qemu_chr_be_write(chr, io_buf, room);
> 
> baum room & first are only used for non-negative capacity values. ack
> 
>> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
>> index 2421d8e216..0fe2822869 100644
>> --- a/chardev/char-fd.c
>> +++ b/chardev/char-fd.c
>> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>>  {
>>      Chardev *chr = CHARDEV(opaque);
>>      FDChardev *s = FD_CHARDEV(opaque);
>> -    int len;
>> +    size_t len;
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      ssize_t ret;
>>
> 
> fd len is only used for non-negative buffer size. ack
> 
>> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
>> index 7777f6ddef..eae25f043b 100644
>> --- a/chardev/char-pty.c
>> +++ b/chardev/char-pty.c
>> @@ -34,7 +34,7 @@
>>  typedef struct {
>>      Chardev parent;
>>      QIOChannel *ioc;
>> -    int read_bytes;
>> +    size_t read_bytes;
>>
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>      int connected;
>>      GSource *timer_src;
>> @@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>>  {
>>      Chardev *chr = CHARDEV(opaque);
>>      PtyChardev *s = PTY_CHARDEV(opaque);
>> -    gsize len;
>> +    size_t len;
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      ssize_t ret;
> 
> pty len is only used for non-negative buffer size. ack
> 
>> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
>> index 262a59b64f..4010c343e0 100644
>> --- a/chardev/char-socket.c
>> +++ b/chardev/char-socket.c
>> @@ -60,7 +60,7 @@ typedef struct {
>>      GSource *hup_source;
>>      QCryptoTLSCreds *tls_creds;
>>      TCPChardevState state;
>> -    int max_size;
>> +    size_t max_size;
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>      int do_telnetopt;
>>      int do_nodelay;
>>      int *read_msgfds;
>> @@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
>>      Chardev *chr = CHARDEV(opaque);
>>      SocketChardev *s = SOCKET_CHARDEV(opaque);
>>      uint8_t buf[CHR_READ_BUF_LEN];
>> -    int len, size;
>> +    size_t len;
> 
> len is only used for non-negative buffer size. ack
> 
>> +    int size;
>>
>>      if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
>> -        s->max_size <= 0) {
>> +        s->max_size == 0) {
>>          return TRUE;
>>      }
>>      len = sizeof(buf);
>> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
>> index b6e399e983..d4f40626e4 100644
>> --- a/chardev/char-udp.c
>> +++ b/chardev/char-udp.c
>> @@ -39,7 +39,7 @@ typedef struct {
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      int bufcnt;
>>      int bufptr;
>> -    int max_size;
>> +    size_t max_size;
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>  } UdpChardev;
>>
>>  #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
>> @@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
>>      Chardev *chr = CHARDEV(s);
>>
>>      while (s->max_size > 0 && s->bufptr < s->bufcnt) {
>> -        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
>> +        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);
> 
> the while() condition ensures the value will be > 0. ack
> 
>>          qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
>>          s->bufptr += n;
>>          s->max_size = qemu_chr_be_can_write(chr);
>> diff --git a/chardev/char-win.c b/chardev/char-win.c
>> index 05518e0958..30361e8852 100644
>> --- a/chardev/char-win.c
>> +++ b/chardev/char-win.c
>> @@ -29,7 +29,7 @@
>>  static void win_chr_read(Chardev *chr, DWORD len)
>>  {
>>      WinChardev *s = WIN_CHARDEV(chr);
>> -    int max_size = qemu_chr_be_can_write(chr);
>> +    size_t max_size = qemu_chr_be_can_write(chr);
> 
> unmodified, ack
> 
>>      int ret, err;
>>      uint8_t buf[CHR_READ_BUF_LEN];
>>      DWORD size;
>> diff --git a/chardev/char.c b/chardev/char.c
>> index 71ecd32b25..3149cd3ba9 100644
>> --- a/chardev/char.c
>> +++ b/chardev/char.c
>> @@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>>      return offset;
>>  }
>>
>> -int qemu_chr_be_can_write(Chardev *s)
>> +size_t qemu_chr_be_can_write(Chardev *s)
>>  {
>>      CharBackend *be = s->be;
>>      int receivable_bytes;
>> diff --git a/chardev/msmouse.c b/chardev/msmouse.c
>> index 0ffd137ce8..cdb6f86037 100644
>> --- a/chardev/msmouse.c
>> +++ b/chardev/msmouse.c
>> @@ -38,7 +38,7 @@ typedef struct {
>>      bool btns[INPUT_BUTTON__MAX];
>>      bool btnc[INPUT_BUTTON__MAX];
>>      uint8_t outbuf[32];
>> -    int outlen;
>> +    size_t outlen;
> 
> outlen is only used as non-negative buffer size, ack
> 
>>  } MouseChardev;
>>
>>  #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
>> @@ -48,7 +48,7 @@ typedef struct {
>>  static void msmouse_chr_accept_input(Chardev *chr)
>>  {
>>      MouseChardev *mouse = MOUSE_CHARDEV(chr);
>> -    int len;
>> +    size_t len;
>>
>>      len = qemu_chr_be_can_write(chr);
> 
> same
> 
>>      if (len > mouse->outlen) {
>> diff --git a/chardev/spice.c b/chardev/spice.c
>> index 173c257949..ad180a8a13 100644
>> --- a/chardev/spice.c
>> +++ b/chardev/spice.c
>> @@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
>>      uint8_t* p = (uint8_t*)buf;
>>
>>      while (len > 0) {
>> -        int can_write = qemu_chr_be_can_write(chr);
>> +        size_t can_write = qemu_chr_be_can_write(chr);
> 
> unmodified value, ack
> 
>>          last_out = MIN(len, can_write);
>>          if (last_out <= 0) {
>>              break;
>> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
>> index cf7a08a363..daae570bc7 100644
>> --- a/chardev/wctablet.c
>> +++ b/chardev/wctablet.c
>> @@ -74,7 +74,7 @@ typedef struct {
>>
>>      /* Command to be sent to serial port */
>>      uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
>> -    int outlen;
>> +    size_t outlen;
> 
> Used as non-negative buffer size only, ack
>>
>>      int line_speed;
>>      bool send_events;
>> @@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
>>  static void wctablet_chr_accept_input(Chardev *chr)
>>  {
>>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
>> -    int len, canWrite;
>> +    size_t len, canWrite;
> 
> Used as non-negative buffer size only, ack
> 
>>
>>      canWrite = qemu_chr_be_can_write(chr);
>>      len = canWrite;
>> diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
>> index fa6660a113..e837a3fa1f 100644
>> --- a/hw/bt/hci-csr.c
>> +++ b/hw/bt/hci-csr.c
>> @@ -38,7 +38,7 @@ struct csrhci_s {
>>  #define FIFO_LEN       4096
>>      int out_start;
>>      int out_len;
>> -    int out_size;
>> +    size_t out_size;
> 
> Used as non-negative buffer size only, ack
> 
>>      uint8_t outfifo[FIFO_LEN * 2];
>>      uint8_t inpkt[FIFO_LEN];
>>      enum {
>> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
>> index e7c2b176f9..36c6b89cee 100644
>> --- a/include/chardev/char-fd.h
>> +++ b/include/chardev/char-fd.h
>> @@ -31,7 +31,7 @@ typedef struct FDChardev {
>>      Chardev parent;
>>
>>      QIOChannel *ioc_in, *ioc_out;
>> -    int max_size;
>> +    size_t max_size;
> 
> Only set with values returned from qemu_chr_be_can_write(), ack
> 
>>  } FDChardev;
>>
>>  #define TYPE_CHARDEV_FD "chardev-fd"
>> diff --git a/include/chardev/char.h b/include/chardev/char.h
>> index c0b57f7685..0341dd1ba2 100644
>> --- a/include/chardev/char.h
>> +++ b/include/chardev/char.h
>> @@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
>>   *
>>   * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
>>   */
>> -int qemu_chr_be_can_write(Chardev *s);
>> +size_t qemu_chr_be_can_write(Chardev *s);
>>
>>  /**
>>   * qemu_chr_be_write:
>> diff --git a/ui/console.c b/ui/console.c
>> index 6d2282d3e9..42f04e2b37 100644
>> --- a/ui/console.c
>> +++ b/ui/console.c
>> @@ -61,8 +61,8 @@ enum TTYState {
>>
>>  typedef struct QEMUFIFO {
>>      uint8_t *buf;
>> -    int buf_size;
>> -    int count, wptr, rptr;
>> +    size_t buf_size, count;
>> +    int wptr, rptr;
> 
> Only used as non-negative buffer size, ack
> 
>>  } QEMUFIFO;
>>
>>  static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
>> @@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
>>  static void kbd_send_chars(void *opaque)
>>  {
>>      QemuConsole *s = opaque;
>> -    int len;
>> +    size_t len;
> 
> Only used as non-negative buffer size, ack
> 
>>      uint8_t buf[16];
>>
>>      len = qemu_chr_be_can_write(s->chr);
>> --
>> 2.20.1
>>
> 
> That was painful, hopefully I didn't miss something...

As is this series and its rebases...

I hope you will still be as willingful to review the follow up series
(part #2) which is worst.

I felt this is pointless to write the same detailed review you did in
the commit message, because the reviewer still has to go to each patch
and verify.

> 
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> 

Thanks a lot!

Phil.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Daniel P. Berrangé]

On Wed, Feb 20, 2019 at 11:53:42AM +0100, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:02 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
> >
> > Hi,
> >
> > This series convert the chardev::qemu_chr_write() to take unsigned
> > length argument. To do so I went through all caller and checked if
> > there are no negative value possible.
> 
> 
> Changing signedness is problematic and can easily introduce bugs that
> are easy to miss during review.
> 
> I agree with Cornelia about idiomatic use of int. Changing "int" for
> "size_t" isn't systematically a clear win.
> 
> Even Google C++ style recommends to avoid unsigned types "(except for
> representing bitfields or modular arithmetic). Do not use an unsigned
> type merely to assert that a variable is non-negative."
> https://google.github.io/styleguide/cppguide.html#Integer_Types - see rationale
> 
> Since Paolo you suggested the change, could you give some convincing
> arguments that it's worth taking the plunge?

The chardev write/read methods will end up calling libc read/write
methods, whose parameters are "size_t count".

Thus if there is QEMU code that could currently (mistakenly) pass a
negative value for length to qemu_chr_write, unless something stops
it, this is going to be cast to a size_t when we finally call read/
write on the FD, leading to a large positive value & array out of
bounds read/write. 

IOW we already have inconsistent use of signed vs unsigned in our code
which has potential to cause bugs. Converting chardev to use size_t
we get rid fo the mismatch with the underlying libc APIs we call,
which ultimately eliminates an area of risk longer term. There is a
chance it could uncover some pre-existing dormant bugs, but provided
we do due diligence to check callers I think its a win to be consistent
with libc APIs in size_t usage for read/write.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Daniel P. Berrangé]

On Wed, Feb 20, 2019 at 11:53:42AM +0100, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:02 AM Philippe Mathieu-Daudé
> <philmd@redhat.com> wrote:
> >
> > Hi,
> >
> > This series convert the chardev::qemu_chr_write() to take unsigned
> > length argument. To do so I went through all caller and checked if
> > there are no negative value possible.
> 
> 
> Changing signedness is problematic and can easily introduce bugs that
> are easy to miss during review.
> 
> I agree with Cornelia about idiomatic use of int. Changing "int" for
> "size_t" isn't systematically a clear win.
> 
> Even Google C++ style recommends to avoid unsigned types "(except for
> representing bitfields or modular arithmetic). Do not use an unsigned
> type merely to assert that a variable is non-negative."
> https://google.github.io/styleguide/cppguide.html#Integer_Types - see rationale
> 
> Since Paolo you suggested the change, could you give some convincing
> arguments that it's worth taking the plunge?

The chardev write/read methods will end up calling libc read/write
methods, whose parameters are "size_t count".

Thus if there is QEMU code that could currently (mistakenly) pass a
negative value for length to qemu_chr_write, unless something stops
it, this is going to be cast to a size_t when we finally call read/
write on the FD, leading to a large positive value & array out of
bounds read/write. 

IOW we already have inconsistent use of signed vs unsigned in our code
which has potential to cause bugs. Converting chardev to use size_t
we get rid fo the mismatch with the underlying libc APIs we call,
which ultimately eliminates an area of risk longer term. There is a
chance it could uncover some pre-existing dormant bugs, but provided
we do due diligence to check callers I think its a win to be consistent
with libc APIs in size_t usage for read/write.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Philippe Mathieu-Daudé]

On 2/20/19 11:42 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 11:39 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
>>
>> On Wed, Feb 20, 2019 at 02:02:32AM +0100, Philippe Mathieu-Daudé wrote:
>>
>>> diff --git a/include/chardev/char.h b/include/chardev/char.h
>>> index 0341dd1ba2..2e3b5a15ca 100644
>>> --- a/include/chardev/char.h
>>> +++ b/include/chardev/char.h
>>> @@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
>>>                            ChardevFeature feature);
>>>  QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
>>>                                  bool permit_mux_mon);
>>> -int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
>>> +int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);
>>
>> Seeing this cleanup reminds me that I think we ought to change
>> the chardev read & write functions to take "void *buf" instead.
>> as is done for regular libc  read/write functions. This would
>> avoid casts in the callers between char */uint8_t *
>>
>> Something to think about for a future cleanup job....same applies
>> for the QIOChannel APIs which take a 'char *buf', annoyingly
>> different from the chardev APIs :-( Both ought to have void *buf
> 
> I fully agree, and I started that conversion some time ago, and lost
> it somewhere. That should be easier than changing the sign of return
> values though!

I thought about it too and am happy both of you agree.

The "part #3" update the prototypes to return ssize_t instead of int.
I can do this change there.

>>
>>
>> Regards,
>> Daniel
>> --
>> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
>> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
>> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v3 25/25] chardev: Let qemu_chr_write[_all] use size_t

[Philippe Mathieu-Daudé]

On 2/20/19 11:42 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 11:39 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
>>
>> On Wed, Feb 20, 2019 at 02:02:32AM +0100, Philippe Mathieu-Daudé wrote:
>>
>>> diff --git a/include/chardev/char.h b/include/chardev/char.h
>>> index 0341dd1ba2..2e3b5a15ca 100644
>>> --- a/include/chardev/char.h
>>> +++ b/include/chardev/char.h
>>> @@ -221,7 +221,7 @@ void qemu_chr_set_feature(Chardev *chr,
>>>                            ChardevFeature feature);
>>>  QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
>>>                                  bool permit_mux_mon);
>>> -int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all);
>>> +int qemu_chr_write(Chardev *s, const uint8_t *buf, size_t len, bool write_all);
>>
>> Seeing this cleanup reminds me that I think we ought to change
>> the chardev read & write functions to take "void *buf" instead.
>> as is done for regular libc  read/write functions. This would
>> avoid casts in the callers between char */uint8_t *
>>
>> Something to think about for a future cleanup job....same applies
>> for the QIOChannel APIs which take a 'char *buf', annoyingly
>> different from the chardev APIs :-( Both ought to have void *buf
> 
> I fully agree, and I started that conversion some time ago, and lost
> it somewhere. That should be easier than changing the sign of return
> values though!

I thought about it too and am happy both of you agree.

The "part #3" update the prototypes to return ssize_t instead of int.
I can do this change there.

>>
>>
>> Regards,
>> Daniel
>> --
>> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
>> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
>> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays

[Philippe Mathieu-Daudé]

On 2/20/19 10:40 AM, Cornelia Huck wrote:
> On Wed, 20 Feb 2019 02:02:26 +0100
> Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
> 
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  include/hw/s390x/ebcdic.h | 8 ++++----
>>  1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/hw/s390x/ebcdic.h b/include/hw/s390x/ebcdic.h
>> index 69a04cab62..d89174e113 100644
>> --- a/include/hw/s390x/ebcdic.h
>> +++ b/include/hw/s390x/ebcdic.h
>> @@ -83,18 +83,18 @@ static const uint8_t ascii2ebcdic[] = {
>>      0x90, 0x3F, 0x3F, 0x3F, 0x3F, 0xEA, 0x3F, 0xFF
>>  };
>>  
>> -static inline void ebcdic_put(uint8_t *p, const char *ascii, int len)
>> +static inline void ebcdic_put(uint8_t *p, const char *ascii, size_t len)
>>  {
>> -    int i;
>> +    size_t i;
>>  
>>      for (i = 0; i < len; i++) {
>>          p[i] = ascii2ebcdic[(uint8_t)ascii[i]];
>>      }
>>  }
>>  
>> -static inline void ascii_put(uint8_t *p, const char *ebcdic, int len)
>> +static inline void ascii_put(uint8_t *p, const char *ebcdic, size_t len)
>>  {
>> -    int i;
>> +    size_t i;
>>  
>>      for (i = 0; i < len; i++) {
>>          p[i] = ebcdic2ascii[(uint8_t)ebcdic[i]];
> 
> Making the passed len parameter a size_t makes sense; but using a
> size_t as an array iterator looks a bit unidiomatic... it's not wrong,
> though.

This is to silent the "-Wsign-conversion -Wsign-compare" warnings...
I am still not sure what is the best to do.

> Acked-by: Cornelia Huck <cohuck@redhat.com>

Thanks!

Phil.

Re: [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays

[Philippe Mathieu-Daudé]

On 2/20/19 10:40 AM, Cornelia Huck wrote:
> On Wed, 20 Feb 2019 02:02:26 +0100
> Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
> 
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  include/hw/s390x/ebcdic.h | 8 ++++----
>>  1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/hw/s390x/ebcdic.h b/include/hw/s390x/ebcdic.h
>> index 69a04cab62..d89174e113 100644
>> --- a/include/hw/s390x/ebcdic.h
>> +++ b/include/hw/s390x/ebcdic.h
>> @@ -83,18 +83,18 @@ static const uint8_t ascii2ebcdic[] = {
>>      0x90, 0x3F, 0x3F, 0x3F, 0x3F, 0xEA, 0x3F, 0xFF
>>  };
>>  
>> -static inline void ebcdic_put(uint8_t *p, const char *ascii, int len)
>> +static inline void ebcdic_put(uint8_t *p, const char *ascii, size_t len)
>>  {
>> -    int i;
>> +    size_t i;
>>  
>>      for (i = 0; i < len; i++) {
>>          p[i] = ascii2ebcdic[(uint8_t)ascii[i]];
>>      }
>>  }
>>  
>> -static inline void ascii_put(uint8_t *p, const char *ebcdic, int len)
>> +static inline void ascii_put(uint8_t *p, const char *ebcdic, size_t len)
>>  {
>> -    int i;
>> +    size_t i;
>>  
>>      for (i = 0; i < len; i++) {
>>          p[i] = ebcdic2ascii[(uint8_t)ebcdic[i]];
> 
> Making the passed len parameter a size_t makes sense; but using a
> size_t as an array iterator looks a bit unidiomatic... it's not wrong,
> though.

This is to silent the "-Wsign-conversion -Wsign-compare" warnings...
I am still not sure what is the best to do.

> Acked-by: Cornelia Huck <cohuck@redhat.com>

Thanks!

Phil.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 12:26 PM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> On 2/20/19 11:40 AM, Marc-André Lureau wrote:
> > Hi
> >
> > On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
> > <philmd@redhat.com> wrote:
> >>
> >> In the previous commit we added an assert to be sure than
> >> qemu_chr_be_can_write() will never return a negative value.
> >> We can now change its prototype to return a size_t.
> >> Adapt the backends accordingly.
> >
> > Each variable you change to an unsigned type, we should check it isn't
> > used with negative values.
>
> Fortunately the preprocessor can help here!
>
> Oh I forgot to write down the steps I ran:
>
>   # enable warnings
>   $ configure \
>     --extra-cflags='-Wtype-limits -Wsign-conversion -Wsign-compare' \
>     --disable-werror
>
>   # since there are many sign abuse, build blindly
>   $ make 2>/dev/null
>
>   # now refresh the source we modified
>   $ git diff --name-only origin/master \
>       | egrep \.c\$ \
>       | xargs touch
>
>   # build again and carefully watch the warnings
>   # (there are many unuseful #include warnings, ignore them)
>   $ make
>
> >>
> >> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> >> ---
> >>  chardev/baum.c            | 6 +++---
> >>  chardev/char-fd.c         | 2 +-
> >>  chardev/char-pty.c        | 4 ++--
> >>  chardev/char-socket.c     | 7 ++++---
> >>  chardev/char-udp.c        | 4 ++--
> >>  chardev/char-win.c        | 2 +-
> >>  chardev/char.c            | 2 +-
> >>  chardev/msmouse.c         | 4 ++--
> >>  chardev/spice.c           | 2 +-
> >>  chardev/wctablet.c        | 4 ++--
> >>  hw/bt/hci-csr.c           | 2 +-
> >>  include/chardev/char-fd.h | 2 +-
> >>  include/chardev/char.h    | 2 +-
> >>  ui/console.c              | 6 +++---
> >>  14 files changed, 25 insertions(+), 24 deletions(-)
> >>
> >> diff --git a/chardev/baum.c b/chardev/baum.c
> >> index 78b0c87625..1d69d62158 100644
> >> --- a/chardev/baum.c
> >> +++ b/chardev/baum.c
> >> @@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
> >>  static void baum_chr_accept_input(struct Chardev *chr)
> >>  {
> >>      BaumChardev *baum = BAUM_CHARDEV(chr);
> >> -    int room, first;
> >> +    size_t room, first;
> >>
> >>      if (!baum->out_buf_used)
> >>          return;
> >> @@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
> >>  {
> >>      Chardev *chr = CHARDEV(baum);
> >>      uint8_t io_buf[1 + 2 * len], *cur = io_buf;
> >> -    int room;
> >> +    size_t room;
> >>      *cur++ = ESC;
> >>      while (len--)
> >>          if ((*cur++ = *buf++) == ESC)
> >> @@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
> >>          /* Fits */
> >>          qemu_chr_be_write(chr, io_buf, len);
> >>      } else {
> >> -        int first;
> >> +        size_t first;
> >>          uint8_t out;
> >>          /* Can't fit all, send what can be, and store the rest. */
> >>          qemu_chr_be_write(chr, io_buf, room);
> >
> > baum room & first are only used for non-negative capacity values. ack
> >
> >> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> >> index 2421d8e216..0fe2822869 100644
> >> --- a/chardev/char-fd.c
> >> +++ b/chardev/char-fd.c
> >> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> >>  {
> >>      Chardev *chr = CHARDEV(opaque);
> >>      FDChardev *s = FD_CHARDEV(opaque);
> >> -    int len;
> >> +    size_t len;
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      ssize_t ret;
> >>
> >
> > fd len is only used for non-negative buffer size. ack
> >
> >> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> >> index 7777f6ddef..eae25f043b 100644
> >> --- a/chardev/char-pty.c
> >> +++ b/chardev/char-pty.c
> >> @@ -34,7 +34,7 @@
> >>  typedef struct {
> >>      Chardev parent;
> >>      QIOChannel *ioc;
> >> -    int read_bytes;
> >> +    size_t read_bytes;
> >>
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>      int connected;
> >>      GSource *timer_src;
> >> @@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> >>  {
> >>      Chardev *chr = CHARDEV(opaque);
> >>      PtyChardev *s = PTY_CHARDEV(opaque);
> >> -    gsize len;
> >> +    size_t len;
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      ssize_t ret;
> >
> > pty len is only used for non-negative buffer size. ack
> >
> >> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> >> index 262a59b64f..4010c343e0 100644
> >> --- a/chardev/char-socket.c
> >> +++ b/chardev/char-socket.c
> >> @@ -60,7 +60,7 @@ typedef struct {
> >>      GSource *hup_source;
> >>      QCryptoTLSCreds *tls_creds;
> >>      TCPChardevState state;
> >> -    int max_size;
> >> +    size_t max_size;
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>      int do_telnetopt;
> >>      int do_nodelay;
> >>      int *read_msgfds;
> >> @@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> >>      Chardev *chr = CHARDEV(opaque);
> >>      SocketChardev *s = SOCKET_CHARDEV(opaque);
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >> -    int len, size;
> >> +    size_t len;
> >
> > len is only used for non-negative buffer size. ack
> >
> >> +    int size;
> >>
> >>      if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
> >> -        s->max_size <= 0) {
> >> +        s->max_size == 0) {
> >>          return TRUE;
> >>      }
> >>      len = sizeof(buf);
> >> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
> >> index b6e399e983..d4f40626e4 100644
> >> --- a/chardev/char-udp.c
> >> +++ b/chardev/char-udp.c
> >> @@ -39,7 +39,7 @@ typedef struct {
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      int bufcnt;
> >>      int bufptr;
> >> -    int max_size;
> >> +    size_t max_size;
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>  } UdpChardev;
> >>
> >>  #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
> >> @@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
> >>      Chardev *chr = CHARDEV(s);
> >>
> >>      while (s->max_size > 0 && s->bufptr < s->bufcnt) {
> >> -        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
> >> +        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);
> >
> > the while() condition ensures the value will be > 0. ack
> >
> >>          qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
> >>          s->bufptr += n;
> >>          s->max_size = qemu_chr_be_can_write(chr);
> >> diff --git a/chardev/char-win.c b/chardev/char-win.c
> >> index 05518e0958..30361e8852 100644
> >> --- a/chardev/char-win.c
> >> +++ b/chardev/char-win.c
> >> @@ -29,7 +29,7 @@
> >>  static void win_chr_read(Chardev *chr, DWORD len)
> >>  {
> >>      WinChardev *s = WIN_CHARDEV(chr);
> >> -    int max_size = qemu_chr_be_can_write(chr);
> >> +    size_t max_size = qemu_chr_be_can_write(chr);
> >
> > unmodified, ack
> >
> >>      int ret, err;
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      DWORD size;
> >> diff --git a/chardev/char.c b/chardev/char.c
> >> index 71ecd32b25..3149cd3ba9 100644
> >> --- a/chardev/char.c
> >> +++ b/chardev/char.c
> >> @@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
> >>      return offset;
> >>  }
> >>
> >> -int qemu_chr_be_can_write(Chardev *s)
> >> +size_t qemu_chr_be_can_write(Chardev *s)
> >>  {
> >>      CharBackend *be = s->be;
> >>      int receivable_bytes;
> >> diff --git a/chardev/msmouse.c b/chardev/msmouse.c
> >> index 0ffd137ce8..cdb6f86037 100644
> >> --- a/chardev/msmouse.c
> >> +++ b/chardev/msmouse.c
> >> @@ -38,7 +38,7 @@ typedef struct {
> >>      bool btns[INPUT_BUTTON__MAX];
> >>      bool btnc[INPUT_BUTTON__MAX];
> >>      uint8_t outbuf[32];
> >> -    int outlen;
> >> +    size_t outlen;
> >
> > outlen is only used as non-negative buffer size, ack
> >
> >>  } MouseChardev;
> >>
> >>  #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
> >> @@ -48,7 +48,7 @@ typedef struct {
> >>  static void msmouse_chr_accept_input(Chardev *chr)
> >>  {
> >>      MouseChardev *mouse = MOUSE_CHARDEV(chr);
> >> -    int len;
> >> +    size_t len;
> >>
> >>      len = qemu_chr_be_can_write(chr);
> >
> > same
> >
> >>      if (len > mouse->outlen) {
> >> diff --git a/chardev/spice.c b/chardev/spice.c
> >> index 173c257949..ad180a8a13 100644
> >> --- a/chardev/spice.c
> >> +++ b/chardev/spice.c
> >> @@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
> >>      uint8_t* p = (uint8_t*)buf;
> >>
> >>      while (len > 0) {
> >> -        int can_write = qemu_chr_be_can_write(chr);
> >> +        size_t can_write = qemu_chr_be_can_write(chr);
> >
> > unmodified value, ack
> >
> >>          last_out = MIN(len, can_write);
> >>          if (last_out <= 0) {
> >>              break;
> >> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> >> index cf7a08a363..daae570bc7 100644
> >> --- a/chardev/wctablet.c
> >> +++ b/chardev/wctablet.c
> >> @@ -74,7 +74,7 @@ typedef struct {
> >>
> >>      /* Command to be sent to serial port */
> >>      uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
> >> -    int outlen;
> >> +    size_t outlen;
> >
> > Used as non-negative buffer size only, ack
> >>
> >>      int line_speed;
> >>      bool send_events;
> >> @@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
> >>  static void wctablet_chr_accept_input(Chardev *chr)
> >>  {
> >>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> >> -    int len, canWrite;
> >> +    size_t len, canWrite;
> >
> > Used as non-negative buffer size only, ack
> >
> >>
> >>      canWrite = qemu_chr_be_can_write(chr);
> >>      len = canWrite;
> >> diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
> >> index fa6660a113..e837a3fa1f 100644
> >> --- a/hw/bt/hci-csr.c
> >> +++ b/hw/bt/hci-csr.c
> >> @@ -38,7 +38,7 @@ struct csrhci_s {
> >>  #define FIFO_LEN       4096
> >>      int out_start;
> >>      int out_len;
> >> -    int out_size;
> >> +    size_t out_size;
> >
> > Used as non-negative buffer size only, ack
> >
> >>      uint8_t outfifo[FIFO_LEN * 2];
> >>      uint8_t inpkt[FIFO_LEN];
> >>      enum {
> >> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
> >> index e7c2b176f9..36c6b89cee 100644
> >> --- a/include/chardev/char-fd.h
> >> +++ b/include/chardev/char-fd.h
> >> @@ -31,7 +31,7 @@ typedef struct FDChardev {
> >>      Chardev parent;
> >>
> >>      QIOChannel *ioc_in, *ioc_out;
> >> -    int max_size;
> >> +    size_t max_size;
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>  } FDChardev;
> >>
> >>  #define TYPE_CHARDEV_FD "chardev-fd"
> >> diff --git a/include/chardev/char.h b/include/chardev/char.h
> >> index c0b57f7685..0341dd1ba2 100644
> >> --- a/include/chardev/char.h
> >> +++ b/include/chardev/char.h
> >> @@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
> >>   *
> >>   * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
> >>   */
> >> -int qemu_chr_be_can_write(Chardev *s);
> >> +size_t qemu_chr_be_can_write(Chardev *s);
> >>
> >>  /**
> >>   * qemu_chr_be_write:
> >> diff --git a/ui/console.c b/ui/console.c
> >> index 6d2282d3e9..42f04e2b37 100644
> >> --- a/ui/console.c
> >> +++ b/ui/console.c
> >> @@ -61,8 +61,8 @@ enum TTYState {
> >>
> >>  typedef struct QEMUFIFO {
> >>      uint8_t *buf;
> >> -    int buf_size;
> >> -    int count, wptr, rptr;
> >> +    size_t buf_size, count;
> >> +    int wptr, rptr;
> >
> > Only used as non-negative buffer size, ack
> >
> >>  } QEMUFIFO;
> >>
> >>  static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
> >> @@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
> >>  static void kbd_send_chars(void *opaque)
> >>  {
> >>      QemuConsole *s = opaque;
> >> -    int len;
> >> +    size_t len;
> >
> > Only used as non-negative buffer size, ack
> >
> >>      uint8_t buf[16];
> >>
> >>      len = qemu_chr_be_can_write(s->chr);
> >> --
> >> 2.20.1
> >>
> >
> > That was painful, hopefully I didn't miss something...
>
> As is this series and its rebases...
>
> I hope you will still be as willingful to review the follow up series
> (part #2) which is worst.
>
> I felt this is pointless to write the same detailed review you did in
> the commit message, because the reviewer still has to go to each patch
> and verify.


Sure, but it is still better than nothing :) If you systematically
review each change, it doesn't take much more time to write it down.
And if there are issues later on, there would be a short rationale for
it, even if prooved to be wrong/bad.

>
> >
> > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> >
>
> Thanks a lot!
>
> Phil.

Re: [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 12:26 PM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> On 2/20/19 11:40 AM, Marc-André Lureau wrote:
> > Hi
> >
> > On Wed, Feb 20, 2019 at 2:04 AM Philippe Mathieu-Daudé
> > <philmd@redhat.com> wrote:
> >>
> >> In the previous commit we added an assert to be sure than
> >> qemu_chr_be_can_write() will never return a negative value.
> >> We can now change its prototype to return a size_t.
> >> Adapt the backends accordingly.
> >
> > Each variable you change to an unsigned type, we should check it isn't
> > used with negative values.
>
> Fortunately the preprocessor can help here!
>
> Oh I forgot to write down the steps I ran:
>
>   # enable warnings
>   $ configure \
>     --extra-cflags='-Wtype-limits -Wsign-conversion -Wsign-compare' \
>     --disable-werror
>
>   # since there are many sign abuse, build blindly
>   $ make 2>/dev/null
>
>   # now refresh the source we modified
>   $ git diff --name-only origin/master \
>       | egrep \.c\$ \
>       | xargs touch
>
>   # build again and carefully watch the warnings
>   # (there are many unuseful #include warnings, ignore them)
>   $ make
>
> >>
> >> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> >> ---
> >>  chardev/baum.c            | 6 +++---
> >>  chardev/char-fd.c         | 2 +-
> >>  chardev/char-pty.c        | 4 ++--
> >>  chardev/char-socket.c     | 7 ++++---
> >>  chardev/char-udp.c        | 4 ++--
> >>  chardev/char-win.c        | 2 +-
> >>  chardev/char.c            | 2 +-
> >>  chardev/msmouse.c         | 4 ++--
> >>  chardev/spice.c           | 2 +-
> >>  chardev/wctablet.c        | 4 ++--
> >>  hw/bt/hci-csr.c           | 2 +-
> >>  include/chardev/char-fd.h | 2 +-
> >>  include/chardev/char.h    | 2 +-
> >>  ui/console.c              | 6 +++---
> >>  14 files changed, 25 insertions(+), 24 deletions(-)
> >>
> >> diff --git a/chardev/baum.c b/chardev/baum.c
> >> index 78b0c87625..1d69d62158 100644
> >> --- a/chardev/baum.c
> >> +++ b/chardev/baum.c
> >> @@ -265,7 +265,7 @@ static int baum_deferred_init(BaumChardev *baum)
> >>  static void baum_chr_accept_input(struct Chardev *chr)
> >>  {
> >>      BaumChardev *baum = BAUM_CHARDEV(chr);
> >> -    int room, first;
> >> +    size_t room, first;
> >>
> >>      if (!baum->out_buf_used)
> >>          return;
> >> @@ -292,7 +292,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
> >>  {
> >>      Chardev *chr = CHARDEV(baum);
> >>      uint8_t io_buf[1 + 2 * len], *cur = io_buf;
> >> -    int room;
> >> +    size_t room;
> >>      *cur++ = ESC;
> >>      while (len--)
> >>          if ((*cur++ = *buf++) == ESC)
> >> @@ -303,7 +303,7 @@ static void baum_write_packet(BaumChardev *baum, const uint8_t *buf, int len)
> >>          /* Fits */
> >>          qemu_chr_be_write(chr, io_buf, len);
> >>      } else {
> >> -        int first;
> >> +        size_t first;
> >>          uint8_t out;
> >>          /* Can't fit all, send what can be, and store the rest. */
> >>          qemu_chr_be_write(chr, io_buf, room);
> >
> > baum room & first are only used for non-negative capacity values. ack
> >
> >> diff --git a/chardev/char-fd.c b/chardev/char-fd.c
> >> index 2421d8e216..0fe2822869 100644
> >> --- a/chardev/char-fd.c
> >> +++ b/chardev/char-fd.c
> >> @@ -43,7 +43,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> >>  {
> >>      Chardev *chr = CHARDEV(opaque);
> >>      FDChardev *s = FD_CHARDEV(opaque);
> >> -    int len;
> >> +    size_t len;
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      ssize_t ret;
> >>
> >
> > fd len is only used for non-negative buffer size. ack
> >
> >> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> >> index 7777f6ddef..eae25f043b 100644
> >> --- a/chardev/char-pty.c
> >> +++ b/chardev/char-pty.c
> >> @@ -34,7 +34,7 @@
> >>  typedef struct {
> >>      Chardev parent;
> >>      QIOChannel *ioc;
> >> -    int read_bytes;
> >> +    size_t read_bytes;
> >>
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>      int connected;
> >>      GSource *timer_src;
> >> @@ -132,7 +132,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> >>  {
> >>      Chardev *chr = CHARDEV(opaque);
> >>      PtyChardev *s = PTY_CHARDEV(opaque);
> >> -    gsize len;
> >> +    size_t len;
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      ssize_t ret;
> >
> > pty len is only used for non-negative buffer size. ack
> >
> >> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> >> index 262a59b64f..4010c343e0 100644
> >> --- a/chardev/char-socket.c
> >> +++ b/chardev/char-socket.c
> >> @@ -60,7 +60,7 @@ typedef struct {
> >>      GSource *hup_source;
> >>      QCryptoTLSCreds *tls_creds;
> >>      TCPChardevState state;
> >> -    int max_size;
> >> +    size_t max_size;
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>      int do_telnetopt;
> >>      int do_nodelay;
> >>      int *read_msgfds;
> >> @@ -493,10 +493,11 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
> >>      Chardev *chr = CHARDEV(opaque);
> >>      SocketChardev *s = SOCKET_CHARDEV(opaque);
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >> -    int len, size;
> >> +    size_t len;
> >
> > len is only used for non-negative buffer size. ack
> >
> >> +    int size;
> >>
> >>      if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
> >> -        s->max_size <= 0) {
> >> +        s->max_size == 0) {
> >>          return TRUE;
> >>      }
> >>      len = sizeof(buf);
> >> diff --git a/chardev/char-udp.c b/chardev/char-udp.c
> >> index b6e399e983..d4f40626e4 100644
> >> --- a/chardev/char-udp.c
> >> +++ b/chardev/char-udp.c
> >> @@ -39,7 +39,7 @@ typedef struct {
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      int bufcnt;
> >>      int bufptr;
> >> -    int max_size;
> >> +    size_t max_size;
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>  } UdpChardev;
> >>
> >>  #define UDP_CHARDEV(obj) OBJECT_CHECK(UdpChardev, (obj), TYPE_CHARDEV_UDP)
> >> @@ -58,7 +58,7 @@ static void udp_chr_flush_buffer(UdpChardev *s)
> >>      Chardev *chr = CHARDEV(s);
> >>
> >>      while (s->max_size > 0 && s->bufptr < s->bufcnt) {
> >> -        int n = MIN(s->max_size, s->bufcnt - s->bufptr);
> >> +        size_t n = MIN(s->max_size, s->bufcnt - s->bufptr);
> >
> > the while() condition ensures the value will be > 0. ack
> >
> >>          qemu_chr_be_write(chr, &s->buf[s->bufptr], n);
> >>          s->bufptr += n;
> >>          s->max_size = qemu_chr_be_can_write(chr);
> >> diff --git a/chardev/char-win.c b/chardev/char-win.c
> >> index 05518e0958..30361e8852 100644
> >> --- a/chardev/char-win.c
> >> +++ b/chardev/char-win.c
> >> @@ -29,7 +29,7 @@
> >>  static void win_chr_read(Chardev *chr, DWORD len)
> >>  {
> >>      WinChardev *s = WIN_CHARDEV(chr);
> >> -    int max_size = qemu_chr_be_can_write(chr);
> >> +    size_t max_size = qemu_chr_be_can_write(chr);
> >
> > unmodified, ack
> >
> >>      int ret, err;
> >>      uint8_t buf[CHR_READ_BUF_LEN];
> >>      DWORD size;
> >> diff --git a/chardev/char.c b/chardev/char.c
> >> index 71ecd32b25..3149cd3ba9 100644
> >> --- a/chardev/char.c
> >> +++ b/chardev/char.c
> >> @@ -156,7 +156,7 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
> >>      return offset;
> >>  }
> >>
> >> -int qemu_chr_be_can_write(Chardev *s)
> >> +size_t qemu_chr_be_can_write(Chardev *s)
> >>  {
> >>      CharBackend *be = s->be;
> >>      int receivable_bytes;
> >> diff --git a/chardev/msmouse.c b/chardev/msmouse.c
> >> index 0ffd137ce8..cdb6f86037 100644
> >> --- a/chardev/msmouse.c
> >> +++ b/chardev/msmouse.c
> >> @@ -38,7 +38,7 @@ typedef struct {
> >>      bool btns[INPUT_BUTTON__MAX];
> >>      bool btnc[INPUT_BUTTON__MAX];
> >>      uint8_t outbuf[32];
> >> -    int outlen;
> >> +    size_t outlen;
> >
> > outlen is only used as non-negative buffer size, ack
> >
> >>  } MouseChardev;
> >>
> >>  #define TYPE_CHARDEV_MSMOUSE "chardev-msmouse"
> >> @@ -48,7 +48,7 @@ typedef struct {
> >>  static void msmouse_chr_accept_input(Chardev *chr)
> >>  {
> >>      MouseChardev *mouse = MOUSE_CHARDEV(chr);
> >> -    int len;
> >> +    size_t len;
> >>
> >>      len = qemu_chr_be_can_write(chr);
> >
> > same
> >
> >>      if (len > mouse->outlen) {
> >> diff --git a/chardev/spice.c b/chardev/spice.c
> >> index 173c257949..ad180a8a13 100644
> >> --- a/chardev/spice.c
> >> +++ b/chardev/spice.c
> >> @@ -43,7 +43,7 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
> >>      uint8_t* p = (uint8_t*)buf;
> >>
> >>      while (len > 0) {
> >> -        int can_write = qemu_chr_be_can_write(chr);
> >> +        size_t can_write = qemu_chr_be_can_write(chr);
> >
> > unmodified value, ack
> >
> >>          last_out = MIN(len, can_write);
> >>          if (last_out <= 0) {
> >>              break;
> >> diff --git a/chardev/wctablet.c b/chardev/wctablet.c
> >> index cf7a08a363..daae570bc7 100644
> >> --- a/chardev/wctablet.c
> >> +++ b/chardev/wctablet.c
> >> @@ -74,7 +74,7 @@ typedef struct {
> >>
> >>      /* Command to be sent to serial port */
> >>      uint8_t outbuf[WC_OUTPUT_BUF_MAX_LEN];
> >> -    int outlen;
> >> +    size_t outlen;
> >
> > Used as non-negative buffer size only, ack
> >>
> >>      int line_speed;
> >>      bool send_events;
> >> @@ -186,7 +186,7 @@ static QemuInputHandler wctablet_handler = {
> >>  static void wctablet_chr_accept_input(Chardev *chr)
> >>  {
> >>      TabletChardev *tablet = WCTABLET_CHARDEV(chr);
> >> -    int len, canWrite;
> >> +    size_t len, canWrite;
> >
> > Used as non-negative buffer size only, ack
> >
> >>
> >>      canWrite = qemu_chr_be_can_write(chr);
> >>      len = canWrite;
> >> diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
> >> index fa6660a113..e837a3fa1f 100644
> >> --- a/hw/bt/hci-csr.c
> >> +++ b/hw/bt/hci-csr.c
> >> @@ -38,7 +38,7 @@ struct csrhci_s {
> >>  #define FIFO_LEN       4096
> >>      int out_start;
> >>      int out_len;
> >> -    int out_size;
> >> +    size_t out_size;
> >
> > Used as non-negative buffer size only, ack
> >
> >>      uint8_t outfifo[FIFO_LEN * 2];
> >>      uint8_t inpkt[FIFO_LEN];
> >>      enum {
> >> diff --git a/include/chardev/char-fd.h b/include/chardev/char-fd.h
> >> index e7c2b176f9..36c6b89cee 100644
> >> --- a/include/chardev/char-fd.h
> >> +++ b/include/chardev/char-fd.h
> >> @@ -31,7 +31,7 @@ typedef struct FDChardev {
> >>      Chardev parent;
> >>
> >>      QIOChannel *ioc_in, *ioc_out;
> >> -    int max_size;
> >> +    size_t max_size;
> >
> > Only set with values returned from qemu_chr_be_can_write(), ack
> >
> >>  } FDChardev;
> >>
> >>  #define TYPE_CHARDEV_FD "chardev-fd"
> >> diff --git a/include/chardev/char.h b/include/chardev/char.h
> >> index c0b57f7685..0341dd1ba2 100644
> >> --- a/include/chardev/char.h
> >> +++ b/include/chardev/char.h
> >> @@ -173,7 +173,7 @@ Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
> >>   *
> >>   * Returns: the number of bytes the front end can receive via @qemu_chr_be_write
> >>   */
> >> -int qemu_chr_be_can_write(Chardev *s);
> >> +size_t qemu_chr_be_can_write(Chardev *s);
> >>
> >>  /**
> >>   * qemu_chr_be_write:
> >> diff --git a/ui/console.c b/ui/console.c
> >> index 6d2282d3e9..42f04e2b37 100644
> >> --- a/ui/console.c
> >> +++ b/ui/console.c
> >> @@ -61,8 +61,8 @@ enum TTYState {
> >>
> >>  typedef struct QEMUFIFO {
> >>      uint8_t *buf;
> >> -    int buf_size;
> >> -    int count, wptr, rptr;
> >> +    size_t buf_size, count;
> >> +    int wptr, rptr;
> >
> > Only used as non-negative buffer size, ack
> >
> >>  } QEMUFIFO;
> >>
> >>  static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1)
> >> @@ -1110,7 +1110,7 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len)
> >>  static void kbd_send_chars(void *opaque)
> >>  {
> >>      QemuConsole *s = opaque;
> >> -    int len;
> >> +    size_t len;
> >
> > Only used as non-negative buffer size, ack
> >
> >>      uint8_t buf[16];
> >>
> >>      len = qemu_chr_be_can_write(s->chr);
> >> --
> >> 2.20.1
> >>
> >
> > That was painful, hopefully I didn't miss something...
>
> As is this series and its rebases...
>
> I hope you will still be as willingful to review the follow up series
> (part #2) which is worst.
>
> I felt this is pointless to write the same detailed review you did in
> the commit message, because the reviewer still has to go to each patch
> and verify.


Sure, but it is still better than nothing :) If you systematically
review each change, it doesn't take much more time to write it down.
And if there are issues later on, there would be a short rationale for
it, even if prooved to be wrong/bad.

>
> >
> > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> >
>
> Thanks a lot!
>
> Phil.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:08 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> A througfull audit show that all time data is added to outbuf[],

througfull? :) thorough?

> 'outlen' is incremented. Then at creation and each time
> continue_send() returns it pass thru check_reset which resets
> 'outpos', thus we always have 'outlen >= outpos'.
> Also due to the check on entry, we know outlen != 0.
> We can then add an assertion on 'outlen > outpos', which will

hmm, I think you could assert 'outlen >= outpos' only. I don't buy
your argument about 'outlen > outpos' (because outlen != 0?)

> helps the next patch to safely convert 'outlen - outpos' as an
> unsigned type (size_t).
>
> Make this assertion explicit by casting 'outlen - outpos' size_t.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/ipmi/ipmi_bmc_extern.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
> index bf0b7ee0f5..ca61b04942 100644
> --- a/hw/ipmi/ipmi_bmc_extern.c
> +++ b/hw/ipmi/ipmi_bmc_extern.c
> @@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
>          goto check_reset;
>      }
>   send:
> +    assert(ibe->outlen > ibe->outpos);
>      ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
> -                            ibe->outlen - ibe->outpos);
> +                            (size_t)(ibe->outlen - ibe->outpos));
>      if (ret > 0) {
>          ibe->outpos += ret;
>      }
> --
> 2.20.1
>

Re: [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos

[Marc-André Lureau]

Hi

On Wed, Feb 20, 2019 at 2:08 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> A througfull audit show that all time data is added to outbuf[],

througfull? :) thorough?

> 'outlen' is incremented. Then at creation and each time
> continue_send() returns it pass thru check_reset which resets
> 'outpos', thus we always have 'outlen >= outpos'.
> Also due to the check on entry, we know outlen != 0.
> We can then add an assertion on 'outlen > outpos', which will

hmm, I think you could assert 'outlen >= outpos' only. I don't buy
your argument about 'outlen > outpos' (because outlen != 0?)

> helps the next patch to safely convert 'outlen - outpos' as an
> unsigned type (size_t).
>
> Make this assertion explicit by casting 'outlen - outpos' size_t.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/ipmi/ipmi_bmc_extern.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
> index bf0b7ee0f5..ca61b04942 100644
> --- a/hw/ipmi/ipmi_bmc_extern.c
> +++ b/hw/ipmi/ipmi_bmc_extern.c
> @@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
>          goto check_reset;
>      }
>   send:
> +    assert(ibe->outlen > ibe->outpos);
>      ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
> -                            ibe->outlen - ibe->outpos);
> +                            (size_t)(ibe->outlen - ibe->outpos));
>      if (ret > 0) {
>          ibe->outpos += ret;
>      }
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos

[Corey Minyard]

On Wed, Feb 20, 2019 at 02:02:30AM +0100, Philippe Mathieu-Daudé wrote:
> A througfull audit show that all time data is added to outbuf[],
> 'outlen' is incremented.  Then at creation and each time
> continue_send() returns it pass thru check_reset which resets
> 'outpos', thus we always have 'outlen >= outpos'.

Perhaps: "A thorough audit shows that outlen is always incremented
when data is always added to outbuf[].  Then at creation and each
time continus_send() returns it assures if outpos reaches outlen,
both values are reset to zero, except in the case of sending
a reset where a new command is added."

This is certainly the design intent, thank you for the thorough
audit.

> Also due to the check on entry, we know outlen != 0.
> We can then add an assertion on 'outlen > outpos', which will
> helps the next patch to safely convert 'outlen - outpos' as an

I was a little confused by "next patch", there is no following
patch in the series for this.  Maybe "next part of the patch"?

> unsigned type (size_t).
> 
> Make this assertion explicit by casting 'outlen - outpos' size_t.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Outside of the minor grammer issues, this looks good.  I have
noticed the inconsistent signed/unsigned usage in qemu and IMHO
it's likely to lead to very bad bugs at some point.  There have
been studies that show that unsigned values tend to be more
buggy in usage due to underflows, but for a length value that
will eventually be converted to an unsigned value, what is
here is better, I think.

Both outpos and outlen are unsigned, so the size_t() cast is
not really necessary, but I guess it makes it clear.

Reviewed-by: Corey Minyard <cminyard@mvista.com>

> ---
>  hw/ipmi/ipmi_bmc_extern.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
> index bf0b7ee0f5..ca61b04942 100644
> --- a/hw/ipmi/ipmi_bmc_extern.c
> +++ b/hw/ipmi/ipmi_bmc_extern.c
> @@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
>          goto check_reset;
>      }
>   send:
> +    assert(ibe->outlen > ibe->outpos);
>      ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
> -                            ibe->outlen - ibe->outpos);
> +                            (size_t)(ibe->outlen - ibe->outpos));
>      if (ret > 0) {
>          ibe->outpos += ret;
>      }
> -- 
> 2.20.1
> 

Re: [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos

[Corey Minyard]

On Wed, Feb 20, 2019 at 02:02:30AM +0100, Philippe Mathieu-Daudé wrote:
> A througfull audit show that all time data is added to outbuf[],
> 'outlen' is incremented.  Then at creation and each time
> continue_send() returns it pass thru check_reset which resets
> 'outpos', thus we always have 'outlen >= outpos'.

Perhaps: "A thorough audit shows that outlen is always incremented
when data is always added to outbuf[].  Then at creation and each
time continus_send() returns it assures if outpos reaches outlen,
both values are reset to zero, except in the case of sending
a reset where a new command is added."

This is certainly the design intent, thank you for the thorough
audit.

> Also due to the check on entry, we know outlen != 0.
> We can then add an assertion on 'outlen > outpos', which will
> helps the next patch to safely convert 'outlen - outpos' as an

I was a little confused by "next patch", there is no following
patch in the series for this.  Maybe "next part of the patch"?

> unsigned type (size_t).
> 
> Make this assertion explicit by casting 'outlen - outpos' size_t.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Outside of the minor grammer issues, this looks good.  I have
noticed the inconsistent signed/unsigned usage in qemu and IMHO
it's likely to lead to very bad bugs at some point.  There have
been studies that show that unsigned values tend to be more
buggy in usage due to underflows, but for a length value that
will eventually be converted to an unsigned value, what is
here is better, I think.

Both outpos and outlen are unsigned, so the size_t() cast is
not really necessary, but I guess it makes it clear.

Reviewed-by: Corey Minyard <cminyard@mvista.com>

> ---
>  hw/ipmi/ipmi_bmc_extern.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
> index bf0b7ee0f5..ca61b04942 100644
> --- a/hw/ipmi/ipmi_bmc_extern.c
> +++ b/hw/ipmi/ipmi_bmc_extern.c
> @@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
>          goto check_reset;
>      }
>   send:
> +    assert(ibe->outlen > ibe->outpos);
>      ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
> -                            ibe->outlen - ibe->outpos);
> +                            (size_t)(ibe->outlen - ibe->outpos));
>      if (ret > 0) {
>          ibe->outpos += ret;
>      }
> -- 
> 2.20.1
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 24/25] chardev: Let qemu_chr_fe_write[_all] use size_t type argument

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:08 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> All caller have been audited and call these functions with
> unsigned arguments.
>
> Most of them use a size_t argument, or directly pass sizeof().
>
> One case is unclear: the mux_chr_write() call in chardev/char-mux.c.
> There we add an assert (which will be removed in few patches) and
> cast the parameter as size_t to make explicit this value is unsigned.

mux_chr_write() is called indirectly from qemu_chr_fe_write(), so the
same argument applies here. Fine with or without the assert().

>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/char-fe.c         | 4 ++--
>  chardev/char-mux.c        | 3 ++-
>  include/chardev/char-fe.h | 4 ++--
>  3 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/chardev/char-fe.c b/chardev/char-fe.c
> index f3530a90e6..ab2a01709d 100644
> --- a/chardev/char-fe.c
> +++ b/chardev/char-fe.c
> @@ -31,7 +31,7 @@
>  #include "chardev/char-io.h"
>  #include "chardev/char-mux.h"
>
> -int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
> +int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len)
>  {
>      Chardev *s = be->chr;
>
> @@ -42,7 +42,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
>      return qemu_chr_write(s, buf, len, false);
>  }
>
> -int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len)
> +int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len)
>  {
>      Chardev *s = be->chr;
>
> diff --git a/chardev/char-mux.c b/chardev/char-mux.c
> index 23aa82125d..7a3ff21db4 100644
> --- a/chardev/char-mux.c
> +++ b/chardev/char-mux.c
> @@ -38,7 +38,8 @@ static int mux_chr_write(Chardev *chr, const uint8_t *buf, int len)
>      MuxChardev *d = MUX_CHARDEV(chr);
>      int ret;
>      if (!d->timestamps) {
> -        ret = qemu_chr_fe_write(&d->chr, buf, len);
> +        assert(len >= 0);
> +        ret = qemu_chr_fe_write(&d->chr, buf, (size_t)len);
>      } else {
>          int i;
>
> diff --git a/include/chardev/char-fe.h b/include/chardev/char-fe.h
> index aa1b864ccd..5fb2c2e7ec 100644
> --- a/include/chardev/char-fe.h
> +++ b/include/chardev/char-fe.h
> @@ -203,7 +203,7 @@ guint qemu_chr_fe_add_watch(CharBackend *be, GIOCondition cond,
>   *
>   * Returns: the number of bytes consumed (0 if no associated Chardev)
>   */
> -int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
> +int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len);
>
>  /**
>   * qemu_chr_fe_write_all:
> @@ -217,7 +217,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
>   *
>   * Returns: the number of bytes consumed (0 if no associated Chardev)
>   */
> -int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len);
> +int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len);
>
>  /**
>   * qemu_chr_fe_read_all:
> --
> 2.20.1
>

Re: [PATCH v3 24/25] chardev: Let qemu_chr_fe_write[_all] use size_t type argument

[Marc-André Lureau]

On Wed, Feb 20, 2019 at 2:08 AM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> All caller have been audited and call these functions with
> unsigned arguments.
>
> Most of them use a size_t argument, or directly pass sizeof().
>
> One case is unclear: the mux_chr_write() call in chardev/char-mux.c.
> There we add an assert (which will be removed in few patches) and
> cast the parameter as size_t to make explicit this value is unsigned.

mux_chr_write() is called indirectly from qemu_chr_fe_write(), so the
same argument applies here. Fine with or without the assert().

>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/char-fe.c         | 4 ++--
>  chardev/char-mux.c        | 3 ++-
>  include/chardev/char-fe.h | 4 ++--
>  3 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/chardev/char-fe.c b/chardev/char-fe.c
> index f3530a90e6..ab2a01709d 100644
> --- a/chardev/char-fe.c
> +++ b/chardev/char-fe.c
> @@ -31,7 +31,7 @@
>  #include "chardev/char-io.h"
>  #include "chardev/char-mux.h"
>
> -int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
> +int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len)
>  {
>      Chardev *s = be->chr;
>
> @@ -42,7 +42,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
>      return qemu_chr_write(s, buf, len, false);
>  }
>
> -int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len)
> +int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len)
>  {
>      Chardev *s = be->chr;
>
> diff --git a/chardev/char-mux.c b/chardev/char-mux.c
> index 23aa82125d..7a3ff21db4 100644
> --- a/chardev/char-mux.c
> +++ b/chardev/char-mux.c
> @@ -38,7 +38,8 @@ static int mux_chr_write(Chardev *chr, const uint8_t *buf, int len)
>      MuxChardev *d = MUX_CHARDEV(chr);
>      int ret;
>      if (!d->timestamps) {
> -        ret = qemu_chr_fe_write(&d->chr, buf, len);
> +        assert(len >= 0);
> +        ret = qemu_chr_fe_write(&d->chr, buf, (size_t)len);
>      } else {
>          int i;
>
> diff --git a/include/chardev/char-fe.h b/include/chardev/char-fe.h
> index aa1b864ccd..5fb2c2e7ec 100644
> --- a/include/chardev/char-fe.h
> +++ b/include/chardev/char-fe.h
> @@ -203,7 +203,7 @@ guint qemu_chr_fe_add_watch(CharBackend *be, GIOCondition cond,
>   *
>   * Returns: the number of bytes consumed (0 if no associated Chardev)
>   */
> -int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
> +int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, size_t len);
>
>  /**
>   * qemu_chr_fe_write_all:
> @@ -217,7 +217,7 @@ int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len);
>   *
>   * Returns: the number of bytes consumed (0 if no associated Chardev)
>   */
> -int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len);
> +int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, size_t len);
>
>  /**
>   * qemu_chr_fe_read_all:
> --
> 2.20.1
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Eric Blake]

On 2/20/19 5:30 AM, Daniel P. Berrangé wrote:

>> Since Paolo you suggested the change, could you give some convincing
>> arguments that it's worth taking the plunge?
> 
> The chardev write/read methods will end up calling libc read/write
> methods, whose parameters are "size_t count".

In my mind, that's the convincing reason. We should model our read/write
after the libc read/write, which means size_t input and ssize_t returns.

> 
> Thus if there is QEMU code that could currently (mistakenly) pass a
> negative value for length to qemu_chr_write, unless something stops
> it, this is going to be cast to a size_t when we finally call read/
> write on the FD, leading to a large positive value & array out of
> bounds read/write. 
> 
> IOW we already have inconsistent use of signed vs unsigned in our code
> which has potential to cause bugs. Converting chardev to use size_t
> we get rid fo the mismatch with the underlying libc APIs we call,
> which ultimately eliminates an area of risk longer term. There is a
> chance it could uncover some pre-existing dormant bugs, but provided
> we do due diligence to check callers I think its a win to be consistent
> with libc APIs in size_t usage for read/write.

And hopefully this exercise of making the conversion serves as a good
audit to help us gain confidence in our code and/or fix bugs it uncovers.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument

[Eric Blake]

On 2/20/19 5:30 AM, Daniel P. Berrangé wrote:

>> Since Paolo you suggested the change, could you give some convincing
>> arguments that it's worth taking the plunge?
> 
> The chardev write/read methods will end up calling libc read/write
> methods, whose parameters are "size_t count".

In my mind, that's the convincing reason. We should model our read/write
after the libc read/write, which means size_t input and ssize_t returns.

> 
> Thus if there is QEMU code that could currently (mistakenly) pass a
> negative value for length to qemu_chr_write, unless something stops
> it, this is going to be cast to a size_t when we finally call read/
> write on the FD, leading to a large positive value & array out of
> bounds read/write. 
> 
> IOW we already have inconsistent use of signed vs unsigned in our code
> which has potential to cause bugs. Converting chardev to use size_t
> we get rid fo the mismatch with the underlying libc APIs we call,
> which ultimately eliminates an area of risk longer term. There is a
> chance it could uncover some pre-existing dormant bugs, but provided
> we do due diligence to check callers I think its a win to be consistent
> with libc APIs in size_t usage for read/write.

And hopefully this exercise of making the conversion serves as a good
audit to help us gain confidence in our code and/or fix bugs it uncovers.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument

[Paul Durrant]

> -----Original Message-----
> From: Philippe Mathieu-Daudé [mailto:philmd@redhat.com]
> Sent: 20 February 2019 01:02
> To: qemu-devel@nongnu.org; Prasad J Pandit <pjp@fedoraproject.org>; Marc-
> André Lureau <marcandre.lureau@redhat.com>; Paolo Bonzini
> <pbonzini@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>; Anthony Perard
> <anthony.perard@citrix.com>; qemu-ppc@nongnu.org; Stefan Berger
> <stefanb@linux.ibm.com>; David Gibson <david@gibson.dropbear.id.au>; Gerd
> Hoffmann <kraxel@redhat.com>; Zhang Chen <zhangckid@gmail.com>; xen-
> devel@lists.xenproject.org; Cornelia Huck <cohuck@redhat.com>; Samuel
> Thibault <samuel.thibault@ens-lyon.org>; Christian Borntraeger
> <borntraeger@de.ibm.com>; Amit Shah <amit@kernel.org>; Li Zhijian
> <lizhijian@cn.fujitsu.com>; Corey Minyard <minyard@acm.org>; Michael S.
> Tsirkin <mst@redhat.com>; Paul Durrant <Paul.Durrant@citrix.com>; Halil
> Pasic <pasic@linux.ibm.com>; Stefano Stabellini <sstabellini@kernel.org>;
> qemu-s390x@nongnu.org; Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>;
> Philippe Mathieu-Daudé <philmd@redhat.com>
> Subject: [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument
> 
> The single caller of xencons_send(), con_event() already use the
> difference 'con->buffer.size - con->buffer.consumed'.
> Deduplicate by passing the difference as an argument.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/xen_console.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 91f34ef06c..083b2c8e2a 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -144,11 +144,10 @@ static void xencons_receive(void *opaque, const
> uint8_t *buf, int len)
>      xen_pv_send_notify(&con->xendev);
>  }
> 
> -static void xencons_send(struct XenConsole *con)
> +static void xencons_send(struct XenConsole *con, ssize_t size)
>  {
> -    ssize_t len, size;
> +    ssize_t len;
> 
> -    size = con->buffer.size - con->buffer.consumed;
>      if (qemu_chr_fe_backend_connected(&con->chr)) {
>          len = qemu_chr_fe_write(&con->chr,
>                                  con->buffer.data + con->buffer.consumed,
> @@ -280,10 +279,13 @@ static void con_disconnect(struct XenLegacyDevice
> *xendev)
>  static void con_event(struct XenLegacyDevice *xendev)
>  {
>      struct XenConsole *con = container_of(xendev, struct XenConsole,
> xendev);
> +    ssize_t size;
> 
>      buffer_append(con);
> -    if (con->buffer.size - con->buffer.consumed)
> -        xencons_send(con);
> +    size = con->buffer.size - con->buffer.consumed;
> +    if (size) {
> +        xencons_send(con, size);
> +    }

You introduce this here, only to modify it in patch #12. Why not squash the two together?

  Paul

>  }
> 
>  /* --------------------------------------------------------------------
> */
> --
> 2.20.1

Re: [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument

[Paul Durrant]

> -----Original Message-----
> From: Philippe Mathieu-Daudé [mailto:philmd@redhat.com]
> Sent: 20 February 2019 01:02
> To: qemu-devel@nongnu.org; Prasad J Pandit <pjp@fedoraproject.org>; Marc-
> André Lureau <marcandre.lureau@redhat.com>; Paolo Bonzini
> <pbonzini@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>; Anthony Perard
> <anthony.perard@citrix.com>; qemu-ppc@nongnu.org; Stefan Berger
> <stefanb@linux.ibm.com>; David Gibson <david@gibson.dropbear.id.au>; Gerd
> Hoffmann <kraxel@redhat.com>; Zhang Chen <zhangckid@gmail.com>; xen-
> devel@lists.xenproject.org; Cornelia Huck <cohuck@redhat.com>; Samuel
> Thibault <samuel.thibault@ens-lyon.org>; Christian Borntraeger
> <borntraeger@de.ibm.com>; Amit Shah <amit@kernel.org>; Li Zhijian
> <lizhijian@cn.fujitsu.com>; Corey Minyard <minyard@acm.org>; Michael S.
> Tsirkin <mst@redhat.com>; Paul Durrant <Paul.Durrant@citrix.com>; Halil
> Pasic <pasic@linux.ibm.com>; Stefano Stabellini <sstabellini@kernel.org>;
> qemu-s390x@nongnu.org; Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>;
> Philippe Mathieu-Daudé <philmd@redhat.com>
> Subject: [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument
> 
> The single caller of xencons_send(), con_event() already use the
> difference 'con->buffer.size - con->buffer.consumed'.
> Deduplicate by passing the difference as an argument.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/xen_console.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 91f34ef06c..083b2c8e2a 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -144,11 +144,10 @@ static void xencons_receive(void *opaque, const
> uint8_t *buf, int len)
>      xen_pv_send_notify(&con->xendev);
>  }
> 
> -static void xencons_send(struct XenConsole *con)
> +static void xencons_send(struct XenConsole *con, ssize_t size)
>  {
> -    ssize_t len, size;
> +    ssize_t len;
> 
> -    size = con->buffer.size - con->buffer.consumed;
>      if (qemu_chr_fe_backend_connected(&con->chr)) {
>          len = qemu_chr_fe_write(&con->chr,
>                                  con->buffer.data + con->buffer.consumed,
> @@ -280,10 +279,13 @@ static void con_disconnect(struct XenLegacyDevice
> *xendev)
>  static void con_event(struct XenLegacyDevice *xendev)
>  {
>      struct XenConsole *con = container_of(xendev, struct XenConsole,
> xendev);
> +    ssize_t size;
> 
>      buffer_append(con);
> -    if (con->buffer.size - con->buffer.consumed)
> -        xencons_send(con);
> +    size = con->buffer.size - con->buffer.consumed;
> +    if (size) {
> +        xencons_send(con, size);
> +    }

You introduce this here, only to modify it in patch #12. Why not squash the two together?

  Paul

>  }
> 
>  /* --------------------------------------------------------------------
> */
> --
> 2.20.1

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [RFC PATCH v3 13/25] xen: Let buffer_append() return a size_t

[Paul Durrant]

> -----Original Message-----
> From: Philippe Mathieu-Daudé [mailto:philmd@redhat.com]
> Sent: 20 February 2019 01:02
> To: qemu-devel@nongnu.org; Prasad J Pandit <pjp@fedoraproject.org>; Marc-
> André Lureau <marcandre.lureau@redhat.com>; Paolo Bonzini
> <pbonzini@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>; Anthony Perard
> <anthony.perard@citrix.com>; qemu-ppc@nongnu.org; Stefan Berger
> <stefanb@linux.ibm.com>; David Gibson <david@gibson.dropbear.id.au>; Gerd
> Hoffmann <kraxel@redhat.com>; Zhang Chen <zhangckid@gmail.com>; xen-
> devel@lists.xenproject.org; Cornelia Huck <cohuck@redhat.com>; Samuel
> Thibault <samuel.thibault@ens-lyon.org>; Christian Borntraeger
> <borntraeger@de.ibm.com>; Amit Shah <amit@kernel.org>; Li Zhijian
> <lizhijian@cn.fujitsu.com>; Corey Minyard <minyard@acm.org>; Michael S.
> Tsirkin <mst@redhat.com>; Paul Durrant <Paul.Durrant@citrix.com>; Halil
> Pasic <pasic@linux.ibm.com>; Stefano Stabellini <sstabellini@kernel.org>;
> qemu-s390x@nongnu.org; Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>;
> Philippe Mathieu-Daudé <philmd@redhat.com>
> Subject: [RFC PATCH v3 13/25] xen: Let buffer_append() return a size_t
> 
> To the Xen team: this is not trivial to me to demonstrate
> this assertion can never happen, but then the whole series
> is justified and I can convert qemu_chr_fe_write() to use
> size_t argument.
> Can you help me here?

I'm not particularly familiar with this bit of code but I can try...

> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/xen_console.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 1a30014a11..5b672a5a24 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -92,6 +92,7 @@ static ssize_t buffer_append(struct XenConsole *con)
>      }
> 
>   out:
> +    assert(buffer->size >= buffer->consumed);
>      return buffer->size - buffer->consumed;

I think this assertion is reasonable as:

- buffer_advance() appears to hit a termination condition when buffer->consumed == buffer->size. (Nothing checks for overflow which is bad, but that fact also lends weight to the assertion that consumed > size is a bug).
- if buffer->size ever exceeds buffer->max_capacity then both size and consumed are re-calculated such that consumed <= size.

  Paul

>  }
> 
> --
> 2.20.1

Re: [RFC PATCH v3 13/25] xen: Let buffer_append() return a size_t

[Paul Durrant]

> -----Original Message-----
> From: Philippe Mathieu-Daudé [mailto:philmd@redhat.com]
> Sent: 20 February 2019 01:02
> To: qemu-devel@nongnu.org; Prasad J Pandit <pjp@fedoraproject.org>; Marc-
> André Lureau <marcandre.lureau@redhat.com>; Paolo Bonzini
> <pbonzini@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>; Anthony Perard
> <anthony.perard@citrix.com>; qemu-ppc@nongnu.org; Stefan Berger
> <stefanb@linux.ibm.com>; David Gibson <david@gibson.dropbear.id.au>; Gerd
> Hoffmann <kraxel@redhat.com>; Zhang Chen <zhangckid@gmail.com>; xen-
> devel@lists.xenproject.org; Cornelia Huck <cohuck@redhat.com>; Samuel
> Thibault <samuel.thibault@ens-lyon.org>; Christian Borntraeger
> <borntraeger@de.ibm.com>; Amit Shah <amit@kernel.org>; Li Zhijian
> <lizhijian@cn.fujitsu.com>; Corey Minyard <minyard@acm.org>; Michael S.
> Tsirkin <mst@redhat.com>; Paul Durrant <Paul.Durrant@citrix.com>; Halil
> Pasic <pasic@linux.ibm.com>; Stefano Stabellini <sstabellini@kernel.org>;
> qemu-s390x@nongnu.org; Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>;
> Philippe Mathieu-Daudé <philmd@redhat.com>
> Subject: [RFC PATCH v3 13/25] xen: Let buffer_append() return a size_t
> 
> To the Xen team: this is not trivial to me to demonstrate
> this assertion can never happen, but then the whole series
> is justified and I can convert qemu_chr_fe_write() to use
> size_t argument.
> Can you help me here?

I'm not particularly familiar with this bit of code but I can try...

> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/char/xen_console.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
> index 1a30014a11..5b672a5a24 100644
> --- a/hw/char/xen_console.c
> +++ b/hw/char/xen_console.c
> @@ -92,6 +92,7 @@ static ssize_t buffer_append(struct XenConsole *con)
>      }
> 
>   out:
> +    assert(buffer->size >= buffer->consumed);
>      return buffer->size - buffer->consumed;

I think this assertion is reasonable as:

- buffer_advance() appears to hit a termination condition when buffer->consumed == buffer->size. (Nothing checks for overflow which is bad, but that fact also lends weight to the assertion that consumed > size is a bug).
- if buffer->size ever exceeds buffer->max_capacity then both size and consumed are re-calculated such that consumed <= size.

  Paul

>  }
> 
> --
> 2.20.1

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Philippe Mathieu-Daudé]

On 2/20/19 12:13 PM, Philippe Mathieu-Daudé wrote:
> On 2/20/19 11:03 AM, Marc-André Lureau wrote:
>> Hi
>>
>> On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
>> <philmd@redhat.com> wrote:
>>>
>>> The backend should not return a negative length to read.
>>> We will later change the prototype of IOCanReadHandler to return an
>>> unsigned length. Meanwhile make sure the return length is positive.
>>>
>>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
>> In such patch, you should do extensive review of existing callbacks,
>> or find a convincing argument that this can't break.
> 
> Argh I missed that.
> 
>> The problem is there are a lot of can_read callbacks, and it's not
>> trivial. The *first* of git-grep is rng_egd_chr_can_read()
>>
>>  57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
>>  58         size += req->size - req->offset;
>>  59     }
>>  60
>>  61     return size;
>>
>> Clearly not obvious if it returns >= 0.
>>
>> Another approach is to look at the caller and the return value
>> handling. If none handle negative values (or would have wrong
>> behaviour with negative values), the assert() is perhaps justified, as
>> it could prevent from doing more harm.
> 
> I'll go and audit all of them.

Actually I already did the work, but it is in the part #2 after this
series, as suggested by Paolo:

https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html

I'll simply cherry-pick the commit from series #2 before this patch.

Thanks,

Phil.

>>> ---
>>>  chardev/char.c | 5 ++++-
>>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/chardev/char.c b/chardev/char.c
>>> index f6d61fa5f8..71ecd32b25 100644
>>> --- a/chardev/char.c
>>> +++ b/chardev/char.c
>>> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>>>  int qemu_chr_be_can_write(Chardev *s)
>>>  {
>>>      CharBackend *be = s->be;
>>> +    int receivable_bytes;
>>>
>>>      if (!be || !be->chr_can_read) {
>>>          return 0;
>>>      }
>>>
>>> -    return be->chr_can_read(be->opaque);
>>> +    receivable_bytes = be->chr_can_read(be->opaque);
>>> +    assert(receivable_bytes >= 0);
>>> +    return receivable_bytes;
>>>  }
>>>
>>>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
>>> --
>>> 2.20.1
>>>

Re: [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

[Philippe Mathieu-Daudé]

On 2/20/19 12:13 PM, Philippe Mathieu-Daudé wrote:
> On 2/20/19 11:03 AM, Marc-André Lureau wrote:
>> Hi
>>
>> On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
>> <philmd@redhat.com> wrote:
>>>
>>> The backend should not return a negative length to read.
>>> We will later change the prototype of IOCanReadHandler to return an
>>> unsigned length. Meanwhile make sure the return length is positive.
>>>
>>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
>> In such patch, you should do extensive review of existing callbacks,
>> or find a convincing argument that this can't break.
> 
> Argh I missed that.
> 
>> The problem is there are a lot of can_read callbacks, and it's not
>> trivial. The *first* of git-grep is rng_egd_chr_can_read()
>>
>>  57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
>>  58         size += req->size - req->offset;
>>  59     }
>>  60
>>  61     return size;
>>
>> Clearly not obvious if it returns >= 0.
>>
>> Another approach is to look at the caller and the return value
>> handling. If none handle negative values (or would have wrong
>> behaviour with negative values), the assert() is perhaps justified, as
>> it could prevent from doing more harm.
> 
> I'll go and audit all of them.

Actually I already did the work, but it is in the part #2 after this
series, as suggested by Paolo:

https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html

I'll simply cherry-pick the commit from series #2 before this patch.

Thanks,

Phil.

>>> ---
>>>  chardev/char.c | 5 ++++-
>>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/chardev/char.c b/chardev/char.c
>>> index f6d61fa5f8..71ecd32b25 100644
>>> --- a/chardev/char.c
>>> +++ b/chardev/char.c
>>> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int len, bool write_all)
>>>  int qemu_chr_be_can_write(Chardev *s)
>>>  {
>>>      CharBackend *be = s->be;
>>> +    int receivable_bytes;
>>>
>>>      if (!be || !be->chr_can_read) {
>>>          return 0;
>>>      }
>>>
>>> -    return be->chr_can_read(be->opaque);
>>> +    receivable_bytes = be->chr_can_read(be->opaque);
>>> +    assert(receivable_bytes >= 0);
>>> +    return receivable_bytes;
>>>  }
>>>
>>>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
>>> --
>>> 2.20.1
>>>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v3 20/25] s390x/sclp: Use a const variable to improve readability

[Philippe Mathieu-Daudé]

On 2/20/19 11:53 AM, Cornelia Huck wrote:
> On Wed, 20 Feb 2019 02:02:27 +0100
> Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
> 
>> We will reuse this variable in the next patch.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  hw/char/sclpconsole-lm.c | 7 ++++---
>>  1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
>> index dbc91a1e5b..49543e2c83 100644
>> --- a/hw/char/sclpconsole-lm.c
>> +++ b/hw/char/sclpconsole-lm.c
>> @@ -210,13 +210,14 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
>>      int rc;
>>      int len;
>>      uint8_t buffer[SIZE_BUFFER];
>> -
>> -    len = be16_to_cpu(mdbo->length);
>> -    len -= sizeof(mdbo->length) + sizeof(mdbo->type)
>> +    const size_t hlen = sizeof(mdbo->length)
>> +            + sizeof(mdbo->type)
>>              + sizeof(mdbo->mto.line_type_flags)
>>              + sizeof(mdbo->mto.alarm_control)
>>              + sizeof(mdbo->mto._reserved);
>>  
>> +    len = be16_to_cpu(mdbo->length);
>> +    len -= hlen;
>>      assert(len <= SIZE_BUFFER);
>>  
>>      /* convert EBCDIC SCLP contents to ASCII console message */
> 
> I'd probably merge this with the next patch, though.

The context is easier to review in 2 different patches IMHO.

> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
> 

Thanks!

Phil.

Re: [PATCH v3 20/25] s390x/sclp: Use a const variable to improve readability

[Philippe Mathieu-Daudé]

On 2/20/19 11:53 AM, Cornelia Huck wrote:
> On Wed, 20 Feb 2019 02:02:27 +0100
> Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
> 
>> We will reuse this variable in the next patch.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  hw/char/sclpconsole-lm.c | 7 ++++---
>>  1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
>> index dbc91a1e5b..49543e2c83 100644
>> --- a/hw/char/sclpconsole-lm.c
>> +++ b/hw/char/sclpconsole-lm.c
>> @@ -210,13 +210,14 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo)
>>      int rc;
>>      int len;
>>      uint8_t buffer[SIZE_BUFFER];
>> -
>> -    len = be16_to_cpu(mdbo->length);
>> -    len -= sizeof(mdbo->length) + sizeof(mdbo->type)
>> +    const size_t hlen = sizeof(mdbo->length)
>> +            + sizeof(mdbo->type)
>>              + sizeof(mdbo->mto.line_type_flags)
>>              + sizeof(mdbo->mto.alarm_control)
>>              + sizeof(mdbo->mto._reserved);
>>  
>> +    len = be16_to_cpu(mdbo->length);
>> +    len -= hlen;
>>      assert(len <= SIZE_BUFFER);
>>  
>>      /* convert EBCDIC SCLP contents to ASCII console message */
> 
> I'd probably merge this with the next patch, though.

The context is easier to review in 2 different patches IMHO.

> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
> 

Thanks!

Phil.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel