From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Warner Losh <imp@bsdimp.com>, Peter Maydell <peter.maydell@linaro.org>
Cc: kvm-devel <kvm@vger.kernel.org>, Kyle Evans <kevans@freebsd.org>,
QEMU Developers <qemu-devel@nongnu.org>,
qemu-arm <qemu-arm@nongnu.org>, qemu-ppc <qemu-ppc@nongnu.org>,
Gerd Hoffmann <kraxel@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v2 4/9] bsd-user/syscall: Replace alloca() by g_new()
Date: Thu, 6 May 2021 16:57:37 +0200 [thread overview]
Message-ID: <994028a8-8d62-0355-0343-f721d6f256f6@redhat.com> (raw)
In-Reply-To: <CANCZdfpXjDECHmZq55zP43g32OVhnfjf9W+ERtPMFeDs2MmvXQ@mail.gmail.com>
On 5/6/21 4:48 PM, Warner Losh wrote:
>
>
> On Thu, May 6, 2021 at 8:21 AM Peter Maydell <peter.maydell@linaro.org
> <mailto:peter.maydell@linaro.org>> wrote:
>
> On Thu, 6 May 2021 at 15:17, Warner Losh <imp@bsdimp.com
> <mailto:imp@bsdimp.com>> wrote:
> >
> >
> >
> > On Thu, May 6, 2021, 7:38 AM Philippe Mathieu-Daudé
> <philmd@redhat.com <mailto:philmd@redhat.com>> wrote:
> >>
> >> The ALLOCA(3) man-page mentions its "use is discouraged".
> >>
> >> Replace it by a g_new() call.
> >>
> >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com
> <mailto:philmd@redhat.com>>
> >> ---
> >> bsd-user/syscall.c | 3 +--
> >> 1 file changed, 1 insertion(+), 2 deletions(-)
> >>
> >> diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
> >> index 4abff796c76..dbee0385ceb 100644
> >> --- a/bsd-user/syscall.c
> >> +++ b/bsd-user/syscall.c
> >> @@ -355,9 +355,8 @@ abi_long do_freebsd_syscall(void *cpu_env,
> int num, abi_long arg1,
> >> case TARGET_FREEBSD_NR_writev:
> >> {
> >> int count = arg3;
> >> - struct iovec *vec;
> >> + g_autofree struct iovec *vec = g_new(struct iovec,
> count);
> >
> >
> > Where is this freed?
>
> g_autofree, so it gets freed when it goes out of scope.
> https://developer.gnome.org/glib/stable/glib-Miscellaneous-Macros.html#g-autofree
> <https://developer.gnome.org/glib/stable/glib-Miscellaneous-Macros.html#g-autofree>
>
>
> Ah. I'd missed that feature and annotation... Too many years seeing
> patches like
> this in other projects where a feature like this wasn't there to save
> the day...
>
> This means you can ignore my other message as equally misinformed.
This also shows my commit description is poor.
> > Also, alloca just moves a stack pointer, where malloc has complex
> interactions. Are you sure that's a safe change here?
>
> alloca()ing something with size determined by the guest is
> definitely not safe :-) malloc as part of "handle this syscall"
> is pretty common, at least in linux-user.
>
>
> Well, since this is userland emulation, the normal process boundaries
> will fix that. allocating from
> the heap is little different..., so while unsafe, it's the domain of
> $SOMEONE_ELSE to enforce
> the safety. linux-user has many similar usages for both malloc and
> alloca, and it's ok for the
> same reason.
>
> Doing a quick grep on my blitz[*] branch in the bsd-user fork shows that
> alloca is used almost
> exclusively there. There's 24 calls to alloca in the bsd-user code.
> There's almost no malloc
> calls (7) in that at all outside the image loader: all but one of them
> are confined to sysctl
> emulation with the last one used to keep track of thread state in new
> threads...
> linux-user has a similar profile (20 alloca's and 14 mallocs outside the
> loader),
> but with more mallocs in other paths than just sysctl (which isn't present).
>
> I had no plans on migrating to anything else...
I considered excluding user emulation (both Linux/BSD) by enabling
CFLAGS=-Walloca for everything except user-mode, but Meson doesn't
support adding flags to a specific source set:
https://github.com/mesonbuild/meson/issues/1367#issuecomment-277929767
Q: Is it possible to add a flag to a specific file? I have some
generated code that's freaking the compiler out and I don't
feel like mucking with the generator.
A: We don't support per-file compiler flags by design. It interacts
very poorly with other parts, especially precompiled headers.
The real solution is to fix the generator to not produce garbage.
Obviously this is often not possible so the solution to that is,
as mentioned above, build a static library with the specific
compiler args. This has the added benefit that it makes this
workaround explicit and visible rather than hiding things in
random locations.
Then Paolo suggested to convert all alloca() calls instead.
Regards,
Phil.
next prev parent reply other threads:[~2021-05-06 14:57 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-06 13:37 [PATCH v2 0/9] misc: Replace alloca() by g_malloc() Philippe Mathieu-Daudé
2021-05-06 13:37 ` [PATCH v2 1/9] audio/alsaaudio: Replace ALSA alloca() by malloc() equivalent Philippe Mathieu-Daudé
2021-05-06 13:37 ` [PATCH v2 2/9] backends/tpm: Replace qemu_mutex_lock calls with QEMU_LOCK_GUARD Philippe Mathieu-Daudé
2021-05-06 14:46 ` Stefan Berger
2021-05-06 15:07 ` Christophe de Dinechin
2021-05-06 13:37 ` [PATCH v2 3/9] backends/tpm: Replace g_alloca() by g_malloc() Philippe Mathieu-Daudé
2021-05-06 14:46 ` Stefan Berger
2021-05-06 13:37 ` [PATCH v2 4/9] bsd-user/syscall: Replace alloca() by g_new() Philippe Mathieu-Daudé
[not found] ` <CANCZdfoJWEbPFvZ0605riUfnpVRAeC6Feem5_ahC7FUfO71-AA@mail.gmail.com>
2021-05-06 14:20 ` Peter Maydell
[not found] ` <CANCZdfpXjDECHmZq55zP43g32OVhnfjf9W+ERtPMFeDs2MmvXQ@mail.gmail.com>
2021-05-06 14:57 ` Philippe Mathieu-Daudé [this message]
2021-05-06 14:25 ` Eric Blake
[not found] ` <CANCZdfqW0XTa18F+JxuSnhpictWxVJUsu87c=yAwMp6YT60FMg@mail.gmail.com>
2021-05-06 15:12 ` Eric Blake
[not found] ` <CANCZdfrcv9ZUcBv7z+z3JPCjy0uzzY07VLmC4dqr5r8ba_QPLw@mail.gmail.com>
2021-05-06 15:42 ` Eric Blake
2021-05-06 16:03 ` Peter Maydell
2021-05-06 15:58 ` Peter Maydell
2021-05-06 13:37 ` [PATCH v2 5/9] gdbstub: Constify GdbCmdParseEntry Philippe Mathieu-Daudé
2021-05-06 13:37 ` [PATCH v2 6/9] gdbstub: Only call cmd_parse_params() with non-NULL command schema Philippe Mathieu-Daudé
2021-05-06 19:21 ` Alex Bennée
2021-05-06 13:37 ` [PATCH v2 7/9] gdbstub: Replace alloca() + memset(0) by g_new0() Philippe Mathieu-Daudé
2021-05-06 19:22 ` Alex Bennée
2021-05-06 13:37 ` [PATCH v2 8/9] hw/misc/pca9552: Replace g_newa() by g_new() Philippe Mathieu-Daudé
2021-05-06 13:37 ` [PATCH v2 9/9] target/ppc/kvm: Replace alloca() by g_malloc() Philippe Mathieu-Daudé
2021-05-06 14:45 ` Greg Kurz
2021-05-07 1:05 ` David Gibson
[not found] ` <CANCZdfqiHxQoG+g3bq_KL01yWCHUbF5qxJWN=sD37h7UJFMZ7g@mail.gmail.com>
2021-05-06 14:28 ` [PATCH v2 0/9] misc: " Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=994028a8-8d62-0355-0343-f721d6f256f6@redhat.com \
--to=philmd@redhat.com \
--cc=imp@bsdimp.com \
--cc=kevans@freebsd.org \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).