qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v7 20/26] qapi: Make output visitor return qnull

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH v7 20/26] qapi: Make output visitor return qnull() instead of NULL
Date: Tue, 15 Sep 2015 08:08:52 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 
On 09/15/2015 07:20 AM, Markus Armbruster wrote:

>>>
>>> However, the patch isn't quite right: it messes up the reference
>>> counting.  After about SIZE_MAX visits, the reference counter
>>> overflows, failing the assertion in qnull_destroy_obj().  Because
>>> that's many orders of magnitude more visits of nulls than we expect,
>>> we take this patch despite its flaws, to get the QMP introspection
>>> stuff in without further delay.
>>>
>>> Naturally, we'll have to fix it for real before the release.
>>
>> Do we actually ever get near to SIZE_MAX visits ?

With the rest of the series, qom-get can be used to trigger this code
path. Since that is under user control, a user on a 32-bit platform
could spin in a stupid loop of qom-get to eventually hit the assert.
Not likely to happen.

>> If not, then
>> it would not seem critical to fix before release, as this is
>> just the generator code
> 
> SIZE_MAX visits seem unlikely even when SIZE_MAX is only 2^32-1.  It
> would be fatal, though: QEMU would crash.
> 
> I'll reword to "we'll want to fix it".

Yes, that improved wording is fine. And I think we already have some
idea of what the fix involves (I posted some preliminary analysis, and
Markus will do the actual deep dive); it's just that holding up this
series for the fix isn't the way to handle it.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]