[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] qom: assert integer does not overflow
|
From: |
Michael S. Tsirkin |
|
Subject: |
[PATCH] qom: assert integer does not overflow |
|
Date: |
Fri, 25 Feb 2022 09:10:44 -0500 |
QOM reference counting is not designed with an infinite amount of
references in mind, trying to take a reference in a loop will overflow
the integer. We will then eventually assert when dereferencing, but the
real problem is in object_ref so let's assert there to make such issues
cleaner and easier to debug.
Some micro-benchmarking shows using fetch and add this is essentially
free on x86.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
qom/object.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/qom/object.c b/qom/object.c
index 4f0677cca9..5db3974f04 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -1167,10 +1167,14 @@ GSList *object_class_get_list_sorted(const char
*implements_type,
Object *object_ref(void *objptr)
{
Object *obj = OBJECT(objptr);
+ uint32_t ref;
+
if (!obj) {
return NULL;
}
- qatomic_inc(&obj->ref);
+ ref = qatomic_fetch_inc(&obj->ref);
+ /* Assert waaay before the integer overflows */
+ g_assert(ref < INT_MAX);
return obj;
}
--
MST
- [PATCH] qom: assert integer does not overflow,
Michael S. Tsirkin <=