[PULL v1 07/16] migration/vmstate: Add VMState support for GByteArray

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stefan Berger <stefanb@linux.ibm.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, "Arun Menon" <armenon@redhat.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	"Peter Xu" <peterx@redhat.com>,
	"Stefan Berger" <stefanb@linux.ibm.com>
Subject: [PULL v1 07/16] migration/vmstate: Add VMState support for GByteArray
Date: Mon,  1 Jun 2026 17:54:00 -0400	[thread overview]
Message-ID: <20260601215410.517009-8-stefanb@linux.ibm.com> (raw)
In-Reply-To: <20260601215410.517009-1-stefanb@linux.ibm.com>

From: Arun Menon <armenon@redhat.com>

In GLib, GByteArray is an object managed by the library. Currently,
migrating a GByteArray requires treating it as a raw C struct and using
VMSTATE_VBUFFER_ALLOC_UINT32. For example, see vmstate_vdba in
ui/vdagent.c

QEMU cannot pretend that GByteArray is a C struct and simply use
VMS_ALLOC to g_malloc() the buffer. This is because, VMS_ALLOC blindly
overwrites the data pointer with a newly allocated buffer, thereby
leaking the previous memory. Besides, GLib tracks the array's capacity
in a hidden alloc field. Bypassing GLib APIs leave this capacity out of
sync with the newly allocated buffer, potentially leading to heap buffer
overflows during subsequent g_byte_array_append() calls.

This commit introduces VMSTATE_GBYTEARRAY which uses specific library
API calls (g_byte_array_set_size()) to safely resize and populate the
buffer.

Signed-off-by: Arun Menon <armenon@redhat.com>
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20260423105733.113046-2-armenon@redhat.com
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 include/migration/vmstate.h | 10 ++++++++++
 migration/vmstate-types.c   | 28 ++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 0a8a2e85a6..1b7f295417 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -308,6 +308,7 @@ extern const VMStateInfo vmstate_info_bitmap;
 extern const VMStateInfo vmstate_info_qtailq;
 extern const VMStateInfo vmstate_info_gtree;
 extern const VMStateInfo vmstate_info_qlist;
+extern const VMStateInfo vmstate_info_g_byte_array;
 
 #define type_check_2darray(t1,t2,n,m) ((t1(*)[n][m])0 - (t2*)0)
 /*
@@ -957,6 +958,15 @@ extern const VMStateInfo vmstate_info_qlist;
     .start        = offsetof(_type, _next),                              \
 }
 
+#define VMSTATE_GBYTEARRAY(_field, _state, _version) {                   \
+    .name         = (stringify(_field)),                                 \
+    .version_id   = (_version),                                          \
+    .size         = sizeof(GByteArray),                                  \
+    .info         = &vmstate_info_g_byte_array,                          \
+    .flags        = VMS_SINGLE,                                          \
+    .offset       = vmstate_offset_pointer(_state, _field, GByteArray),  \
+}
+
 /* _f : field name
    _f_n : num of elements field_name
    _n : num of elements
diff --git a/migration/vmstate-types.c b/migration/vmstate-types.c
index ae465c5c2c..8c01215c25 100644
--- a/migration/vmstate-types.c
+++ b/migration/vmstate-types.c
@@ -924,3 +924,31 @@ const VMStateInfo vmstate_info_qlist = {
     .load = load_qlist,
     .save = save_qlist,
 };
+
+static int get_g_byte_array(QEMUFile *f, void *pv, size_t size,
+                            const VMStateField *field)
+{
+    GByteArray *byte_array = *(GByteArray **)pv;
+    uint32_t len = qemu_get_be32(f);
+
+    g_byte_array_set_size(byte_array, len);
+    qemu_get_buffer(f, byte_array->data, len);
+    return 0;
+}
+
+static int put_g_byte_array(QEMUFile *f, void *pv, size_t size,
+                            const VMStateField *field, JSONWriter *vmdesc)
+{
+    GByteArray *byte_array = *(GByteArray **)pv;
+
+    qemu_put_be32(f, byte_array->len);
+    qemu_put_buffer(f, byte_array->data, byte_array->len);
+
+    return 0;
+}
+
+const VMStateInfo vmstate_info_g_byte_array = {
+    .name = "GByteArray",
+    .get  = get_g_byte_array,
+    .put  = put_g_byte_array,
+};
-- 
2.54.0

next prev parent reply	other threads:[~2026-06-01 21:56 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-01 21:53 [PULL v1 00/16] Merge tpm 2026/06/01 v1 Stefan Berger
2026-06-01 21:53 ` [PULL v1 01/16] tests: Move TPM I2C bus read/write functions to common files Stefan Berger
2026-06-01 21:53 ` [PULL v1 02/16] tests: Have TPM I2C read/write functions take QTestState as first parameter Stefan Berger
2026-06-01 21:53 ` [PULL v1 03/16] tests: Convert string arrays to byte arrays Stefan Berger
2026-06-01 21:53 ` [PULL v1 04/16] tests: Rename id of tpmdev to tpm0 Stefan Berger
2026-06-01 21:53 ` [PULL v1 05/16] tests: Check whether the I2C master flag is set Stefan Berger
2026-06-01 21:53 ` [PULL v1 06/16] tests: Add a TPM TIS I2C swtpm test Stefan Berger
2026-06-01 21:54 ` Stefan Berger [this message]
2026-06-01 21:54 ` [PULL v1 08/16] ui/vdagent: Use VMSTATE_GBYTEARRAY to safely migrate outbuf Stefan Berger
2026-06-01 21:54 ` [PULL v1 09/16] hw/tpm: Add TPM CRB chunking fields Stefan Berger
2026-06-01 21:54 ` [PULL v1 10/16] hw/tpm: Refactor CRB_CTRL_START register access Stefan Berger
2026-06-01 21:54 ` [PULL v1 11/16] hw/tpm: Add internal buffer state for chunking Stefan Berger
2026-06-01 21:54 ` [PULL v1 12/16] hw/tpm: Implement TPM CRB chunking logic Stefan Berger
2026-06-01 21:54 ` [PULL v1 13/16] test/qtest: Add test for tpm crb chunking Stefan Berger
2026-06-01 21:54 ` [PULL v1 14/16] hw/tpm: Add support for VM migration with TPM CRB chunking Stefan Berger
2026-06-01 21:54 ` [PULL v1 15/16] tpm_emulator: Reject a buffer size different than what was requested Stefan Berger
2026-06-01 21:54 ` [PULL v1 16/16] tpm_emulator: Disconnect if response exceeds negotiated buffer size Stefan Berger
2026-06-02 17:23 ` [PULL v1 00/16] Merge tpm 2026/06/01 v1 Stefan Hajnoczi

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0a8a2e85a dfblob:1b7f29541 dfblob:ae465c5c2 dfblob:8c01215c2 )
 OR (
bs:"[PULL v1 07/16] migration/vmstate: Add VMState support for GByteArray" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260601215410.517009-8-stefanb@linux.ibm.com \
    --to=stefanb@linux.ibm.com \
    --cc=armenon@redhat.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=peterx@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.