Re: [Qemu-devel] [PATCH 06/21] qapi: dealloc visitor, fix premature free and iteration logic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Anthony Liguori <aliguori@us.ibm.com>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: kwolf@redhat.com, armbru@redhat.com, qemu-devel@nongnu.org,
	mdroth@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [PATCH 06/21] qapi: dealloc visitor, fix premature free and iteration logic
Date: Thu, 29 Sep 2011 07:49:44 -0500	[thread overview]
Message-ID: <4E846968.7010706@us.ibm.com> (raw)
In-Reply-To: <1317221085-5825-7-git-send-email-lcapitulino@redhat.com>

On 09/28/2011 09:44 AM, Luiz Capitulino wrote:
> From: Michael Roth<mdroth@linux.vnet.ibm.com>
>
> Currently we do 3 things wrong:
>
> 1) The list iterator, in practice, is used in a manner where the pointer
> we pass in is the same as the pointer we assign the output to from
> visit_next_list(). This causes an infinite loop where we keep freeing
> the same structures.
>
> 2) We attempt to free list->value rather than list. visit_type_<type>
> handles this. We should only be concerned with the containing list.
>
> 3) We free prematurely: iterator function will continue accessing values
> we've already freed.
>
> This patch should fix all of these issues. QmpOutputVisitor also suffers
> from 1).
>
> Signed-off-by: Michael Roth<mdroth@linux.vnet.ibm.com>
> Signed-off-by: Luiz Capitulino<lcapitulino@redhat.com>

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>

Regards,

Anthony Liguori

> ---
>   qapi/qapi-dealloc-visitor.c |   20 +++++++++++++++-----
>   1 files changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/qapi/qapi-dealloc-visitor.c b/qapi/qapi-dealloc-visitor.c
> index f629061..6b586ad 100644
> --- a/qapi/qapi-dealloc-visitor.c
> +++ b/qapi/qapi-dealloc-visitor.c
> @@ -26,6 +26,7 @@ struct QapiDeallocVisitor
>   {
>       Visitor visitor;
>       QTAILQ_HEAD(, StackEntry) stack;
> +    bool is_list_head;
>   };
>
>   static QapiDeallocVisitor *to_qov(Visitor *v)
> @@ -70,15 +71,24 @@ static void qapi_dealloc_end_struct(Visitor *v, Error **errp)
>
>   static void qapi_dealloc_start_list(Visitor *v, const char *name, Error **errp)
>   {
> +    QapiDeallocVisitor *qov = to_qov(v);
> +    qov->is_list_head = true;
>   }
>
> -static GenericList *qapi_dealloc_next_list(Visitor *v, GenericList **list,
> +static GenericList *qapi_dealloc_next_list(Visitor *v, GenericList **listp,
>                                              Error **errp)
>   {
> -    GenericList *retval = *list;
> -    g_free(retval->value);
> -    *list = retval->next;
> -    return retval;
> +    GenericList *list = *listp;
> +    QapiDeallocVisitor *qov = to_qov(v);
> +
> +    if (!qov->is_list_head) {
> +        *listp = list->next;
> +        g_free(list);
> +        return *listp;
> +    }
> +
> +    qov->is_list_head = false;
> +    return list;
>   }
>
>   static void qapi_dealloc_end_list(Visitor *v, Error **errp)

next prev parent reply	other threads:[~2011-09-29 12:50 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-28 14:44 [Qemu-devel] [PATCH v1 00/21]: First round of QAPI conversions Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 01/21] error: let error_is_type take a NULL error Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 02/21] qerror: add qerror_report_err() Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 03/21] qapi: add code generation support for middle mode Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 04/21] qapi: use middle mode in QMP server Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 05/21] qapi: fixup command generation for functions that return list types Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 06/21] qapi: dealloc visitor, fix premature free and iteration logic Luiz Capitulino
2011-09-29 12:49   ` Anthony Liguori [this message]
2011-09-28 14:44 ` [Qemu-devel] [PATCH 07/21] qapi: generate qapi_free_* functions for *List types Luiz Capitulino
2011-09-29 12:50   ` Anthony Liguori
2011-09-28 14:44 ` [Qemu-devel] [PATCH 08/21] qapi: add test cases for generated free functions Luiz Capitulino
2011-09-29 12:51   ` Anthony Liguori
2011-09-28 14:44 ` [Qemu-devel] [PATCH 09/21] qapi: dealloc visitor, support freeing of nested lists Luiz Capitulino
2011-09-29 12:51   ` Anthony Liguori
2011-09-28 14:44 ` [Qemu-devel] [PATCH 10/21] qapi: modify visitor code generation for list iteration Luiz Capitulino
2011-09-29 12:53   ` Anthony Liguori
2011-09-28 14:44 ` [Qemu-devel] [PATCH 11/21] qapi: convert query-name Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 12/21] qapi: Convert query-version Luiz Capitulino
2011-09-29 12:54   ` Anthony Liguori
2011-09-29 14:32     ` Luiz Capitulino
2011-09-29 14:42       ` Anthony Liguori
2011-09-28 14:44 ` [Qemu-devel] [PATCH 13/21] qapi: Convert query-kvm Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 14/21] qapi: Convert query-status Luiz Capitulino
2011-09-29 20:11   ` Michael Roth
2011-09-28 14:44 ` [Qemu-devel] [PATCH 15/21] qapi: Convert query-uuid Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 16/21] qapi: Convert query-chardev Luiz Capitulino
2011-09-29 19:17   ` Michael Roth
2011-09-28 14:44 ` [Qemu-devel] [PATCH 17/21] qapi: Convert query-commands Luiz Capitulino
2011-09-29 19:25   ` Michael Roth
2011-09-28 14:44 ` [Qemu-devel] [PATCH 18/21] qapi: Convert quit Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 19/21] qapi: Convert stop Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 20/21] qapi: Convert system_reset Luiz Capitulino
2011-09-28 14:44 ` [Qemu-devel] [PATCH 21/21] qapi: Convert system_powerdown Luiz Capitulino
2011-09-29 12:55 ` [Qemu-devel] [PATCH v1 00/21]: First round of QAPI conversions Anthony Liguori
2011-09-29 13:52   ` Luiz Capitulino
2011-09-29 20:15     ` Michael Roth
2011-09-29 20:57       ` Luiz Capitulino

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E846968.7010706@us.ibm.com \
    --to=aliguori@us.ibm.com \
    --cc=armbru@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=lcapitulino@redhat.com \
    --cc=mdroth@linux.vnet.ibm.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.