Re: [Qemu-devel] [PATCH v7 20/26] qapi: Make output visitor return qnull() instead of NULL

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1464 bytes --]

On 09/15/2015 07:20 AM, Markus Armbruster wrote:

>>>
>>> However, the patch isn't quite right: it messes up the reference
>>> counting.  After about SIZE_MAX visits, the reference counter
>>> overflows, failing the assertion in qnull_destroy_obj().  Because
>>> that's many orders of magnitude more visits of nulls than we expect,
>>> we take this patch despite its flaws, to get the QMP introspection
>>> stuff in without further delay.
>>>
>>> Naturally, we'll have to fix it for real before the release.
>>
>> Do we actually ever get near to SIZE_MAX visits ?

With the rest of the series, qom-get can be used to trigger this code
path. Since that is under user control, a user on a 32-bit platform
could spin in a stupid loop of qom-get to eventually hit the assert.
Not likely to happen.

>> If not, then
>> it would not seem critical to fix before release, as this is
>> just the generator code
> 
> SIZE_MAX visits seem unlikely even when SIZE_MAX is only 2^32-1.  It
> would be fatal, though: QEMU would crash.
> 
> I'll reword to "we'll want to fix it".

Yes, that improved wording is fine. And I think we already have some
idea of what the fix involves (I posted some preliminary analysis, and
Markus will do the actual deep dive); it's just that holding up this
series for the fix isn't the way to handle it.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]