From: Markus Armbruster <armbru@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Yury Kotov <yury-kotov@yandex-team.ru>,
qemu-devel@nongnu.org, qemu-trivial@nongnu.org
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH RESEND] monitor: Fix return type of monitor_fdset_dup_fd_find
Date: Tue, 14 May 2019 19:01:11 +0200 [thread overview]
Message-ID: <878sv9c6nc.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <4e2eabbd-f404-fa61-f23b-e862d7f20b3e@redhat.com> (Eric Blake's message of "Tue, 14 May 2019 09:05:34 -0500")
Eric Blake <eblake@redhat.com> writes:
> On 5/14/19 8:15 AM, Yury Kotov wrote:
>> monitor_fdset_dup_fd_find_remove() and monitor_fdset_dup_fd_find()
>> returns mon_fdset->id which is int64_t. Downcast from int64_t to int leads to
>> a bug with removing fd from fdset which id >= 2^32.
>> So, fix return types for these function.
>
> fd's cannot exceed 2^32. We should instead be fixing anything that uses
> int64_t with an fd to be properly limited to 32 bits. That is, I think
> the real problem is in qapi/misc.json:
>
> { 'struct': 'AddfdInfo', 'data': {'fdset-id': 'int', 'fd': 'int'} }
> instead of 'fd':'int32'.
This is actually not related to the patch. It doesn't touch
file-descriptors at all, only fdset IDs.
But let's discuss file descriptors briefly.
File descriptors are plain int. There is no QAPI type corresponding to
plain int.
I guess plain int is 32 bits wide on all hosts we support. Narrower int
(permitted by the standard) wouldn't fly with QEMU. Wider int should,
and are theoretically possible.
I'm not sure we want to change the QAPI schema.
> For that matter, 'fdset-id' larger than 32
> bits is unlikely to be useful (there's no reason to have more fdsets
> than you can have possible fds to put in those sets).
Even if we had wider file descriptors: a billion fdsets should be enough
for anyone.
> NACK to this version, but a v2 that addresses the real problem is
> worthwhile.
What exactly is wrong with the patch?
It changes the return value of monitor_fdset_dup_fd_find_remove() and
monitor_fdset_dup_fd_find() from int to int64_t. Both return an fdset
ID (a MonFdset member @id, of type int64_t) on success, -1 on error.
The change removes a truncation from int64_t to int in
monitor_fdset_dup_fd_find_remove(), and a widening from int to int64_t
in qemu_close().
I believe the patch is fine as is. Another patch that changes fdset IDs
from int64_t to int32_t would also be fine, but it would Require
tracking down all the places to change.
[...]
WARNING: multiple messages have this Message-ID (diff)
From: Markus Armbruster <armbru@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Yury Kotov <yury-kotov@yandex-team.ru>,
qemu-trivial@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH RESEND] monitor: Fix return type of monitor_fdset_dup_fd_find
Date: Tue, 14 May 2019 19:01:11 +0200 [thread overview]
Message-ID: <878sv9c6nc.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <4e2eabbd-f404-fa61-f23b-e862d7f20b3e@redhat.com> (Eric Blake's message of "Tue, 14 May 2019 09:05:34 -0500")
Eric Blake <eblake@redhat.com> writes:
> On 5/14/19 8:15 AM, Yury Kotov wrote:
>> monitor_fdset_dup_fd_find_remove() and monitor_fdset_dup_fd_find()
>> returns mon_fdset->id which is int64_t. Downcast from int64_t to int leads to
>> a bug with removing fd from fdset which id >= 2^32.
>> So, fix return types for these function.
>
> fd's cannot exceed 2^32. We should instead be fixing anything that uses
> int64_t with an fd to be properly limited to 32 bits. That is, I think
> the real problem is in qapi/misc.json:
>
> { 'struct': 'AddfdInfo', 'data': {'fdset-id': 'int', 'fd': 'int'} }
> instead of 'fd':'int32'.
This is actually not related to the patch. It doesn't touch
file-descriptors at all, only fdset IDs.
But let's discuss file descriptors briefly.
File descriptors are plain int. There is no QAPI type corresponding to
plain int.
I guess plain int is 32 bits wide on all hosts we support. Narrower int
(permitted by the standard) wouldn't fly with QEMU. Wider int should,
and are theoretically possible.
I'm not sure we want to change the QAPI schema.
> For that matter, 'fdset-id' larger than 32
> bits is unlikely to be useful (there's no reason to have more fdsets
> than you can have possible fds to put in those sets).
Even if we had wider file descriptors: a billion fdsets should be enough
for anyone.
> NACK to this version, but a v2 that addresses the real problem is
> worthwhile.
What exactly is wrong with the patch?
It changes the return value of monitor_fdset_dup_fd_find_remove() and
monitor_fdset_dup_fd_find() from int to int64_t. Both return an fdset
ID (a MonFdset member @id, of type int64_t) on success, -1 on error.
The change removes a truncation from int64_t to int in
monitor_fdset_dup_fd_find_remove(), and a widening from int to int64_t
in qemu_close().
I believe the patch is fine as is. Another patch that changes fdset IDs
from int64_t to int32_t would also be fine, but it would Require
tracking down all the places to change.
[...]
next prev parent reply other threads:[~2019-05-14 17:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 13:15 [Qemu-trivial] [PATCH RESEND] monitor: Fix return type of monitor_fdset_dup_fd_find Yury Kotov
2019-05-14 13:15 ` [Qemu-devel] " Yury Kotov
2019-05-14 14:00 ` [Qemu-trivial] " Markus Armbruster
2019-05-14 14:00 ` Markus Armbruster
2019-05-14 14:59 ` [Qemu-trivial] " Yury Kotov
2019-05-14 14:59 ` [Qemu-devel] [Qemu-trivial] " Yury Kotov
2019-05-14 14:05 ` [Qemu-trivial] [Qemu-devel] " Eric Blake
2019-05-14 14:05 ` Eric Blake
2019-05-14 14:51 ` [Qemu-trivial] " Yury Kotov
2019-05-14 14:51 ` Yury Kotov
2019-05-14 17:01 ` Markus Armbruster [this message]
2019-05-14 17:01 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878sv9c6nc.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=yury-kotov@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.