From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: qemu-devel@nongnu.org, "Fam Zheng" <fam@euphon.net>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Li Zhijian" <lizhijian@cn.fujitsu.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Peter Xu" <peterx@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Eric Blake" <eblake@redhat.com>,
qemu-block@nongnu.org, "Zhang Chen" <chen.zhang@intel.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Helge Deller" <deller@gmx.de>,
"David Hildenbrand" <david@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Gonglei (Arei)" <arei.gonglei@huawei.com>,
"Stefan Weil" <sw@weilnetz.de>,
"Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Michael Roth" <michael.roth@amd.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Greg Kurz" <groug@kaod.org>,
"Alex Williamson" <alex.williamson@redhat.com>,
qemu-arm@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>,
"John Snow" <jsnow@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Kevin Wolf" <kwolf@redhat.com>,
"Vladimir Sementsov-Ogievskiy" <vsementsov@virtuozzo.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Shannon Zhao" <shannon.zhaosl@gmail.com>,
"Hanna Reitz" <hreitz@redhat.com>,
qemu-ppc@nongnu.org, "Igor Mammedov" <imammedo@redhat.com>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>
Subject: Re: [PATCH 02/28] glib-compat: Introduce g_memdup2() wrapper
Date: Fri, 3 Sep 2021 12:16:28 +0100 [thread overview]
Message-ID: <YTIEDKAgWGRt/I6y@redhat.com> (raw)
In-Reply-To: <20210903110702.588291-3-philmd@redhat.com>
On Fri, Sep 03, 2021 at 01:06:36PM +0200, Philippe Mathieu-Daudé wrote:
> When experimenting raising GLIB_VERSION_MIN_REQUIRED to 2.68
> (Fedora 34 provides GLib 2.68.1) we get:
>
> hw/virtio/virtio-crypto.c:245:24: error: 'g_memdup' is deprecated: Use 'g_memdup2' instead [-Werror,-Wdeprecated-declarations]
> ...
>
> g_memdup() has been updated by g_memdup2() to fix eventual security
> issues (size argument is 32-bit and could be truncated / wrapping).
> GLib recommends to copy their static inline version of g_memdup2():
> https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
>
> Our glib-compat.h provides a comment explaining how to deal with
> these deprecated declarations (see commit e71e8cc0355
> "glib: enforce the minimum required version and warn about old APIs").
>
> Following this comment suggestion, implement the g_memdup2_qemu()
> wrapper to g_memdup2(), and use the safer equivalent inlined when
> we are using pre-2.68 GLib.
>
> Reported-by: Eric Blake <eblake@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> include/glib-compat.h | 36 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/include/glib-compat.h b/include/glib-compat.h
> index 9e95c888f54..6577d9ab393 100644
> --- a/include/glib-compat.h
> +++ b/include/glib-compat.h
> @@ -68,6 +68,42 @@
> * without generating warnings.
> */
>
> +/*
> + * g_memdup2_qemu:
> + * @mem: (nullable): the memory to copy.
> + * @byte_size: the number of bytes to copy.
> + *
> + * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
> + * from @mem. If @mem is %NULL it returns %NULL.
> + *
> + * This replaces g_memdup(), which was prone to integer overflows when
> + * converting the argument from a #gsize to a #guint.
> + *
> + * This static inline version is a backport of the new public API from
> + * GLib 2.68, kept internal to GLib for backport to older stable releases.
> + * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
> + *
> + * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
> + * or %NULL if @mem is %NULL.
> + */
> +static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
> +{
> +#if GLIB_CHECK_VERSION(2, 68, 0)
> + return g_memdup2(mem, byte_size);
> +#else
> + gpointer new_mem;
> +
> + if (mem && byte_size != 0) {
> + new_mem = g_malloc(byte_size);
> + memcpy(new_mem, mem, byte_size);
> + } else {
> + new_mem = NULL;
> + }
> +
> + return new_mem;
> +#endif
> +}
Close, but you missed the final piece of the puzzle
#define g_memdup2(a) g_memdup2_qemu(a)
Such that in all following patches you can use the normal "g_memdup2"
API. This means when we later update min glib, we just delete the
compat code here, and the callers don't need updates.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: "Fam Zheng" <fam@euphon.net>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Li Zhijian" <lizhijian@cn.fujitsu.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
qemu-devel@nongnu.org, "Peter Xu" <peterx@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Eric Blake" <eblake@redhat.com>,
qemu-block@nongnu.org, "Shannon Zhao" <shannon.zhaosl@gmail.com>,
"John Snow" <jsnow@redhat.com>, "Helge Deller" <deller@gmx.de>,
"David Hildenbrand" <david@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Gonglei (Arei)" <arei.gonglei@huawei.com>,
"Michael Roth" <michael.roth@amd.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Stefan Weil" <sw@weilnetz.de>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Greg Kurz" <groug@kaod.org>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Alex Williamson" <alex.williamson@redhat.com>,
qemu-arm@nongnu.org, "Igor Mammedov" <imammedo@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Kevin Wolf" <kwolf@redhat.com>,
"Vladimir Sementsov-Ogievskiy" <vsementsov@virtuozzo.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Zhang Chen" <chen.zhang@intel.com>,
"Hanna Reitz" <hreitz@redhat.com>,
qemu-ppc@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>
Subject: Re: [PATCH 02/28] glib-compat: Introduce g_memdup2() wrapper
Date: Fri, 3 Sep 2021 12:16:28 +0100 [thread overview]
Message-ID: <YTIEDKAgWGRt/I6y@redhat.com> (raw)
In-Reply-To: <20210903110702.588291-3-philmd@redhat.com>
On Fri, Sep 03, 2021 at 01:06:36PM +0200, Philippe Mathieu-Daudé wrote:
> When experimenting raising GLIB_VERSION_MIN_REQUIRED to 2.68
> (Fedora 34 provides GLib 2.68.1) we get:
>
> hw/virtio/virtio-crypto.c:245:24: error: 'g_memdup' is deprecated: Use 'g_memdup2' instead [-Werror,-Wdeprecated-declarations]
> ...
>
> g_memdup() has been updated by g_memdup2() to fix eventual security
> issues (size argument is 32-bit and could be truncated / wrapping).
> GLib recommends to copy their static inline version of g_memdup2():
> https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
>
> Our glib-compat.h provides a comment explaining how to deal with
> these deprecated declarations (see commit e71e8cc0355
> "glib: enforce the minimum required version and warn about old APIs").
>
> Following this comment suggestion, implement the g_memdup2_qemu()
> wrapper to g_memdup2(), and use the safer equivalent inlined when
> we are using pre-2.68 GLib.
>
> Reported-by: Eric Blake <eblake@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> include/glib-compat.h | 36 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/include/glib-compat.h b/include/glib-compat.h
> index 9e95c888f54..6577d9ab393 100644
> --- a/include/glib-compat.h
> +++ b/include/glib-compat.h
> @@ -68,6 +68,42 @@
> * without generating warnings.
> */
>
> +/*
> + * g_memdup2_qemu:
> + * @mem: (nullable): the memory to copy.
> + * @byte_size: the number of bytes to copy.
> + *
> + * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
> + * from @mem. If @mem is %NULL it returns %NULL.
> + *
> + * This replaces g_memdup(), which was prone to integer overflows when
> + * converting the argument from a #gsize to a #guint.
> + *
> + * This static inline version is a backport of the new public API from
> + * GLib 2.68, kept internal to GLib for backport to older stable releases.
> + * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
> + *
> + * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
> + * or %NULL if @mem is %NULL.
> + */
> +static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
> +{
> +#if GLIB_CHECK_VERSION(2, 68, 0)
> + return g_memdup2(mem, byte_size);
> +#else
> + gpointer new_mem;
> +
> + if (mem && byte_size != 0) {
> + new_mem = g_malloc(byte_size);
> + memcpy(new_mem, mem, byte_size);
> + } else {
> + new_mem = NULL;
> + }
> +
> + return new_mem;
> +#endif
> +}
Close, but you missed the final piece of the puzzle
#define g_memdup2(a) g_memdup2_qemu(a)
Such that in all following patches you can use the normal "g_memdup2"
API. This means when we later update min glib, we just delete the
compat code here, and the callers don't need updates.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2021-09-03 11:17 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 11:06 [PATCH 00/28] glib: Replace g_memdup() by g_memdup2_qemu() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 01/28] hw/hyperv/vmbus: Remove unused vmbus_load/save_req() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 02/28] glib-compat: Introduce g_memdup2() wrapper Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:16 ` Daniel P. Berrangé [this message]
2021-09-03 11:16 ` Daniel P. Berrangé
2021-09-03 11:51 ` Vladimir Sementsov-Ogievskiy
2021-09-03 11:56 ` Daniel P. Berrangé
2021-09-03 11:56 ` Daniel P. Berrangé
2021-09-03 12:03 ` Vladimir Sementsov-Ogievskiy
2021-09-03 17:09 ` Philippe Mathieu-Daudé
2021-09-03 17:09 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 03/28] qapi: Replace g_memdup() by g_memdup2_qemu() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:18 ` Daniel P. Berrangé
2021-09-03 11:18 ` Daniel P. Berrangé
2021-09-03 17:10 ` Philippe Mathieu-Daudé
2021-09-03 17:10 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 04/28] accel/tcg: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 05/28] block/qcow2-bitmap: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 06/28] softmmu: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 07/28] hw/9pfs: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 08/28] hw/acpi: Avoid truncating acpi_data_len() to 32-bit Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-08 7:15 ` Igor Mammedov
2021-09-08 7:15 ` Igor Mammedov
2021-09-03 11:06 ` [PATCH 09/28] hw/acpi: Replace g_memdup() by g_memdup2_qemu() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-08 7:16 ` Igor Mammedov
2021-09-08 7:16 ` Igor Mammedov
2021-09-03 11:06 ` [PATCH 10/28] hw/core/machine: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 11/28] hw/hppa/machine: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 12/28] hw/i386/multiboot: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 13/28] hw/net/eepro100: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 14/28] hw/nvram/fw_cfg: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 15/28] hw/scsi/mptsas: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 16/28] hw/ppc/spapr_pci: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:45 ` David Gibson
2021-09-03 11:45 ` David Gibson
2021-09-03 11:06 ` [PATCH 17/28] hw/rdma: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 18/28] hw/vfio/pci: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [RFC PATCH 19/28] hw/virtio: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 20/28] net/colo: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [RFC PATCH 21/28] ui/clipboard: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [RFC PATCH 22/28] linux-user: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 23/28] tests/unit: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 24/28] tests/qtest: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 25/28] target/arm: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:07 ` [PATCH 26/28] target/ppc: " Philippe Mathieu-Daudé
2021-09-03 11:07 ` Philippe Mathieu-Daudé
2021-09-03 11:45 ` David Gibson
2021-09-03 11:45 ` David Gibson
2021-09-03 11:07 ` [PATCH 27/28] contrib: " Philippe Mathieu-Daudé
2021-09-03 11:07 ` Philippe Mathieu-Daudé
2021-09-03 11:07 ` [PATCH 28/28] checkpatch: Do not allow deprecated g_memdup() Philippe Mathieu-Daudé
2021-09-03 11:07 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YTIEDKAgWGRt/I6y@redhat.com \
--to=berrange@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=alex.williamson@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=armbru@redhat.com \
--cc=chen.zhang@intel.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=deller@gmx.de \
--cc=eblake@redhat.com \
--cc=ehabkost@redhat.com \
--cc=erdnaxe@crans.org \
--cc=fam@euphon.net \
--cc=groug@kaod.org \
--cc=hreitz@redhat.com \
--cc=imammedo@redhat.com \
--cc=jasowang@redhat.com \
--cc=jsnow@redhat.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=laurent@vivier.eu \
--cc=lizhijian@cn.fujitsu.com \
--cc=lvivier@redhat.com \
--cc=ma.mandourr@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu_oss@crudebyte.com \
--cc=richard.henderson@linaro.org \
--cc=shannon.zhaosl@gmail.com \
--cc=sw@weilnetz.de \
--cc=thuth@redhat.com \
--cc=vsementsov@virtuozzo.com \
--cc=yuval.shaia.ml@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.