From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49283)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1VCra5-0006ZI-7s
	for qemu-devel@nongnu.org; Fri, 23 Aug 2013 09:39:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1VCrZs-0004jg-9E
	for qemu-devel@nongnu.org; Fri, 23 Aug 2013 09:39:13 -0400
Received: from
	1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa
	([2001:8b0:1d0::1]:59421 helo=mnementh.archaic.org.uk)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1VCrZr-0004ip-NL
	for qemu-devel@nongnu.org; Fri, 23 Aug 2013 09:39:00 -0400
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 23 Aug 2013 14:38:54 +0100
Message-Id: <1377265136-8559-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH 0/2] object_initialize: check size of passed in
	memory
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>, =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>, Alexander Graf <agraf@suse.de>, Anthony Liguori <anthony@codemonkey.ws>, patches@linaro.org

This patchset addresses a concern that came up with Andreas' recent
patches for using embedded objects in some of the ARM CPU devices:
object_initialize() doesn't check that there's actually enough space
for the type being added, so if you have:

struct MyDevice {
   ...
   SomeObject obj;
};

    object_initialize(&mydev->obj, "some-object");

then there's no compile time or runtime check that SomeObject
is really big enough for the "some-object" object -- if the
implementation is changed later then there will be silent
memory corruption.

These patches make object_initialize() a macro which can then
use sizeof(*PTR) to pass the size into the implementation to
be checked.

The virtio patch is worth applying anyway -- it removes some
pointless casts which would otherwise have caused false
positives.

Disclaimer: I've eyeballed all the uses of object_initialize()
but I haven't necessarily tested them all.

Peter Maydell (2):
  virtio: Remove unnecessary OBJECT casts
  qom: Make object_initialize and object_initialize_with_type check
    size

 hw/core/qdev.c             |    2 +-
 hw/s390x/s390-virtio-bus.c |   12 ++++++------
 hw/s390x/virtio-ccw.c      |   14 +++++++-------
 hw/virtio/virtio-pci.c     |   16 ++++++++--------
 include/qom/object.h       |   36 ++++++++++++++++++++++++++++++++++--
 qom/object.c               |    9 +++++----
 6 files changed, 61 insertions(+), 28 deletions(-)

-- 
1.7.9.5