From: Igor Mammedov <imammedo@redhat.com>
To: "Andreas Färber" <afaerber@suse.de>
Cc: Peter Maydell <peter.maydell@linaro.org>,
peter.crosthwaite@xilinx.com, mst@redhat.com,
qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>,
anthony@codemonkey.ws, pbonzini@redhat.com
Subject: Re: [Qemu-devel] [PATCH] qom: abort on error in property setter if caller passed errp == NULL
Date: Thu, 28 Nov 2013 14:48:22 +0100 [thread overview]
Message-ID: <20131128144822.3d0f8e82@nial.usersys.redhat.com> (raw)
In-Reply-To: <5297484E.5080105@suse.de>
On Thu, 28 Nov 2013 14:42:38 +0100
Andreas Färber <afaerber@suse.de> wrote:
> Am 28.11.2013 02:24, schrieb Igor Mammedov:
> > in case if caller setting property doesn't care about error and
> > passes in NULL as errp argument but error occurs in property setter,
> > it is silently discarded leaving object in undefined state.
> >
> > As result it leads to hard to find bugs, so if caller doesn't
> > care about error it must be sure that property exists and
> > accepts provided value, otherwise it's better to abort early
> > since error case couldn't be handled gracefully and find
> > invalid usecase early.
> >
> > In addition multitude of property setters will be always
> > guarantied to have error object present and won't be required
> > to handle this condition individually.
> >
> > Signed-off-by: Igor Mammedov <imammedo@redhat.com>
> > ---
> > qom/object.c | 19 ++++++++++++++-----
> > 1 file changed, 14 insertions(+), 5 deletions(-)
> >
> > diff --git a/qom/object.c b/qom/object.c
> > index fc19cf6..2c0bb64 100644
> > --- a/qom/object.c
> > +++ b/qom/object.c
> > @@ -792,16 +792,25 @@ void object_property_get(Object *obj, Visitor *v, const char *name,
> > void object_property_set(Object *obj, Visitor *v, const char *name,
> > Error **errp)
> > {
> > - ObjectProperty *prop = object_property_find(obj, name, errp);
> > - if (prop == NULL) {
> > - return;
> > + Error *local_error = NULL;
> > + ObjectProperty *prop = object_property_find(obj, name, &local_error);
> > + if (local_error) {
> > + goto out;
> > }
> >
> > if (!prop->set) {
> > - error_set(errp, QERR_PERMISSION_DENIED);
> > + error_set(&local_error, QERR_PERMISSION_DENIED);
> > } else {
> > - prop->set(obj, v, prop->opaque, name, errp);
> > + prop->set(obj, v, prop->opaque, name, &local_error);
> > }
> > +out:
> > + if (local_error) {
> > + if (!errp) {
> > + assert_no_error(local_error);
> > + }
> > + error_propagate(errp, local_error);
> > + }
> > +
> > }
> >
> > void object_property_set_str(Object *obj, const char *value,
>
> Aborting on NULL errp considered dangerous by me.
>
> This function seems to work just fine with NULL errp, so your focus
> seems to be on the callers.
>
> Promoting *not* to abort has been one appeal of the new QOM-style APIs
> to me, so making this implicitly assert feels like a step backwards.
> The old qdev_prop_set_*() API, which most users are still using, does
> assert, as discussed with PMM recently.
>
> Also, why only for setting properties? Either all or none should behave
> like this - and I guess none is going to be easier to achieve.
> For instance, adding dynamic properties is a use case where in
> instance_init I've seen NULL errp passed in (because instance_init API
> cannot fail).
>
> I will be more than happy to review and apply your patch (or contribute
> further ones) going through (mis)uses of error_is_set().
I've sent such one for target-i386/cpu.c see last patch in x86-properties.v10,
I've posted today.
>
> Regards,
> Andreas
>
next prev parent reply other threads:[~2013-11-28 13:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-28 1:24 [Qemu-devel] [PATCH] qom: abort on error in property setter if caller passed errp == NULL Igor Mammedov
2013-11-28 4:58 ` Eric Blake
2013-11-28 13:01 ` Igor Mammedov
2013-11-28 5:10 ` Peter Crosthwaite
2013-11-28 7:53 ` Markus Armbruster
2013-11-28 13:23 ` Igor Mammedov
2013-11-28 13:41 ` Paolo Bonzini
2013-11-28 15:03 ` Markus Armbruster
2013-11-29 0:21 ` Peter Crosthwaite
2013-11-29 7:56 ` Markus Armbruster
2013-12-03 5:51 ` Peter Crosthwaite
2013-11-28 15:00 ` Markus Armbruster
2013-11-28 13:42 ` Andreas Färber
2013-11-28 13:48 ` Igor Mammedov [this message]
2013-11-28 14:00 ` Andreas Färber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131128144822.3d0f8e82@nial.usersys.redhat.com \
--to=imammedo@redhat.com \
--cc=afaerber@suse.de \
--cc=anthony@codemonkey.ws \
--cc=armbru@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.crosthwaite@xilinx.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).