From: Kevin Wolf <kwolf@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, famz@redhat.com, qemu-block@nongnu.org,
quintela@redhat.com, jcody@redhat.com, dgilbert@redhat.com,
mreitz@redhat.com, marcandre.lureau@redhat.com,
pbonzini@redhat.com, jsnow@redhat.com
Subject: Re: [Qemu-devel] [RFC PATCH 00/56] qapi: Use 'size' for byte counts & offsets
Date: Wed, 6 Sep 2017 17:32:02 +0200 [thread overview]
Message-ID: <20170906153202.GJ3753@dhcp-200-186.str.redhat.com> (raw)
In-Reply-To: <1502117160-24655-1-git-send-email-armbru@redhat.com>
Am 07.08.2017 um 16:45 hat Markus Armbruster geschrieben:
> Byte sizes, offsets and the like should use QAPI type 'size'
> (uint64_t). This rule is more honored in the breach than in the
> observance. Fix the obvious offenders.
>
> The series is RFC for at least two reasons:
>
> 1. It's only lightly tested. Commit message claims like "FOO now
> works" haven't been verified, yet.
>
> 2. The block layer represents file offsets and sizes as int64_t in
> many places. Must not be negative, except for function return
> values, where it means failure.
>
> If you pass negative values via QMP, things explode. Rejecting
> them cleanly would be better, but we do that only haphazardly, as
> far as I can tell.
>
> Changing the QAPI schema from 'int' (C: int64_t) to 'size' (C:
> uint64_t) arguably makes things slightly worse: you can't
> reasonably expect negative offsets and sizes to work, but expecting
> offsets and sizes between 2^63 and 2^64-1 to work is less
> unreasonable. The explosions stay the same.
>
> Perhaps we should have a dedicated QAPI type for file offsets, just
> like libc has off_t. Which is also signed, by the way.
I discussed this a bit on IRC with Markus and I'll just reply here with
some of our findings:
* Having a 63-bit unsigned type makes sense. Not because it's the most
accurate type for most places and will catch all invalid arguments,
it's probably still too large in most places and individual function
needs to keep (or finally introduce) checks for the valid range. But
compared to 'int' it doesn't allow us to forget the < 0 check, and
compared to 'uint64' the resulting values are immune to careless
casting between unsigned and signed C types. These seem to be common
bugs, so getting rid of them would be nice.
* 'size' is the right type for sizes, offsets, etc. but the problem is
likely to affect other arguments, too. 'size' enables additional
syntax in the string visitor, so it is different from the other
integer types. This means that we probably want both a 63 bit size
type and a 63 bit plain unsigned integer type.
* 'int' is an alias for (signed) 'int64'. People don't seem to think
much about using 'int' because it's the simplest type. That doesn't
make it right to use, though. It may be better to remove the 'int'
type and force any definitions to be specific about the signedness and
width they need. My intuitive guess is that most places that use 'int'
today don't actually want to accept negative numbers.
* Schema introspection doesn't distinguish between integer types, this
is purely internal, so changing a definition from one integer type to
another is okay.
Markus, did I forget anything important?
Kevin
next prev parent reply other threads:[~2017-09-06 15:32 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 14:45 [Qemu-devel] [RFC PATCH 00/56] qapi: Use 'size' for byte counts & offsets Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 01/56] qobject: Touch up comments to say @param instead of 'param' Markus Armbruster
2017-08-09 14:39 ` Eric Blake
2017-08-10 8:20 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 02/56] qdict: New helpers to put and get unsigned integers Markus Armbruster
2017-08-22 11:27 ` Marc-André Lureau
2017-08-22 12:49 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 03/56] monitor: Rewrite comment describing HMP .args_type Markus Armbruster
2017-08-08 11:20 ` Dr. David Alan Gilbert
2017-08-08 14:22 ` Paolo Bonzini
2017-08-08 14:46 ` Dr. David Alan Gilbert
2017-08-08 15:36 ` Markus Armbruster
2017-08-08 16:10 ` Dr. David Alan Gilbert
2017-08-09 6:00 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 04/56] char: Make ringbuf-read size unsigned in QAPI/QMP Markus Armbruster
2017-08-22 11:32 ` Marc-André Lureau
2017-08-22 13:00 ` Markus Armbruster
2017-08-22 15:54 ` Marc-André Lureau
2017-08-22 16:22 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 05/56] char: Make ringbuf size unsigned in QAPI Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 06/56] char: Don't truncate -chardev and HMP chardev-add ringbuf size Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 07/56] cpus: Make memsave, pmemsave sizes, addresses unsigned in QAPI/QMP Markus Armbruster
2017-08-08 14:31 ` Dr. David Alan Gilbert
2017-08-08 15:37 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 08/56] dump: Make sizes and " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 09/56] balloon: Make balloon size " Markus Armbruster
2017-08-08 14:58 ` Dr. David Alan Gilbert
2017-08-09 6:04 ` Markus Armbruster
2017-08-09 10:47 ` Dr. David Alan Gilbert
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 10/56] hmp: Make balloon's argument unsigned Markus Armbruster
2017-08-08 15:10 ` Dr. David Alan Gilbert
2017-08-09 6:05 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 11/56] monitor: Drop unused HMP .args_type 'M' Markus Armbruster
2017-08-08 15:23 ` Dr. David Alan Gilbert
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 12/56] pc-dimm: Make size and address unsigned in QAPI/QMP Markus Armbruster
2017-08-22 12:55 ` Igor Mammedov
2017-08-22 13:50 ` Markus Armbruster
2017-08-22 15:45 ` Igor Mammedov
2017-08-22 16:38 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 13/56] pci: Make PCI addresses and sizes " Markus Armbruster
2017-08-22 14:03 ` Marcel Apfelbaum
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 14/56] migration: Fix migrate-set-cache-size error reporting Markus Armbruster
2017-08-07 16:07 ` Juan Quintela
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 15/56] migration: Make XBZRLE cache size unsigned in QAPI/QMP Markus Armbruster
2017-08-07 16:10 ` Juan Quintela
2017-08-08 15:57 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 16/56] migration: Make XBZRLE transferred " Markus Armbruster
2017-08-07 16:47 ` Juan Quintela
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 17/56] migration: Make MigrationStats sizes " Markus Armbruster
2017-08-07 16:48 ` Juan Quintela
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 18/56] migration: Make parameter max-bandwidth " Markus Armbruster
2017-08-07 16:50 ` Juan Quintela
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 19/56] block: Make snapshot VM state size " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 20/56] block: Make ImageInfo sizes " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 21/56] block: Clean up get_human_readable_size() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 22/56] block: Mix up signed and unsigned less in bdrv_img_create() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 23/56] option: Fix type of qemu_opt_set_number() parameter @val Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 24/56] block/qcow2: Change align_offset() to operate on uint64_t Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 25/56] block/qcow2: Change qcow2_calc_prealloc_size() to uint64_t Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 26/56] block: Make BlockMeasureInfo sizes unsigned in QAPI Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 27/56] block/dirty-bitmap: Clean up signed vs. unsigned dirty counts Markus Armbruster
2017-08-08 1:50 ` John Snow
2017-08-08 14:53 ` Eric Blake
2017-08-09 6:06 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 28/56] block: Widen dirty bitmap granularity to uint64_t for safety Markus Armbruster
2017-08-08 1:55 ` John Snow
2017-08-08 14:55 ` Eric Blake
2017-08-08 15:58 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 29/56] block: Make BlockDirtyInfo byte count unsigned in QAPI/QMP Markus Armbruster
2017-08-08 1:56 ` John Snow
2017-08-08 15:58 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 30/56] block: Make write thresholds " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 31/56] block: Make throttle byte rates and sizes " Markus Armbruster
2017-08-23 13:42 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-08-24 7:24 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 32/56] hmp: Make block_set_io_throttle's arguments unsigned Markus Armbruster
2017-08-08 15:34 ` Dr. David Alan Gilbert
2017-08-09 6:10 ` Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 33/56] block: Make block_resize size unsigned in QAPI/QMP Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 34/56] block: Make BlockDeviceStats sizes, offsets " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 35/56] blockjob: Lift speed sign conversion into block_job_set_speed() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 36/56] blockjob: Drop unused parameter @errp of method set_speed() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 37/56] blockjob: Make BlockJobInfo and event speed unsigned in QAPI/QMP Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 38/56] blockjob: Lift speed sign conversion out of block_job_set_speed() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 39/56] blockjob: Lift speed sign conversion out of block_job_create() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 40/56] blockjob: Lift speed sign conversion out of backup_job_create() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 41/56] blockjob: Lift speed sign conversion out of mirror_start_job() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 42/56] blockjob: Lift speed sign conversion out of stream_start() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 43/56] blockjob: Lift speed sign conversion out of mirror_start() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 44/56] blockjob: Lift speed sign conversion out of blockdev_mirror_common() Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 45/56] blockjob: Lift speed sign conversion out of commit_start() etc Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 46/56] blockjob: Make job commands' speed parameter unsigned in QAPI/QMP Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 47/56] blockjob: Make BlockJobInfo and event offsets " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 48/56] block: Make mirror buffer size " Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 49/56] block: Make ImageCheck file offset unsigned in QAPI Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 50/56] block: Make BLOCK_IMAGE_CORRUPTED offset, size unsigned in QAPI/QMP Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 51/56] block/nfs: Fix for readahead-size, page-cache-size > INT64_MAX Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 52/56] block/nfs: Reject negative readahead-size, page-cache-size Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 53/56] block: Make blockdev-add byte counts unsigned in QAPI/QMP Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 54/56] qemu-img: blk_getlength() can fail, fix img_map() to check Markus Armbruster
2017-08-07 14:45 ` [Qemu-devel] [RFC PATCH 55/56] block: Make MapEntry offsets and size unsigned in QAPI Markus Armbruster
2017-08-07 14:46 ` [Qemu-devel] [RFC PATCH 56/56] crypto: Make QCryptoBlockInfoLUKS offsets unsigned in QAPI/QMP Markus Armbruster
2017-08-07 15:10 ` Daniel P. Berrange
2017-09-06 15:32 ` Kevin Wolf [this message]
2017-09-06 17:58 ` [Qemu-devel] [RFC PATCH 00/56] qapi: Use 'size' for byte counts & offsets Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170906153202.GJ3753@dhcp-200-186.str.redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=jsnow@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).