From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:60914)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1QUhN6-0003b8-32
	for qemu-devel@nongnu.org; Thu, 09 Jun 2011 11:42:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1QUhN3-0004T5-DR
	for qemu-devel@nongnu.org; Thu, 09 Jun 2011 11:42:11 -0400
Received: from e7.ny.us.ibm.com ([32.97.182.137]:55200)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1QUhN2-0004Sl-VP
	for qemu-devel@nongnu.org; Thu, 09 Jun 2011 11:42:09 -0400
Received: from d01relay07.pok.ibm.com (d01relay07.pok.ibm.com [9.56.227.147])
	by e7.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p59FHxO5003876
	for <qemu-devel@nongnu.org>; Thu, 9 Jun 2011 11:17:59 -0400
Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215])
	by d01relay07.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	p59Ffvqh1073304
	for <qemu-devel@nongnu.org>; Thu, 9 Jun 2011 11:41:57 -0400
Received: from d01av01.pok.ibm.com (loopback [127.0.0.1])
	by d01av01.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	p59Ffsna013512
	for <qemu-devel@nongnu.org>; Thu, 9 Jun 2011 11:41:55 -0400
Message-ID: <4DF0E9C1.6040406@linux.vnet.ibm.com>
Date: Thu, 09 Jun 2011 10:41:53 -0500
From: Michael Roth <mdroth@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <1307140399-9023-1-git-send-email-mdroth@linux.vnet.ibm.com>
	<1307140399-9023-11-git-send-email-mdroth@linux.vnet.ibm.com>
	<20110609123009.1082ecd8@doriath>
In-Reply-To: <20110609123009.1082ecd8@doriath>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2][ 10/21] qapi: add QMP input visiter
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: aliguori@linux.vnet.ibm.com, agl@linux.vnet.ibm.com, qemu-devel@nongnu.org, Jes.Sorensen@redhat.com

On 06/09/2011 10:30 AM, Luiz Capitulino wrote:
> On Fri,  3 Jun 2011 17:33:08 -0500
> Michael Roth<mdroth@linux.vnet.ibm.com>  wrote:
>
>> A type of Visiter class that is used to walk a qobject's
>> structure and assign each entry to the corresponding native C type.
>> Command marshaling function will use this to pull out QMP command
>> parameters recieved over the wire and pass them as native arguments
>> to the corresponding C functions.
>>
>> Signed-off-by: Michael Roth<mdroth@linux.vnet.ibm.com>
>> ---
>>   qapi/qmp-input-visiter.c |  239 ++++++++++++++++++++++++++++++++++++++++++++++
>>   qapi/qmp-input-visiter.h |   26 +++++
>>   2 files changed, 265 insertions(+), 0 deletions(-)
>>   create mode 100644 qapi/qmp-input-visiter.c
>>   create mode 100644 qapi/qmp-input-visiter.h
>>
>> diff --git a/qapi/qmp-input-visiter.c b/qapi/qmp-input-visiter.c
>> new file mode 100644
>> index 0000000..6767e39
>> --- /dev/null
>> +++ b/qapi/qmp-input-visiter.c
>> @@ -0,0 +1,239 @@
>> +#include "qmp-input-visiter.h"
>> +#include "qemu-queue.h"
>> +#include "qemu-common.h"
>> +#include "qemu-objects.h"
>> +#include "qerror.h"
>> +
>> +#define QAPI_OBJECT_SIZE 512
>> +
>> +#define QIV_STACK_SIZE 1024
>> +
>> +typedef struct StackObject
>> +{
>> +    QObject *obj;
>> +    QListEntry *entry;
>> +} StackObject;
>> +
>> +struct QmpInputVisiter
>> +{
>> +    Visiter visiter;
>> +    QObject *obj;
>> +    StackObject stack[QIV_STACK_SIZE];
>> +    int nb_stack;
>> +};
>> +
>> +static QmpInputVisiter *to_qiv(Visiter *v)
>> +{
>> +    return container_of(v, QmpInputVisiter, visiter);
>> +}
>> +
>> +static QObject *qmp_input_get_object(QmpInputVisiter *qiv, const char *name)
>> +{
>> +    QObject *qobj;
>> +
>> +    if (qiv->nb_stack == 0) {
>> +        qobj = qiv->obj;
>> +    } else {
>> +        qobj = qiv->stack[qiv->nb_stack - 1].obj;
>> +    }
>> +
>> +    if (name&&  qobject_type(qobj) == QTYPE_QDICT) {
>> +        return qdict_get(qobject_to_qdict(qobj), name);
>> +    } else if (qiv->nb_stack>  0&&  qobject_type(qobj) == QTYPE_QLIST) {
>> +        return qlist_entry_obj(qiv->stack[qiv->nb_stack - 1].entry);
>> +    }
>> +
>> +    return qobj;
>> +}
>> +
>> +static void qmp_input_push(QmpInputVisiter *qiv, QObject *obj)
>> +{
>> +    qiv->stack[qiv->nb_stack].obj = obj;
>> +    if (qobject_type(obj) == QTYPE_QLIST) {
>> +        qiv->stack[qiv->nb_stack].entry = qlist_first(qobject_to_qlist(obj));
>> +    }
>> +    qiv->nb_stack++;
>> +
>> +    assert(qiv->nb_stack<  QIV_STACK_SIZE); // FIXME
>
> Can't this limit be reached if a client sends a nested object? Why
> don't we make it dynamic and/or return an error if a limit is reached?
>

Yup, I think that's what the fixme was for. It's been fixed in my tree, 
just sets an Error and returns instead now.

In reality the token limit added to the json parser with the set1 
patches would catch overrun attempts from the client though, so it's 
just an extra layer of protection.

>> +}
>> +
>> +static void qmp_input_pop(QmpInputVisiter *qiv)
>> +{
>> +    qiv->nb_stack--;
>> +    assert(qiv->nb_stack>= 0); // FIXME
>> +}
>> +
>> +static void qmp_input_start_struct(Visiter *v, void **obj, const char *kind, const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj || qobject_type(qobj) != QTYPE_QDICT) {
>> +        error_set(errp, QERR_INVALID_PARAMETER_TYPE, name, "object");
>> +        return;
>> +    }
>> +
>> +    qmp_input_push(qiv, qobj);
>> +
>> +    if (obj) {
>> +        *obj = qemu_mallocz(QAPI_OBJECT_SIZE);
>
> I'm not sure I understand how this is being handled. This is allocating
> the struct size, right? What happens if struct size>  QAPI_OBJECT_SIZE?
>

Badness :) We'll need to pick a reasonable value and note it in the 
schema documentation.

>> +    }
>> +}
>> +
>> +static void qmp_input_end_struct(Visiter *v, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +
>> +    qmp_input_pop(qiv);
>> +}
>> +
>> +static void qmp_input_start_list(Visiter *v, const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj || qobject_type(qobj) != QTYPE_QLIST) {
>> +        error_set(errp, QERR_INVALID_PARAMETER_TYPE, name, "list");
>> +        return;
>> +    }
>> +
>> +    qmp_input_push(qiv, qobj);
>> +}
>> +
>> +static GenericList *qmp_input_next_list(Visiter *v, GenericList **list, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    GenericList *entry;
>> +    StackObject *so =&qiv->stack[qiv->nb_stack - 1];
>> +
>> +    if (so->entry == NULL) {
>> +        return NULL;
>> +    }
>> +
>> +    entry = qemu_mallocz(sizeof(*entry));
>> +    if (*list) {
>> +        so->entry = qlist_next(so->entry);
>> +        if (so->entry == NULL) {
>> +            qemu_free(entry);
>> +            return NULL;
>> +        }
>> +        (*list)->next = entry;
>> +    }
>> +    *list = entry;
>> +
>> +
>> +    return entry;
>> +}
>> +
>> +static void qmp_input_end_list(Visiter *v, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +
>> +    qmp_input_pop(qiv);
>> +}
>> +
>> +static void qmp_input_type_int(Visiter *v, int64_t *obj, const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj || qobject_type(qobj) != QTYPE_QINT) {
>> +        error_set(errp, QERR_INVALID_PARAMETER_TYPE, name, "integer");
>> +        return;
>> +    }
>> +
>> +    *obj = qint_get_int(qobject_to_qint(qobj));
>> +}
>> +
>> +static void qmp_input_type_bool(Visiter *v, bool *obj, const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj || qobject_type(qobj) != QTYPE_QBOOL) {
>> +        error_set(errp, QERR_INVALID_PARAMETER_TYPE, name, "boolean");
>> +        return;
>> +    }
>> +
>> +    *obj = qbool_get_int(qobject_to_qbool(qobj));
>> +}
>> +
>> +static void qmp_input_type_str(Visiter *v, char **obj, const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj || qobject_type(qobj) != QTYPE_QSTRING) {
>> +        error_set(errp, QERR_INVALID_PARAMETER_TYPE, name, "string");
>> +        return;
>> +    }
>> +
>> +    *obj = qemu_strdup(qstring_get_str(qobject_to_qstring(qobj)));
>> +}
>> +
>> +static void qmp_input_type_number(Visiter *v, double *obj, const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj || qobject_type(qobj) != QTYPE_QFLOAT) {
>> +        error_set(errp, QERR_INVALID_PARAMETER_TYPE, name, "double");
>> +        return;
>> +    }
>> +
>> +    *obj = qfloat_get_double(qobject_to_qfloat(qobj));
>> +}
>> +
>> +static void qmp_input_type_enum(Visiter *v, int *obj, const char *kind, const char *name, Error **errp)
>> +{
>> +    int64_t value;
>> +    qmp_input_type_int(v,&value, name, errp);
>> +    *obj = value;
>> +}
>> +
>> +static void qmp_input_start_optional(Visiter *v, bool *present,
>> +                                     const char *name, Error **errp)
>> +{
>> +    QmpInputVisiter *qiv = to_qiv(v);
>> +    QObject *qobj = qmp_input_get_object(qiv, name);
>> +
>> +    if (!qobj) {
>> +        *present = false;
>> +        return;
>> +    }
>> +
>> +    *present = true;
>> +}
>> +
>> +static void qmp_input_end_optional(Visiter *v, Error **errp)
>> +{
>> +}
>> +
>> +Visiter *qmp_input_get_visiter(QmpInputVisiter *v)
>> +{
>> +    return&v->visiter;
>> +}
>> +
>> +QmpInputVisiter *qmp_input_visiter_new(QObject *obj)
>> +{
>> +    QmpInputVisiter *v;
>> +
>> +    v = qemu_mallocz(sizeof(*v));
>> +
>> +    v->visiter.start_struct = qmp_input_start_struct;
>> +    v->visiter.end_struct = qmp_input_end_struct;
>> +    v->visiter.start_list = qmp_input_start_list;
>> +    v->visiter.next_list = qmp_input_next_list;
>> +    v->visiter.end_list = qmp_input_end_list;
>> +    v->visiter.type_enum = qmp_input_type_enum;
>> +    v->visiter.type_int = qmp_input_type_int;
>> +    v->visiter.type_bool = qmp_input_type_bool;
>> +    v->visiter.type_str = qmp_input_type_str;
>> +    v->visiter.type_number = qmp_input_type_number;
>> +    v->visiter.start_optional = qmp_input_start_optional;
>> +    v->visiter.end_optional = qmp_input_end_optional;
>> +
>> +    v->obj = obj;
>> +
>> +    return v;
>> +}
>> diff --git a/qapi/qmp-input-visiter.h b/qapi/qmp-input-visiter.h
>> new file mode 100644
>> index 0000000..3e4d06f
>> --- /dev/null
>> +++ b/qapi/qmp-input-visiter.h
>> @@ -0,0 +1,26 @@
>> +/*
>> + * Input Visiter
>> + *
>> + * Copyright IBM, Corp. 2011
>> + *
>> + * Authors:
>> + *  Anthony Liguori<aliguori@us.ibm.com>
>> + *
>> + * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
>> + * See the COPYING.LIB file in the top-level directory.
>> + *
>> + */
>> +
>> +#ifndef QMP_INPUT_VISITER_H
>> +#define QMP_INPUT_VISITER_H
>> +
>> +#include "qapi-visit-core.h"
>> +#include "qobject.h"
>> +
>> +typedef struct QmpInputVisiter QmpInputVisiter;
>> +
>> +QmpInputVisiter *qmp_input_visiter_new(QObject *obj);
>> +
>> +Visiter *qmp_input_get_visiter(QmpInputVisiter *v);
>> +
>> +#endif
>