From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57643) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VCs7M-0003Iw-PK for qemu-devel@nongnu.org; Fri, 23 Aug 2013 10:13:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VCs7F-0007q2-GL for qemu-devel@nongnu.org; Fri, 23 Aug 2013 10:13:36 -0400 Received: from cantor2.suse.de ([195.135.220.15]:46979 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VCs7F-0007oD-55 for qemu-devel@nongnu.org; Fri, 23 Aug 2013 10:13:29 -0400 Message-ID: <52176E04.9060801@suse.de> Date: Fri, 23 Aug 2013 16:13:24 +0200 From: =?ISO-8859-15?Q?Andreas_F=E4rber?= MIME-Version: 1.0 References: <1377265136-8559-1-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1377265136-8559-1-git-send-email-peter.maydell@linaro.org> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH 0/2] object_initialize: check size of passed in memory List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: Cornelia Huck , patches@linaro.org, qemu-devel@nongnu.org, Anthony Liguori , Alexander Graf Am 23.08.2013 15:38, schrieb Peter Maydell: > This patchset addresses a concern that came up with Andreas' recent > patches for using embedded objects in some of the ARM CPU devices: > object_initialize() doesn't check that there's actually enough space > for the type being added, so if you have: >=20 > struct MyDevice { > ... > SomeObject obj; > }; >=20 > object_initialize(&mydev->obj, "some-object"); >=20 > then there's no compile time or runtime check that SomeObject > is really big enough for the "some-object" object -- if the > implementation is changed later then there will be silent > memory corruption. >=20 > These patches make object_initialize() a macro which can then > use sizeof(*PTR) to pass the size into the implementation to > be checked. Based on your comment I was already preparing a patch to add an explicit size argument - there's only 33 users in qemu.git, and it would cover qbus_create_inplace() and other indirect users as well. > The virtio patch is worth applying anyway -- it removes some > pointless casts which would otherwise have caused false > positives. Agreed. We shouldn't cast objects before they're initialized. That OBJECT() is a no-op today I would consider an implementation detail. Regards, Andreas >=20 > Disclaimer: I've eyeballed all the uses of object_initialize() > but I haven't necessarily tested them all. >=20 > Peter Maydell (2): > virtio: Remove unnecessary OBJECT casts > qom: Make object_initialize and object_initialize_with_type check > size >=20 > hw/core/qdev.c | 2 +- > hw/s390x/s390-virtio-bus.c | 12 ++++++------ > hw/s390x/virtio-ccw.c | 14 +++++++------- > hw/virtio/virtio-pci.c | 16 ++++++++-------- > include/qom/object.h | 36 ++++++++++++++++++++++++++++++++++-- > qom/object.c | 9 +++++---- > 6 files changed, 61 insertions(+), 28 deletions(-) >=20 --=20 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=FCrnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imend=F6rffer; HRB 16746 AG N=FCrnbe= rg