From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Daniele Buono <dbuono@linux.vnet.ibm.com>,
Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH-for-5.2? v3 3/9] hw/usb: reorder fields in UASStatus
Date: Mon, 18 Jan 2021 12:38:17 +0100 [thread overview]
Message-ID: <9675d8c2-9913-3bc7-2b53-9ed3413fbd23@redhat.com> (raw)
In-Reply-To: <afff8e95-ac1f-552a-c8b3-ff008947bf98@linux.vnet.ibm.com>
On 11/19/20 5:16 PM, Daniele Buono wrote:
> Hi Philippe,
>
> On 11/6/2020 9:28 AM, Philippe Mathieu-Daudé wrote:
>> On 11/5/20 11:18 PM, Daniele Buono wrote:
>>> The UASStatus data structure has a variable sized field inside of
>>> type uas_iu,
>>> that however is not placed at the end of the data structure.
>>>
>>> This placement triggers a warning with clang 11, and while not a bug
>>> right now,
>>> (the status is never a uas_iu_command, which is the variable-sized
>>> case),
>>> it could become one in the future.
>>
>> The problem is uas_iu_command::add_cdb, indeed.
>>
>>>
>>> ../qemu-base/hw/usb/dev-uas.c:157:31: error: field 'status' with
>>> variable sized type 'uas_iu' not at the end of a struct or class is a
>>> GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
>>
>> If possible remove the "../qemu-base/" as it does not provide
>> any useful information.
>>
> Sure, will do at the next cycle
>>> uas_iu status;
>>> ^
>>> 1 error generated.
>>>
>>> Fix this by moving uas_iu at the end of the struct
>>
>> Your patch silents the warning, but the problem is the same.
>> It would be safer/cleaner to make 'status' a pointer on the heap IMO.
>
> I'm thinking of moving 'status' in a pointer with the following code
> changes:
>
> UASStatus is allocated in `usb_uas_alloc_status`, which currently does
> not take a type or size for the union field. I'm thinking of adding
> requested size for the status, like this:
>
> static UASStatus *usb_uas_alloc_status(UASDevice *uas, uint8_t id,
> uint16_t tag, size_t size);
>
> and the common call would be
> usb_uas_alloc_status([...],sizeof(uas_iu));
>
> Also we'd need a double free when the object is freed. Right now
> it's handled in the code when the object is not used anymore with a
> `g_free(st);`.
> I'd have to replace it with
> `g_free(st->status); g_free(st);`. Would you suggest doing it place
> or by adding a usb_uas_dealloc_status() function?
>
> ---
>
> However, I am confused by the use of that variable-lenght field.
> I'm looking at what seems the only place where a command is
> parsed, in `usb_uas_handle_data`.
>
> uas_iu iu;
> [...]
> switch (p->ep->nr) {
> case UAS_PIPE_ID_COMMAND:
> length = MIN(sizeof(iu), p->iov.size);
> usb_packet_copy(p, &iu, length);
> [...]
> break;
> [...]
>
> It would seem that the copy is limited to at most sizeof(uas_iu),
> so even if we had anything in add_cdb[], that wouldn't be copied
> here?
>
> Is this intended?
Gerd, do you know?
next prev parent reply other threads:[~2021-01-18 11:40 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-05 22:18 [PATCH v3 0/9] Add support for Control-Flow Integrity Daniele Buono
2020-11-05 22:18 ` [PATCH v3 1/9] fuzz: Make fork_fuzz.ld compatible with LLVM's LLD Daniele Buono
2020-11-06 14:50 ` Alexander Bulekov
2020-11-19 22:06 ` Daniele Buono
2020-12-13 2:51 ` Alexander Bulekov
2020-11-05 22:18 ` [PATCH v3 2/9] s390x: fix clang 11 warnings in cpu_models.c Daniele Buono
2020-11-09 11:12 ` Cornelia Huck
2020-11-05 22:18 ` [PATCH v3 3/9] hw/usb: reorder fields in UASStatus Daniele Buono
2020-11-06 14:28 ` [PATCH-for-5.2? " Philippe Mathieu-Daudé
2020-11-19 16:16 ` Daniele Buono
2021-01-14 8:17 ` Marc-André Lureau
2021-01-14 19:33 ` Daniele Buono
2021-01-18 11:38 ` Philippe Mathieu-Daudé [this message]
2021-01-18 16:09 ` Gerd Hoffmann
2020-11-05 22:19 ` [PATCH v3 4/9] s390x: Avoid variable size warning in ipl.h Daniele Buono
2020-11-09 11:14 ` Cornelia Huck
2020-11-05 22:19 ` [PATCH v3 5/9] scsi: fix overflow in scsi_disk_new_request_dump Daniele Buono
2020-11-06 14:32 ` [PATCH-for-5.2? " Philippe Mathieu-Daudé
2020-11-06 14:43 ` Philippe Mathieu-Daudé
2020-11-09 13:26 ` Philippe Mathieu-Daudé
2020-11-19 16:44 ` Daniele Buono
2020-11-05 22:19 ` [PATCH v3 6/9] configure,meson: add option to enable LTO Daniele Buono
2020-11-05 22:19 ` [PATCH v3 7/9] cfi: Initial support for cfi-icall in QEMU Daniele Buono
2020-11-05 22:19 ` [PATCH v3 8/9] check-block: enable iotests with cfi-icall Daniele Buono
2020-11-05 22:19 ` [PATCH v3 9/9] configure,meson: support Control-Flow Integrity Daniele Buono
2020-11-06 12:47 ` [PATCH v3 0/9] Add support for " Cornelia Huck
2020-11-06 13:35 ` Daniele Buono
2020-11-06 14:58 ` Alexander Bulekov
2020-11-19 21:58 ` Daniele Buono
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9675d8c2-9913-3bc7-2b53-9ed3413fbd23@redhat.com \
--to=philmd@redhat.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=kraxel@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).