Re: [PATCH] semihosting/uaccess.c: Replaced a malloc call with g_malloc.

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Richard Henderson <richard.henderson@linaro.org>,
	dinglimin@cmss.chinamobile.com, Michael Tokarev <mjt@tls.msk.ru>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [PATCH] semihosting/uaccess.c: Replaced a malloc call with g_malloc.
Date: Thu, 27 Jul 2023 16:04:52 +0100	[thread overview]
Message-ID: <ZMKHlCHA+5IWd9EE@redhat.com> (raw)
In-Reply-To: <CAFEAcA-4qzq7hivk-vuZMfxOaMXU7zusATtotiashNqrSbupSg@mail.gmail.com>

On Thu, Jul 27, 2023 at 03:56:23PM +0100, Peter Maydell wrote:
> On Wed, 26 Jul 2023 at 16:21, Richard Henderson
> <richard.henderson@linaro.org> wrote:
> >
> > On 7/26/23 02:43, Peter Maydell wrote:
> > > (Something went wrong with the quoting in your email. I've
> > > fixed it up.)
> > >
> > > On Wed, 26 Jul 2023 at 05:38, <dinglimin@cmss.chinamobile.com> wrote:
> > >> Peter Maydell wrote:
> > >>> The third part here, is that g_malloc() does not ever
> > >>> fail -- it will abort() on out of memory. However
> > >>> the code here is still handling g_malloc() returning NULL.
> > >>> The equivalent for "we expect this might fail" (which we want
> > >>> here, because the guest is passing us the length of memory
> > >>> to try to allocate) is g_try_malloc().
> > >
> > >> g_malloc() is preferred more than g_try_* functions, which return NULL on error,
> > >> when the size of the requested allocation  is small.
> > >> This is because allocating few bytes should not be a problem in a healthy system.
> > >
> > > This is true. But in this particular case we cannot be sure
> > > that the size of the allocation is small, because the size
> > > is controlled by the guest. So we want g_try_malloc().
> >
> > And why do we want to use g_try_malloc instead of just sticking with malloc?
> 
> The only real reason is just consistency

I think it is slightly stronger than that.

By using g_try_malloc we make it explicit that this scenario is
expecting the allocation to fail and needs to handle that.

If we use plain 'malloc' it isn't clear whether we genuinely expect
the allocation to fail, or someone just blindly checked malloc
return value out of habit, because they didn't realize QEMU wants
abort-on-OOM behaviour most of the time.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

next prev parent reply	other threads:[~2023-07-27 15:12 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-25  8:06 [PATCH] semihosting/uaccess.c: Replaced a malloc call with g_malloc dinglimin
2023-07-25  8:13 ` Michael Tokarev
2023-07-25  9:00 ` dinglimin
2023-07-25  9:13   ` Michael Tokarev
2023-07-25  9:35     ` Peter Maydell
2023-07-26  4:37       ` 回复: " dinglimin
2023-07-26  9:43         ` Peter Maydell
2023-07-26 15:21           ` Richard Henderson
2023-07-27 14:56             ` Peter Maydell
2023-07-27 15:04               ` Daniel P. Berrangé [this message]
2023-07-27 16:31                 ` Richard Henderson
2023-07-28  5:12                   ` dinglimin
2023-07-28  9:35                     ` Peter Maydell
2023-07-28 10:50                       ` dinglimin
2023-07-28 11:27                         ` Peter Maydell
2023-07-28 12:16               ` Peter Maydell
2023-07-26  7:07       ` dinglimin
2023-07-25 10:57   ` dinglimin
  -- strict thread matches above, loose matches on Subject: below --
2024-02-26  9:06 dinglimin
2024-02-26  9:48 ` Philippe Mathieu-Daudé
2024-02-26 10:03   ` Daniel P. Berrangé
2024-02-26 10:16   ` Peter Maydell
2024-02-26 10:02 ` Zhao Liu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZMKHlCHA+5IWd9EE@redhat.com \
    --to=berrange@redhat.com \
    --cc=dinglimin@cmss.chinamobile.com \
    --cc=mjt@tls.msk.ru \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).