Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can n

qemu-s390x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can n

From:	Philippe Mathieu-Daudé
Subject:	Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
Date:	Wed, 20 Feb 2019 12:13:25 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0

On 2/20/19 11:03 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
> <address@hidden> wrote:
>>
>> The backend should not return a negative length to read.
>> We will later change the prototype of IOCanReadHandler to return an
>> unsigned length. Meanwhile make sure the return length is positive.
>>
>> Suggested-by: Paolo Bonzini <address@hidden>
>> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> 
> In such patch, you should do extensive review of existing callbacks,
> or find a convincing argument that this can't break.

Argh I missed that.

> The problem is there are a lot of can_read callbacks, and it's not
> trivial. The *first* of git-grep is rng_egd_chr_can_read()
> 
>  57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
>  58         size += req->size - req->offset;
>  59     }
>  60
>  61     return size;
> 
> Clearly not obvious if it returns >= 0.
> 
> Another approach is to look at the caller and the return value
> handling. If none handle negative values (or would have wrong
> behaviour with negative values), the assert() is perhaps justified, as
> it could prevent from doing more harm.

I'll go and audit all of them.

Thanks for the review!

Phil.

>> ---
>>  chardev/char.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/chardev/char.c b/chardev/char.c
>> index f6d61fa5f8..71ecd32b25 100644
>> --- a/chardev/char.c
>> +++ b/chardev/char.c
>> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, int 
>> len, bool write_all)
>>  int qemu_chr_be_can_write(Chardev *s)
>>  {
>>      CharBackend *be = s->be;
>> +    int receivable_bytes;
>>
>>      if (!be || !be->chr_can_read) {
>>          return 0;
>>      }
>>
>> -    return be->chr_can_read(be->opaque);
>> +    receivable_bytes = be->chr_can_read(be->opaque);
>> +    assert(receivable_bytes >= 0);
>> +    return receivable_bytes;
>>  }
>>
>>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
>> --
>> 2.20.1
>>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [qemu-s390x] [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument, (continued)
- [qemu-s390x] [PATCH v3 08/25] ui/gtk: Remove pointless cast, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 08/25] ui/gtk: Remove pointless cast, Gerd Hoffmann, 2019/02/20
- [qemu-s390x] [PATCH v3 05/25] gdbstub: Use size_t for strlen() return value, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 05/25] gdbstub: Use size_t for strlen() return value, Marc-André Lureau, 2019/02/20
- [qemu-s390x] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value, Gerd Hoffmann, 2019/02/20
  - Re: [qemu-s390x] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value, Marc-André Lureau, 2019/02/20
- [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative, Marc-André Lureau, 2019/02/20
    - Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative, Philippe Mathieu-Daudé <=
    - Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative, Philippe Mathieu-Daudé, 2019/02/21
- [qemu-s390x] [PATCH v3 01/25] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 01/25] chardev: Simplify IOWatchPoll::fd_can_read as a GSourceFunc, Marc-André Lureau, 2019/02/20
- [qemu-s390x] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types, Marc-André Lureau, 2019/02/20
    - Re: [qemu-s390x] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types, Philippe Mathieu-Daudé, 2019/02/20
    - Re: [qemu-s390x] [PATCH v3 04/25] chardev: Let qemu_chr_be_can_write() return a size_t types, Marc-André Lureau, 2019/02/20
- [qemu-s390x] [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays, Philippe Mathieu-Daudé, 2019/02/19
  - Re: [qemu-s390x] [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays, Cornelia Huck, 2019/02/20
    - Re: [qemu-s390x] [PATCH v3 19/25] s390/ebcdic: Use size_t to iterate over arrays, Philippe Mathieu-Daudé, 2019/02/20

Prev by Date: Re: [qemu-s390x] [PATCH v3 11/25] xen: Let xencons_send() take a 'size' argument
Next by Date: Re: [qemu-s390x] [PATCH v3 12/25] xen: Let buffer_append() return the size consumed
Previous by thread: Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
Next by thread: Re: [qemu-s390x] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
Index(es):
- Date
- Thread