| Message ID | 1349878805-16352-2-git-send-email-coreyb@linux.vnet.ibm.com |
|---|---|
| State | New |
| Headers | show |
On 10/10/2012 08:20 AM, Corey Bryant wrote: > The first call to add an fd to an fd set was previously not > allowed to choose the fd set ID. The ID was generated as > the first available and ensuing calls could add more fds by > specifying the fd set ID. This change allows users to > choose the fd set ID on the first call. Unfortunately, it now allows the user to choose arbitrary integer set ids with large gaps, where previously, the user could only influence set ids by populating all intermediate ids. That is, before this patch, a user would have to create 1000000 sets to have an id of 1000000 (if they didn't run out of memory first on all the earlier sets), but now they can have an id that large with just one set. Or, taken further, previously, a user request of -9223372036854775808 would likely fail (if not, how beefy is your machine?), but now it can succeed and cause confusion because of integer wraparound. Arbitrary set ids is not necessarily bad, but I think you need to add bounds-checking on the user's requested fdset_id to make sure it is positive.
On 10/10/2012 05:49 PM, Eric Blake wrote: > On 10/10/2012 08:20 AM, Corey Bryant wrote: >> The first call to add an fd to an fd set was previously not >> allowed to choose the fd set ID. The ID was generated as >> the first available and ensuing calls could add more fds by >> specifying the fd set ID. This change allows users to >> choose the fd set ID on the first call. > > Unfortunately, it now allows the user to choose arbitrary integer set > ids with large gaps, where previously, the user could only influence set > ids by populating all intermediate ids. That is, before this patch, a > user would have to create 1000000 sets to have an id of 1000000 (if they > didn't run out of memory first on all the earlier sets), but now they > can have an id that large with just one set. Or, taken further, > previously, a user request of -9223372036854775808 would likely fail (if > not, how beefy is your machine?), but now it can succeed and cause > confusion because of integer wraparound. Arbitrary set ids is not > necessarily bad, but I think you need to add bounds-checking on the > user's requested fdset_id to make sure it is positive. > I agree. I'll add some set ID bounds checking in v3.
diff --git a/monitor.c b/monitor.c index a0e3ffb..e53e733 100644 --- a/monitor.c +++ b/monitor.c @@ -2141,7 +2141,7 @@ AddfdInfo *qmp_add_fd(bool has_fdset_id, int64_t fdset_id, bool has_opaque, { int fd; Monitor *mon = cur_mon; - MonFdset *mon_fdset; + MonFdset *mon_fdset = NULL; MonFdsetFd *mon_fdset_fd; AddfdInfo *fdinfo; @@ -2157,27 +2157,38 @@ AddfdInfo *qmp_add_fd(bool has_fdset_id, int64_t fdset_id, bool has_opaque, break; } } - if (mon_fdset == NULL) { - error_set(errp, QERR_INVALID_PARAMETER_VALUE, "fdset-id", - "an existing fdset-id"); - goto error; - } - } else { + } + + if (mon_fdset == NULL) { int64_t fdset_id_prev = -1; MonFdset *mon_fdset_cur = QLIST_FIRST(&mon_fdsets); - /* Use first available fdset ID */ - QLIST_FOREACH(mon_fdset, &mon_fdsets, next) { - mon_fdset_cur = mon_fdset; - if (fdset_id_prev == mon_fdset_cur->id - 1) { - fdset_id_prev = mon_fdset_cur->id; - continue; + if (has_fdset_id) { + /* Use specified fdset ID */ + QLIST_FOREACH(mon_fdset, &mon_fdsets, next) { + mon_fdset_cur = mon_fdset; + if (fdset_id < mon_fdset_cur->id) { + break; + } + } + } else { + /* Use first available fdset ID */ + QLIST_FOREACH(mon_fdset, &mon_fdsets, next) { + mon_fdset_cur = mon_fdset; + if (fdset_id_prev == mon_fdset_cur->id - 1) { + fdset_id_prev = mon_fdset_cur->id; + continue; + } + break; } - break; } mon_fdset = g_malloc0(sizeof(*mon_fdset)); - mon_fdset->id = fdset_id_prev + 1; + if (has_fdset_id) { + mon_fdset->id = fdset_id; + } else { + mon_fdset->id = fdset_id_prev + 1; + } /* The fdset list is ordered by fdset ID */ if (mon_fdset->id == 0) { diff --git a/qapi-schema.json b/qapi-schema.json index f9dbdae..06a7aa2 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -2611,7 +2611,6 @@ # # Returns: @AddfdInfo on success # If file descriptor was not received, FdNotSupplied -# If @fdset-id does not exist, InvalidParameterValue # # Notes: The list of fd sets is shared by all monitor connections. #
The first call to add an fd to an fd set was previously not allowed to choose the fd set ID. The ID was generated as the first available and ensuing calls could add more fds by specifying the fd set ID. This change allows users to choose the fd set ID on the first call. Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com> --- v2: -This patch is new in v2 monitor.c | 41 ++++++++++++++++++++++++++--------------- qapi-schema.json | 1 - 2 files changed, 26 insertions(+), 16 deletions(-)