From patchwork Fri Aug 23 13:38:56 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 269461 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 5C08D2C009F for ; Fri, 23 Aug 2013 23:54:43 +1000 (EST) Received: from localhost ([::1]:37103 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VCrp1-000378-T0 for incoming@patchwork.ozlabs.org; Fri, 23 Aug 2013 09:54:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53012) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VCroh-000367-4K for qemu-devel@nongnu.org; Fri, 23 Aug 2013 09:54:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VCrod-0005B4-Mv for qemu-devel@nongnu.org; Fri, 23 Aug 2013 09:54:19 -0400 Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:1d0::1]:59434 helo=mnementh.archaic.org.uk) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VCrod-0005AG-Cy for qemu-devel@nongnu.org; Fri, 23 Aug 2013 09:54:15 -0400 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1VCrZo-0002Ee-Lf; Fri, 23 Aug 2013 14:38:56 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 23 Aug 2013 14:38:56 +0100 Message-Id: <1377265136-8559-3-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1377265136-8559-1-git-send-email-peter.maydell@linaro.org> References: <1377265136-8559-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:8b0:1d0::1 Cc: Cornelia Huck , =?UTF-8?q?Andreas=20F=C3=A4rber?= , Alexander Graf , Anthony Liguori , patches@linaro.org Subject: [Qemu-devel] [PATCH 2/2] qom: Make object_initialize and object_initialize_with_type check size X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Replace object_initialize and object_initialize_with_type with macro wrappers which pass the size of the type pointed at by their data argument, so that we can assert that there is enough memory passed in to instantiate the object. We add _unchecked variants of each function for the special cases where the check is not desired, and change the handful of callsites that require the _unchecked variant. Signed-off-by: Peter Maydell --- hw/core/qdev.c | 2 +- include/qom/object.h | 36 ++++++++++++++++++++++++++++++++++-- qom/object.c | 9 +++++---- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/hw/core/qdev.c b/hw/core/qdev.c index 758de9f..89e4aa9 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -473,7 +473,7 @@ static void bus_unparent(Object *obj) void qbus_create_inplace(void *bus, const char *typename, DeviceState *parent, const char *name) { - object_initialize(bus, typename); + object_initialize_unchecked(bus, typename); qbus_realize(bus, parent, name); } diff --git a/include/qom/object.h b/include/qom/object.h index 9b69065..0b451c5 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -591,8 +591,24 @@ Object *object_new_with_type(Type type); * This function will initialize an object. The memory for the object should * have already been allocated. The returned object has a reference count of 1, * and will be finalized when the last reference is dropped. + * The obj pointer should be a pointer to a type whose size is sufficient + * for the object; this will be checked. */ -void object_initialize_with_type(void *data, Type type); +#define object_initialize_with_type(PTR, TYPE) \ + do_object_initialize_with_type(PTR, TYPE, sizeof(*(PTR))) + +/** + * object_initialize_with_type_unchecked: + * @obj: A pointer to the memory to be used for the object. + * @type: The type of the object to instantiate. + * + * Variant of object_initialize_with_type which does not check that the + * type which obj is a pointer to has enough space for the object. + */ +#define object_initialize_with_type_unchecked(PTR, TYPE) \ + do_object_initialize_with_type(PTR, TYPE, 0) + +void do_object_initialize_with_type(void *data, Type type, size_t datasize); /** * object_initialize: @@ -602,8 +618,24 @@ void object_initialize_with_type(void *data, Type type); * This function will initialize an object. The memory for the object should * have already been allocated. The returned object has a reference count of 1, * and will be finalized when the last reference is dropped. + * The obj pointer should be a pointer to a type whose size is sufficient + * for the object; this will be checked. */ -void object_initialize(void *obj, const char *typename); +#define object_initialize(PTR, TYPE) \ + do_object_initialize(PTR, TYPE, sizeof(*(PTR))) + +/** + * object_initialize_unchecked: + * @obj: A pointer to the memory to be used for the object. + * @typename: The name of the type of the object to instantiate. + * + * Variant of object_initialize which does not check that the + * type which obj is a pointer to has enough space for the object. + */ +#define object_initialize_unchecked(PTR, TYPE) \ + do_object_initialize(PTR, TYPE, 0) + +void do_object_initialize(void *obj, const char *typename, size_t datasize); /** * object_dynamic_cast: diff --git a/qom/object.c b/qom/object.c index 74fd241..46f0685 100644 --- a/qom/object.c +++ b/qom/object.c @@ -311,7 +311,7 @@ static void object_post_init_with_type(Object *obj, TypeImpl *ti) } } -void object_initialize_with_type(void *data, TypeImpl *type) +void do_object_initialize_with_type(void *data, TypeImpl *type, size_t datasize) { Object *obj = data; @@ -320,6 +320,7 @@ void object_initialize_with_type(void *data, TypeImpl *type) g_assert(type->instance_size >= sizeof(Object)); g_assert(type->abstract == false); + g_assert(datasize == 0 || datasize >= type->instance_size); memset(obj, 0, type->instance_size); obj->class = type->class; @@ -329,11 +330,11 @@ void object_initialize_with_type(void *data, TypeImpl *type) object_post_init_with_type(obj, type); } -void object_initialize(void *data, const char *typename) +void do_object_initialize(void *data, const char *typename, size_t datasize) { TypeImpl *type = type_get_by_name(typename); - object_initialize_with_type(data, type); + do_object_initialize_with_type(data, type, datasize); } static inline bool object_property_is_child(ObjectProperty *prop) @@ -424,7 +425,7 @@ Object *object_new_with_type(Type type) type_initialize(type); obj = g_malloc(type->instance_size); - object_initialize_with_type(obj, type); + object_initialize_with_type_unchecked(obj, type); obj->free = g_free; return obj;