From patchwork Thu Nov 26 00:23:17 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Blake X-Patchwork-Id: 548877 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id E0E8E1402A9 for ; Thu, 26 Nov 2015 11:32:06 +1100 (AEDT) Received: from localhost ([::1]:48491 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1kTk-0006Z1-TK for incoming@patchwork.ozlabs.org; Wed, 25 Nov 2015 19:32:04 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58688) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1kLa-0007Hv-5h for qemu-devel@nongnu.org; Wed, 25 Nov 2015 19:23:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a1kLY-0005w1-9g for qemu-devel@nongnu.org; Wed, 25 Nov 2015 19:23:38 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41842) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1kLX-0005vq-R2 for qemu-devel@nongnu.org; Wed, 25 Nov 2015 19:23:36 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 72AFBC0D2221; Thu, 26 Nov 2015 00:23:35 +0000 (UTC) Received: from red.redhat.com ([10.3.113.12]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id tAQ0NOdh020886; Wed, 25 Nov 2015 19:23:35 -0500 From: Eric Blake To: qemu-devel@nongnu.org Date: Wed, 25 Nov 2015 17:23:17 -0700 Message-Id: <1448497401-27784-21-git-send-email-eblake@redhat.com> In-Reply-To: <1448497401-27784-1-git-send-email-eblake@redhat.com> References: <1448497401-27784-1-git-send-email-eblake@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: armbru@redhat.com, Michael Roth Subject: [Qemu-devel] [PATCH v6 20/23] qapi: Rework deallocation of partial struct X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Commit cee2dedb noticed that if you have a partial flat union (such as if an input parse failed due to a missing discriminator), calling the dealloc visitor could result in trying to dereference the NULL pointer. But the fix it proposed requires the use of a 'data' member in the union, which may or may not be the same size as other branches of the union (consider a 32-bit platform where one of the branches is an int64), so it feels fairly dirty. A better fix is to tweak all of the generated visit_type_implicit_FOO() functions to avoid dereferencing NULL in the first place, by not visiting the fields if the struct pointer itself is not present, at which point we no longer even need visit_start_union(). And no one was implementing visit_end_union() callbacks. While rewriting the code, use patterns that are closer to what is used elsewhere in the generated visitors, by using 'goto' to cleanup labels rather than putting followup code under 'if' conditions. The change keeps the contract that any successful use of visit_start_implicit_struct() will be paired with a matching visit_end_implicit_struct(), even if intermediate processing is skipped. As an example of the changes to generated code: |@@ -1331,10 +1331,16 @@ static void visit_type_implicit_Blockdev | Error *err = NULL; | | visit_start_implicit_struct(v, (void **)obj, sizeof(BlockdevOptionsArchipelago), &err); |- if (!err) { |- visit_type_BlockdevOptionsArchipelago_fields(v, obj, errp); |- visit_end_implicit_struct(v); |+ if (err) { |+ goto out; |+ } |+ if (obj && !*obj) { |+ goto out_obj; | } |+ visit_type_BlockdevOptionsArchipelago_fields(v, obj, &err); |+out_obj: |+ visit_end_implicit_struct(v); |+out: | error_propagate(errp, err); | } ... |@@ -1479,9 +1539,6 @@ void visit_type_BlockdevOptions(Visitor | if (err) { | goto out_obj; | } |- if (!visit_start_union(v, !!(*obj)->u.data, &err) || err) { |- goto out_obj; |- } | switch ((*obj)->driver) { | case BLOCKDEV_DRIVER_ARCHIPELAGO: | visit_type_implicit_BlockdevOptionsArchipelago(v, &(*obj)->u.archipelago, &err); |@@ -1570,11 +1627,6 @@ void visit_type_BlockdevOptions(Visitor | out_obj: | error_propagate(errp, err); | err = NULL; |- if (*obj) { |- visit_end_union(v, !!(*obj)->u.data, &err); |- } |- error_propagate(errp, err); |- err = NULL; | visit_end_struct(v, &err); Signed-off-by: Eric Blake --- v6: rebase due to deferring 7/46, and gen_err_check() improvements; rewrite gen_visit_implicit_struct() more like other patterns --- include/qapi/visitor-impl.h | 5 ----- include/qapi/visitor.h | 12 ------------ qapi/qapi-dealloc-visitor.c | 26 -------------------------- qapi/qapi-visit-core.c | 15 --------------- scripts/qapi-visit.py | 25 +++++++++---------------- 5 files changed, 9 insertions(+), 74 deletions(-) diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h index 36984a7..018f419 100644 --- a/include/qapi/visitor-impl.h +++ b/include/qapi/visitor-impl.h @@ -78,11 +78,6 @@ struct Visitor /* May be NULL; most useful for input visitors. */ void (*optional)(Visitor *v, bool *present, const char *name); - - /* FIXME - needs to be removed */ - bool (*start_union)(Visitor *v, bool data_present, Error **errp); - /* FIXME - needs to be removed */ - void (*end_union)(Visitor *v, bool data_present, Error **errp); }; /** diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h index b4ed469..cc1ff6d 100644 --- a/include/qapi/visitor.h +++ b/include/qapi/visitor.h @@ -236,16 +236,4 @@ void visit_type_number(Visitor *v, double *obj, const char *name, */ void visit_type_any(Visitor *v, QObject **obj, const char *name, Error **errp); -/** - * Mark the start of visiting the branches of a union. Return true if - * @data_present. - * FIXME: Should not be needed - */ -bool visit_start_union(Visitor *v, bool data_present, Error **errp); -/** - * Mark the end of union branches, after visit_start_union(). - * FIXME: Should not be needed - */ -void visit_end_union(Visitor *v, bool data_present, Error **errp); - #endif diff --git a/qapi/qapi-dealloc-visitor.c b/qapi/qapi-dealloc-visitor.c index 8246070..8b489a4 100644 --- a/qapi/qapi-dealloc-visitor.c +++ b/qapi/qapi-dealloc-visitor.c @@ -171,31 +171,6 @@ static void qapi_dealloc_type_enum(Visitor *v, int *obj, { } -/* If there's no data present, the dealloc visitor has nothing to free. - * Thus, indicate to visitor code that the subsequent union fields can - * be skipped. This is not an error condition, since the cleanup of the - * rest of an object can continue unhindered, so leave errp unset in - * these cases. - * - * NOTE: In cases where we're attempting to deallocate an object that - * may have missing fields, the field indicating the union type may - * be missing. In such a case, it's possible we don't have enough - * information to differentiate data_present == false from a case where - * data *is* present but happens to be a scalar with a value of 0. - * This is okay, since in the case of the dealloc visitor there's no - * work that needs to done in either situation. - * - * The current inability in QAPI code to more thoroughly verify a union - * type in such cases will likely need to be addressed if we wish to - * implement this interface for other types of visitors in the future, - * however. - */ -static bool qapi_dealloc_start_union(Visitor *v, bool data_present, - Error **errp) -{ - return data_present; -} - Visitor *qapi_dealloc_get_visitor(QapiDeallocVisitor *v) { return &v->visitor; @@ -226,7 +201,6 @@ QapiDeallocVisitor *qapi_dealloc_visitor_new(void) v->visitor.type_str = qapi_dealloc_type_str; v->visitor.type_number = qapi_dealloc_type_number; v->visitor.type_any = qapi_dealloc_type_anything; - v->visitor.start_union = qapi_dealloc_start_union; QTAILQ_INIT(&v->stack); diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c index 477d73a..a193a04 100644 --- a/qapi/qapi-visit-core.c +++ b/qapi/qapi-visit-core.c @@ -58,21 +58,6 @@ void visit_end_list(Visitor *v) v->end_list(v); } -bool visit_start_union(Visitor *v, bool data_present, Error **errp) -{ - if (v->start_union) { - return v->start_union(v, data_present, errp); - } - return true; -} - -void visit_end_union(Visitor *v, bool data_present, Error **errp) -{ - if (v->end_union) { - v->end_union(v, data_present, errp); - } -} - bool visit_optional(Visitor *v, bool *present, const char *name) { if (v->optional) { diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py index f22ebeb..43233d6 100644 --- a/scripts/qapi-visit.py +++ b/scripts/qapi-visit.py @@ -60,10 +60,16 @@ static void visit_type_implicit_%(c_type)s(Visitor *v, %(c_type)s **obj, Error * Error *err = NULL; visit_start_implicit_struct(v, (void **)obj, sizeof(%(c_type)s), &err); - if (!err) { - visit_type_%(c_type)s_fields(v, obj, errp); - visit_end_implicit_struct(v); + if (err) { + goto out; } + if (obj && !*obj) { + goto out_obj; + } + visit_type_%(c_type)s_fields(v, obj, &err); +out_obj: + visit_end_implicit_struct(v); +out: error_propagate(errp, err); } ''', @@ -254,9 +260,6 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, const char *name, Error if variants: ret += mcgen(''' - if (!visit_start_union(v, !!(*obj)->u.data, &err) || err) { - goto out_obj; - } switch ((*obj)->%(c_name)s) { ''', c_name=c_name(variants.tag_member.name)) @@ -293,16 +296,6 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, const char *name, Error ret += mcgen(''' out_obj: -''') - if variants: - ret += mcgen(''' - error_propagate(errp, err); - err = NULL; - if (*obj) { - visit_end_union(v, !!(*obj)->u.data, &err); - } -''') - ret += mcgen(''' error_propagate(errp, err); err = NULL; visit_end_struct(v, &err);