[1/9] hw/usb/redirect.c: Stop using qemu_oom_check()

Message ID	20220226180723.1706285-2-peter.maydell@linaro.org
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Peter Maydell <peter.maydell@linaro.org> To: qemu-devel@nongnu.org Subject: [PATCH 1/9] hw/usb/redirect.c: Stop using qemu_oom_check() Date: Sat, 26 Feb 2022 18:07:15 +0000 Message-Id: <20220226180723.1706285-2-peter.maydell@linaro.org> In-Reply-To: <20220226180723.1706285-1-peter.maydell@linaro.org> References: <20220226180723.1706285-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::431; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x431.google.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action Precedence: list Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-block@nongnu.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Series	Cleanup of qemu_oom_check() and qemu_memalign() \| expand [0/9] Cleanup of qemu_oom_check() and qemu_memalign() [1/9] hw/usb/redirect.c: Stop using qemu_oom_check() [2/9] util: Make qemu_oom_check() a static function [3/9] util: Unify implementations of qemu_memalign() [4/9] util/oslib-win32: Return NULL on qemu_try_memalign() with zero size [5/9] meson.build: Don't misdetect posix_memalign() on Windows [6/9] util: Share qemu_try_memalign() implementation between POSIX and Windows [7/9] util: Use meson checks for valloc() and memalign() presence [8/9] util: Put qemu_vfree() in memalign.c [9/9] osdep: Move memalign-related functions to their own header

Peter Maydell Feb. 26, 2022, 6:07 p.m. UTC

qemu_oom_check() is a function which essentially says "if you pass me
a NULL pointer then print a message then abort()".  On POSIX systems
the message includes strerror(errno); on Windows it includes the
GetLastError() error value printed as an integer.

Other than in the implementation of qemu_memalign(), we use this
function only in hw/usb/redirect.c, for three checks:

 * on a call to usbredirparser_create()
 * on a call to usberedirparser_serialize()
 * on a call to malloc()

The usbredir library API functions make no guarantees that they will
set errno on errors, let alone that they might set the
Windows-specific GetLastError string.  malloc() is documented as
setting errno, not GetLastError -- and in any case the only thing it
might set errno to is ENOMEM.  So qemu_oom_check() isn't the right
thing for any of these.  Replace them with straightforward
error-checking code.  This will allow us to get rid of
qemu_oom_check().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
I have left all of these errors as fatal, since that's what they
were previously. Possibly somebody with a better understanding
of the usbredir code might be able to make them theoretically
non-fatal, but we make malloc failures generally fatal anyway.
---
 hw/usb/redirect.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

Peter Maydell Feb. 26, 2022, 6:41 p.m. UTC | #1

On Sat, 26 Feb 2022 at 18:07, Peter Maydell <peter.maydell@linaro.org> wrote:

Forgot to cc Gerd on this one as USB maintainer. Sorry..

> qemu_oom_check() is a function which essentially says "if you pass me
> a NULL pointer then print a message then abort()".  On POSIX systems
> the message includes strerror(errno); on Windows it includes the
> GetLastError() error value printed as an integer.
>
> Other than in the implementation of qemu_memalign(), we use this
> function only in hw/usb/redirect.c, for three checks:
>
>  * on a call to usbredirparser_create()
>  * on a call to usberedirparser_serialize()
>  * on a call to malloc()
>
> The usbredir library API functions make no guarantees that they will
> set errno on errors, let alone that they might set the
> Windows-specific GetLastError string.  malloc() is documented as
> setting errno, not GetLastError -- and in any case the only thing it
> might set errno to is ENOMEM.  So qemu_oom_check() isn't the right
> thing for any of these.  Replace them with straightforward
> error-checking code.  This will allow us to get rid of
> qemu_oom_check().
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> I have left all of these errors as fatal, since that's what they
> were previously. Possibly somebody with a better understanding
> of the usbredir code might be able to make them theoretically
> non-fatal, but we make malloc failures generally fatal anyway.
> ---
>  hw/usb/redirect.c | 17 ++++++++++++++---
>  1 file changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
> index 5f0ef9cb3b0..8692ea25610 100644
> --- a/hw/usb/redirect.c
> +++ b/hw/usb/redirect.c
> @@ -1239,7 +1239,11 @@ static void usbredir_create_parser(USBRedirDevice *dev)
>
>      DPRINTF("creating usbredirparser\n");
>
> -    dev->parser = qemu_oom_check(usbredirparser_create());
> +    dev->parser = usbredirparser_create();
> +    if (!dev->parser) {
> +        error_report("usbredirparser_create() failed");
> +        exit(1);
> +    }
>      dev->parser->priv = dev;
>      dev->parser->log_func = usbredir_log;
>      dev->parser->read_func = usbredir_read;
> @@ -2239,7 +2243,10 @@ static int usbredir_put_parser(QEMUFile *f, void *priv, size_t unused,
>      }
>
>      usbredirparser_serialize(dev->parser, &data, &len);
> -    qemu_oom_check(data);
> +    if (!data) {
> +        error_report("usbredirparser_serialize failed");
> +        exit(1);
> +    }
>
>      qemu_put_be32(f, len);
>      qemu_put_buffer(f, data, len);
> @@ -2330,7 +2337,11 @@ static int usbredir_get_bufpq(QEMUFile *f, void *priv, size_t unused,
>          bufp->len = qemu_get_be32(f);
>          bufp->status = qemu_get_be32(f);
>          bufp->offset = 0;
> -        bufp->data = qemu_oom_check(malloc(bufp->len)); /* regular malloc! */
> +        bufp->data = malloc(bufp->len); /* regular malloc! */
> +        if (!bufp->data) {
> +            error_report("usbredir_get_bufpq: out of memory");
> +            exit(1);
> +        }
>          bufp->free_on_destroy = bufp->data;
>          qemu_get_buffer(f, bufp->data, bufp->len);
>          QTAILQ_INSERT_TAIL(&endp->bufpq, bufp, next);
> --
> 2.25.1

Richard Henderson Feb. 27, 2022, 12:26 a.m. UTC | #2

On 2/26/22 08:07, Peter Maydell wrote:
> qemu_oom_check() is a function which essentially says "if you pass me
> a NULL pointer then print a message then abort()".  On POSIX systems
> the message includes strerror(errno); on Windows it includes the
> GetLastError() error value printed as an integer.
> 
> Other than in the implementation of qemu_memalign(), we use this
> function only in hw/usb/redirect.c, for three checks:
> 
>   * on a call to usbredirparser_create()
>   * on a call to usberedirparser_serialize()
>   * on a call to malloc()
> 
> The usbredir library API functions make no guarantees that they will
> set errno on errors, let alone that they might set the
> Windows-specific GetLastError string.  malloc() is documented as
> setting errno, not GetLastError -- and in any case the only thing it
> might set errno to is ENOMEM.  So qemu_oom_check() isn't the right
> thing for any of these.  Replace them with straightforward
> error-checking code.  This will allow us to get rid of
> qemu_oom_check().
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
> I have left all of these errors as fatal, since that's what they
> were previously. Possibly somebody with a better understanding
> of the usbredir code might be able to make them theoretically
> non-fatal, but we make malloc failures generally fatal anyway.
> ---
>   hw/usb/redirect.c | 17 ++++++++++++++---
>   1 file changed, 14 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Philippe Mathieu-Daudé March 1, 2022, midnight UTC | #3

On 26/2/22 19:07, Peter Maydell wrote:
> qemu_oom_check() is a function which essentially says "if you pass me
> a NULL pointer then print a message then abort()".  On POSIX systems
> the message includes strerror(errno); on Windows it includes the
> GetLastError() error value printed as an integer.
> 
> Other than in the implementation of qemu_memalign(), we use this
> function only in hw/usb/redirect.c, for three checks:
> 
>   * on a call to usbredirparser_create()
>   * on a call to usberedirparser_serialize()
>   * on a call to malloc()
> 
> The usbredir library API functions make no guarantees that they will
> set errno on errors, let alone that they might set the
> Windows-specific GetLastError string.  malloc() is documented as
> setting errno, not GetLastError -- and in any case the only thing it
> might set errno to is ENOMEM.  So qemu_oom_check() isn't the right
> thing for any of these.  Replace them with straightforward
> error-checking code.  This will allow us to get rid of
> qemu_oom_check().
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> I have left all of these errors as fatal, since that's what they
> were previously. Possibly somebody with a better understanding
> of the usbredir code might be able to make them theoretically
> non-fatal, but we make malloc failures generally fatal anyway.
> ---
>   hw/usb/redirect.c | 17 ++++++++++++++---
>   1 file changed, 14 insertions(+), 3 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Eric Blake March 2, 2022, 4:30 p.m. UTC | #4

On Sat, Feb 26, 2022 at 06:07:15PM +0000, Peter Maydell wrote:
> qemu_oom_check() is a function which essentially says "if you pass me
> a NULL pointer then print a message then abort()".  On POSIX systems
> the message includes strerror(errno); on Windows it includes the
> GetLastError() error value printed as an integer.
> 
> Other than in the implementation of qemu_memalign(), we use this
> function only in hw/usb/redirect.c, for three checks:
> 
>  * on a call to usbredirparser_create()
>  * on a call to usberedirparser_serialize()
>  * on a call to malloc()
> 
> The usbredir library API functions make no guarantees that they will
> set errno on errors, let alone that they might set the
> Windows-specific GetLastError string.  malloc() is documented as
> setting errno, not GetLastError -- and in any case the only thing it
> might set errno to is ENOMEM.  So qemu_oom_check() isn't the right
> thing for any of these.  Replace them with straightforward
> error-checking code.  This will allow us to get rid of
> qemu_oom_check().
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> I have left all of these errors as fatal, since that's what they
> were previously. Possibly somebody with a better understanding
> of the usbredir code might be able to make them theoretically
> non-fatal, but we make malloc failures generally fatal anyway.
> ---
>  hw/usb/redirect.c | 17 ++++++++++++++---
>  1 file changed, 14 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
> index 5f0ef9cb3b0..8692ea25610 100644
> --- a/hw/usb/redirect.c
> +++ b/hw/usb/redirect.c
> @@ -1239,7 +1239,11 @@ static void usbredir_create_parser(USBRedirDevice *dev)
>  
>      DPRINTF("creating usbredirparser\n");
>  
> -    dev->parser = qemu_oom_check(usbredirparser_create());
> +    dev->parser = usbredirparser_create();
> +    if (!dev->parser) {
> +        error_report("usbredirparser_create() failed");
> +        exit(1);

Is exit(EXIT_FAILURE) worth using in this file?  We have an
inconsistent history of a magic number vs. a named constant, so either
way,

Reviewed-by: Eric Blake <eblake@redhat.com>

Peter Maydell March 2, 2022, 5:03 p.m. UTC | #5

On Wed, 2 Mar 2022 at 16:31, Eric Blake <eblake@redhat.com> wrote:
> Is exit(EXIT_FAILURE) worth using in this file?  We have an
> inconsistent history of a magic number vs. a named constant, so either
> way,

I'm not a huge fan of EXIT_FAILURE, I think it tends to
obscure more than it helps. We have rather more 'exit(1)'
than 'exit(EXIT_FAILURE)' in the codebase.

-- PMM

[1/9] hw/usb/redirect.c: Stop using qemu_oom_check()

Commit Message

Comments

Patch