On 09/15/2015 07:20 AM, Markus Armbruster wrote: >>> >>> However, the patch isn't quite right: it messes up the reference >>> counting. After about SIZE_MAX visits, the reference counter >>> overflows, failing the assertion in qnull_destroy_obj(). Because >>> that's many orders of magnitude more visits of nulls than we expect, >>> we take this patch despite its flaws, to get the QMP introspection >>> stuff in without further delay. >>> >>> Naturally, we'll have to fix it for real before the release. >> >> Do we actually ever get near to SIZE_MAX visits ?
With the rest of the series, qom-get can be used to trigger this code path. Since that is under user control, a user on a 32-bit platform could spin in a stupid loop of qom-get to eventually hit the assert. Not likely to happen. >> If not, then >> it would not seem critical to fix before release, as this is >> just the generator code > > SIZE_MAX visits seem unlikely even when SIZE_MAX is only 2^32-1. It > would be fatal, though: QEMU would crash. > > I'll reword to "we'll want to fix it". Yes, that improved wording is fine. And I think we already have some idea of what the fix involves (I posted some preliminary analysis, and Markus will do the actual deep dive); it's just that holding up this series for the fix isn't the way to handle it. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
