From patchwork Tue Nov 9 13:05:30 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael S. Tsirkin" X-Patchwork-Id: 70541 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 5F176B7123 for ; Wed, 10 Nov 2010 00:07:11 +1100 (EST) Received: from localhost ([127.0.0.1]:56343 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PFnul-00087k-GE for incoming@patchwork.ozlabs.org; Tue, 09 Nov 2010 08:07:07 -0500 Received: from [140.186.70.92] (port=53617 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PFntO-0007Vu-62 for qemu-devel@nongnu.org; Tue, 09 Nov 2010 08:05:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PFntH-00029v-Le for qemu-devel@nongnu.org; Tue, 09 Nov 2010 08:05:36 -0500 Received: from mx1.redhat.com ([209.132.183.28]:8060) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PFntH-00029g-E9 for qemu-devel@nongnu.org; Tue, 09 Nov 2010 08:05:35 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oA9D5YFp015324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 9 Nov 2010 08:05:34 -0500 Received: from redhat.com (dhcp-1-105.tlv.redhat.com [10.35.1.105]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id oA9D5W62032100; Tue, 9 Nov 2010 08:05:32 -0500 Date: Tue, 9 Nov 2010 15:05:30 +0200 From: "Michael S. Tsirkin" To: Gerd Hoffmann Message-ID: <20101109130530.GD22705@redhat.com> References: <1288623114-14439-1-git-send-email-kraxel@redhat.com> <20101108174752.GC8498@redhat.com> <4CD91661.6030102@redhat.com> <20101109113453.GA22705@redhat.com> <4CD93573.7040009@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4CD93573.7040009@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. Cc: qemu-devel@nongnu.org Subject: [Qemu-devel] Re: [PATCH] add VMSTATE_BOOL X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org On Tue, Nov 09, 2010 at 12:50:11PM +0100, Gerd Hoffmann wrote: > Hi, > > >>>>+static int get_bool(QEMUFile *f, void *pv, size_t size) > >>>>+{ > >>>>+ bool *v = pv; > >>>>+ *v = qemu_get_byte(f); > >>>>+ return 0; > > >I think we should verify that value is 0 or 1 and fail > >migration otherwise, to make it more robust. > > I still think such a check doesn't belong into the migration code as > such a bug would exist without migration too. And if anything we > should check on save not on load, otherwise qemu can write out > savevm images which it will refuse to load. I wouldn't call this > "robust". > > cheers, > Gerd I think we should verify on load: e.g. the image could have got corrupted. What, exactly, do you want to check on save? --- savevm: validate bool values on load We always save 0 or 1 values for booleans. Validate on input to increase the chance of detecting input corruption. Signed-off-by: Michael S. Tsirkin --- diff --git a/savevm.c b/savevm.c index 4e49765..da2fdfa 100644 --- a/savevm.c +++ b/savevm.c @@ -680,7 +680,12 @@ uint64_t qemu_get_be64(QEMUFile *f) static int get_bool(QEMUFile *f, void *pv, size_t size) { bool *v = pv; - *v = qemu_get_byte(f); + uint8_t b; + b = qemu_get_byte(f); + if (b != (uint8_t)true && b != (uint8_t)false) { + return -EINVAL; + } + *v = b; return 0; }