12:21 p.m.
I've had this patch hanging around for a while, and I think it's worth committing
even though the original reason for it went away. The kind of structure it allocates is
reasonably common, and the oversize calculation is tricky to get right. Since we've
already done the work (thanks Jim for the oversize calculation) I think it's worth
keeping.
Dave
David Allan (1):
Implement variable length structure allocator
src/util/memory.c | 40 ++++++++++++++++++++++++++++++++++++++++
src/util/memory.h | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 75 insertions(+), 0 deletions(-)
12:21 p.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
* This patch implements a memory allocator to obtain memory for
structures whose last member is a variable length array. C99 refers
to these variable length objects as structs containing flexible
array members.
---
src/util/memory.c | 40 ++++++++++++++++++++++++++++++++++++++++
src/util/memory.h | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 75 insertions(+), 0 deletions(-)
diff --git a/src/util/memory.c b/src/util/memory.c
index b2ee376..dd1216b 100644
--- a/src/util/memory.c
+++ b/src/util/memory.c
@@ -165,6 +165,46 @@ int virReallocN(void *ptrptr, size_t size, size_t count)
}
/**
+ * Vir_Alloc_Var:
+ * @ptrptr: pointer to hold address of allocated memory
+ * @struct_size: size of initial struct
+ * @element_size: size of array elements
+ * @count: number of array elements to allocate
+ *
+ * Allocate struct_size bytes plus an array of 'count' elements, each
+ * of size element_size. This sort of allocation is useful for
+ * receiving the data of certain ioctls and other APIs which return a
+ * struct in which the last element is an array of undefined length.
+ * The caller of this type of API is expected to know the length of
+ * the array that will be returned and allocate a suitable buffer to
+ * contain the returned data. C99 refers to these variable length
+ * objects as structs containing flexible array members.
+ *
+ * Returns -1 on failure, 0 on success
+ */
+int virAllocVar(void *ptrptr, size_t struct_size, size_t element_size, size_t count)
+{
+ size_t alloc_size = 0;
+
+#if TEST_OOM
+ if (virAllocTestFail())
+ return -1;
+#endif
+
+ if (VIR_ALLOC_VAR_OVERSIZED(struct_size, count, element_size)) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ alloc_size = struct_size + (element_size * count);
+ *(void **)ptrptr = calloc(1, alloc_size);
+ if (*(void **)ptrptr == NULL)
+ return -1;
+ return 0;
+}
+
+
+/**
* virFree:
* @ptrptr: pointer to pointer for address of memory to be freed
*
diff --git a/src/util/memory.h b/src/util/memory.h
index 0228173..c717610 100644
--- a/src/util/memory.h
+++ b/src/util/memory.h
@@ -48,6 +48,10 @@
int virAlloc(void *ptrptr, size_t size) ATTRIBUTE_RETURN_CHECK;
int virAllocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
int virReallocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
+int virAllocVar(void *ptrptr,
+ size_t struct_size,
+ size_t element_size,
+ size_t count) ATTRIBUTE_RETURN_CHECK;
void virFree(void *ptrptr);
/**
@@ -88,6 +92,37 @@ void virFree(void *ptrptr);
*/
# define VIR_REALLOC_N(ptr, count) virReallocN(&(ptr), sizeof(*(ptr)), (count))
+/*
+ * VIR_ALLOC_VAR_OVERSIZED:
+ * @M: size of base structure
+ * @N: number of array elements in trailing array
+ * @S: size of trailing array elements
+ *
+ * Check to make sure that the requested allocation will not cause
+ * arithmetic overflow in the allocation size. The check is
+ * essentially the same as that in gnulib's xalloc_oversized.
+ */
+#define VIR_ALLOC_VAR_OVERSIZED(M, N, S) ((((size_t)-1) - (M)) / (S) < (N))
+
+/**
+ * VIR_ALLOC_VAR:
+ * @ptr: pointer to hold address of allocated memory
+ * @type: element type of trailing array
+ * @count: number of array elements to allocate
+ *
+ * Allocate sizeof(*ptr) bytes plus an array of 'count' elements, each
+ * sizeof('type'). This sort of allocation is useful for receiving
+ * the data of certain ioctls and other APIs which return a struct in
+ * which the last element is an array of undefined length. The caller
+ * of this type of API is expected to know the length of the array
+ * that will be returned and allocate a suitable buffer to contain the
+ * returned data. C99 refers to these variable length objects as
+ * structs containing flexible array members.
+
+ * Returns -1 on failure, 0 on success
+ */
+#define VIR_ALLOC_VAR(ptr, type, count) virAllocVar(&(ptr), sizeof(*ptr),
sizeof(type), (count))
+
/**
* VIR_FREE:
* @ptr: pointer holding address to be freed
--
1.7.0.1
12:51 p.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On 04/05/2010 11:21 AM, David Allan wrote:
+int virAllocVar(void *ptrptr, size_t struct_size, size_t
element_size, size_t count)
Shouldn't that be void **ptrptr - that is, the caller passes in the
address of a void* that we then modify?
+{
+ size_t alloc_size = 0;
+
+#if TEST_OOM
+ if (virAllocTestFail())
+ return -1;
+#endif
+
+ if (VIR_ALLOC_VAR_OVERSIZED(struct_size, count, element_size)) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ alloc_size = struct_size + (element_size * count);
+ *(void **)ptrptr = calloc(1, alloc_size);
+ if (*(void **)ptrptr == NULL)
Especially since typing it correctly to begin with would avoid these
ugly type-punning casts?
+++ b/src/util/memory.h
@@ -48,6 +48,10 @@
int virAlloc(void *ptrptr, size_t size) ATTRIBUTE_RETURN_CHECK;
int virAllocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
int virReallocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
+int virAllocVar(void *ptrptr,
+ size_t struct_size,
+ size_t element_size,
+ size_t count) ATTRIBUTE_RETURN_CHECK;
Then again, fixing the type for your new method would imply fixing the
typing of virAlloc and friends as well.
+#define VIR_ALLOC_VAR(ptr, type, count) virAllocVar(&(ptr),
sizeof(*ptr), sizeof(type), (count))
Should that second argument be sizeof(*(ptr)) for safety? On the other
hand, the parenthesis around count are redundant, if you want to strip them.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
5:11 a.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On Mon, Apr 05, 2010 at 11:51:48AM -0600, Eric Blake wrote:
On 04/05/2010 11:21 AM, David Allan wrote:
> +int virAllocVar(void *ptrptr, size_t struct_size, size_t element_size, size_t
count)
Shouldn't that be void **ptrptr - that is, the caller passes in the
address of a void* that we then modify?
> +{
> + size_t alloc_size = 0;
> +
> +#if TEST_OOM
> + if (virAllocTestFail())
> + return -1;
> +#endif
> +
> + if (VIR_ALLOC_VAR_OVERSIZED(struct_size, count, element_size)) {
> + errno = ENOMEM;
> + return -1;
> + }
> +
> + alloc_size = struct_size + (element_size * count);
> + *(void **)ptrptr = calloc(1, alloc_size);
> + if (*(void **)ptrptr == NULL)
Especially since typing it correctly to begin with would avoid these
ugly type-punning casts?
> +++ b/src/util/memory.h
> @@ -48,6 +48,10 @@
> int virAlloc(void *ptrptr, size_t size) ATTRIBUTE_RETURN_CHECK;
> int virAllocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
> int virReallocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
> +int virAllocVar(void *ptrptr,
> + size_t struct_size,
> + size_t element_size,
> + size_t count) ATTRIBUTE_RETURN_CHECK;
Then again, fixing the type for your new method would imply fixing the
typing of virAlloc and friends as well.
I did originally try void** in these methods, but it didn't work out
nicely, requiring extra casts in the macros. IIRC, the problem was that
if you had
char *foo;
VIR_ALLOC_N(foo)
then virAllocN would be given 'char **', which is compatible with void*
but is not compatible with void**, without doing an manual cast. So
switching these from void* to void** just moves where we need todo the
fugly casts & I preferred them hidden in the memory.c impl rather than
the header.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
7:59 a.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On 04/05/2010 01:51 PM, Eric Blake wrote:
On 04/05/2010 11:21 AM, David Allan wrote:
> +int virAllocVar(void *ptrptr, size_t struct_size, size_t element_size, size_t
count)
Shouldn't that be void **ptrptr - that is, the caller passes in the
address of a void* that we then modify?
> +{
> + size_t alloc_size = 0;
> +
> +#if TEST_OOM
> + if (virAllocTestFail())
> + return -1;
> +#endif
> +
> + if (VIR_ALLOC_VAR_OVERSIZED(struct_size, count, element_size)) {
> + errno = ENOMEM;
> + return -1;
> + }
> +
> + alloc_size = struct_size + (element_size * count);
> + *(void **)ptrptr = calloc(1, alloc_size);
> + if (*(void **)ptrptr == NULL)
Especially since typing it correctly to begin with would avoid these
ugly type-punning casts?
> +++ b/src/util/memory.h
> @@ -48,6 +48,10 @@
> int virAlloc(void *ptrptr, size_t size) ATTRIBUTE_RETURN_CHECK;
> int virAllocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
> int virReallocN(void *ptrptr, size_t size, size_t count) ATTRIBUTE_RETURN_CHECK;
> +int virAllocVar(void *ptrptr,
> + size_t struct_size,
> + size_t element_size,
> + size_t count) ATTRIBUTE_RETURN_CHECK;
Then again, fixing the type for your new method would imply fixing the
typing of virAlloc and friends as well.
> +#define VIR_ALLOC_VAR(ptr, type, count) virAllocVar(&(ptr),
sizeof(*ptr), sizeof(type), (count))
Should that second argument be sizeof(*(ptr)) for safety? On the other
hand, the parenthesis around count are redundant, if you want to strip them.
Right, thanks; I'll fix that.
Is everybody ok with having this allocator, btw?
Dave
9:17 a.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On 04/06/2010 06:59 AM, Dave Allan wrote:
> Then again, fixing the type for your new method would imply
fixing the
> typing of virAlloc and friends as well.
Daniel's arguments are convincing; it's okay to keep the ugly cast in
the implementation if it makes the header easier to use without having
to embed a cast in the #define.
Is everybody ok with having this allocator, btw?
You have my ACK, but I'm only a (small) fraction of everybody. But
since no one is using them yet, is it worth waiting until after 0.8.0 to
push?
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
11:49 a.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On 04/07/2010 10:17 AM, Eric Blake wrote:
On 04/06/2010 06:59 AM, Dave Allan wrote:
>> Then again, fixing the type for your new method would imply fixing the
>> typing of virAlloc and friends as well.
Daniel's arguments are convincing; it's okay to keep the ugly cast in
the implementation if it makes the header easier to use without having
to embed a cast in the #define.
Agreed.
> Is everybody ok with having this allocator, btw?
You have my ACK, but I'm only a (small) fraction of everybody. But
since no one is using them yet, is it worth waiting until after 0.8.0 to
push?
Waiting is a good idea; the patch has been hanging around my development
box for weeks, so there's no hurry.
Dave
12:31 p.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On Wed, Apr 07, 2010 at 12:49:46PM -0400, Dave Allan wrote:
On 04/07/2010 10:17 AM, Eric Blake wrote:
>On 04/06/2010 06:59 AM, Dave Allan wrote:
>>>Then again, fixing the type for your new method would imply fixing the
>>>typing of virAlloc and friends as well.
>
>Daniel's arguments are convincing; it's okay to keep the ugly cast in
>the implementation if it makes the header easier to use without having
>to embed a cast in the #define.
Agreed.
>>Is everybody ok with having this allocator, btw?
>
>You have my ACK, but I'm only a (small) fraction of everybody. But
>since no one is using them yet, is it worth waiting until after 0.8.0 to
>push?
Waiting is a good idea; the patch has been hanging around my
development box for weeks, so there's no hurry.
Dave
Can I get another ack for this patch now that 0.8.0 is out?
Dave
12:37 p.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On Wed, Apr 14, 2010 at 01:31:15PM -0400, Dave Allan wrote:
On Wed, Apr 07, 2010 at 12:49:46PM -0400, Dave Allan wrote:
> On 04/07/2010 10:17 AM, Eric Blake wrote:
> >On 04/06/2010 06:59 AM, Dave Allan wrote:
> >>>Then again, fixing the type for your new method would imply fixing the
> >>>typing of virAlloc and friends as well.
> >
> >Daniel's arguments are convincing; it's okay to keep the ugly cast in
> >the implementation if it makes the header easier to use without having
> >to embed a cast in the #define.
>
> Agreed.
>
> >>Is everybody ok with having this allocator, btw?
> >
> >You have my ACK, but I'm only a (small) fraction of everybody. But
> >since no one is using them yet, is it worth waiting until after 0.8.0 to
> >push?
>
> Waiting is a good idea; the patch has been hanging around my
> development box for weeks, so there's no hurry.
>
> Dave
Can I get another ack for this patch now that 0.8.0 is out?
ACK
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
2:27 p.m.
New subject: [libvirt] [PATCH 1/1] Implement variable length structure allocator
On Wed, Apr 14, 2010 at 06:37:35PM +0100, Daniel P. Berrange wrote:
On Wed, Apr 14, 2010 at 01:31:15PM -0400, Dave Allan wrote:
> On Wed, Apr 07, 2010 at 12:49:46PM -0400, Dave Allan wrote:
> > On 04/07/2010 10:17 AM, Eric Blake wrote:
> > >On 04/06/2010 06:59 AM, Dave Allan wrote:
> > >>>Then again, fixing the type for your new method would imply fixing
the
> > >>>typing of virAlloc and friends as well.
> > >
> > >Daniel's arguments are convincing; it's okay to keep the ugly cast
in
> > >the implementation if it makes the header easier to use without having
> > >to embed a cast in the #define.
> >
> > Agreed.
> >
> > >>Is everybody ok with having this allocator, btw?
> > >
> > >You have my ACK, but I'm only a (small) fraction of everybody. But
> > >since no one is using them yet, is it worth waiting until after 0.8.0 to
> > >push?
> >
> > Waiting is a good idea; the patch has been hanging around my
> > development box for weeks, so there's no hurry.
> >
> > Dave
>
> Can I get another ack for this patch now that 0.8.0 is out?
ACK
Daniel
Ok, thanks. Pushed.
Dave
5336
days inactive
5345
days old
9 comments
4 participants
participants (4)
-
Daniel P. Berrange -
Dave Allan -
David Allan
-
Eric Blake