From nobody Fri May 16 14:16:17 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1496144325201585.7655853879638;
 Tue, 30 May 2017 04:38:45 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 890837F6AA;
	Tue, 30 May 2017 11:38:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4914418C6E;
	Tue, 30 May 2017 11:38:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id F113A4A491;
	Tue, 30 May 2017 11:38:41 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v4UBcSE6002930 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 30 May 2017 07:38:28 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 9EC7F7E2EE; Tue, 30 May 2017 11:38:28 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-116-108.phx2.redhat.com
	[10.3.116.108])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5D14A7E5D3
	for <libvir-list@redhat.com>; Tue, 30 May 2017 11:38:28 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 890837F6AA
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 890837F6AA
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 30 May 2017 07:38:16 -0400
Message-Id: <20170530113821.32540-5-jferlan@redhat.com>
In-Reply-To: <20170530113821.32540-1-jferlan@redhat.com>
References: <20170530113821.32540-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 4/9] util: Add magic_marker for all virObjects
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Tue, 30 May 2017 11:38:43 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The virObject logic "assumes" that whatever is passed to its API's
would be some sort of virObjectPtr; however, if it is not then some
really bad things can happen.

So far there's been only virObject{Ref|Unref}, virObject{Lock|Unlock},
and virObjectIsClass and the virObject and virObjectLockable class
consumers have been well behaved and code well tested. Soon there will
be more consumers and one such consumer tripped over this during testing
by passing a virHashTablePtr to virObjectIsClass which ends up calling
virClassIsDerivedFrom using "obj->klass", which wasn't really a klass
object causing one of those bad things to happen.

To avoid the future possibility that a non virObject class memory was
passed to some virObject* API, let's add a "magic_marker" to the base
virObject class that contains a value "0xFEEDBEEF", then any place in
the code which would accept or process the base opaque virObjectPtr,
compare the magic_marker against 0xFEEDBEEF to make sure this is an
object allocated by this code.

It is still left up to the caller to handle the failed API calls just
as it would be if it passed a NULL opaque pointer anyobj.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/util/virobject.c | 12 ++++++++----
 src/util/virobject.h |  1 +
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/util/virobject.c b/src/util/virobject.c
index 9f5f187..a1934941 100644
--- a/src/util/virobject.c
+++ b/src/util/virobject.c
@@ -47,10 +47,12 @@ struct _virClass {
     virObjectDisposeCallback dispose;
 };
=20
+#define VIR_OBJECT_NOTVALID(obj) (!obj || obj->magic_marker !=3D 0xFEEDBEE=
F)
+
 #define VIR_OBJECT_USAGE_PRINT_WARNING(anyobj, objclass)                  =
  \
     do {                                                                  =
  \
         virObjectPtr obj =3D anyobj;                                      =
    \
-        if (!obj)                                                         =
  \
+        if (VIR_OBJECT_NOTVALID(obj))                                     =
  \
             VIR_WARN("Object %p is not a virObject class instance", anyobj=
);\
         else                                                              =
  \
             VIR_WARN("Object %p (%s) is not a %s instance",               =
  \
@@ -212,6 +214,7 @@ virObjectNew(virClassPtr klass)
         return NULL;
=20
     obj->u.s.magic =3D klass->magic;
+    obj->magic_marker =3D 0xFEEDBEEF;
     obj->klass =3D klass;
     virAtomicIntSet(&obj->u.s.refs, 1);
=20
@@ -272,7 +275,7 @@ virObjectUnref(void *anyobj)
 {
     virObjectPtr obj =3D anyobj;
=20
-    if (!obj)
+    if (VIR_OBJECT_NOTVALID(obj))
         return false;
=20
     bool lastRef =3D virAtomicIntDecAndTest(&obj->u.s.refs);
@@ -289,6 +292,7 @@ virObjectUnref(void *anyobj)
         /* Clear & poison object */
         memset(obj, 0, obj->klass->objectSize);
         obj->u.s.magic =3D 0xDEADBEEF;
+        obj->magic_marker =3D 0xDEADBEEF;
         obj->klass =3D (void*)0xDEADBEEF;
         VIR_FREE(obj);
     }
@@ -311,7 +315,7 @@ virObjectRef(void *anyobj)
 {
     virObjectPtr obj =3D anyobj;
=20
-    if (!obj)
+    if (VIR_OBJECT_NOTVALID(obj))
         return NULL;
     virAtomicIntInc(&obj->u.s.refs);
     PROBE(OBJECT_REF, "obj=3D%p", obj);
@@ -389,7 +393,7 @@ virObjectIsClass(void *anyobj,
                  virClassPtr klass)
 {
     virObjectPtr obj =3D anyobj;
-    if (!obj)
+    if (VIR_OBJECT_NOTVALID(obj))
         return false;
=20
     return virClassIsDerivedFrom(obj->klass, klass);
diff --git a/src/util/virobject.h b/src/util/virobject.h
index f4c292b..89f8050 100644
--- a/src/util/virobject.h
+++ b/src/util/virobject.h
@@ -51,6 +51,7 @@ struct _virObject {
             int refs;
         } s;
     } u;
+    unsigned int magic_marker;
     virClassPtr klass;
 };
=20
--=20
2.9.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list