From nobody Fri Mar 29 07:09:39 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1605701526; cv=none; d=zohomail.com; s=zohoarc; b=iJsDzR6qFkzUuA6Ruj1Yk4hvS9sVnEt44ryKuYYZtx0K0g3HjHlVNRwnqur7MWqGIODNoKI6bMH4BR7rX1B0zfadsiM3uVlI/9WqCIx51xvGC0mSZO2uWQnQMr1KMc692GH9V117BFHQErJ/RxrXDr1skircepXJKp9IHZyCVlw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1605701526; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=BvNCW0ttyNqIDmVlyAXS9IbvRvudfx3EerTCEn57b/4=; b=h4eecNGC7cTRzg0vN+Ii+H97wpE6glNGNgjG76qmo0o3u2BOXV2s3FnH6BodtjnZeLQJEAW9srT5STwHUlO4+AI/vf69bkwlm3/sChH5bq1r27zSdTypKASIh4fJiGzfhqL6VvZem7sy7W6o1f6RtzKcKicPJtdC1Ro+sCiG4Fs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1605701526836193.266238751478; Wed, 18 Nov 2020 04:12:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-313-xk03b9mNMr6WA6Rbwv3ETA-1; Wed, 18 Nov 2020 07:12:02 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 439DFAFAB2; Wed, 18 Nov 2020 12:11:53 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 62A685D9D2; Wed, 18 Nov 2020 12:11:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C8CCF8C7A0; Wed, 18 Nov 2020 12:11:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AIC6EhO015040 for ; Wed, 18 Nov 2020 07:06:14 -0500 Received: by smtp.corp.redhat.com (Postfix) id 24E9A5C1D7; Wed, 18 Nov 2020 12:06:14 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.11]) by smtp.corp.redhat.com (Postfix) with ESMTP id 99D365C1A3 for ; Wed, 18 Nov 2020 12:06:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1605701525; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=BvNCW0ttyNqIDmVlyAXS9IbvRvudfx3EerTCEn57b/4=; b=b+B2YBZRpDzJ9kvJPWxrb628bcG581oKmYfHnsHvuUeKYJdBQYlhFxo9AivoX+24pJc1zX jO7DygqHf82lD91VkNMcjA9HigM5VLwyd/QAyf6URa+6iO+6HU/FxZJC26SSJ8SjPkdWGv xVk8twUdEWc1cQyhB31YgBzVaHtePTM= X-MC-Unique: xk03b9mNMr6WA6Rbwv3ETA-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH] domain_capabilities: Assert enums fit into unsigned int bitmask Date: Wed, 18 Nov 2020 13:06:07 +0100 Message-Id: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The way our domain capabilities work currently, is that we have virDomainCapsEnum struct which contains 'unsigned int values' member which serves as a bitmask. More complicated structs are composed from this struct, giving us whole virDomainCaps eventually. Whenever we want to report that a certain value is supported, the '1 << value' bit is set in the corresponding unsigned int member. This works as long as the resulting value after bitshift does not overflow unsigned int. There is a check inside virDomainCapsEnumSet() which ensures exactly this, but no caller really checks whether virDomainCapsEnumSet() succeeded. Also, checking at runtime is a bit too late. Fortunately, we know the largest value we want to store in each member, because each enum of ours ends with _LAST member. Therefore, we can check at build time whether an overflow can occur. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/conf/domain_capabilities.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index f177af1744..b22d40abb2 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -36,6 +36,9 @@ struct _virDomainCapsEnum { unsigned int values; /* Bitmask of values supported in the correspondi= ng enum */ }; =20 +#define STATIC_ASSERT_ENUM(last) \ + G_STATIC_ASSERT(last <=3D sizeof(unsigned int) * CHAR_BIT) + typedef struct _virDomainCapsStringValues virDomainCapsStringValues; typedef virDomainCapsStringValues *virDomainCapsStringValuesPtr; struct _virDomainCapsStringValues { @@ -43,6 +46,8 @@ struct _virDomainCapsStringValues { size_t nvalues; /* number of strings */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_LOADER_TYPE_LAST); +STATIC_ASSERT_ENUM(VIR_TRISTATE_BOOL_LAST); typedef struct _virDomainCapsLoader virDomainCapsLoader; typedef virDomainCapsLoader *virDomainCapsLoaderPtr; struct _virDomainCapsLoader { @@ -53,6 +58,7 @@ struct _virDomainCapsLoader { virDomainCapsEnum secure; /* Info about secure:virTristateBool */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_OS_DEF_FIRMWARE_LAST); typedef struct _virDomainCapsOS virDomainCapsOS; typedef virDomainCapsOS *virDomainCapsOSPtr; struct _virDomainCapsOS { @@ -61,6 +67,9 @@ struct _virDomainCapsOS { virDomainCapsLoader loader; /* Info about virDomainLoaderDef */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_DISK_DEVICE_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_DISK_BUS_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_DISK_MODEL_LAST); typedef struct _virDomainCapsDeviceDisk virDomainCapsDeviceDisk; typedef virDomainCapsDeviceDisk *virDomainCapsDeviceDiskPtr; struct _virDomainCapsDeviceDisk { @@ -71,6 +80,7 @@ struct _virDomainCapsDeviceDisk { /* add new fields here */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_GRAPHICS_TYPE_LAST); typedef struct _virDomainCapsDeviceGraphics virDomainCapsDeviceGraphics; typedef virDomainCapsDeviceGraphics *virDomainCapsDeviceGraphicsPtr; struct _virDomainCapsDeviceGraphics { @@ -78,6 +88,7 @@ struct _virDomainCapsDeviceGraphics { virDomainCapsEnum type; /* virDomainGraphicsType */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_VIDEO_TYPE_LAST); typedef struct _virDomainCapsDeviceVideo virDomainCapsDeviceVideo; typedef virDomainCapsDeviceVideo *virDomainCapsDeviceVideoPtr; struct _virDomainCapsDeviceVideo { @@ -85,6 +96,11 @@ struct _virDomainCapsDeviceVideo { virDomainCapsEnum modelType; /* virDomainVideoType */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_HOSTDEV_MODE_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_STARTUP_POLICY_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_HOSTDEV_CAPS_TYPE_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_LAST); typedef struct _virDomainCapsDeviceHostdev virDomainCapsDeviceHostdev; typedef virDomainCapsDeviceHostdev *virDomainCapsDeviceHostdevPtr; struct _virDomainCapsDeviceHostdev { @@ -97,6 +113,8 @@ struct _virDomainCapsDeviceHostdev { /* add new fields here */ }; =20 +STATIC_ASSERT_ENUM(VIR_DOMAIN_RNG_MODEL_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_RNG_BACKEND_LAST); typedef struct _virDomainCapsDeviceRNG virDomainCapsDeviceRNG; typedef virDomainCapsDeviceRNG *virDomainCapsDeviceRNGPtr; struct _virDomainCapsDeviceRNG { @@ -105,6 +123,7 @@ struct _virDomainCapsDeviceRNG { virDomainCapsEnum backendModel; /* virDomainRNGBackend */ }; =20 +STATIC_ASSERT_ENUM(VIR_GIC_VERSION_LAST); typedef struct _virDomainCapsFeatureGIC virDomainCapsFeatureGIC; typedef virDomainCapsFeatureGIC *virDomainCapsFeatureGICPtr; struct _virDomainCapsFeatureGIC { --=20 2.26.2