Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to a

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device
Date:	Fri, 18 Dec 2015 10:26:02 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 12/18/2015 09:48 AM, Daniel P. Berrange wrote:
> On Fri, Dec 18, 2015 at 04:30:47PM +0100, Igor Mammedov wrote:
>> qdev_device_add() currently uses object_new() which
>> will abort if there memory allocation for device instance
>> fails. While it's fine it startup, it is not desirable
>> diring hotplug.
>>
>> Try to allocate memory for object first and fail safely
>> if allocation fails.
>>

> This just avoids one small malloc failure.
> 
>> +    object_initialize(dev, obj_size, driver);
> 
> This is going to call g_new many more times, so you'll
> still hit OOM almost immediately. eg the call to
> g_hash_table_new_full() in object_initialize_with_type
> will abort on OOM, not to mention anything run in a
> instance constructor function registered against the
> class. There's no way to avoid this given that we have
> chosen to use GLib in QEMU, so I don't really see any
> point in replacing the 'object_new' call with g_try_malloc

We just had a recent thread on it, and I tend to agree that this series
isn't helpful.

https://lists.gnu.org/archive/html/qemu-devel/2015-12/threads.html#01238

If the allocation is BIG (as in one megabyte or more), then doing
tentative allocation and reporting failure is useful (we still have
enough small memory left to meaningfully report the error).  But here,
objects are unlikely to require a megabyte each (and if you really do
have an obj_size that large, given that it is a sizeof(type), we may
have other problems on our hands - what does the .h look like that
defines a type that big, and how slow does it compile?).  We can assume
that small allocations will always succeed, because if they fail, even
the mere act of trying to gracefully recover and report that failure is
likely to malloc more memory, which will recursively fail and hose us
worse than exiting right away.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/2] qdev: fail safely if can't allocate device in device_add(), Igor Mammedov, 2015/12/18
- [Qemu-devel] [PATCH 1/2] qom: add object_class_get_instance_size(), Igor Mammedov, 2015/12/18
- [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device, Igor Mammedov, 2015/12/18
  - Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device, Daniel P. Berrange, 2015/12/18
    - Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device, Eric Blake <=
    - Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device, Markus Armbruster, 2015/12/18

Prev by Date: Re: [Qemu-devel] [PATCH v3 05/11] fdc: Add fallback option
Next by Date: Re: [Qemu-devel] [PULL v1 0/5] Support for securely passing secrets to QEMU
Previous by thread: Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device
Next by thread: Re: [Qemu-devel] [PATCH 2/2] qdev: safely fail device_add if unable to allocate device
Index(es):
- Date
- Thread