[libvirt] [PATCH v2] test_driver: implement virDomainGetDiskErrors

Wed May 15 08:14:35 UTC 2019

On 5/14/19 5:24 PM, Ilias Stamatis wrote:
> On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn at redhat.com> wrote:
>>
>> On 5/14/19 12:50 PM, Ilias Stamatis wrote:
>>> On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan at redhat.com> wrote:
>>>>
>>>>
>>>>
>>>> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
>>>>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn at redhat.com> wrote:
>>>>>>
>>>>>> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
>>>>>>> Return the number of disks present in the configuration of the test
>>>>>>> domain when called with @errors as NULL and @maxerrors as 0.
>>>>>>>
>>>>>>> Otherwise report an error for every second disk, assigning available
>>>>>>> error codes in a cyclic order.
>>>>>>>
>>>>>>> Signed-off-by: Ilias Stamatis <stamatis.iliass at gmail.com>
>>>>>>> ---
>>>>>>>     src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++
>>>>>>>     1 file changed, 42 insertions(+)
>>>>>>>
>>>>>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
>>>>>>> index a06d1fc402..527c2f5d3b 100644
>>>>>>> --- a/src/test/test_driver.c
>>>>>>> +++ b/src/test/test_driver.c
>>>>>>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain,
>>>>>>>         return 0;
>>>>>>>     }
>>>>>>>
>>>>>>> +static int testDomainGetDiskErrors(virDomainPtr dom,
>>>>>>> +                                   virDomainDiskErrorPtr errors,
>>>>>>> +                                   unsigned int maxerrors,
>>>>>>> +                                   unsigned int flags)
>>>>>>> +{
>>>>
>>>> [...]
>>>>
>>>>>>> +            n++;
>>>>>>> +        }
>>>>>>> +        ret = n;
>>>>>>> +    }
>>>>>>> +
>>>>>>> + cleanup:
>>>>>>> +    virDomainObjEndAPI(&vm);
>>>>>>> +    if (ret < 0) {
>>>>>>> +        for (i = 0; i < n; i++)
>>>>>>> +            VIR_FREE(errors[i].disk);
>>>>>>> +    }
>>>>
>>>> The above got changed to :
>>>>
>>>> + cleanup:
>>>> +    virDomainObjEndAPI(&vm);
>>>> +    if (ret < 0) {
>>>> +        for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
>>>> +            VIR_FREE(errors[i].disk);
>>>> +    }
>>>
>>> I think this change is incorrect and a bug lies in here.
>>>
>>> If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks,
>>> maxerrors) will have been allocated, and then in the cleanup code
>>> we'll call VIR_FREE with pointers that haven't been previously
>>> allocated.
>>
>> That isn't a problem. User has to passed an array that we can touch. If
>> they store some data in it, well, their fault - how are we supposed to
>> return anything if we can't touch the array?
> 
> I'm not sure I understand exactly what you mean.
> 
> We can touch the array of course.
> 
> What I'm saying is that we allocate memory with VIR_STRDUP for each
> errors[i].disk, but if the call fails we free this memory on our own.
> 
> However how it is implemented now we might call VIR_FREE on pointers
> for which we have *not* allocated any memory.
> 
> Because in the first loop, VIR_STRDUP might fail and send us to
> "cleanup". But then on cleanup we iterate over the whole errors array.
> 
> Isn't this incorrect? Do I understand something wrong?

Ah, now I get it. If user passes an array that is not zeroed out then we 
might end up passing a random pointer to free(). How about this then?

     if (ret < 0) {
         while (i > 0)
             VIR_FREE(errors[i--].disk);
     }

Michal