[Libguestfs] [nbdkit PATCH 0/3] Fix %m usage on BSD

Tue Jan 22 19:42:38 UTC 2019

On 11/29/18 12:07 PM, Eric Blake wrote:
> On 11/29/18 11:21 AM, Eric Blake wrote:
>> Our use of "%m" in various error messages is testament to the
>> project's initial life on Linux - but other than Cygwin, I know
>> of no other platforms supporting that glibc extension.
>>
>> We COULD audit the code and manually turn "%m" into
>> "%s"/strerror(errno), but that's a lot of churn. Instead, let's
>> fix the few outliers that can't be easily wrapped, then wrap
>> the remainder.
>>
>> While I was able to test this on Linux (both that no wrapper is
>> used by default, and that faking that %m fails causes the wrapper
>> to do the right thing), I haven't actually tried it on a BSD box,
>> hence I'll wait for review before pushing.
> 
> Not fixed here, but still worth doing:
> 
> Audit and fix all our uses of nbdkit_error("...\n") to drop their
> trailing newline, as nbdkit_error() adds one.  Then update
> nbdkit_error() to actually do smart newline appending (borrowing from
> commit ef4f72ef) so that other callers outside our codebase get smart
> handling by default.

Also not fixed: strerror() is not threadsafe (at all) on FreeBSD. On
glibc, it is at least thread-safe for safe input values (that is, if
passed 0 or a value from <errno.h>, the resulting string has lifetime in
const storage, even if it is mmap'd to a localized translation; and thus
will not be corrupted by other threads' actions); but is not thread-safe
for arbitrary values (such as strerror(-1), where glibc malloc's space
shared between all threads for returning "Unknown error -1", and which
could get corrupted by a parallel thread doing strerror(-2)). But
FreeBSD shares static storage for strerror() results among all threads,
in part because it computes the resulting string via
catopen()/catgets()/catclose() and MUST copy the localized string
somewhere because the source read via catgets() may not survive catclose().

So we really need to audit all use of sterror() in nbdkit and switch
over to strerror_r(), remembering to work around the alternate glibc
signature when _GNU_SOURCE is defined.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20190122/a05c9662/attachment.sig>