[libvirt] [PATCH] src: Threat pid as signed

Martin Kletzander mkletzan at redhat.com
Thu Oct 13 07:44:04 UTC 2016 

On Fri, Oct 07, 2016 at 11:22:34AM +0200, Michal Privoznik wrote:
>This initially started as a fix of some debug printing in
>virCgroupDetect. However it turned out that other places suffer
>from the similar problem. While dealing with pids, esp. in cases
>where we cannot use pid_t for ABI stability reasons, we often
>chose an unsigned integer type. This makes no sense as pid_t is
>signed.
>Also, new syntax-check rule is introduced so we won't repeat this
>mistake.
>
>Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>---
>
>Technically, this is v2 of [1], but like 99% of the patch is
>different, so I'm sending this as a completely new patch.
>
>1: https://www.redhat.com/archives/libvir-list/2016-October/msg00254.html
>
> cfg.mk                            |  8 ++++++++
> src/locking/lock_driver_sanlock.c |  4 ++--
> src/lxc/lxc_controller.c          |  4 ++--
> src/lxc/lxc_domain.c              |  8 ++++----
> src/lxc/lxc_driver.c              |  4 ++--
> src/lxc/lxc_monitor.c             |  3 +--
> src/lxc/lxc_process.c             |  8 ++++----
> src/qemu/qemu_process.c           | 12 ++++++------
> src/util/vircgroup.c              | 24 ++++++++++++------------
> src/util/viridentity.c            |  2 +-
> src/util/virpolkit.c              |  1 +
> src/util/virprocess.c             | 14 ++++++--------
> src/util/virsystemd.c             |  9 +++++----
> src/util/virutil.c                |  4 ++--
> 14 files changed, 56 insertions(+), 49 deletions(-)
>
>diff --git a/cfg.mk b/cfg.mk
>index 9f5949c..b33b1e2 100644
>--- a/cfg.mk
>+++ b/cfg.mk
>@@ -581,6 +581,11 @@ sc_prohibit_int_assign_bool:
> 	halt='use bool type for boolean values'				\
> 	  $(_sc_search_regexp)
>
>+sc_prohibit_unsigned_pid:
>+	@prohibit='\<unsigned\> [^,=]+pid'						\

I'd also add ';' and '(' in this  ^^ list of characters, but that's your
call on those.

>+	halt='use signed type for pid values'				\
>+	  $(_sc_search_regexp)
>+
> # Many of the function names below came from this filter:
> # git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
> # |sed 's/.*\.c-  *//'|perl -pe 's/ ?\(.*//'|sort -u \
>@@ -1214,6 +1219,9 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
> exclude_file_name_regexp--sc_prohibit_int_ijk = \
>   ^(src/remote_protocol-structs|src/remote/remote_protocol\.x|cfg\.mk|include/libvirt/libvirt.+|src/admin_protocol-structs|src/admin/admin_protocol\.x)$$
>
>+exclude_file_name_regexp--sc_prohibit_unsigned_pid = \
>+  ^(include/libvirt/libvirt-qemu.h|src/(driver-hypervisor.h|libvirt-qemu.c|locking/lock_protocol.x|lxc/lxc_monitor_protocol.x|qemu/qemu_driver.c|remote/qemu_protocol.x|util/virpolkit.c|util/virsystemd.c)|tests/virpolkittest.c|tools/virsh-domain.c)$$
>+

It's regexp, so dots need to be escaped.  Also if this needs such
exceptions, I don't see the point in the syntax-check.  But anyway, I
think all protocols and all public APIs should have this exception, so
it can be made shorter.  I came up with this:

^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|libvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.c|tools/virsh-domain\.c)$$

>diff --git a/src/util/virpolkit.c b/src/util/virpolkit.c
>index e7e46b8..d8c35f1 100644
>--- a/src/util/virpolkit.c
>+++ b/src/util/virpolkit.c
>@@ -82,6 +82,7 @@ int virPolkitCheckAuth(const char *actionid,
>     VIR_INFO("Checking PID %lld running as %d",
>              (long long) pid, uid);
>
>+    /* Yes, PolicyKit really takes pid ad uint. */
>     if (virDBusCallMethod(sysbus,
>                           &reply,
>                           NULL,

You can safely drop this ^^ hunk.

>diff --git a/src/util/virprocess.c b/src/util/virprocess.c
>index 8b9f9c5..718c4a2 100644
>--- a/src/util/virprocess.c
>+++ b/src/util/virprocess.c
>@@ -608,8 +608,7 @@ int virProcessGetPids(pid_t pid, size_t *npids, pid_t **pids)
>     *npids = 0;
>     *pids = NULL;
>
>-    if (virAsprintf(&taskPath, "/proc/%llu/task",
>-                    (unsigned long long)pid) < 0)
>+    if (virAsprintf(&taskPath, "/proc/%llu/task", (long long) pid) < 0)
>         goto cleanup;
>
>     if (virDirOpen(&dir, taskPath) < 0)

I see you changed lot of '(type)val' casts to '(type) val', and even
though I used to hate this, I'm kinda more in favour of the latter
nowadays.  And guess what, I looked up how it looks in the code and
after this patch, the ratio of non-spaced to spaced type casts changed
from 751:3394 to 727:3417 (very roughly), so Yay!

ACK with nits fixed.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161013/4dc9960d/attachment-0001.sig>

More information about the libvir-list mailing list