[libvirt] [PATCH v2] test_driver: implement virDomainGetDiskErrors

Ilias Stamatis stamatis.iliass at gmail.com
Thu May 16 07:54:51 UTC 2019 

On Thu, May 16, 2019 at 9:44 AM Michal Privoznik <mprivozn at redhat.com> wrote:
>
> On 5/15/19 11:49 AM, Ilias Stamatis wrote:
> > On Wed, May 15, 2019 at 10:14 AM Michal Privoznik <mprivozn at redhat.com> wrote:
> >>
> >> On 5/14/19 5:24 PM, Ilias Stamatis wrote:
> >>> On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn at redhat.com> wrote:
> >>>>
> >>>> On 5/14/19 12:50 PM, Ilias Stamatis wrote:
> >>>>> On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan at redhat.com> wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> >>>>>>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn at redhat.com> wrote:
> >>>>>>>>
> >>>>>>>> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
> >>>>>>>>> Return the number of disks present in the configuration of the test
> >>>>>>>>> domain when called with @errors as NULL and @maxerrors as 0.
> >>>>>>>>>
> >>>>>>>>> Otherwise report an error for every second disk, assigning available
> >>>>>>>>> error codes in a cyclic order.
> >>>>>>>>>
> >>>>>>>>> Signed-off-by: Ilias Stamatis <stamatis.iliass at gmail.com>
> >>>>>>>>> ---
> >>>>>>>>>      src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> >>>>>>>>>      1 file changed, 42 insertions(+)
> >>>>>>>>>
> >>>>>>>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> >>>>>>>>> index a06d1fc402..527c2f5d3b 100644
> >>>>>>>>> --- a/src/test/test_driver.c
> >>>>>>>>> +++ b/src/test/test_driver.c
> >>>>>>>>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain,
> >>>>>>>>>          return 0;
> >>>>>>>>>      }
> >>>>>>>>>
> >>>>>>>>> +static int testDomainGetDiskErrors(virDomainPtr dom,
> >>>>>>>>> +                                   virDomainDiskErrorPtr errors,
> >>>>>>>>> +                                   unsigned int maxerrors,
> >>>>>>>>> +                                   unsigned int flags)
> >>>>>>>>> +{
> >>>>>>
> >>>>>> [...]
> >>>>>>
> >>>>>>>>> +            n++;
> >>>>>>>>> +        }
> >>>>>>>>> +        ret = n;
> >>>>>>>>> +    }
> >>>>>>>>> +
> >>>>>>>>> + cleanup:
> >>>>>>>>> +    virDomainObjEndAPI(&vm);
> >>>>>>>>> +    if (ret < 0) {
> >>>>>>>>> +        for (i = 0; i < n; i++)
> >>>>>>>>> +            VIR_FREE(errors[i].disk);
> >>>>>>>>> +    }
> >>>>>>
> >>>>>> The above got changed to :
> >>>>>>
> >>>>>> + cleanup:
> >>>>>> +    virDomainObjEndAPI(&vm);
> >>>>>> +    if (ret < 0) {
> >>>>>> +        for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
> >>>>>> +            VIR_FREE(errors[i].disk);
> >>>>>> +    }
> >>>>>
> >>>>> I think this change is incorrect and a bug lies in here.
> >>>>>
> >>>>> If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks,
> >>>>> maxerrors) will have been allocated, and then in the cleanup code
> >>>>> we'll call VIR_FREE with pointers that haven't been previously
> >>>>> allocated.
> >>>>
> >>>> That isn't a problem. User has to passed an array that we can touch. If
> >>>> they store some data in it, well, their fault - how are we supposed to
> >>>> return anything if we can't touch the array?
> >>>
> >>> I'm not sure I understand exactly what you mean.
> >>>
> >>> We can touch the array of course.
> >>>
> >>> What I'm saying is that we allocate memory with VIR_STRDUP for each
> >>> errors[i].disk, but if the call fails we free this memory on our own.
> >>>
> >>> However how it is implemented now we might call VIR_FREE on pointers
> >>> for which we have *not* allocated any memory.
> >>>
> >>> Because in the first loop, VIR_STRDUP might fail and send us to
> >>> "cleanup". But then on cleanup we iterate over the whole errors array.
> >>>
> >>> Isn't this incorrect? Do I understand something wrong?
> >>
> >>
> >> Ah, now I get it. If user passes an array that is not zeroed out then we
> >> might end up passing a random pointer to free(). How about this then?
> >>
> >>       if (ret < 0) {
> >>           while (i > 0)
> >>               VIR_FREE(errors[i--].disk);
> >>       }
> >>
> >
> > Yes, this would work I think. And then the other changes in the
> > cleanup etc are not needed.
> >
> > Ie it can be again:
> >
> >      if (!(vm = testDomObjFromDomain(dom)))
> >          goto cleanup;
> >
> > instead of "return -1" which is more consistent with the rest of the code.
>
> This is done in 1/2. Or what do you mean?

I meant that the previous change of returning -1 directly instead of
doing "goto cleanup" is not needed anymore. But of course it's fine
either way. Just with the goto, there will be only a single point of
exit.

More information about the libvir-list mailing list