[4/4] libvduse: Check the return value of some ioctls

Message ID	20220627090203.87-5-xieyongji@bytedance.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Xie Yongji <xieyongji@bytedance.com> To: kwolf@redhat.com, stefanha@redhat.com, armbru@redhat.com Cc: qemu-block@nongnu.org, qemu-devel@nongnu.org Subject: [PATCH 4/4] libvduse: Check the return value of some ioctls Date: Mon, 27 Jun 2022 17:02:03 +0800 Message-Id: <20220627090203.87-5-xieyongji@bytedance.com> In-Reply-To: <20220627090203.87-1-xieyongji@bytedance.com> References: <20220627090203.87-1-xieyongji@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::42c; envelope-from=xieyongji@bytedance.com; helo=mail-pf1-x42c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	Fix some coverity issues on VDUSE \| expand [0/4] Fix some coverity issues on VDUSE [1/4] libvduse: Fix the incorrect function name [2/4] libvduse: Replace strcpy() with strncpy() [3/4] libvduse: Pass positive value to strerror() [4/4] libvduse: Check the return value of some ioctls

Yongji Xie June 27, 2022, 9:02 a.m. UTC

Coverity pointed out (CID 1490222, 1490227) that we called
ioctl somewhere without checking the return value. This
patch fixes these issues.

Fixes: Coverity CID 1490222, 1490227
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
---
 subprojects/libvduse/libvduse.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Markus Armbruster June 29, 2022, 9:41 a.m. UTC | #1

Xie Yongji <xieyongji@bytedance.com> writes:

> Coverity pointed out (CID 1490222, 1490227) that we called
> ioctl somewhere without checking the return value. This
> patch fixes these issues.
>
> Fixes: Coverity CID 1490222, 1490227
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
> ---
>  subprojects/libvduse/libvduse.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
> index 1a5981445c..bf7302c60a 100644
> --- a/subprojects/libvduse/libvduse.c
> +++ b/subprojects/libvduse/libvduse.c
> @@ -947,7 +947,10 @@ static void vduse_queue_disable(VduseVirtq *vq)
>  
>      eventfd.index = vq->index;
>      eventfd.fd = VDUSE_EVENTFD_DEASSIGN;
> -    ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd);
> +    if (ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd)) {
> +        fprintf(stderr, "Failed to disable eventfd for vq[%d]: %s\n",
> +                vq->index, strerror(errno));
> +    }
>      close(vq->fd);
>  
>      assert(vq->inuse == 0);
> @@ -1337,7 +1340,10 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
>  
>      return dev;
>  err:
> -    ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name);
> +    if (ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name)) {
> +        fprintf(stderr, "Failed to destroy vduse device %s: %s\n",
> +                name, strerror(errno));
> +    }
>  err_dev:
>      close(ctrl_fd);
>  err_ctrl:

Both errors are during cleanup that can't fail.  The program continues
as if they didn't happen.  Does the user need to know?

Yongji Xie June 29, 2022, 11:10 a.m. UTC | #2

On Wed, Jun 29, 2022 at 5:41 PM Markus Armbruster <armbru@redhat.com> wrote:
>
> Xie Yongji <xieyongji@bytedance.com> writes:
>
> > Coverity pointed out (CID 1490222, 1490227) that we called
> > ioctl somewhere without checking the return value. This
> > patch fixes these issues.
> >
> > Fixes: Coverity CID 1490222, 1490227
> > Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
> > ---
> >  subprojects/libvduse/libvduse.c | 10 ++++++++--
> >  1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
> > index 1a5981445c..bf7302c60a 100644
> > --- a/subprojects/libvduse/libvduse.c
> > +++ b/subprojects/libvduse/libvduse.c
> > @@ -947,7 +947,10 @@ static void vduse_queue_disable(VduseVirtq *vq)
> >
> >      eventfd.index = vq->index;
> >      eventfd.fd = VDUSE_EVENTFD_DEASSIGN;
> > -    ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd);
> > +    if (ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd)) {
> > +        fprintf(stderr, "Failed to disable eventfd for vq[%d]: %s\n",
> > +                vq->index, strerror(errno));
> > +    }
> >      close(vq->fd);
> >
> >      assert(vq->inuse == 0);
> > @@ -1337,7 +1340,10 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
> >
> >      return dev;
> >  err:
> > -    ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name);
> > +    if (ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name)) {
> > +        fprintf(stderr, "Failed to destroy vduse device %s: %s\n",
> > +                name, strerror(errno));
> > +    }
> >  err_dev:
> >      close(ctrl_fd);
> >  err_ctrl:
>
> Both errors are during cleanup that can't fail.  The program continues
> as if they didn't happen.  Does the user need to know?
>

So I printed some error messages. I didn't find any other good way to
notify the users.

Thanks,
Yongji

Markus Armbruster June 29, 2022, 11:39 a.m. UTC | #3

Yongji Xie <xieyongji@bytedance.com> writes:

> On Wed, Jun 29, 2022 at 5:41 PM Markus Armbruster <armbru@redhat.com> wrote:
>>
>> Xie Yongji <xieyongji@bytedance.com> writes:
>>
>> > Coverity pointed out (CID 1490222, 1490227) that we called
>> > ioctl somewhere without checking the return value. This
>> > patch fixes these issues.
>> >
>> > Fixes: Coverity CID 1490222, 1490227
>> > Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
>> > ---
>> >  subprojects/libvduse/libvduse.c | 10 ++++++++--
>> >  1 file changed, 8 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
>> > index 1a5981445c..bf7302c60a 100644
>> > --- a/subprojects/libvduse/libvduse.c
>> > +++ b/subprojects/libvduse/libvduse.c
>> > @@ -947,7 +947,10 @@ static void vduse_queue_disable(VduseVirtq *vq)
>> >
>> >      eventfd.index = vq->index;
>> >      eventfd.fd = VDUSE_EVENTFD_DEASSIGN;
>> > -    ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd);
>> > +    if (ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd)) {
>> > +        fprintf(stderr, "Failed to disable eventfd for vq[%d]: %s\n",
>> > +                vq->index, strerror(errno));
>> > +    }
>> >      close(vq->fd);
>> >
>> >      assert(vq->inuse == 0);
>> > @@ -1337,7 +1340,10 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
>> >
>> >      return dev;
>> >  err:
>> > -    ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name);
>> > +    if (ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name)) {
>> > +        fprintf(stderr, "Failed to destroy vduse device %s: %s\n",
>> > +                name, strerror(errno));
>> > +    }
>> >  err_dev:
>> >      close(ctrl_fd);
>> >  err_ctrl:
>>
>> Both errors are during cleanup that can't fail.  The program continues
>> as if they didn't happen.  Does the user need to know?
>>
>
> So I printed some error messages. I didn't find any other good way to
> notify the users.

I can think of another way, either.  But my question wasn't about "how",
it was about "why".  The answer depends on the impact of these errors.
Which I can't judge.  Can you?

Yongji Xie June 29, 2022, 12:37 p.m. UTC | #4

On Wed, Jun 29, 2022 at 7:39 PM Markus Armbruster <armbru@redhat.com> wrote:
>
> Yongji Xie <xieyongji@bytedance.com> writes:
>
> > On Wed, Jun 29, 2022 at 5:41 PM Markus Armbruster <armbru@redhat.com> wrote:
> >>
> >> Xie Yongji <xieyongji@bytedance.com> writes:
> >>
> >> > Coverity pointed out (CID 1490222, 1490227) that we called
> >> > ioctl somewhere without checking the return value. This
> >> > patch fixes these issues.
> >> >
> >> > Fixes: Coverity CID 1490222, 1490227
> >> > Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
> >> > ---
> >> >  subprojects/libvduse/libvduse.c | 10 ++++++++--
> >> >  1 file changed, 8 insertions(+), 2 deletions(-)
> >> >
> >> > diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
> >> > index 1a5981445c..bf7302c60a 100644
> >> > --- a/subprojects/libvduse/libvduse.c
> >> > +++ b/subprojects/libvduse/libvduse.c
> >> > @@ -947,7 +947,10 @@ static void vduse_queue_disable(VduseVirtq *vq)
> >> >
> >> >      eventfd.index = vq->index;
> >> >      eventfd.fd = VDUSE_EVENTFD_DEASSIGN;
> >> > -    ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd);
> >> > +    if (ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd)) {
> >> > +        fprintf(stderr, "Failed to disable eventfd for vq[%d]: %s\n",
> >> > +                vq->index, strerror(errno));
> >> > +    }
> >> >      close(vq->fd);
> >> >
> >> >      assert(vq->inuse == 0);
> >> > @@ -1337,7 +1340,10 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
> >> >
> >> >      return dev;
> >> >  err:
> >> > -    ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name);
> >> > +    if (ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name)) {
> >> > +        fprintf(stderr, "Failed to destroy vduse device %s: %s\n",
> >> > +                name, strerror(errno));
> >> > +    }
> >> >  err_dev:
> >> >      close(ctrl_fd);
> >> >  err_ctrl:
> >>
> >> Both errors are during cleanup that can't fail.  The program continues
> >> as if they didn't happen.  Does the user need to know?
> >>
> >
> > So I printed some error messages. I didn't find any other good way to
> > notify the users.
>
> I can think of another way, either.  But my question wasn't about "how",
> it was about "why".  The answer depends on the impact of these errors.
> Which I can't judge.  Can you?
>

OK, I get your point. Actually users might have no way to handle those
errors. And there is no real impact on users since those errors mean
the resources have been cleaned up in other places or by other
processes. So I choose to ignore this error, but it triggers a
Coverity warning.

Thanks,
Yongji

Markus Armbruster June 29, 2022, 1:22 p.m. UTC | #5

Yongji Xie <xieyongji@bytedance.com> writes:

> On Wed, Jun 29, 2022 at 7:39 PM Markus Armbruster <armbru@redhat.com> wrote:
>>
>> Yongji Xie <xieyongji@bytedance.com> writes:
>>
>> > On Wed, Jun 29, 2022 at 5:41 PM Markus Armbruster <armbru@redhat.com> wrote:
>> >>
>> >> Xie Yongji <xieyongji@bytedance.com> writes:
>> >>
>> >> > Coverity pointed out (CID 1490222, 1490227) that we called
>> >> > ioctl somewhere without checking the return value. This
>> >> > patch fixes these issues.
>> >> >
>> >> > Fixes: Coverity CID 1490222, 1490227
>> >> > Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
>> >> > ---
>> >> >  subprojects/libvduse/libvduse.c | 10 ++++++++--
>> >> >  1 file changed, 8 insertions(+), 2 deletions(-)
>> >> >
>> >> > diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
>> >> > index 1a5981445c..bf7302c60a 100644
>> >> > --- a/subprojects/libvduse/libvduse.c
>> >> > +++ b/subprojects/libvduse/libvduse.c
>> >> > @@ -947,7 +947,10 @@ static void vduse_queue_disable(VduseVirtq *vq)
>> >> >
>> >> >      eventfd.index = vq->index;
>> >> >      eventfd.fd = VDUSE_EVENTFD_DEASSIGN;
>> >> > -    ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd);
>> >> > +    if (ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd)) {
>> >> > +        fprintf(stderr, "Failed to disable eventfd for vq[%d]: %s\n",
>> >> > +                vq->index, strerror(errno));
>> >> > +    }
>> >> >      close(vq->fd);
>> >> >
>> >> >      assert(vq->inuse == 0);
>> >> > @@ -1337,7 +1340,10 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
>> >> >
>> >> >      return dev;
>> >> >  err:
>> >> > -    ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name);
>> >> > +    if (ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name)) {
>> >> > +        fprintf(stderr, "Failed to destroy vduse device %s: %s\n",
>> >> > +                name, strerror(errno));
>> >> > +    }
>> >> >  err_dev:
>> >> >      close(ctrl_fd);
>> >> >  err_ctrl:
>> >>
>> >> Both errors are during cleanup that can't fail.  The program continues
>> >> as if they didn't happen.  Does the user need to know?
>> >>
>> >
>> > So I printed some error messages. I didn't find any other good way to
>> > notify the users.
>>
>> I can think of another way, either.  But my question wasn't about "how",
>> it was about "why".  The answer depends on the impact of these errors.
>> Which I can't judge.  Can you?
>>
>
> OK, I get your point. Actually users might have no way to handle those
> errors. And there is no real impact on users since those errors mean
> the resources have been cleaned up in other places or by other
> processes. So I choose to ignore this error, but it triggers a
> Coverity warning.

If we genuinely want to ignore errors from ioctl(), we can mark the
Coverity complaint as false positive.

Yongji Xie June 29, 2022, 1:28 p.m. UTC | #6

On Wed, Jun 29, 2022 at 9:22 PM Markus Armbruster <armbru@redhat.com> wrote:
>
> Yongji Xie <xieyongji@bytedance.com> writes:
>
> > On Wed, Jun 29, 2022 at 7:39 PM Markus Armbruster <armbru@redhat.com> wrote:
> >>
> >> Yongji Xie <xieyongji@bytedance.com> writes:
> >>
> >> > On Wed, Jun 29, 2022 at 5:41 PM Markus Armbruster <armbru@redhat.com> wrote:
> >> >>
> >> >> Xie Yongji <xieyongji@bytedance.com> writes:
> >> >>
> >> >> > Coverity pointed out (CID 1490222, 1490227) that we called
> >> >> > ioctl somewhere without checking the return value. This
> >> >> > patch fixes these issues.
> >> >> >
> >> >> > Fixes: Coverity CID 1490222, 1490227
> >> >> > Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
> >> >> > ---
> >> >> >  subprojects/libvduse/libvduse.c | 10 ++++++++--
> >> >> >  1 file changed, 8 insertions(+), 2 deletions(-)
> >> >> >
> >> >> > diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
> >> >> > index 1a5981445c..bf7302c60a 100644
> >> >> > --- a/subprojects/libvduse/libvduse.c
> >> >> > +++ b/subprojects/libvduse/libvduse.c
> >> >> > @@ -947,7 +947,10 @@ static void vduse_queue_disable(VduseVirtq *vq)
> >> >> >
> >> >> >      eventfd.index = vq->index;
> >> >> >      eventfd.fd = VDUSE_EVENTFD_DEASSIGN;
> >> >> > -    ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd);
> >> >> > +    if (ioctl(dev->fd, VDUSE_VQ_SETUP_KICKFD, &eventfd)) {
> >> >> > +        fprintf(stderr, "Failed to disable eventfd for vq[%d]: %s\n",
> >> >> > +                vq->index, strerror(errno));
> >> >> > +    }
> >> >> >      close(vq->fd);
> >> >> >
> >> >> >      assert(vq->inuse == 0);
> >> >> > @@ -1337,7 +1340,10 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
> >> >> >
> >> >> >      return dev;
> >> >> >  err:
> >> >> > -    ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name);
> >> >> > +    if (ioctl(ctrl_fd, VDUSE_DESTROY_DEV, name)) {
> >> >> > +        fprintf(stderr, "Failed to destroy vduse device %s: %s\n",
> >> >> > +                name, strerror(errno));
> >> >> > +    }
> >> >> >  err_dev:
> >> >> >      close(ctrl_fd);
> >> >> >  err_ctrl:
> >> >>
> >> >> Both errors are during cleanup that can't fail.  The program continues
> >> >> as if they didn't happen.  Does the user need to know?
> >> >>
> >> >
> >> > So I printed some error messages. I didn't find any other good way to
> >> > notify the users.
> >>
> >> I can think of another way, either.  But my question wasn't about "how",
> >> it was about "why".  The answer depends on the impact of these errors.
> >> Which I can't judge.  Can you?
> >>
> >
> > OK, I get your point. Actually users might have no way to handle those
> > errors. And there is no real impact on users since those errors mean
> > the resources have been cleaned up in other places or by other
> > processes. So I choose to ignore this error, but it triggers a
> > Coverity warning.
>
> If we genuinely want to ignore errors from ioctl(), we can mark the
> Coverity complaint as false positive.
>

OK, if so, I think I can drop this patch.

Thanks,
Yongji

[4/4] libvduse: Check the return value of some ioctls

Commit Message

Comments

Patch