util: ensure safe{read,write,zero} return is checked

Based on a warning from coverity. The safe* functions guarantee complete transactions on success, but don't guarantee freedom from failure. * src/util/util.h (saferead, safewrite, safezero): Add ATTRIBUTE_RETURN_CHECK. * src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Ignore some failures. (remoteIOReadBuffer): Adjust error messages on read failure. * daemon/event.c (virEventHandleWakeup): Ignore read failure.

util: ensure safe{read,write,zero} return is checked
Based on a warning from coverity. The safe* functions guarantee complete transactions on success, but don't guarantee freedom from failure. * src/util/util.h (saferead, safewrite, safezero): Add ATTRIBUTE_RETURN_CHECK. * src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Ignore some failures. (remoteIOReadBuffer): Adjust error messages on read failure. * daemon/event.c (virEventHandleWakeup): Ignore read failure.
f9f6c34c · Eric Blake · cf4dee36 · f9f6c34c · f9f6c34c · f9f6c34c
显示空白变更内容
内联并排

Showing with 25 addition and 11 deletion

daemon/event.c daemon/event.c +3 -2

src/remote/remote_driver.c src/remote/remote_driver.c +16 -6

src/util/util.h src/util/util.h +6 -3

未找到文件。
--- a/daemon/event.c
+++ b/daemon/event.c
 /*
 * event.c: event loop for monitoring file handles
 *
+ * Copyright (C) 2007, 2010 Red Hat, Inc.
 * Copyright (C) 2007 Daniel P. Berrange
- * Copyright (C) 2007 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -35,6 +35,7 @@
 #include "event.h"
 #include "memory.h"
 #include "util.h"
+#include "ignore-value.h"
 #define EVENT_DEBUG(fmt, ...) DEBUG(fmt, __VA_ARGS__)
@@ -630,7 +631,7 @@ static void virEventHandleWakeup(int watch ATTRIBUTE_UNUSED,
 {
    char c;
    virEventLock();
-    saferead(fd, &c, sizeof(c));
+    ignore_value(saferead(fd, &c, sizeof(c)));
    virEventUnlock();
 }

--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -8877,7 +8877,11 @@ remoteIOReadBuffer(struct private_data *priv,
                char errout[1024] = "\0";
                if (priv->errfd != -1) {
-                    saferead(priv->errfd, errout, sizeof(errout));
+                    if (saferead(priv->errfd, errout, sizeof(errout)) < 0) {
+                        virReportSystemError(errno, "%s",
+                                             _("cannot recv data"));
+                        return -1;
+                    }
                }
                virReportSystemError(errno,
@@ -8886,7 +8890,12 @@ remoteIOReadBuffer(struct private_data *priv,
            } else {
                char errout[1024] = "\0";
                if (priv->errfd != -1) {
-                    saferead(priv->errfd, errout, sizeof(errout));
+                    if (saferead(priv->errfd, errout, sizeof(errout)) < 0) {
+                        remoteError(VIR_ERR_SYSTEM_ERROR,
+                                    _("server closed connection: %s"),
+                                    virStrerror(errno, errout, sizeof errout));
+                        return -1;
+                    }
                }
                remoteError(VIR_ERR_SYSTEM_ERROR,
@@ -9499,7 +9508,7 @@ remoteIOEventLoop(virConnectPtr conn,
        sigaddset (&blockedsigs, SIGWINCH);
        sigaddset (&blockedsigs, SIGCHLD);
        sigaddset (&blockedsigs, SIGPIPE);
-        ignore_value (pthread_sigmask(SIG_BLOCK, &blockedsigs, &oldmask));
+        ignore_value(pthread_sigmask(SIG_BLOCK, &blockedsigs, &oldmask));
 #endif
    repoll:
@@ -9508,14 +9517,15 @@ remoteIOEventLoop(virConnectPtr conn,
            goto repoll;
 #ifdef HAVE_PTHREAD_H
-        ignore_value (pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
+        ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
 #endif
        remoteDriverLock(priv);
        if (fds[1].revents) {
            DEBUG0("Woken up from poll by other thread");
-            saferead(priv->wakeupReadFD, &ignore, sizeof(ignore));
+            ignore_value(saferead(priv->wakeupReadFD, &ignore,
+                                  sizeof(ignore)));
        }
        if (ret < 0) {
@@ -9659,7 +9669,7 @@ remoteIO(virConnectPtr conn,
            priv->waitDispatch = thiscall;
        /* Force other thread to wakup from poll */
-        safewrite(priv->wakeupSendFD, &ignore, sizeof(ignore));
+        ignore_value(safewrite(priv->wakeupSendFD, &ignore, sizeof(ignore)));
        DEBUG("Going to sleep %d %p %p", thiscall->proc_nr, priv->waitDispatch, thiscall);
        /* Go to sleep while other thread is working... */

--- a/src/util/util.h
+++ b/src/util/util.h
@@ -2,6 +2,7 @@
 /*
 * utils.h: common, generic utility functions
 *
+ * Copyright (C) 2010 Red Hat, Inc.
 * Copyright (C) 2006, 2007 Binary Karma
 * Copyright (C) 2006 Shuveb Hussain
 *
@@ -31,9 +32,11 @@
 # include <sys/select.h>
 # include <sys/types.h>
-int saferead(int fd, void *buf, size_t count);
+int saferead(int fd, void *buf, size_t count) ATTRIBUTE_RETURN_CHECK;
-ssize_t safewrite(int fd, const void *buf, size_t count);
+ssize_t safewrite(int fd, const void *buf, size_t count)
-int safezero(int fd, int flags, off_t offset, off_t len);
+    ATTRIBUTE_RETURN_CHECK;
+int safezero(int fd, int flags, off_t offset, off_t len)
+    ATTRIBUTE_RETURN_CHECK;
 enum {
    VIR_EXEC_NONE   = 0,