All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/3] vhost-user-blk-test and vdagent Coverity fixes
@ 2021-05-26  9:12 Stefan Hajnoczi
  2021-05-26  9:12 ` [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives Stefan Hajnoczi
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-05-26  9:12 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, qemu-block, Coiby Xu,
	Gerd Hoffmann, Stefan Hajnoczi, Paolo Bonzini

This patch series addresses recent Coverity reports. Please see the individual
patches for details.

Stefan Hajnoczi (3):
  vhost-user-blk-test: fix Coverity open(2) false positives
  vhost-user-blk-test: fix Coverity mkstemp(2) umask warning
  ui/vdagent: fix clipboard info memory leak in error path

 tests/qtest/vhost-user-blk-test.c | 18 ++++++++++++++++--
 ui/vdagent.c                      |  2 +-
 2 files changed, 17 insertions(+), 3 deletions(-)

-- 
2.31.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives
  2021-05-26  9:12 [PATCH 0/3] vhost-user-blk-test and vdagent Coverity fixes Stefan Hajnoczi
@ 2021-05-26  9:12 ` Stefan Hajnoczi
  2021-05-30 19:05   ` Peter Maydell
  2021-05-26  9:12 ` [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning Stefan Hajnoczi
  2021-05-26  9:12 ` [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path Stefan Hajnoczi
  2 siblings, 1 reply; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-05-26  9:12 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, qemu-block, Coiby Xu,
	Gerd Hoffmann, Stefan Hajnoczi, Paolo Bonzini

Coverity checks that the file descriptor return value of open(2) is
checked and used. Normally this is helpful in identifying real bugs but
vhost-user-blk-test opens /dev/null as stdin and stdout after fork.

In this case we don't need to look at the return value because these
open(2) calls cannot fail in any reasonable environment. We already know
their return values ahead of time since we closed stdin and stdout
previously. open(2) is guaranteed to pick the lowest available fd
number.

Silence Coverity by introducing code that checks what we already know to
be true.

** CID 1453270:  Resource leaks  (RESOURCE_LEAK)
/qemu/tests/qtest/vhost-user-blk-test.c: 920 in start_vhost_user_blk()

________________________________________________________________________________________________________
*** CID 1453270:  Resource leaks  (RESOURCE_LEAK)
/qemu/tests/qtest/vhost-user-blk-test.c: 920 in start_vhost_user_blk()
914              * Close standard file descriptors so tap-driver.pl pipe detects when
915              * our parent terminates.
916              */
917             close(0);
918             close(1);
919             open("/dev/null", O_RDONLY);
>>>     CID 1453270:  Resource leaks  (RESOURCE_LEAK)
>>>     Ignoring handle opened by "open("/dev/null", 1)" leaks it.
920             open("/dev/null", O_WRONLY);
921
922             execlp("/bin/sh", "sh", "-c", storage_daemon_command->str, NULL);
923             exit(1);
924         }
925         g_string_free(storage_daemon_command, true);

** CID 1453269:  Error handling issues  (NEGATIVE_RETURNS)
/qemu/tests/qtest/vhost-user-blk-test.c: 829 in create_listen_socket()

________________________________________________________________________________________________________
*** CID 1453269:  Error handling issues  (NEGATIVE_RETURNS)
/qemu/tests/qtest/vhost-user-blk-test.c: 829 in create_listen_socket()
823         char *path;
824
825         /* No race because our pid makes the path unique */
826         path = g_strdup_printf("/tmp/qtest-%d-sock.XXXXXX", getpid());
827         tmp_fd = mkstemp(path);
828         g_assert_cmpint(tmp_fd, >=, 0);
>>>     CID 1453269:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "tmp_fd" is passed to a parameter that cannot be negative.
829         close(tmp_fd);
830         unlink(path);
831
832         *fd = qtest_socket_server(path);
833         g_test_queue_destroy(destroy_file, path);
834         return path;

** CID 1453268:    (CHECKED_RETURN)
/qemu/tests/qtest/vhost-user-blk-test.c: 920 in start_vhost_user_blk()
/qemu/tests/qtest/vhost-user-blk-test.c: 919 in start_vhost_user_blk()

________________________________________________________________________________________________________
*** CID 1453268:    (CHECKED_RETURN)
/qemu/tests/qtest/vhost-user-blk-test.c: 920 in start_vhost_user_blk()
914              * Close standard file descriptors so tap-driver.pl pipe detects when
915              * our parent terminates.
916              */
917             close(0);
918             close(1);
919             open("/dev/null", O_RDONLY);
>>>     CID 1453268:    (CHECKED_RETURN)
>>>     Calling "open("/dev/null", 1)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
920             open("/dev/null", O_WRONLY);
921
922             execlp("/bin/sh", "sh", "-c", storage_daemon_command->str, NULL);
923             exit(1);
924         }
925         g_string_free(storage_daemon_command, true);
/qemu/tests/qtest/vhost-user-blk-test.c: 919 in start_vhost_user_blk()
913             /*
914              * Close standard file descriptors so tap-driver.pl pipe detects when
915              * our parent terminates.
916              */
917             close(0);
918             close(1);
>>>     CID 1453268:    (CHECKED_RETURN)
>>>     Calling "open("/dev/null", 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
919             open("/dev/null", O_RDONLY);
920             open("/dev/null", O_WRONLY);
921
922             execlp("/bin/sh", "sh", "-c", storage_daemon_command->str, NULL);
923             exit(1);
924         }

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/qtest/vhost-user-blk-test.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/qtest/vhost-user-blk-test.c b/tests/qtest/vhost-user-blk-test.c
index 8796c74ca4..581e283a03 100644
--- a/tests/qtest/vhost-user-blk-test.c
+++ b/tests/qtest/vhost-user-blk-test.c
@@ -910,14 +910,18 @@ static void start_vhost_user_blk(GString *cmd_line, int vus_instances,
                    storage_daemon_command->str);
     pid_t pid = fork();
     if (pid == 0) {
+        int fd;
+
         /*
          * Close standard file descriptors so tap-driver.pl pipe detects when
          * our parent terminates.
          */
         close(0);
+        fd = open("/dev/null", O_RDONLY);
+        g_assert_cmpint(fd, ==, 0);
         close(1);
-        open("/dev/null", O_RDONLY);
-        open("/dev/null", O_WRONLY);
+        fd = open("/dev/null", O_WRONLY);
+        assert(fd == 1);
 
         execlp("/bin/sh", "sh", "-c", storage_daemon_command->str, NULL);
         exit(1);
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning
  2021-05-26  9:12 [PATCH 0/3] vhost-user-blk-test and vdagent Coverity fixes Stefan Hajnoczi
  2021-05-26  9:12 ` [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives Stefan Hajnoczi
@ 2021-05-26  9:12 ` Stefan Hajnoczi
  2021-05-30 19:01   ` Peter Maydell
  2021-05-26  9:12 ` [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path Stefan Hajnoczi
  2 siblings, 1 reply; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-05-26  9:12 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, qemu-block, Coiby Xu,
	Gerd Hoffmann, Stefan Hajnoczi, Paolo Bonzini

The Linux man page for mkstemp(3) states:

  In glibc versions 2.06 and earlier, the file is created with
  permissions 0666, that is, read and write for all users.  This old
  behavior may be a security risk, especially  since other UNIX flavors
  use 0600, and somebody might overlook this detail when porting
  programs. POSIX.1-2008 adds a requirement that the file be created
  with mode 0600.

  More generally, the POSIX specification of mkstemp() does not say
  anything about file modes, so the application should make sure its
  file mode creation mask (see umask(2)) is set appropriately before
  calling mkstemp() (and mkostemp()).

glibc 2.0.6 was released in 1997 and POSIX caught up in 2008. macOS and
FreeBSD also use POSIX-compliant 0600 permissions.

At this point the Coverity warning seems archaic and no longer useful,
but go ahead and silence it.

*** CID 1453267:  Security best practices violations  (SECURE_TEMP)
/qemu/tests/qtest/vhost-user-blk-test.c: 827 in create_listen_socket()
821     {
822         int tmp_fd;
823         char *path;
824
825         /* No race because our pid makes the path unique */
826         path = g_strdup_printf("/tmp/qtest-%d-sock.XXXXXX", getpid());
>>>     CID 1453267:  Security best practices violations  (SECURE_TEMP)
>>>     Calling "mkstemp" without securely setting umask first.
827         tmp_fd = mkstemp(path);
828         g_assert_cmpint(tmp_fd, >=, 0);
829         close(tmp_fd);
830         unlink(path);
831
832         *fd = qtest_socket_server(path);

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/qtest/vhost-user-blk-test.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/qtest/vhost-user-blk-test.c b/tests/qtest/vhost-user-blk-test.c
index 581e283a03..412e010db8 100644
--- a/tests/qtest/vhost-user-blk-test.c
+++ b/tests/qtest/vhost-user-blk-test.c
@@ -803,11 +803,16 @@ static void destroy_file(void *path)
 static char *drive_create(void)
 {
     int fd, ret;
+    mode_t old_umask;
     /** vhost-user-blk won't recognize drive located in /tmp */
     char *t_path = g_strdup("qtest.XXXXXX");
 
     /** Create a temporary raw image */
+    old_umask = umask(S_IXUSR |
+                      S_IRGRP | S_IWGRP | S_IXGRP |
+                      S_IROTH | S_IWOTH | S_IXOTH);
     fd = mkstemp(t_path);
+    umask(old_umask);
     g_assert_cmpint(fd, >=, 0);
     ret = ftruncate(fd, TEST_IMAGE_SIZE);
     g_assert_cmpint(ret, ==, 0);
@@ -821,10 +826,15 @@ static char *create_listen_socket(int *fd)
 {
     int tmp_fd;
     char *path;
+    mode_t old_umask;
 
     /* No race because our pid makes the path unique */
     path = g_strdup_printf("/tmp/qtest-%d-sock.XXXXXX", getpid());
+    old_umask = umask(S_IXUSR |
+                      S_IRGRP | S_IWGRP | S_IXGRP |
+                      S_IROTH | S_IWOTH | S_IXOTH);
     tmp_fd = mkstemp(path);
+    umask(old_umask);
     g_assert_cmpint(tmp_fd, >=, 0);
     close(tmp_fd);
     unlink(path);
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path
  2021-05-26  9:12 [PATCH 0/3] vhost-user-blk-test and vdagent Coverity fixes Stefan Hajnoczi
  2021-05-26  9:12 ` [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives Stefan Hajnoczi
  2021-05-26  9:12 ` [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning Stefan Hajnoczi
@ 2021-05-26  9:12 ` Stefan Hajnoczi
  2021-05-28  7:06   ` Gerd Hoffmann
  2 siblings, 1 reply; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-05-26  9:12 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, qemu-block, Coiby Xu,
	Gerd Hoffmann, Stefan Hajnoczi, Paolo Bonzini

If the size of a VD_AGENT_CLIPBOARD_GRAB message is invalid we leak info
when returning early.

Thanks to Coverity for spotting this:

*** CID 1453266:  Resource leaks  (RESOURCE_LEAK)
/qemu/ui/vdagent.c: 465 in vdagent_chr_recv_clipboard()
459             info = qemu_clipboard_info_new(&vd->cbpeer, s);
460             if (size > sizeof(uint32_t) * 10) {
461                 /*
462                  * spice has 6 types as of 2021. Limiting to 10 entries
463                  * so we we have some wiggle room.
464                  */
>>>     CID 1453266:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "info" going out of scope leaks the storage it points to.
465                 return;
466             }
467             while (size >= sizeof(uint32_t)) {
468                 trace_vdagent_cb_grab_type(GET_NAME(type_name, *(uint32_t *)data));
469                 switch (*(uint32_t *)data) {
470                 case VD_AGENT_CLIPBOARD_UTF8_TEXT:

Fixes: f0349f4d8947ad32d0fa4678cbf5dbb356fcbda1 ("ui/vdagent: add clipboard support")
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 ui/vdagent.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/vdagent.c b/ui/vdagent.c
index a253a8fe63..8fc54d330e 100644
--- a/ui/vdagent.c
+++ b/ui/vdagent.c
@@ -456,7 +456,6 @@ static void vdagent_chr_recv_clipboard(VDAgentChardev *vd, VDAgentMessage *msg)
     switch (msg->type) {
     case VD_AGENT_CLIPBOARD_GRAB:
         trace_vdagent_cb_grab_selection(GET_NAME(sel_name, s));
-        info = qemu_clipboard_info_new(&vd->cbpeer, s);
         if (size > sizeof(uint32_t) * 10) {
             /*
              * spice has 6 types as of 2021. Limiting to 10 entries
@@ -464,6 +463,7 @@ static void vdagent_chr_recv_clipboard(VDAgentChardev *vd, VDAgentMessage *msg)
              */
             return;
         }
+        info = qemu_clipboard_info_new(&vd->cbpeer, s);
         while (size >= sizeof(uint32_t)) {
             trace_vdagent_cb_grab_type(GET_NAME(type_name, *(uint32_t *)data));
             switch (*(uint32_t *)data) {
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path
  2021-05-26  9:12 ` [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path Stefan Hajnoczi
@ 2021-05-28  7:06   ` Gerd Hoffmann
  0 siblings, 0 replies; 9+ messages in thread
From: Gerd Hoffmann @ 2021-05-28  7:06 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, qemu-block, qemu-devel,
	Coiby Xu, Paolo Bonzini

On Wed, May 26, 2021 at 10:12:48AM +0100, Stefan Hajnoczi wrote:
> If the size of a VD_AGENT_CLIPBOARD_GRAB message is invalid we leak info
> when returning early.
> 
> Thanks to Coverity for spotting this:
> 
> *** CID 1453266:  Resource leaks  (RESOURCE_LEAK)
> /qemu/ui/vdagent.c: 465 in vdagent_chr_recv_clipboard()
> 459             info = qemu_clipboard_info_new(&vd->cbpeer, s);
> 460             if (size > sizeof(uint32_t) * 10) {
> 461                 /*
> 462                  * spice has 6 types as of 2021. Limiting to 10 entries
> 463                  * so we we have some wiggle room.
> 464                  */
> >>>     CID 1453266:  Resource leaks  (RESOURCE_LEAK)
> >>>     Variable "info" going out of scope leaks the storage it points to.
> 465                 return;
> 466             }
> 467             while (size >= sizeof(uint32_t)) {
> 468                 trace_vdagent_cb_grab_type(GET_NAME(type_name, *(uint32_t *)data));
> 469                 switch (*(uint32_t *)data) {
> 470                 case VD_AGENT_CLIPBOARD_UTF8_TEXT:
> 
> Fixes: f0349f4d8947ad32d0fa4678cbf5dbb356fcbda1 ("ui/vdagent: add clipboard support")
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning
  2021-05-26  9:12 ` [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning Stefan Hajnoczi
@ 2021-05-30 19:01   ` Peter Maydell
  2021-06-01 15:36     ` Stefan Hajnoczi
  0 siblings, 1 reply; 9+ messages in thread
From: Peter Maydell @ 2021-05-30 19:01 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, Qemu-block,
	QEMU Developers, Coiby Xu, Gerd Hoffmann, Paolo Bonzini

On Wed, 26 May 2021 at 10:14, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> The Linux man page for mkstemp(3) states:
>
>   In glibc versions 2.06 and earlier, the file is created with
>   permissions 0666, that is, read and write for all users.  This old
>   behavior may be a security risk, especially  since other UNIX flavors
>   use 0600, and somebody might overlook this detail when porting
>   programs. POSIX.1-2008 adds a requirement that the file be created
>   with mode 0600.
>
>   More generally, the POSIX specification of mkstemp() does not say
>   anything about file modes, so the application should make sure its
>   file mode creation mask (see umask(2)) is set appropriately before
>   calling mkstemp() (and mkostemp()).
>
> glibc 2.0.6 was released in 1997 and POSIX caught up in 2008. macOS and
> FreeBSD also use POSIX-compliant 0600 permissions.
>
> At this point the Coverity warning seems archaic and no longer useful,
> but go ahead and silence it.

We had a lot of these on other uses of mkstemp() in tests/ -- I
have been simply marking them as false-positive on the same grounds
that you cite above. I would suggest we do the same here rather
than having this one test do something different with mkstemp().

(If we really wanted to handle ancient glibc, we should do that
by having a qemu_mkstemp() or something. But it doesn't seem
worthwhile...)

thanks
-- PMM


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives
  2021-05-26  9:12 ` [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives Stefan Hajnoczi
@ 2021-05-30 19:05   ` Peter Maydell
  2021-06-01 15:36     ` Stefan Hajnoczi
  0 siblings, 1 reply; 9+ messages in thread
From: Peter Maydell @ 2021-05-30 19:05 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, Qemu-block,
	QEMU Developers, Coiby Xu, Gerd Hoffmann, Paolo Bonzini

On Wed, 26 May 2021 at 10:16, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> Coverity checks that the file descriptor return value of open(2) is
> checked and used. Normally this is helpful in identifying real bugs but
> vhost-user-blk-test opens /dev/null as stdin and stdout after fork.
>
> In this case we don't need to look at the return value because these
> open(2) calls cannot fail in any reasonable environment. We already know
> their return values ahead of time since we closed stdin and stdout
> previously. open(2) is guaranteed to pick the lowest available fd
> number.
>
> Silence Coverity by introducing code that checks what we already know to
> be true.

> diff --git a/tests/qtest/vhost-user-blk-test.c b/tests/qtest/vhost-user-blk-test.c
> index 8796c74ca4..581e283a03 100644
> --- a/tests/qtest/vhost-user-blk-test.c
> +++ b/tests/qtest/vhost-user-blk-test.c
> @@ -910,14 +910,18 @@ static void start_vhost_user_blk(GString *cmd_line, int vus_instances,
>                     storage_daemon_command->str);
>      pid_t pid = fork();
>      if (pid == 0) {
> +        int fd;
> +
>          /*
>           * Close standard file descriptors so tap-driver.pl pipe detects when
>           * our parent terminates.
>           */
>          close(0);
> +        fd = open("/dev/null", O_RDONLY);
> +        g_assert_cmpint(fd, ==, 0);
>          close(1);
> -        open("/dev/null", O_RDONLY);
> -        open("/dev/null", O_WRONLY);
> +        fd = open("/dev/null", O_WRONLY);
> +        assert(fd == 1);


Why use a different assert type for the two asserts?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning
  2021-05-30 19:01   ` Peter Maydell
@ 2021-06-01 15:36     ` Stefan Hajnoczi
  0 siblings, 0 replies; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-06-01 15:36 UTC (permalink / raw)
  To: Peter Maydell
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, Qemu-block,
	QEMU Developers, Coiby Xu, Gerd Hoffmann, Paolo Bonzini

[-- Attachment #1: Type: text/plain, Size: 1588 bytes --]

On Sun, May 30, 2021 at 08:01:21PM +0100, Peter Maydell wrote:
> On Wed, 26 May 2021 at 10:14, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> >
> > The Linux man page for mkstemp(3) states:
> >
> >   In glibc versions 2.06 and earlier, the file is created with
> >   permissions 0666, that is, read and write for all users.  This old
> >   behavior may be a security risk, especially  since other UNIX flavors
> >   use 0600, and somebody might overlook this detail when porting
> >   programs. POSIX.1-2008 adds a requirement that the file be created
> >   with mode 0600.
> >
> >   More generally, the POSIX specification of mkstemp() does not say
> >   anything about file modes, so the application should make sure its
> >   file mode creation mask (see umask(2)) is set appropriately before
> >   calling mkstemp() (and mkostemp()).
> >
> > glibc 2.0.6 was released in 1997 and POSIX caught up in 2008. macOS and
> > FreeBSD also use POSIX-compliant 0600 permissions.
> >
> > At this point the Coverity warning seems archaic and no longer useful,
> > but go ahead and silence it.
> 
> We had a lot of these on other uses of mkstemp() in tests/ -- I
> have been simply marking them as false-positive on the same grounds
> that you cite above. I would suggest we do the same here rather
> than having this one test do something different with mkstemp().
> 
> (If we really wanted to handle ancient glibc, we should do that
> by having a qemu_mkstemp() or something. But it doesn't seem
> worthwhile...)

Sounds good. I have updated Coverity.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives
  2021-05-30 19:05   ` Peter Maydell
@ 2021-06-01 15:36     ` Stefan Hajnoczi
  0 siblings, 0 replies; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-06-01 15:36 UTC (permalink / raw)
  To: Peter Maydell
  Cc: Laurent Vivier, Kevin Wolf, Thomas Huth, Qemu-block,
	QEMU Developers, Coiby Xu, Gerd Hoffmann, Paolo Bonzini

[-- Attachment #1: Type: text/plain, Size: 1870 bytes --]

On Sun, May 30, 2021 at 08:05:49PM +0100, Peter Maydell wrote:
> On Wed, 26 May 2021 at 10:16, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> >
> > Coverity checks that the file descriptor return value of open(2) is
> > checked and used. Normally this is helpful in identifying real bugs but
> > vhost-user-blk-test opens /dev/null as stdin and stdout after fork.
> >
> > In this case we don't need to look at the return value because these
> > open(2) calls cannot fail in any reasonable environment. We already know
> > their return values ahead of time since we closed stdin and stdout
> > previously. open(2) is guaranteed to pick the lowest available fd
> > number.
> >
> > Silence Coverity by introducing code that checks what we already know to
> > be true.
> 
> > diff --git a/tests/qtest/vhost-user-blk-test.c b/tests/qtest/vhost-user-blk-test.c
> > index 8796c74ca4..581e283a03 100644
> > --- a/tests/qtest/vhost-user-blk-test.c
> > +++ b/tests/qtest/vhost-user-blk-test.c
> > @@ -910,14 +910,18 @@ static void start_vhost_user_blk(GString *cmd_line, int vus_instances,
> >                     storage_daemon_command->str);
> >      pid_t pid = fork();
> >      if (pid == 0) {
> > +        int fd;
> > +
> >          /*
> >           * Close standard file descriptors so tap-driver.pl pipe detects when
> >           * our parent terminates.
> >           */
> >          close(0);
> > +        fd = open("/dev/null", O_RDONLY);
> > +        g_assert_cmpint(fd, ==, 0);
> >          close(1);
> > -        open("/dev/null", O_RDONLY);
> > -        open("/dev/null", O_WRONLY);
> > +        fd = open("/dev/null", O_WRONLY);
> > +        assert(fd == 1);
> 
> 
> Why use a different assert type for the two asserts?

Thanks for pointing this out. I will send a v2 that consistently uses
g_assert_cmpint().

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2021-06-01 15:39 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-26  9:12 [PATCH 0/3] vhost-user-blk-test and vdagent Coverity fixes Stefan Hajnoczi
2021-05-26  9:12 ` [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives Stefan Hajnoczi
2021-05-30 19:05   ` Peter Maydell
2021-06-01 15:36     ` Stefan Hajnoczi
2021-05-26  9:12 ` [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning Stefan Hajnoczi
2021-05-30 19:01   ` Peter Maydell
2021-06-01 15:36     ` Stefan Hajnoczi
2021-05-26  9:12 ` [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path Stefan Hajnoczi
2021-05-28  7:06   ` Gerd Hoffmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.