From: Markus Armbruster <armbru@redhat.com>
To: Bin Meng <bmeng.cn@gmail.com>
Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Bin Meng" <bin.meng@windriver.com>,
"Hanna Reitz" <hreitz@redhat.com>,
"Kevin Wolf" <kwolf@redhat.com>,
Qemu-block <qemu-block@nongnu.org>,
"qemu-devel@nongnu.org Developers" <qemu-devel@nongnu.org>
Subject: Re: [PATCH v2] block: Refactor get_tmp_filename()
Date: Tue, 27 Sep 2022 08:22:30 +0200 [thread overview]
Message-ID: <87o7v1mj4p.fsf@pond.sub.org> (raw)
In-Reply-To: <CAEUhbmX61MEXRv0XMXAVnuuVmq841i1_z2U5bR8hS39-cS7cKg@mail.gmail.com> (Bin Meng's message of "Mon, 26 Sep 2022 23:28:08 +0800")
Bin Meng <bmeng.cn@gmail.com> writes:
> On Mon, Sep 26, 2022 at 6:13 PM Markus Armbruster <armbru@redhat.com> wrote:
>>
>> Bin Meng <bmeng.cn@gmail.com> writes:
>>
>> > From: Bin Meng <bin.meng@windriver.com>
>> >
>> > At present there are two callers of get_tmp_filename() and they are
>> > inconsistent.
>> >
>> > One does:
>> >
>> > /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
>> > char *tmp_filename = g_malloc0(PATH_MAX + 1);
>> > ...
>> > ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
>> >
>> > while the other does:
>> >
>> > s->qcow_filename = g_malloc(PATH_MAX);
>> > ret = get_tmp_filename(s->qcow_filename, PATH_MAX);
>> >
>> > As we can see different 'size' arguments are passed. There are also
>> > platform specific implementations inside the function, and this use
>> > of snprintf is really undesirable.
>> >
>> > Refactor this routine by changing its signature to:
>> >
>> > char *get_tmp_filename(void)
>> >
>> > and use g_file_open_tmp() for a consistent implementation.
>> >
>> > Signed-off-by: Bin Meng <bin.meng@windriver.com>
>> > ---
>> >
>> > Changes in v2:
>> > - Use g_autofree and g_steal_pointer
>> >
>> > include/block/block_int-common.h | 2 +-
>> > block.c | 42 ++++++++++----------------------
>> > block/vvfat.c | 8 +++---
>> > 3 files changed, 18 insertions(+), 34 deletions(-)
>> >
>> > diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h
>> > index 8947abab76..ea69a9349c 100644
>> > --- a/include/block/block_int-common.h
>> > +++ b/include/block/block_int-common.h
>> > @@ -1230,7 +1230,7 @@ static inline BlockDriverState *child_bs(BdrvChild *child)
>> > }
>> >
>> > int bdrv_check_request(int64_t offset, int64_t bytes, Error **errp);
>> > -int get_tmp_filename(char *filename, int size);
>> > +char *get_tmp_filename(void);
>> > void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
>> > QDict *options);
>> >
>> > diff --git a/block.c b/block.c
>> > index bc85f46eed..4e7a795566 100644
>> > --- a/block.c
>> > +++ b/block.c
>> > @@ -860,38 +860,23 @@ int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
>> >
>> > /*
>> > * Create a uniquely-named empty temporary file.
>> > - * Return 0 upon success, otherwise a negative errno value.
>> > + * Return the actual name used upon success, otherwise NULL.
>> > + * The called function is responsible for freeing it.
>> > */
>> > -int get_tmp_filename(char *filename, int size)
>> > +char *get_tmp_filename(void)
>> > {
>> > -#ifdef _WIN32
>> > - char temp_dir[MAX_PATH];
>> > - /* GetTempFileName requires that its output buffer (4th param)
>> > - have length MAX_PATH or greater. */
>> > - assert(size >= MAX_PATH);
>> > - return (GetTempPath(MAX_PATH, temp_dir)
>> > - && GetTempFileName(temp_dir, "qem", 0, filename)
>> > - ? 0 : -GetLastError());
>> > -#else
>> > + g_autofree char *filename = NULL;
>> > int fd;
>> > - const char *tmpdir;
>> > - tmpdir = getenv("TMPDIR");
>> > - if (!tmpdir) {
>> > - tmpdir = "/var/tmp";
>> > - }
>> > - if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
>> > - return -EOVERFLOW;
>> > - }
>> > - fd = mkstemp(filename);
>> > +
>> > + fd = g_file_open_tmp("vl.XXXXXX", &filename, NULL);
>> > if (fd < 0) {
>> > - return -errno;
>> > + return NULL;
>> > }
>> > if (close(fd) != 0) {
>> > unlink(filename);
>> > - return -errno;
>> > + return NULL;
>> > }
>> > - return 0;
>> > -#endif
>> > + return g_steal_pointer(&filename);
>> > }
>>
>> Oh my, what a lovely mess you're messing with!
>>
>> The function creates a temporary *file*, not just a filename. Makes
>> sense, as creating a unique filename is inherently racy. The contract
>> is clear enough ("Create a uniquely-named empty temporary file"), but
>> the function name is actively misleading.
>
> Agreed that the name is misleading.
Care to fix that?
>> Of course, creating a temporary file for the caller to (re)open is also
>> racy. By the time the caller gets around to it, the filename could name
>> anything. Return an open file file descriptor is a better idea. It's
>> basically g_file_open_tmp(). Could we rework the two users of
>> get_tmp_filename() accept a file descriptor?
>
> I looked at the 2 callers, and it looks like we need to do more than
> these 2 callers to teach them to accept a file descriptor. :(
Looks like it requires surgery to bdrv_create() at least. I'm not
demanding you do that now.
[...]
next prev parent reply other threads:[~2022-09-27 6:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-24 11:45 [PATCH v2] block: Refactor get_tmp_filename() Bin Meng
2022-09-24 12:29 ` Philippe Mathieu-Daudé via
2022-09-26 10:13 ` Markus Armbruster
2022-09-26 15:28 ` Bin Meng
2022-09-27 6:22 ` Markus Armbruster [this message]
2022-09-27 6:29 ` Bin Meng
2022-09-27 7:24 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o7v1mj4p.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=bin.meng@windriver.com \
--cc=bmeng.cn@gmail.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).