Details

Reviewers

vangyzen

Group Reviewers

manpages

Commits

rS315686: kvm_geterr: handle `kd` == NULL in a deterministic/graceful manner

Summary

Handle kd == NULL gracefully with kvm_geterr

Don't just work by accident with kvm_geterr(3), but instead return a
NUL string.

Document the new explicit return behavior for kvm_geterr(3), as well
as the previous implicit behavior, i.e., the buffer attached to
returned via kvm_geterr(3) would be empty.

MFC after: 1 week
Sponsored by: Dell EMC Isilon

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

ngie created this revision.Mar 16 2017, 3:45 AM

Herald added a reviewer: manpages. · View Herald TranscriptMar 16 2017, 3:45 AM

Herald added a subscriber: imp. · View Herald Transcript

ngie edited the summary of this revision. (Show Details)Mar 16 2017, 3:45 AM

ngie added subscribers: jhb, markj.

ngie added inline comments.

lib/libkvm/kvm.c
293 ↗	(On Diff #26299)	Looking at the rest of the surrounding code, I should restore the cast and remove all of the unnecessary void* casts in another commit.

Remove unnecessary stylistic diff in kvm_close(3)

lib/libkvm/kvm_open.3
236–238 ↗	(On Diff #26301)	This sounds weird now that I read it out loud. Let me rewrite it.

Fix error description for kvm_close relating to close(2).
Reference close(2) in SEE ALSO.

Describe return value behavior, post this change.

Harbormaster completed remote builds in B8075: Diff 26304.Mar 16 2017, 4:03 AM

ngie edited the summary of this revision. (Show Details)Mar 16 2017, 4:07 AM

Harbormaster completed remote builds in B8072: Diff 26299.Mar 16 2017, 4:32 AM

ngie marked an inline comment as done.Mar 16 2017, 4:51 AM

Harbormaster completed remote builds in B8073: Diff 26301.Mar 16 2017, 5:18 AM

ngie mentioned this in D10024: lib/libkvm: Start adding basic tests for kvm(3).Mar 16 2017, 5:39 AM

Harbormaster completed remote builds in B8074: Diff 26302.Mar 16 2017, 5:54 AM

Harbormaster completed remote builds in B8075: Diff 26304.Mar 16 2017, 6:40 AM

Add some more kvm_geterr(3) tests

In D10022#207066, @ngie wrote:

Add some more kvm_geterr(3) tests

Please ignore this comment. There's no change in this diff vs the last one.

Harbormaster completed remote builds in B8077: Diff 26306.Mar 16 2017, 8:19 AM

Would anyone on the CC list have time to review this change?

vangyzen added a subscriber: vangyzen.Mar 19 2017, 1:25 PM

vangyzen added inline comments.

lib/libkvm/kvm.c
74 ↗	(On Diff #26306)	In the code in head, `kvm_geterr` never returns `NULL`. This path should return an empty string to preserve that API. This is usually(?) called on an error path, so it's harder to reach in testing and more likely to be used incorrectly (i.e. without testing for `NULL`).
302 ↗	(On Diff #26306)	return (error)
lib/libkvm/kvm_geterr.3
58 ↗	(On Diff #26306)	"The `kvm_geterr` function..."
62 ↗	(On Diff #26306)	Just `kd`, not `*kd`.
65 ↗	(On Diff #26306)	This is not true: `kd->errbuf` is a `char[]` initialized by `calloc()`, so `kvm_geterr` will always return a string if `kd != NULL`.
66 ↗	(On Diff #26306)	Maybe just `kd` here, too.
lib/libkvm/kvm_open.3
247 ↗	(On Diff #26306)	`*kd` -> `kd`

ngie mentioned this in rS315601: kvm_open2(3): remove '*' when describing addr argument for `resolver`.Mar 20 2017, 1:19 AM

Update per feedback from vangyzen

Harbormaster completed remote builds in B8146: Diff 26433.Mar 20 2017, 2:36 AM

I forgot to include the kvm.c changes in the previous diff

ngie mentioned this in rS315603: kvm_close(3): return `error` instead of blindly returning `0`.Mar 20 2017, 2:47 AM

Don't return strerror(EINVAL) if kd == NULL in kvm_geterr... this wasn't previously
discussed/requested (it was just something I was trying out)

ngie added inline comments.Mar 20 2017, 2:52 AM

lib/libkvm/kvm.c
74 ↗	(On Diff #26306)	I didn't initially understand the point in doing this, but given that errbuf isn't guaranteed to be allocated on the stack, "" is the proper way to deal with this issue.
302 ↗	(On Diff #26306)	Good eye. I'll commit this separately after I do some more testing.

ngie marked an inline comment as done.Mar 20 2017, 2:53 AM

ngie added inline comments.

lib/libkvm/kvm.c
302 ↗	(On Diff #26306)	Committed as rS315603.

ngie marked 2 inline comments as done.Mar 20 2017, 2:53 AM

Harbormaster completed remote builds in B8146: Diff 26433.Mar 20 2017, 3:18 AM

Harbormaster failed remote builds in B8147: Diff 26434!Mar 20 2017, 3:26 AM

Harbormaster completed remote builds in B8148: Diff 26435.Mar 20 2017, 4:08 AM

vangyzen added inline comments.Mar 20 2017, 1:19 PM

lib/libkvm/kvm.c
74 ↗	(On Diff #26306)	The type of `""` is `const`, so the compiler should be warning that the return type discards the `const` qualifier (unless warnings are dialed down in libkvm). A more proper fix is something like: static char kd_is_null[1]; Even better than that, make the return type `const`. Obviously, that could snowball into a larger change, but it would be beneficial. For example, you might find some callers that `free()` the returned string, since that would emit a warning about freeing a `const` pointer.

I actually think it's fine to return 'strerror(EINVAL)' instead of an empty string. The caller probably doesn't expect any empty string. Also, I don't think it's but so bad to return NULL as passing NULL to kvm_geterr() is undefined behavior anyway. Arguably you deserve to crash at that point.

ngie marked an inline comment as done.Mar 20 2017, 5:59 PM

ngie added inline comments.

lib/libkvm/kvm.c
74 ↗	(On Diff #26306)	Good point. I disagree on making it static though -- it should be externalized via kvm.h and testable. With the const change, I think it's admirable, but it shouldn't be done in this commit. AFAICT, changing the lib call signature is ok, if the reasoning makes sense.

In D10022#208128, @jhb wrote:

I actually think it's fine to return 'strerror(EINVAL)' instead of an empty string. The caller probably doesn't expect any empty string. Also, I don't think it's but so bad to return NULL as passing NULL to kvm_geterr() is undefined behavior anyway. Arguably you deserve to crash at that point.

Hmm.. I'll think about this a bit. In retrospect (even though the behavior changes seemed to be benign and the changes opportunistic), I think the changes should be split up because functionally they're different.

Please hold a sec. I'll file up another review for kvm_close(3) and reuse this for kvm_geterr(3), only.

vangyzen added inline comments.Mar 20 2017, 6:20 PM

lib/libkvm/kvm.c
74 ↗	(On Diff #26306)	I don't understand the reasoning behind making it external. It's just a way to return an empty string. Callers don't need to test whether the pointer points to this particular empty string. I agree that `const` should be a separate commit.

Reduce diff to just kvm_geterr(3) to get to resolution with the new behavior

ngie retitled this revision from Handle kd == NULL gracefully with kvm_close/kvm_geterr to Handle kd == NULL gracefully with kvm_geterr(3).Mar 20 2017, 6:33 PM

ngie edited the summary of this revision. (Show Details)

Harbormaster completed remote builds in B8162: Diff 26463.Mar 20 2017, 8:15 PM

Apply recommendations from vangyzen

As suspected, bumping up WARNS with kvm_geterr will fail after this
commit, but no more than it would have previously.

I'm working on bumping WARNS up to 6 though (see D10071, etc)

ngie marked 3 inline comments as done.Mar 21 2017, 5:00 AM

ngie added inline comments.

lib/libkvm/kvm.c
74 ↗	(On Diff #26306)	Yup... const poisoning here doesn't work quite yet... will fix in future commits (I have to __DECONST the return value from kvm_read2 too in order to calculate the ssize_t value returned from the function.