Re: [Qemu-trivial] [Qemu-devel] [PATCH] pflash: Avoid warnings from coverity

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-trivial@nongnu.org, Stefan Weil <sw@weilnetz.de>,
	qemu-devel@nongnu.org
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH] pflash: Avoid warnings from coverity
Date: Mon, 24 Sep 2012 10:41:20 +0200	[thread overview]
Message-ID: <878vbzvmmn.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <50601043.2080209@redhat.com> (Kevin Wolf's message of "Mon, 24 Sep 2012 09:48:19 +0200")

Kevin Wolf <kwolf@redhat.com> writes:

> Am 22.09.2012 20:53, schrieb Stefan Weil:
>> Am 22.09.2012 18:29, schrieb Stefan Hajnoczi:
>>> On Wed, Sep 19, 2012 at 06:41:14PM +0200, Stefan Weil wrote:
>> [snip]
>>>>           offset_end = (offset_end + 511) >> 9;
>>>> -        bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
>>>> -                   offset_end - offset);
>>>> +        if (bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
>>>> +                       offset_end - offset) == -1) {
>>> bdrv_write() returns -errno, not -1.
>> 
>> Thanks. It looks like we have more code which uses the wrong check
>> (and which I copied). So more patches are needed.
>> 
>> Should we also replace code which does bdrv_write() != 0 or !bdrv_write()
>> by bdrv_write() < 0 to get more uniform code (and the same for bdrv_read*),
>> even it is not strictly wrong?
>> 
>> Maybe Kevin as block maintainer should decide that.
>
> Yes, I very much prefer ret < 0 checks for all block layer functions.
>
>>>> +            fprintf(stderr, "pflash: Error writing to flash storage\n");
>>>> +        }
>>> Please report the errno and possibly bdrv_get_device_name() to uniquely
>>> identify this block device.
>> 
>> That would be overkill here: writing flash memory is not used very
>> often (even on real hardware it is typically only used for firmware
>> updates). I expect that anyone who does a firmware update in a
>> QEMU guest will know the name of the flash image file.
>> 
>> Usually I replace the flash image file on the QEMU host when I want
>> to exchange the firmware (much easier than flashing in the guest).
>> 
>> Reporting errno might be more reasonable.Are there other values than
>> EIO (e.g. defective media) and ENOSPC (disk full) which could occur?
>
> Basically anything that the OS can return. The block layer may
> internally generate things like -EACCES for writing to read-only images,
> or -ENOMEDIUM (not sure if it's possible for pflash).
>
>> A common solution for all users of bdrv_write in the block layer
>> would be even better. VirtualBox for example stops the guest when
>> ENOSPC (disk full) occurs, so it's possible for users to fix that
>> and resume the emulation.
>
> virtio-blk/IDE/scsi-disk do that.

Doing it in the block layer for all devices would be cleaner
conceptually.  If I remember correctly, we did it in devices instead,
because that was much simpler.

>>> Peter's comments about reporting errors to the guest make sense to me.
>>> I'm not sure how much work that involves, printing the error is a step
>>> in the right direction but we shouldn't forget the TODO.
>
> Shouldn't we avoid fprintfs that can be triggered by the guest?

Yes, we should.

Besides, mumbling to stderr is no excuse for a device model to behave
incorrectly.  Adding a print is a step in the right direction only
insofar as it makes the brokenness of the device model more obvious.

WARNING: multiple messages have this Message-ID (diff)

From: Markus Armbruster <armbru@redhat.com>
To: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-trivial@nongnu.org, Stefan Weil <sw@weilnetz.de>,
	qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@gmail.com>
Subject: Re: [Qemu-devel] [Qemu-trivial] [PATCH] pflash: Avoid warnings from coverity
Date: Mon, 24 Sep 2012 10:41:20 +0200	[thread overview]
Message-ID: <878vbzvmmn.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <50601043.2080209@redhat.com> (Kevin Wolf's message of "Mon, 24 Sep 2012 09:48:19 +0200")

Kevin Wolf <kwolf@redhat.com> writes:

> Am 22.09.2012 20:53, schrieb Stefan Weil:
>> Am 22.09.2012 18:29, schrieb Stefan Hajnoczi:
>>> On Wed, Sep 19, 2012 at 06:41:14PM +0200, Stefan Weil wrote:
>> [snip]
>>>>           offset_end = (offset_end + 511) >> 9;
>>>> -        bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
>>>> -                   offset_end - offset);
>>>> +        if (bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
>>>> +                       offset_end - offset) == -1) {
>>> bdrv_write() returns -errno, not -1.
>> 
>> Thanks. It looks like we have more code which uses the wrong check
>> (and which I copied). So more patches are needed.
>> 
>> Should we also replace code which does bdrv_write() != 0 or !bdrv_write()
>> by bdrv_write() < 0 to get more uniform code (and the same for bdrv_read*),
>> even it is not strictly wrong?
>> 
>> Maybe Kevin as block maintainer should decide that.
>
> Yes, I very much prefer ret < 0 checks for all block layer functions.
>
>>>> +            fprintf(stderr, "pflash: Error writing to flash storage\n");
>>>> +        }
>>> Please report the errno and possibly bdrv_get_device_name() to uniquely
>>> identify this block device.
>> 
>> That would be overkill here: writing flash memory is not used very
>> often (even on real hardware it is typically only used for firmware
>> updates). I expect that anyone who does a firmware update in a
>> QEMU guest will know the name of the flash image file.
>> 
>> Usually I replace the flash image file on the QEMU host when I want
>> to exchange the firmware (much easier than flashing in the guest).
>> 
>> Reporting errno might be more reasonable.Are there other values than
>> EIO (e.g. defective media) and ENOSPC (disk full) which could occur?
>
> Basically anything that the OS can return. The block layer may
> internally generate things like -EACCES for writing to read-only images,
> or -ENOMEDIUM (not sure if it's possible for pflash).
>
>> A common solution for all users of bdrv_write in the block layer
>> would be even better. VirtualBox for example stops the guest when
>> ENOSPC (disk full) occurs, so it's possible for users to fix that
>> and resume the emulation.
>
> virtio-blk/IDE/scsi-disk do that.

Doing it in the block layer for all devices would be cleaner
conceptually.  If I remember correctly, we did it in devices instead,
because that was much simpler.

>>> Peter's comments about reporting errors to the guest make sense to me.
>>> I'm not sure how much work that involves, printing the error is a step
>>> in the right direction but we shouldn't forget the TODO.
>
> Shouldn't we avoid fprintfs that can be triggered by the guest?

Yes, we should.

Besides, mumbling to stderr is no excuse for a device model to behave
incorrectly.  Adding a print is a step in the right direction only
insofar as it makes the brokenness of the device model more obvious.

next prev parent reply	other threads:[~2012-09-24  8:41 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-19 16:41 [Qemu-trivial] [PATCH] pflash: Avoid warnings from coverity Stefan Weil
2012-09-19 16:41 ` [Qemu-devel] " Stefan Weil
2012-09-19 16:45 ` [Qemu-trivial] " Peter Maydell
2012-09-19 16:45   ` Peter Maydell
2012-09-19 20:51   ` [Qemu-trivial] " Stefan Weil
2012-09-19 20:51     ` Stefan Weil
2012-09-20  8:31     ` [Qemu-trivial] " Peter Maydell
2012-09-20  8:31       ` Peter Maydell
2012-09-22 16:29 ` [Qemu-trivial] " Stefan Hajnoczi
2012-09-22 16:29   ` [Qemu-devel] " Stefan Hajnoczi
2012-09-22 16:58   ` [Qemu-trivial] [Qemu-devel] " Peter Maydell
2012-09-22 16:58     ` [Qemu-devel] [Qemu-trivial] " Peter Maydell
2012-09-22 18:53   ` Stefan Weil
2012-09-22 18:53     ` [Qemu-devel] " Stefan Weil
2012-09-24  7:48     ` Kevin Wolf
2012-09-24  7:48       ` [Qemu-devel] " Kevin Wolf
2012-09-24  8:41       ` Markus Armbruster [this message]
2012-09-24  8:41         ` Markus Armbruster
2012-09-24  8:53         ` [Qemu-trivial] [Qemu-devel] " Kevin Wolf
2012-09-24  8:53           ` [Qemu-devel] [Qemu-trivial] " Kevin Wolf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878vbzvmmn.fsf@blackfin.pond.sub.org \
    --to=armbru@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-trivial@nongnu.org \
    --cc=sw@weilnetz.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.