From: Kevin Wolf <kwolf@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-block@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [PULL 26/28] block/nfs: add support for libnfs v6
Date: Thu, 12 Mar 2026 17:12:56 +0100 [thread overview]
Message-ID: <abLmCCB-Wjn-mqh1@redhat.com> (raw)
In-Reply-To: <CAFEAcA_c_LOZmeMc7PvcUK4PgyAbzvrcVt3VyALRLtY6ECbpEg@mail.gmail.com>
Am 12.03.2026 um 10:41 hat Peter Maydell geschrieben:
> On Tue, 10 Mar 2026 at 16:30, Kevin Wolf <kwolf@redhat.com> wrote:
> >
> > From: Peter Lieven <pl@dlhnet.de>
> >
> > libnfs v6 added a new api structure for read and write requests.
> >
> > This effectively also adds zero copy read support for cases where
> > the qiov coming from the block layer has only one vector.
> >
> > The .brdv_refresh_limits implementation is needed because libnfs v6
> > silently dropped support for splitting large read/write request into
> > chunks.
> >
> > Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
> > Signed-off-by: Peter Lieven <pl@dlhnet.de>
> > Message-ID: <20260306142840.72923-1-pl@dlhnet.de>
> > Reviewed-by: Kevin Wolf <kwolf@redhat.com>
> > Signed-off-by: Kevin Wolf <kwolf@redhat.com>
>
>
> Hi; Coverity reports a potential issue with this code
> (CID 1645631):
>
> > @@ -266,13 +270,36 @@ static int coroutine_fn nfs_co_preadv(BlockDriverState *bs, int64_t offset,
> > {
> > NFSClient *client = bs->opaque;
> > NFSRPC task;
> > + char *buf = NULL;
> > + bool my_buffer = false;
> >
> > nfs_co_init_task(bs, &task);
> > - task.iov = iov;
> > +
> > +#ifdef LIBNFS_API_V2
> > + if (iov->niov != 1) {
> > + buf = g_try_malloc(bytes);
> > + if (bytes && buf == NULL) {
> > + return -ENOMEM;
> > + }
> > + my_buffer = true;
>
> Here we have code that takes the "read zero bytes" case, and
> still tries to malloc a 0-length buffer (which is of dubious
> portability). Then it will continue...
g_try_malloc() always returns NULL for allocating 0 bytes, so I don't
think portability is a problem here.
> > + } else {
> > + buf = iov->iov[0].iov_base;
> > + }
> > +#endif
> >
> > WITH_QEMU_LOCK_GUARD(&client->mutex) {
> > +#ifdef LIBNFS_API_V2
> > + if (nfs_pread_async(client->context, client->fh,
> > + buf, bytes, offset,
> > + nfs_co_generic_cb, &task) != 0) {
> > +#else
> > + task.iov = iov;
> > if (nfs_pread_async(client->context, client->fh,
> > offset, bytes, nfs_co_generic_cb, &task) != 0) {
> > +#endif
> > + if (my_buffer) {
> > + g_free(buf);
> > + }
> > return -ENOMEM;
> > }
> >
> > @@ -280,6 +307,13 @@ static int coroutine_fn nfs_co_preadv(BlockDriverState *bs, int64_t offset,
> > }
> > qemu_coroutine_yield();
> >
> > + if (my_buffer) {
> > + if (task.ret > 0) {
> > + qemu_iovec_from_buf(iov, 0, buf, task.ret);
>
> ...and down here we use 'buf', but Coverity thinks it might be NULL
> because we only returned -ENOMEM above for a NULL buffer if bytes == 0.
> So we might be here with bytes == 0 and buf == NULL.
Yes, buf might be NULL, but copying 0 bytes from NULL isn't a problem
because you don't actually dereference the pointer then.
I think the part that Coverity doesn't understand is probably that
task.ret is limited to bytes (i.e. 0 in this case).
> Maybe we can't get here, but maybe it would be simpler to handle
> the "asked to read 0 bytes" case directly without calling into the
> nfs library or allocating a 0 byte buffer?
We could have an 'if (!bytes) { return 0; }' at the start of the
function if we want to.
Kevin
next prev parent reply other threads:[~2026-03-12 16:13 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 16:25 [PULL 00/28] Block layer patches Kevin Wolf
2026-03-10 16:25 ` [PULL 01/28] fuse: Copy write buffer content before polling Kevin Wolf
2026-03-10 16:25 ` [PULL 02/28] fuse: Ensure init clean-up even with error_fatal Kevin Wolf
2026-03-10 16:25 ` [PULL 03/28] fuse: Remove superfluous empty line Kevin Wolf
2026-03-10 16:25 ` [PULL 04/28] fuse: Explicitly set inode ID to 1 Kevin Wolf
2026-03-10 16:25 ` [PULL 05/28] fuse: Change setup_... to mount_fuse_export() Kevin Wolf
2026-03-10 16:26 ` [PULL 06/28] fuse: Destroy session on mount_fuse_export() fail Kevin Wolf
2026-03-10 16:26 ` [PULL 07/28] fuse: Fix mount options Kevin Wolf
2026-03-10 16:26 ` [PULL 08/28] fuse: Set direct_io and parallel_direct_writes Kevin Wolf
2026-04-30 13:07 ` Fiona Ebner
2026-05-05 9:03 ` Fiona Ebner
2026-05-05 11:01 ` Fiona Ebner
2026-05-05 13:21 ` Hanna Czenczek
2026-03-10 16:26 ` [PULL 09/28] fuse: Introduce fuse_{at,de}tach_handlers() Kevin Wolf
2026-03-10 16:26 ` [PULL 10/28] fuse: Introduce fuse_{inc,dec}_in_flight() Kevin Wolf
2026-03-10 16:26 ` [PULL 11/28] fuse: Add halted flag Kevin Wolf
2026-03-10 16:26 ` [PULL 12/28] fuse: fuse_{read,write}: Rename length to blk_len Kevin Wolf
2026-03-10 16:26 ` [PULL 13/28] iotests/308: Use conv=notrunc to test growability Kevin Wolf
2026-03-10 16:26 ` [PULL 14/28] fuse: Explicitly handle non-grow post-EOF accesses Kevin Wolf
2026-03-10 16:26 ` [PULL 15/28] block: Move qemu_fcntl_addfl() into osdep.c Kevin Wolf
2026-03-10 16:26 ` [PULL 16/28] fuse: Drop permission changes in fuse_do_truncate Kevin Wolf
2026-03-10 16:26 ` [PULL 17/28] fuse: Manually process requests (without libfuse) Kevin Wolf
2026-05-08 11:55 ` Fiona Ebner
2026-05-08 13:06 ` Hanna Czenczek
2026-05-08 13:13 ` Hanna Czenczek
2026-05-12 15:14 ` Fiona Ebner
2026-03-10 16:26 ` [PULL 18/28] fuse: Reduce max read size Kevin Wolf
2026-03-10 16:26 ` [PULL 19/28] fuse: Process requests in coroutines Kevin Wolf
2026-03-10 16:26 ` [PULL 20/28] block/export: Add multi-threading interface Kevin Wolf
2026-03-10 16:26 ` [PULL 21/28] iotests/307: Test multi-thread export interface Kevin Wolf
2026-03-10 16:26 ` [PULL 22/28] fuse: Make shared export state atomic Kevin Wolf
2026-03-10 16:26 ` [PULL 23/28] fuse: Implement multi-threading Kevin Wolf
2026-03-10 16:26 ` [PULL 24/28] qapi/block-export: Document FUSE's multi-threading Kevin Wolf
2026-03-10 16:26 ` [PULL 25/28] iotests/308: Add multi-threading sanity test Kevin Wolf
2026-03-10 16:26 ` [PULL 26/28] block/nfs: add support for libnfs v6 Kevin Wolf
2026-03-12 9:41 ` Peter Maydell
2026-03-12 16:12 ` Kevin Wolf [this message]
2026-03-12 16:19 ` Peter Maydell
2026-03-12 16:47 ` Kevin Wolf
2026-03-20 9:50 ` Peter Maydell
2026-04-09 9:48 ` Peter Maydell
2026-04-09 13:29 ` Kevin Wolf
2026-03-10 16:26 ` [PULL 27/28] qapi: block: Refactor HTTP(s) common arguments Kevin Wolf
2026-03-10 16:26 ` [PULL 28/28] block/curl: add support for S3 presigned URLs Kevin Wolf
2026-03-11 10:43 ` [PULL 00/28] Block layer patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abLmCCB-Wjn-mqh1@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.