[PULL 1/5] hw/xen: Clarify (lack of) error handling in transaction_commit()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Anthony PERARD via <qemu-devel@nongnu.org>
To: <qemu-devel@nongnu.org>
Cc: David Woodhouse <dwmw@amazon.co.uk>,
	Anthony PERARD <anthony.perard@citrix.com>
Subject: [PULL 1/5] hw/xen: Clarify (lack of) error handling in transaction_commit()
Date: Tue, 1 Aug 2023 10:40:34 +0100	[thread overview]
Message-ID: <20230801094038.11026-2-anthony.perard@citrix.com> (raw)
In-Reply-To: <20230801094038.11026-1-anthony.perard@citrix.com>

From: David Woodhouse <dwmw@amazon.co.uk>

Coverity was unhappy (CID 1508359) because we didn't check the return of
init_walk_op() in transaction_commit(), despite doing so at every other
call site.

Strictly speaking, this is a false positive since it can never fail. It
only fails for invalid user input (transaction ID or path), and both of
those are hard-coded to known sane values in this invocation.

But Coverity doesn't know that, and neither does the casual reader of the
code.

Returning an error here would be weird, since the transaction *is*
committed by this point; all the walk_op is doing is firing watches on
the newly-committed changed nodes. So make it a g_assert(!ret), since
it really should never happen.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20076888f6bdf06a65aafc5cf954260965d45b97.camel@infradead.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
 hw/i386/kvm/xenstore_impl.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/i386/kvm/xenstore_impl.c b/hw/i386/kvm/xenstore_impl.c
index 305fe75519..d9732b567e 100644
--- a/hw/i386/kvm/xenstore_impl.c
+++ b/hw/i386/kvm/xenstore_impl.c
@@ -1022,6 +1022,7 @@ static int transaction_commit(XenstoreImplState *s, XsTransaction *tx)
 {
     struct walk_op op;
     XsNode **n;
+    int ret;
 
     if (s->root_tx != tx->base_tx) {
         return EAGAIN;
@@ -1032,7 +1033,16 @@ static int transaction_commit(XenstoreImplState *s, XsTransaction *tx)
     s->root_tx = tx->tx_id;
     s->nr_nodes = tx->nr_nodes;
 
-    init_walk_op(s, &op, XBT_NULL, tx->dom_id, "/", &n);
+    ret = init_walk_op(s, &op, XBT_NULL, tx->dom_id, "/", &n);
+    /*
+     * There are two reasons why init_walk_op() may fail: an invalid tx_id,
+     * or an invalid path. We pass XBT_NULL and "/", and it cannot fail.
+     * If it does, the world is broken. And returning 'ret' would be weird
+     * because the transaction *was* committed, and all this tree walk is
+     * trying to do is fire the resulting watches on newly-committed nodes.
+     */
+    g_assert(!ret);
+
     op.deleted_in_tx = false;
     op.mutating = true;
 
-- 
Anthony PERARD

next prev parent reply	other threads:[~2023-08-01  9:42 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-01  9:40 [PULL 0/5] Misc fixes, for thread-pool, xen, and xen-emulate Anthony PERARD via
2023-08-01  9:40 ` Anthony PERARD via [this message]
2023-08-01  9:40 ` [PULL 2/5] xen-block: Avoid leaks on new error path Anthony PERARD via
2023-08-01  9:40 ` [PULL 3/5] thread-pool: signal "request_cond" while locked Anthony PERARD via
2023-08-01  9:40 ` [PULL 4/5] xen: Don't pass MemoryListener around by value Anthony PERARD via
2023-08-01  9:40 ` [PULL 5/5] xen-platform: do full PCI reset during unplug of IDE devices Anthony PERARD via
2023-08-01 17:48 ` [PULL 0/5] Misc fixes, for thread-pool, xen, and xen-emulate Richard Henderson
2023-08-02 15:18 ` Michael Tokarev
2023-08-02 18:34   ` Olaf Hering

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:305fe7551 dfblob:d9732b567 )
 OR (
bs:"[PULL 1/5] hw/xen: Clarify (lack of) error handling in transaction_commit()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230801094038.11026-2-anthony.perard@citrix.com \
    --to=qemu-devel@nongnu.org \
    --cc=anthony.perard@citrix.com \
    --cc=dwmw@amazon.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).