From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=NGWSl4Rm; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id BD0735A095E for ; Mon, 17 Nov 2025 02:10:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763341817; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z/xeuzoXzf3JwNewmjCSmqCnR9LP3owexBuGjjq1z4c=; b=NGWSl4RmLK6aNl64Gr9R4p0JEGhhzIM9WBjvHxz/NJK0ScQVxlNSJgmRrOjVBAUVBWNPeS +3j084IQmm8jrGixJJObX7Gjsmt6kPNtdIPY3HsgnhDtHEasXIRVfmIt8LMyR9Ym1xOHQs dptOX7vnUM0U07Hd2WRaD2/hs0NUFyw= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-385-OF63NwWkM7mtUvbWfWNbGg-1; Sun, 16 Nov 2025 20:10:15 -0500 X-MC-Unique: OF63NwWkM7mtUvbWfWNbGg-1 X-Mimecast-MFC-AGG-ID: OF63NwWkM7mtUvbWfWNbGg_1763341814 Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-641738a10c4so4792116a12.1 for ; Sun, 16 Nov 2025 17:10:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763341814; x=1763946614; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=z/xeuzoXzf3JwNewmjCSmqCnR9LP3owexBuGjjq1z4c=; b=mExdFGq6XuLtgiX1rcKXG8p8LR373ifyHHH/wXsiE1XDlvGVFWxbdwQ0D+DztaIX1q lzNbM8H+2sdp+/NIsxZx6aJ3K5bcDcqOokTG8DrtrhmZIltivoWLTZcr9XluoI6XWehP MhaQlJlgObyG1mr6iyhUHUAjd3figpJuV3SsbW5ktrigoJESWhEHIC5F3xPbRv5V3rwk 7kt8WIOBeenvLKnh/Sh1r78eOXARhlGyo0WFz6tLAHzI7ThEkzS3UI8VvIW39yUWRoxA str2KrMapDk7TYmdG5LJOy5vYxpX5I7jfKL7ad6d50n2EGHWZLTiOTVC07038IpqLqaw 8BOQ== X-Gm-Message-State: AOJu0Ywea7AMu61IPKYwmbvjAC9HhPd2M1PAiHhEc+s1EPs4iNmf0exz pWI8l9r2HrGwJLF3Glnbi2KrAyzamqlAtMFaHLYvCnOEIm1Q8BWAi0DaBSKJG9c2cGXbBBiIKY4 IPCVwc6U34tRDIqE4RherUdULI9N3w5h4LzLXzOOR+HdmVXd9ydMGVOrsKkQ1PVnt7e1iSaWHPr XwnhZlGMvfFxJoaMLTDMsxdBymF5AyGeqg8LG77lQ= X-Gm-Gg: ASbGnctoj7m0Lrns9EYfvoHxA1+VNvpKB2Ush+e04fxeSM1x//ZLYYzo1Jb7IbRChLS ww8+HbQj8hEztzs/uvHlfpS89Kh/H4jjV0dSO1qMZE05XGe54hzbo4ww3uBkFkp4xqvBFG74IXt ruB/dqKrOi2IpzUFTpmXenuIXnLS92mKZ0oZzVvH+1OU/fAbr9ERkRigam X-Received: by 2002:a05:6402:1cc1:b0:641:24cc:26d7 with SMTP id 4fb4d7f45d1cf-64350e1e506mr9402759a12.14.1763341814225; Sun, 16 Nov 2025 17:10:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IHE2CFf6IbBz6KFq2cNnUvVRgi/nuT6cp3J4EaUToeCZbLQ5aLbHV5G79CiuJY2l7870aAn624e/9kt0QyC9u0= X-Received: by 2002:a05:6402:1cc1:b0:641:24cc:26d7 with SMTP id 4fb4d7f45d1cf-64350e1e506mr9402748a12.14.1763341813827; Sun, 16 Nov 2025 17:10:13 -0800 (PST) MIME-Version: 1.0 References: <20251110093137.87705-1-yuhuang@redhat.com> <20251110093137.87705-3-yuhuang@redhat.com> <20251114010134.6a79cb30@elisabeth> <20251114111212.21090538@elisabeth> In-Reply-To: <20251114111212.21090538@elisabeth> From: Yumei Huang Date: Mon, 17 Nov 2025 09:10:01 +0800 X-Gm-Features: AWmQ_bm5YyyvV6zE_PJrjv6lp8VVsusZ8fP1o8VXQtxgBK5-bMxPG031c5PCfIc Message-ID: Subject: Re: [PATCH v8 2/6] util: Introduce read_file() and read_file_integer() function To: Stefano Brivio X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: M5DBR-EFjF403G-ZcRk7d_EYIoEDz6jOYyr4MgtwtIE_1763341814 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 6UTQDKZOO25KVHAO3OCOET6YJUWZLBVO X-Message-ID-Hash: 6UTQDKZOO25KVHAO3OCOET6YJUWZLBVO X-MailFrom: yuhuang@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, david@gibson.dropbear.id.au X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Fri, Nov 14, 2025 at 6:12=E2=80=AFPM Stefano Brivio = wrote: > > On Fri, 14 Nov 2025 09:58:57 +0800 > Yumei Huang wrote: > > > On Fri, Nov 14, 2025 at 8:01=E2=80=AFAM Stefano Brivio wrote: > > > > > > On Mon, 10 Nov 2025 17:31:33 +0800 > > > Yumei Huang wrote: > > > > > > > Signed-off-by: Yumei Huang > > > > Reviewed-by: David Gibson > > > > --- > > > > util.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ > > > > util.h | 2 ++ > > > > 2 files changed, 88 insertions(+) > > > > > > > > diff --git a/util.c b/util.c > > > > index 44c21a3..c4c849c 100644 > > > > --- a/util.c > > > > +++ b/util.c > > > > @@ -590,6 +590,92 @@ int write_file(const char *path, const char *b= uf) > > > > return len =3D=3D 0 ? 0 : -1; > > > > } > > > > > > > > +/** > > > > + * read_file() - Read contents of file into a NULL-terminated buff= er > > > > + * @path: Path to file to read > > > > + * @buf: Buffer to store file contents > > > > + * @buf_size: Size of buffer > > > > + * > > > > + * Return: number of bytes read on success, -1 on error, -ENOBUFS = on truncation > > > > + */ > > > > +ssize_t read_file(const char *path, char *buf, size_t buf_size) > > > > +{ > > > > + int fd =3D open(path, O_RDONLY | O_CLOEXEC); > > > > + size_t total_read =3D 0; > > > > + ssize_t rc; > > > > + > > > > + if (fd < 0) { > > > > + warn_perror("Could not open %s", path); > > > > + return -1; > > > > + } > > > > + > > > > + while (total_read < buf_size) { > > > > + rc =3D read(fd, buf + total_read, buf_size - total_re= ad); > > > > > > cppcheck rightfully says that: > > > > > > util.c:604:10: style: The scope of the variable 'rc' can be reduced. = [variableScope] > > > ssize_t rc; > > > ^ > > > > Right. > > Seems it also says: > > > > tcp.c:2814:0: style: The function 'tcp_get_rto_params' should have > > static linkage since it is not used outside of its translation unit. > > [staticFunction] > > void tcp_get_rto_params(struct ctx *c) > > ^ > > util.c:601:0: style: The function 'read_file' should have static > > linkage since it is not used outside of its translation unit. > > [staticFunction] > > ssize_t read_file(const char *path, char *buf, size_t buf_size) > > Oops, my current version (2.16.0) doesn't say that, I should upgrade it > (but I typically try to remain a few versions behind as David usually > upgrades right away, so that we catch also differences). > > > I understand read_file() may be called from other places in the > > future. But do we need to add static now? I guess we need it for > > tcp_get_rto_params(). > > On top of what David said, I'm not sure if we'll ever need it in > tcp_get_rto_params(): I guess we'll always want to read integers there. I meant we need to add static for tcp_get_rto_params(). But I got your point. I will add static for both the functions. > > By the way, don't forget to drop the prototype from util.h as it's not > needed if you make it static. Thanks for the reminder! > > > > > + > > > > + if (rc < 0) { > > > > + warn_perror("Couldn't read from %s", path); > > > > + close(fd); > > > > + return -1; > > > > + } > > > > + > > > > + if (rc =3D=3D 0) > > > > + break; > > > > + > > > > + total_read +=3D rc; > > > > + } > > > > + > > > > + close(fd); > > > > + > > > > + if (total_read =3D=3D buf_size) { > > > > + warn("File %s contents exceed buffer size %zu", path, > > > > + buf_size); > > > > + buf[buf_size - 1] =3D '\0'; > > > > > > I suggested we need this, but Coverity Scan points out that: > > > > > > --- > > > /home/sbrivio/passt/util.c:631:3: > > > Type: Overflowed constant (INTEGER_OVERFLOW) > > > > > > /home/sbrivio/passt/util.c:606:2: > > > 1. path: Condition "fd < 0", taking false branch. > > > /home/sbrivio/passt/util.c:611:2: > > > 2. path: Condition "total_read < buf_size", taking false branch. > > > /home/sbrivio/passt/util.c:628:2: > > > 3. path: Condition "total_read =3D=3D buf_size", taking true branch= . > > > /home/sbrivio/passt/util.c:631:3: > > > 4. overflow_const: Expression "buf_size - 1UL", where "buf_size" is= known to be equal to 0, underflows the type of "buf_size - 1UL", which is = type "unsigned long". > > > --- > > > > Somehow my Coverity Scan didn't complain about that. > > Did you forget to pass '--security' to cov-analyze perhaps? Yep, sorry. > > > > in the (faulty) case where somebody calls this with 0 as buf_size. > > > > > > On the other hand, the passed value of buf_size might be a result of = a > > > wrong calculation, and in that case we don't want to write some > > > unrelated value on the stack of the caller or smash the stack. > > > > > > We could ASSERT(buf_size), but in the future we might abuse read_file= () > > > to just check that a file is there and can be read, instead of actual= ly > > > reading it. > > > > > > So maybe we could just return (after closing fd) before read() on > > > !buf_size? > > > > Sure. I can add that. > > > > > > > + return -ENOBUFS; > > > > + } > > > > + > > > > + buf[total_read] =3D '\0'; > > > > + > > > > + return total_read; > > > > +} > > > > + > > > > +/** > > > > + * read_file_integer() - Read an integer value from a file > > > > + * @path: Path to file to read > > > > + * @fallback: Default value if file can't be read > > > > + * > > > > + * Return: integer value, @fallback on failure > > > > + */ > > > > +intmax_t read_file_integer(const char *path, intmax_t fallback) > > > > +{ > > > > + ssize_t bytes_read; > > > > + char buf[BUFSIZ]; > > > > + intmax_t value; > > > > + char *end; > > > > + > > > > + bytes_read =3D read_file(path, buf, sizeof(buf)); > > > > + > > > > + if (bytes_read < 0) > > > > + return fallback; > > > > + > > > > + if (bytes_read =3D=3D 0) { > > > > + debug("Empty file %s", path); > > > > + return fallback; > > > > + } > > > > + > > > > + errno =3D 0; > > > > + value =3D strtoimax(buf, &end, 10); > > > > + if (*end && *end !=3D '\n') { > > > > + debug("Non-numeric content in %s", path); > > > > + return fallback; > > > > + } > > > > + if (errno) { > > > > + debug("Out of range value in %s: %s", path, buf); > > > > + return fallback; > > > > + } > > > > + > > > > + return value; > > > > +} > > > > + > > > > #ifdef __ia64__ > > > > /* Needed by do_clone() below: glibc doesn't export the prototype = of __clone2(), > > > > * use the description from clone(2). > > > > diff --git a/util.h b/util.h > > > > index a0b2ada..c1502cc 100644 > > > > --- a/util.h > > > > +++ b/util.h > > > > @@ -229,6 +229,8 @@ void pidfile_write(int fd, pid_t pid); > > > > int __daemon(int pidfile_fd, int devnull_fd); > > > > int fls(unsigned long x); > > > > int write_file(const char *path, const char *buf); > > > > +ssize_t read_file(const char *path, char *buf, size_t buf_size); > > > > +intmax_t read_file_integer(const char *path, intmax_t fallback); > > > > int write_all_buf(int fd, const void *buf, size_t len); > > > > int write_remainder(int fd, const struct iovec *iov, size_t iovcnt= , size_t skip); > > > > int read_all_buf(int fd, void *buf, size_t len); > > -- > Stefano > --=20 Thanks, Yumei Huang