From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Cc: passt-dev@passt.top
Subject: Re: [PATCH 8/8] util: Don't use errno after a successful call in __daemon()
Date: Fri, 25 Oct 2024 12:04:01 +1100 [thread overview]
Message-ID: <ZxrugeC1rjysxL8R@zatzit> (raw)
In-Reply-To: <20241024230438.3192725-9-sbrivio@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3281 bytes --]
On Fri, Oct 25, 2024 at 01:04:38AM +0200, Stefano Brivio wrote:
> I thought we could just set errno to 0, do a bunch of stuff, and check
> that errno didn't change to infer we succeeded. But clang-tidy,
> starting with LLVM 19, reports:
>
> /home/sbrivio/passt/util.c:465:6: error: An undefined value may be read from 'errno' [clang-analyzer-unix.Errno,-warnings-as-errors]
> 465 | if (errno)
> | ^
> /usr/include/errno.h:38:16: note: expanded from macro 'errno'
> 38 | # define errno (*__errno_location ())
> | ^~~~~~~~~~~~~~~~~~~~~~
> /home/sbrivio/passt/util.c:446:6: note: Assuming the condition is false
> 446 | if (pid == -1) {
> | ^~~~~~~~~
> /home/sbrivio/passt/util.c:446:2: note: Taking false branch
> 446 | if (pid == -1) {
> | ^
> /home/sbrivio/passt/util.c:451:6: note: Assuming 'pid' is 0
> 451 | if (pid) {
> | ^~~
> /home/sbrivio/passt/util.c:451:2: note: Taking false branch
> 451 | if (pid) {
> | ^
> /home/sbrivio/passt/util.c:463:2: note: Assuming that 'close' is successful; 'errno' becomes undefined after the call
> 463 | close(devnull_fd);
> | ^~~~~~~~~~~~~~~~~
> /home/sbrivio/passt/util.c:465:6: note: An undefined value may be read from 'errno'
> 465 | if (errno)
> | ^
> /usr/include/errno.h:38:16: note: expanded from macro 'errno'
> 38 | # define errno (*__errno_location ())
> | ^~~~~~~~~~~~~~~~~~~~~~
>
> And the LLVM documentation for the unix.Errno checker, 1.1.8.3
> unix.Errno (C), mentions, at:
>
> https://clang.llvm.org/docs/analyzer/checkers.html#unix-errno
>
> that:
>
> The C and POSIX standards often do not define if a standard library
> function may change value of errno if the call does not fail.
> Therefore, errno should only be used if it is known from the return
> value of a function that the call has failed.
>
> which is, somewhat surprisingly, the case for close().
Ah, yeah.
> Instead of using errno, check the actual return values of the calls
> we issue here.
>
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> util.c | 15 +++++----------
> 1 file changed, 5 insertions(+), 10 deletions(-)
>
> diff --git a/util.c b/util.c
> index b719f9a..02e18fb 100644
> --- a/util.c
> +++ b/util.c
> @@ -453,16 +453,11 @@ int __daemon(int pidfile_fd, int devnull_fd)
> exit(EXIT_SUCCESS);
> }
>
> - errno = 0;
> -
> - setsid();
> -
> - dup2(devnull_fd, STDIN_FILENO);
> - dup2(devnull_fd, STDOUT_FILENO);
> - dup2(devnull_fd, STDERR_FILENO);
> - close(devnull_fd);
> -
> - if (errno)
> + if (setsid() < 0 ||
> + dup2(devnull_fd, STDIN_FILENO) < 0 ||
> + dup2(devnull_fd, STDOUT_FILENO) < 0 ||
> + dup2(devnull_fd, STDERR_FILENO) < 0 ||
> + close(devnull_fd))
> exit(EXIT_FAILURE);
>
> return 0;
--
David Gibson (he or they) | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you, not the other way
| around.
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2024-10-25 1:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-24 23:04 [PATCH 0/8] Take care of clang-tidy warnings with LLVM >= 16 Stefano Brivio
2024-10-24 23:04 ` [PATCH 1/8] Makefile: Exclude qrap.c from clang-tidy checks Stefano Brivio
2024-10-25 0:35 ` David Gibson
2024-10-24 23:04 ` [PATCH 2/8] treewide: Comply with CERT C rule ERR33-C for snprintf() Stefano Brivio
2024-10-25 0:48 ` David Gibson
2024-10-25 7:53 ` Stefano Brivio
2024-10-24 23:04 ` [PATCH 3/8] treewide: Silence cert-err33-c clang-tidy warnings for fprintf() Stefano Brivio
2024-10-25 0:52 ` David Gibson
2024-10-24 23:04 ` [PATCH 4/8] Makefile: Disable readability-math-missing-parentheses clang-tidy check Stefano Brivio
2024-10-25 0:53 ` David Gibson
2024-10-25 7:53 ` Stefano Brivio
2024-10-24 23:04 ` [PATCH 5/8] treewide: Suppress clang-tidy warning if we already use O_CLOEXEC or if we can't Stefano Brivio
2024-10-24 23:04 ` [PATCH 6/8] treewide: Address cert-err33-c clang-tidy warnings for clock and timer functions Stefano Brivio
2024-10-25 1:00 ` David Gibson
2024-10-25 7:53 ` Stefano Brivio
2024-10-24 23:04 ` [PATCH 7/8] udp: Take care of cert-int09-c clang-tidy warning for enum udp_iov_idx Stefano Brivio
2024-10-25 1:02 ` David Gibson
2024-10-25 7:53 ` Stefano Brivio
2024-10-24 23:04 ` [PATCH 8/8] util: Don't use errno after a successful call in __daemon() Stefano Brivio
2024-10-25 1:04 ` David Gibson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZxrugeC1rjysxL8R@zatzit \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).