[PATCH libguestfs] use xmalloc and xcalloc in generated code
by Jim Meyering
Hi Rich,
I noticed that there were some unchecked malloc and calloc return values.
That could result in NULL deref upon failed allocation. Based on what
you said about there not being much point in trying to recover from OOM
errors, I made the small textual change to convert e.g., malloc(n) to
xmalloc(g,n) where xmalloc now ends up calling g->abort_cb upon malloc
failure. Then any following dereference of the result is guaranteed to
be valid.
Since I did the same with the calloc->xcalloc transformation,
I needed a corresponding guestfs_safe_calloc function wrapper.
>From 9f39ef2f45b4d5fe93b69d5a42fab69ba0b3e633 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Thu, 2 Jul 2009 15:39:08 +0200
Subject: [PATCH] use xmalloc and xcalloc in generated code
* src/generator.ml (xmalloc): Define to guestfs_safe_malloc.
(xcalloc): Define to guestfs_safe_calloc.
[most generated code]: Fail immediately upon failure of otherwise-
unchecked malloc and calloc calls.
* src/guestfs.c: Include <stddef.h>.
(xalloc_oversized): Define.
* src/guestfs.h (guestfs_safe_calloc): Declare.
---
src/generator.ml | 44 +++++++++++++++++++++++---------------------
src/guestfs.c | 39 ++++++++++++++++++++++++++++++++++++++-
src/guestfs.h | 3 ++-
3 files changed, 63 insertions(+), 23 deletions(-)
diff --git a/src/generator.ml b/src/generator.ml
index abe7e89..da93b70 100755
--- a/src/generator.ml
+++ b/src/generator.ml
@@ -121,7 +121,7 @@ type flags =
| NotInDocs (* do not add this function to documentation *)
let protocol_limit_warning =
- "Because of the message protocol, there is a transfer limit
+ "Because of the message protocol, there is a transfer limit
of somewhere between 2MB and 4MB. To transfer large files you should use
FTP."
@@ -6384,7 +6384,7 @@ Sys::Guestfs - Perl bindings for libguestfs
=head1 SYNOPSIS
use Sys::Guestfs;
-
+
my $h = Sys::Guestfs->new ();
$h->add_drive ('guest.img');
$h->launch ();
@@ -8132,6 +8132,8 @@ and generate_bindtests () =
#include \"guestfs_protocol.h\"
#define error guestfs_error
+#define xmalloc guestfs_safe_malloc
+#define xcalloc guestfs_safe_calloc
static void
print_strings (char * const* const argv)
@@ -8207,70 +8209,70 @@ print_strings (char * const* const argv)
pr " char **strs;\n";
pr " int n, i;\n";
pr " sscanf (val, \"%%d\", &n);\n";
- pr " strs = malloc ((n+1) * sizeof (char *));\n";
+ pr " strs = xmalloc (g, (n+1) * sizeof (char *));\n";
pr " for (i = 0; i < n; ++i) {\n";
- pr " strs[i] = malloc (16);\n";
+ pr " strs[i] = xmalloc (g, 16);\n";
pr " snprintf (strs[i], 16, \"%%d\", i);\n";
pr " }\n";
pr " strs[n] = NULL;\n";
pr " return strs;\n"
| RIntBool _ ->
pr " struct guestfs_int_bool *r;\n";
- pr " r = malloc (sizeof *r);\n";
+ pr " r = xmalloc (g, sizeof *r);\n";
pr " sscanf (val, \"%%\" SCNi32, &r->i);\n";
pr " r->b = 0;\n";
pr " return r;\n"
| RPVList _ ->
pr " struct guestfs_lvm_pv_list *r;\n";
pr " int i;\n";
- pr " r = malloc (sizeof *r);\n";
+ pr " r = xmalloc (g, sizeof *r);\n";
pr " sscanf (val, \"%%d\", &r->len);\n";
- pr " r->val = calloc (r->len, sizeof *r->val);\n";
+ pr " r->val = xcalloc (g, r->len, sizeof *r->val);\n";
pr " for (i = 0; i < r->len; ++i) {\n";
- pr " r->val[i].pv_name = malloc (16);\n";
+ pr " r->val[i].pv_name = xmalloc (g, 16);\n";
pr " snprintf (r->val[i].pv_name, 16, \"%%d\", i);\n";
pr " }\n";
pr " return r;\n"
| RVGList _ ->
pr " struct guestfs_lvm_vg_list *r;\n";
pr " int i;\n";
- pr " r = malloc (sizeof *r);\n";
+ pr " r = xmalloc (g, sizeof *r);\n";
pr " sscanf (val, \"%%d\", &r->len);\n";
- pr " r->val = calloc (r->len, sizeof *r->val);\n";
+ pr " r->val = xcalloc (g, r->len, sizeof *r->val);\n";
pr " for (i = 0; i < r->len; ++i) {\n";
- pr " r->val[i].vg_name = malloc (16);\n";
+ pr " r->val[i].vg_name = xmalloc (g, 16);\n";
pr " snprintf (r->val[i].vg_name, 16, \"%%d\", i);\n";
pr " }\n";
pr " return r;\n"
| RLVList _ ->
pr " struct guestfs_lvm_lv_list *r;\n";
pr " int i;\n";
- pr " r = malloc (sizeof *r);\n";
+ pr " r = xmalloc (g, sizeof *r);\n";
pr " sscanf (val, \"%%d\", &r->len);\n";
- pr " r->val = calloc (r->len, sizeof *r->val);\n";
+ pr " r->val = xcalloc (g, r->len, sizeof *r->val);\n";
pr " for (i = 0; i < r->len; ++i) {\n";
- pr " r->val[i].lv_name = malloc (16);\n";
+ pr " r->val[i].lv_name = xmalloc (g, 16);\n";
pr " snprintf (r->val[i].lv_name, 16, \"%%d\", i);\n";
pr " }\n";
pr " return r;\n"
| RStat _ ->
pr " struct guestfs_stat *r;\n";
- pr " r = calloc (1, sizeof (*r));\n";
+ pr " r = xcalloc (g, 1, sizeof (*r));\n";
pr " sscanf (val, \"%%\" SCNi64, &r->dev);\n";
pr " return r;\n"
| RStatVFS _ ->
pr " struct guestfs_statvfs *r;\n";
- pr " r = calloc (1, sizeof (*r));\n";
+ pr " r = xcalloc (g, 1, sizeof (*r));\n";
pr " sscanf (val, \"%%\" SCNi64, &r->bsize);\n";
pr " return r;\n"
| RHashtable _ ->
pr " char **strs;\n";
pr " int n, i;\n";
pr " sscanf (val, \"%%d\", &n);\n";
- pr " strs = malloc ((n*2+1) * sizeof (*strs));\n";
+ pr " strs = xmalloc (g, (n*2+1) * sizeof (*strs));\n";
pr " for (i = 0; i < n; ++i) {\n";
- pr " strs[i*2] = malloc (16);\n";
- pr " strs[i*2+1] = malloc (16);\n";
+ pr " strs[i*2] = xmalloc (g, 16);\n";
+ pr " strs[i*2+1] = xmalloc (g, 16);\n";
pr " snprintf (strs[i*2], 16, \"%%d\", i);\n";
pr " snprintf (strs[i*2+1], 16, \"%%d\", i);\n";
pr " }\n";
@@ -8279,9 +8281,9 @@ print_strings (char * const* const argv)
| RDirentList _ ->
pr " struct guestfs_dirent_list *r;\n";
pr " int i;\n";
- pr " r = malloc (sizeof *r);\n";
+ pr " r = xmalloc (g, sizeof *r);\n";
pr " sscanf (val, \"%%d\", &r->len);\n";
- pr " r->val = calloc (r->len, sizeof *r->val);\n";
+ pr " r->val = xcalloc (g, r->len, sizeof *r->val);\n";
pr " for (i = 0; i < r->len; ++i)\n";
pr " r->val[i].ino = i;\n";
pr " return r;\n"
diff --git a/src/guestfs.c b/src/guestfs.c
index c3bce0b..350d848 100644
--- a/src/guestfs.c
+++ b/src/guestfs.c
@@ -1,5 +1,5 @@
/* libguestfs
- * Copyright (C) 2009 Red Hat Inc.
+ * Copyright (C) 2009 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
+#include <stddef.h>
#include <unistd.h>
#include <ctype.h>
#include <string.h>
@@ -453,6 +454,42 @@ guestfs_safe_malloc (guestfs_h *g, size_t nbytes)
return ptr;
}
+/* Return 1 if an array of N objects, each of size S, cannot exist due
+ to size arithmetic overflow. S must be positive and N must be
+ nonnegative. This is a macro, not an inline function, so that it
+ works correctly even when SIZE_MAX < N.
+
+ By gnulib convention, SIZE_MAX represents overflow in size
+ calculations, so the conservative dividend to use here is
+ SIZE_MAX - 1, since SIZE_MAX might represent an overflowed value.
+ However, malloc (SIZE_MAX) fails on all known hosts where
+ sizeof (ptrdiff_t) <= sizeof (size_t), so do not bother to test for
+ exactly-SIZE_MAX allocations on such hosts; this avoids a test and
+ branch when S is known to be 1. */
+# define xalloc_oversized(n, s) \
+ ((size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) < (n))
+
+/* Technically we should add an autoconf test for this, testing for the desired
+ functionality, like what's done in gnulib, but for now, this is fine. */
+#define HAVE_GNU_CALLOC (__GLIBC__ >= 2)
+
+/* Allocate zeroed memory for N elements of S bytes, with error
+ checking. S must be nonzero. */
+void *
+guestfs_safe_calloc (guestfs_h *g, size_t n, size_t s)
+{
+ /* From gnulib's calloc function in xmalloc.c. */
+ void *p;
+ /* Test for overflow, since some calloc implementations don't have
+ proper overflow checks. But omit overflow and size-zero tests if
+ HAVE_GNU_CALLOC, since GNU calloc catches overflow and never
+ returns NULL if successful. */
+ if ((! HAVE_GNU_CALLOC && xalloc_oversized (n, s))
+ || (! (p = calloc (n, s)) && (HAVE_GNU_CALLOC || n != 0)))
+ g->abort_cb ();
+ return p;
+}
+
void *
guestfs_safe_realloc (guestfs_h *g, void *ptr, int nbytes)
{
diff --git a/src/guestfs.h b/src/guestfs.h
index 201d60c..264986f 100644
--- a/src/guestfs.h
+++ b/src/guestfs.h
@@ -1,5 +1,5 @@
/* libguestfs
- * Copyright (C) 2009 Red Hat Inc.
+ * Copyright (C) 2009 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -77,6 +77,7 @@ extern void guestfs_error (guestfs_h *g, const char *fs, ...)
extern void guestfs_perrorf (guestfs_h *g, const char *fs, ...)
__attribute__((format (printf,2,3)));
extern void *guestfs_safe_malloc (guestfs_h *g, size_t nbytes);
+extern void *guestfs_safe_calloc (guestfs_h *g, size_t n, size_t s);
extern void *guestfs_safe_realloc (guestfs_h *g, void *ptr, int nbytes);
extern char *guestfs_safe_strdup (guestfs_h *g, const char *str);
extern void *guestfs_safe_memdup (guestfs_h *g, void *ptr, size_t size);
--
1.6.3.3.507.gc6b5a
14 years, 10 months
libguestfs 1.0.55 released
by Richard W.M. Jones
We are very pleased to announce release 1.0.55 of libguestfs, the
library for accessing and modifying virtual machine disk images.
Home page: http://libguestfs.org/
Download: http://libguestfs.org/download/libguestfs-1.0.55.tar.gz
Thanks go to Guido Gunther, Matt Booth and Jim Meyering for their
contributions, and Charles Duffy, Yaakov Nemoy and SALstar for
pointing out bugs and misc fixes.
The number of changes in 1.0.55 (even over the previous release 3 days
ago) is large, and compared to earlier versions we've added dozens of
extra commands and features. The best thing to do is to refer to the
copious changelog:
http://git.et.redhat.com/?p=libguestfs.git;a=log
A brief list of the highlights:
- Debian native (debootstrap, debirf) support
- guestfish -i <dom> (use libvirt+virt-inspector to mount partitions)
- #!/usr/bin/guestfish -f (for scripts)
- new, simpler partitioning command 'sfdiskM'
- guestfish commands: time, glob, more, less
- removal of the generated code from the git repo
- new commands: readdir, mknod*, umask, du, df*, head*, tail*, wc*,
mkdtemp, scrub, sh, sh-lines.
- many improvements to virt-inspector and YAML output
- loopback mounts in the guest now work
For this release we were intending to switch to using virtio block
devices[1], but hit a performance regression[2]. Although we think we
have solved the performance problem, this release still defaults to
using emulated IDE devices, but you can try out virtio by using
'./configure --with-drive-if=virtio'. In future we intend to switch
to using virtio by default, but packagers will still be able to choose
to use IDE (or SCSI) with the --with-drive-if option.
[1]http://git.et.redhat.com/?p=libguestfs.git;a=commitdiff;h=4513f2ec7b6aa...
[2]https://bugzilla.redhat.com/show_bug.cgi?id=509383
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
14 years, 10 months
another nfs problem with virt-manager
by Rich Mahn
Trying to create a new virtual machine using virt-manager.
Select Network install (HTTP,FTP, or NFS)
Enter the URL as nfs://machine/mount_loc
Nothing in Kickstart URL or Kernel Options
Check Automatically detect operating system
selet forward and get this error pop-up
"Error setting install media location.
Privilege is required for NFS installations"
When I started virt-manager from a normal account,
it asked and received the root password.
This was my attempt to get around the prohibition
against using nfs files (unfixed bug for the moment),
but this try didn't work either.
Any ideas?
thanks for everyone's help
14 years, 10 months
libguestfs tests running much slower
by Matthew Booth
This is only subjective, and could yet be something entirely random on
my machine. However, I just pulled changes
3d15f7e652340777514ff30c3cfc560a90b612ec..99e28249d52ca5495b636e14ae3e4387ee62c8fe
and now 'make check' runs a *lot* slower. I'm guessing maybe 5-10 times
slower. Is it just me?
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
14 years, 10 months
[PATCH libguestfs] avoid automake failure
by Jim Meyering
Running autoreconf -i in libguestfs, I get this:
Makefile.am:21: compiling `augeas.c' with per-target flags requires `AM_PROG_CC_C_O' in `configure.ac'
Here's the patch:
>From 9ce260c5aff7bc916b368d1dbc533a7f659db320 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Thu, 2 Jul 2009 13:36:04 +0200
Subject: [PATCH] avoid automake failure
* daemon/configure.ac: Use AM_PROG_CC_C_O, not AC_PROG_CC_C_O.
---
daemon/configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/daemon/configure.ac b/daemon/configure.ac
index a91db6d..6ecbb8a 100644
--- a/daemon/configure.ac
+++ b/daemon/configure.ac
@@ -44,7 +44,7 @@ AC_PROG_CPP
AC_C_PROTOTYPES
test "x$U" != "x" && AC_MSG_ERROR([Compiler not ANSI compliant])
-AC_PROG_CC_C_O
+AM_PROG_CC_C_O
dnl Check for Augeas (now optional).
AC_CHECK_LIB([augeas],[aug_match],[
--
1.6.3.3.507.gc6b5a
14 years, 10 months
[PATCH] arrange to build some generated sources
by Jim Meyering
Hi Rich,
I've just pulled the latest, and then ran this:
git clean -x -d -f && ./autogen.sh
First problem was this:
*** No rule to make target `guestfs-structs.h'
I worked around it with the patch below,
but then got this:
libtool: link: CURRENT `' must be a nonnegative integer
libtool: link: `:0:' is not valid version information
make[3]: *** [libguestfs.la] Error 1
>From 82ae736bb0ddcec56a4a6e756b3064c6548724fb Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Thu, 2 Jul 2009 13:30:07 +0200
Subject: [PATCH] arrange to build some generated sources
* src/Makefile.am (BUILT_SOURCES): Define.
($(BUILT_SOURCES)): Depend on stamp-generator.
---
src/Makefile.am | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index eb8723a..1c0fa0a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -81,6 +81,15 @@ lib_LTLIBRARIES = libguestfs.la
# Note that this scheme means the real library version will always be
# 'libguestfs.so.0.$(MAX_PROC_NR).0'.
+BUILT_SOURCES = \
+ guestfs_protocol.x \
+ guestfs-structs.h \
+ guestfs-actions.h \
+ guestfs-actions.c \
+ guestfs-bindtests.c
+
+$(BUILT_SOURCES): stamp-generator
+
libguestfs_la_LDFLAGS = -version-info $(MAX_PROC_NR):0:$(MAX_PROC_NR)
libguestfs_la_SOURCES = \
guestfs.c \
--
1.6.3.3.507.gc6b5a
14 years, 10 months
[PATCH] allow to build Debian based appliance
by Guido Günther
Hi,
the attached 4 patches allow to build the appliance based on Debian
based distros:
0001-add-missing-module.patch:
one more missing module from the kmod whitelist
0002-unconditionally-load-dm-module.patch:
I do need to load this one to get LVM/device mapper stuff working
0003-add-debirf-files.patch
uses debirf to build the initramfs
0004-Build-Debian-based-appliance-using-debirf.patch
update {make,update}.sh (best reviewed with diff -w)
If built with:
./configure --with-repo=sid --with-mirror=http://ftp.debian.org/debian
The testsuite looks mostly good.
***** 5 / 174 tests FAILED *****
Failures are due to missing srub in Debian as well as a 2 hexdump
failures I'll have to look at.
Cheers,
-- Guido
14 years, 10 months
[PATCH] Remove receive callbacks (libguestfs)
by Matthew Booth
From commit message:
========
This patch fixes a class of race conditions characterised by the
following sequence of events:
LIBRARY DAEMON
send download request
receive download request
respond with download response
start sending file chunks
set reply callback to 'download'
run main loop
At this stage the download reply callback receives both the download
reply and some file chunks. The current architecture doesn't provide a
clean way
to prevent this from happening.
This patch fixes the above problem by changing the socket receive
handler to do nothing but buffering, and provides 2 new apis:
guestfs_get_reply
guestfs_free_reply
These will always de-queue exactly 1 message, which is always what is
wanted.
=======
This is a fairly invasive patch. Note that it still uses the main loop
for reading and writing data to the socket.
The patch also looks a lot bigger than it really is, because it changes
the auto-generated code. I'm separately planning to remove
auto-generated code from git.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
14 years, 10 months
libvirtd log file location
by Rich Mahn
With the various testing I am trying I managed to get myself into
a bad situation. The libvirtd daemon won't stay up, and I don't
see a log file in the places I've look for it at.
Current situation is this:
'service libvirtd start' appears to work okay
'service libvirtd status' says 'libvirtd dead but pid file exists'
I'll reboot in a bit, but I wanted to check the log file first--if
I can find it.
Rich
14 years, 10 months