[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 18/53] migration/rdma: Fix io_writev(), io_readv() methods to
From: |
Markus Armbruster |
Subject: |
[PATCH v2 18/53] migration/rdma: Fix io_writev(), io_readv() methods to obey contract |
Date: |
Thu, 28 Sep 2023 15:19:44 +0200 |
QIOChannelClass methods qio_channel_rdma_readv() and
qio_channel_rdma_writev() violate their method contract when
rdma->error_state is non-zero:
1. They return whatever is in rdma->error_state then. Only -1 will be
fine. -2 will be misinterpreted as "would block". Anything less
than -2 isn't defined in the contract. A positive value would be
misinterpreted as success, but I believe that's not actually
possible.
2. They neglect to set an error then. If something up the call stack
dereferences the error when failure is returned, it will crash. If
it ignores the return value and checks the error instead, it will
miss the error.
Crap like this happens when return statements hide in macros,
especially when their uses are far away from the definition.
I elected not to investigate how callers are impacted.
Expand the two bad macro uses, so we can set an error and return -1.
The next commit will then get rid of the macro altogether.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
---
migration/rdma.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/migration/rdma.c b/migration/rdma.c
index 0d2d119e6a..fb89b89e80 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2791,7 +2791,11 @@ static ssize_t qio_channel_rdma_writev(QIOChannel *ioc,
return -1;
}
- CHECK_ERROR_STATE();
+ if (rdma->error_state) {
+ error_setg(errp,
+ "RDMA is in an error state waiting migration to abort!");
+ return -1;
+ }
/*
* Push out any writes that
@@ -2877,7 +2881,11 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
return -1;
}
- CHECK_ERROR_STATE();
+ if (rdma->error_state) {
+ error_setg(errp,
+ "RDMA is in an error state waiting migration to abort!");
+ return -1;
+ }
for (i = 0; i < niov; i++) {
size_t want = iov[i].iov_len;
--
2.41.0
- [PATCH v2 00/53] migration/rdma: Error handling fixes, Markus Armbruster, 2023/09/28
- [PATCH v2 08/53] migration/rdma: Give qio_channel_rdma_source_funcs internal linkage, Markus Armbruster, 2023/09/28
- [PATCH v2 12/53] migration/rdma: Drop rdma_add_block() error handling, Markus Armbruster, 2023/09/28
- [PATCH v2 01/53] migration/rdma: Clean up qemu_rdma_poll()'s return type, Markus Armbruster, 2023/09/28
- [PATCH v2 04/53] migration/rdma: Drop fragile wr_id formatting, Markus Armbruster, 2023/09/28
- [PATCH v2 18/53] migration/rdma: Fix io_writev(), io_readv() methods to obey contract,
Markus Armbruster <=
- [PATCH v2 09/53] migration/rdma: Fix qemu_rdma_accept() to return failure on errors, Markus Armbruster, 2023/09/28
- [PATCH v2 07/53] migration/rdma: Clean up two more harmless signed vs. unsigned issues, Markus Armbruster, 2023/09/28
- [PATCH v2 26/53] migration/rdma: Dumb down remaining int error values to -1, Markus Armbruster, 2023/09/28
- [PATCH v2 02/53] migration/rdma: Clean up qemu_rdma_data_init()'s return type, Markus Armbruster, 2023/09/28
- [PATCH v2 28/53] migration/rdma: Drop superfluous assignments to @ret, Markus Armbruster, 2023/09/28
- [PATCH v2 15/53] migration/rdma: Use bool for two RDMAContext flags, Markus Armbruster, 2023/09/28
- [PATCH v2 36/53] migration/rdma: Convert qemu_rdma_exchange_send() to Error, Markus Armbruster, 2023/09/28
- [PATCH v2 38/53] migration/rdma: Convert qemu_rdma_reg_whole_ram_blocks() to Error, Markus Armbruster, 2023/09/28
- [PATCH v2 05/53] migration/rdma: Consistently use uint64_t for work request IDs, Markus Armbruster, 2023/09/28
- [PATCH v2 03/53] migration/rdma: Clean up rdma_delete_block()'s return type, Markus Armbruster, 2023/09/28