Run this command across the source:
perl -pi.bak -e 's/(20[012][0-9])-20[12][012]/$1-2023/g' `git ls-files`
and remove changes to po{,-docs}/*.po{,t} (these will be regenerated
later when we run 'make dist').
Found by GCC -fanalyzer:
xattr.c:478:32: error: '%zu' directive output may be truncated writing between 1 and 19 bytes into a region of size 16 [-Werror=format-truncation=]
478 | snprintf (num, sizeof num, "%zu", nr_attrs);
| ^
xattr.c:478:32: note: directive argument in the range [0, 2305843009213693950]
/usr/include/bits/stdio2.h:71:10: note: '__builtin___snprintf_chk' output between 2 and 20 bytes into a destination of size 16
71 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
| ^
The kernel returns xattr names in a slightly peculiar format. We
parsed this format several times in the code. Refactor this parsing
so we only do it in one place.
The proper file that should be included is `sys/xattr.h` as that comes from
`glibc` and not `attr/xattr.h` which ships with the `attr` utility.
New enough `attr` utility (at least 2.4.48 in my case) even includes a #warning
in `attr/xattr.h` for projects that still have this mistake in the code.
Run the following command over the source:
perl -pi.bak -e 's/(20[01][0-9])-2016/$1-2017/g' `git ls-files`
(Thanks Rich for the perl snippet, as used in past years.)
This seemingly redundant change avoids a gcc warning/error:
error: cannot optimize possibly infinite loops
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=34114#c3 and
following for an explanation.
Of course gcc is completely wrong and stupid here, because there's no
possibility on current or future hardware that an array of size
SSIZE_MAX could be allocated since it would by definition occupy at
least all addressible memory (if it was an array of bytes, which this
isn't), leaving no room for the code that is being compiled.
Because of previous automated commits, such as changing 'guestfs___'
-> 'guestfs_int_', several function calls no longer lined up with
their parameters, and some lines were too long.
The bulk of this commit was done using emacs batch mode and the
technique described here:
http://www.cslab.pepperdine.edu/warford/BatchIndentationEmacs.html
The changes suggested by emacs were then reviewed by hand.
Move in an own function the code that does the (l)listxattrs allocating
the buffer of the right legth, as it will be useful later.
No functional changes, just code motion.
Instead of enable them when having one of the two headers for it but
still checking for the HAVE_* availability of each *xattr() function
used, just enable the linuxxattrs as a whole when having any of the
needed headers (like before) and all the needed functions.
This might cause the linuxxattrs to not be available anymore on systems
without the whole set of *xattr() functions implemented, but OTOH it
simplifies the xattr.c implementations.
A single file can have multiple xattrs. Previously these were
returned in the same order as the kernel returns them. However it is
more useful if they are sorted by attribute name.
Code like:
CLEANUP_FREE char *buf;
/* some code which might return early */
buf = malloc (10);
is a potential bug because the free (*buf) might be called when buf is
an uninitialized pointer. Initialize buf = NULL to avoid this.
Several of these are bugs, most are not bugs (because there is no
early return statement before the variable gets initialized).
However the compiler can elide the initialization, and even if it does
not the performance "penalty" is miniscule, and correctness is better.
Since we as developers rarely test the case where some library is
statically not available, that side of the code was hardly tested,
except by unfortunate users in the field who often hit cases where
functions were missing or misdeclared. In fact, when making this
change I noticed several bugs like that.
Change it so that this code is autogenerated, and therefore always
correct and up to date.
Previous code which looked like this:
int
optgroup_acl_available (void)
{
return 0;
}
char * __attribute__((noreturn))
do_acl_get_file (const char *path, const char *acltype)
{
abort ();
}
/* etc */
is replaced by a single line:
OPTGROUP_ACL_NOT_AVAILABLE
Callers are supposed to use the availability API to check for
functions that may not be available in particular builds of
libguestfs. If they don't do this, currently they tend to get obscure
error messages, eg:
libguestfs: error: zerofree: /dev/vda1: zerofree: No such file or directory
This commit changes the error message to explain what callers ought to
be doing instead:
libguestfs: error: zerofree: feature 'zerofree' is not available in this
build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for
how to check for the availability of features.
This patch makes the stubs check for availability. The stub code
changes to:
static void
zerofree_stub (XDR *xdr_in)
{
[...]
/* The caller should have checked before calling this. */
if (! optgroup_zerofree_available ()) {
reply_with_error ("feature '%s' is not available in this\n"
"build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for\n"
"how to check for the availability of features.",
"zerofree");
goto done;
}
[...]
Remove some debug messages which were basically left over from when
the code was being developed.
However we leave debug messages where it is printing an external
command that is about to be executed, since those are useful.
These APIs are essentially required to work around a problem
with ntfs-3g. This filesystem (or FUSE?) does not list all
extended attributes of a file when you call listxattr(2). However
if you know the name of an extended attribute, you can retrieve
it directly using getxattr(2).
The current APIs (getxattrs etc) are simple to use, but they
don't work if we can't list out the extended attributes (ie.
by calling listxattr(2)).
Example using the new APIs on an ntfs-3g filesystem:
><fs> lgetxattr "/Documents and Settings" system.ntfs_attrib | hexdump -C
00000000 16 24 00 00 |.$..|
00000004
><fs> lgetxattr "/Documents and Settings" system.ntfs_reparse_data | hexdump -C
00000000 03 00 00 a0 34 00 00 00 00 00 18 00 1a 00 10 00 |....4...........|
00000010 5c 00 3f 00 3f 00 5c 00 43 00 3a 00 5c 00 55 00 |\.?.?.\.C.:.\.U.|
00000020 73 00 65 00 72 00 73 00 00 00 43 00 3a 00 5c 00 |s.e.r.s...C.:.\.|
00000030 55 00 73 00 65 00 72 00 73 00 00 00 |U.s.e.r.s...|
0000003c
><fs> getxattr "/Documents and Settings" system.ntfs_reparse_data | hexdump -C
libguestfs: error: getxattr: getxattr: No such file or directory
><fs> getxattr "/Documents and Settings" system.ntfs_attrib | hexdump -C
libguestfs: error: getxattr: getxattr: No such file or directory
><fs> lgetxattr "/Documents and Settings" system.ntfs_attrib | hexdump -C
00000000 16 24 00 00 |.$..|
00000004
><fs> getxattr "/Users" system.ntfs_attrib | hexdump -C
00000000 11 00 00 00 |....|
00000004
The RPC stubs already prefix the command name to error messages.
The daemon doesn't have to do this. As a (small) benefit this also
makes the daemon slightly smaller.
Code in the daemon such as:
if (argv[0] == NULL) {
reply_with_error ("passed an empty list");
return NULL;
}
now results in error messages like this:
><fs> command ""
libguestfs: error: command: passed an empty list
(whereas previously you would have seen ..command: command:..)
The current groups are defined very conservatively using the
following criteria:
(a) Would be impossible to implement on Windows because of
sheer architectural differences (eg: mknod).
(b) Already optional (augeas, inotify).
(c) Not currently optional but not implemented on older RHEL and
Debian releases (ntfs-3g.probe, scrub, zerofree).
The optional groups I've defined according to these criteria are:
. augeas
. inotify
. linuxfsuuid
. linuxmodules
. linuxxattrs
. lvm2
. mknod
. ntfs3g
. scrub
. selinux
. zerofree
(Note that these choices don't prevent us from adding more
optional groups in future. On the other hand to avoid breaking
ABIs we would not wish to change the above groups).
The rest of this large commit is really just implementation:
Each optional function is classified using Optional "group"
flag in the generator.
The daemon has to implement a function
int optgroup_<name>_available (void);
for each optional group. Some of these functions are fixed at
compile time, and some do simple run-time tests.
The do_available implementation in the daemon looks up the correct
function in a table and runs it.
We document the optional groups in the guestfs(3) man page.
Also: I added a NOT_AVAILABLE macro in order to unify all the
existing places where we had a message equivalent to
"function __func__ is not available".
These three functions are very specifically designed for FUSE
support, so we can list directories efficiently. Instead of
making lots of lstat, lgetxattr and readlink calls, we can make just
three calls per directory to grab all the attributes (which we
then cache briefly).
Nearly every file-related function in daemons/*.c is affected:
Remove this pair of statements from each affected do_* function:
- NEED_ROOT (return -1);
- ABS_PATH (dir, return -1);
and change the type of the corresponding parameter to "const char *".
* src/generator.ml: Emit NEED_ROOT just once, even when there are two or
more Pathname args.
This commit adds six calls to support Linux extended attributes.
They are:
getxattrs list all extended attributes for a file or directory
setxattr add/replace an extended attribute
removexattr remove an extended attribute
lgetxattrs \
lsetxattr (same as above, but operate on symbolic links)
lremovexattr /
See attr(5) for more information.
This also adds support for the FBuffer field type, which maps to
an XDR opaque<> or a C (int, char *) pair.
