Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] lib/repo: Validate config more strictly #1739

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[WIP] lib/repo: Validate config more strictly #1739

wants to merge 2 commits into from

Conversation

mwleeds
Copy link
Member

@mwleeds mwleeds commented Sep 28, 2018

Now that we're correctly reading negative values for the
"lock-timeout-secs" config key, throw an error if it's not within the
range of values that have semantic meaning. This mirrors the behavior
when other config keys have invalid values.

@mwleeds
lib/repo: Validate lock-timeout-secs config
2af447d 
Now that we're correctly reading negative values for the
"lock-timeout-secs" config key, throw an error if it's not within the
range of values that have semantic meaning. This mirrors the behavior
when other config keys have invalid values.
mwleeds referenced this pull request Sep 28, 2018
@mwleeds
lib/repo: Allow disabling lock timeout
5990da6 
Currently the locking code checks if the value -1 was set for the config
key "lock-timeout-secs" and if so, a thread trying to acquire a lock
will block indefinitely. Positive values specify how long to attempt to
acquire a lock in a non-blocking way (the attempt is made once every
second). But when the value is read from the config file,
g_ascii_strtoull() is used, which converts it to an unsigned integer.
This commit makes libostree use g_ascii_strtoll() instead, so that it's
possible to set that key to -1 as intended.
@dbnicholson
Copy link
Member

I like this better than relying on an assert since that's a programmer error, not a user error. Actually, there are a bunch of potential errors not caught here that were in my original implementation in 5321998. See also @pwithnall's review in 5321998#r147145444.

@mwleeds
Copy link
Member Author

mwleeds commented Sep 28, 2018

That link didn't work for me but I think I found what you're referring to here: #1292 (comment)

@cgwalters
Copy link
Member

@rh-atomic-bot delegate=dbnicholson

@rh-atomic-bot
Copy link

✌️ @dbnicholson can now approve this pull request

pwithnall
pwithnall reviewed Sep 29, 2018
View reviewed changes
Copy link
Member

@pwithnall pwithnall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, but I’ll leave the final review to Dan.

@pwithnall
Copy link
Member

Unfortunately it does not look so good to all the compilers:

src/libostree/ostree-repo.c: In function 'reload_core_config':
src/libostree/ostree-repo.c:2810:11: error: unused variable 'endptr' [-Werror=unused-variable]
     char *endptr;
           ^~~~~~
src/libostree/ostree-repo.c:2840:9: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
         if (configured_lock_timeout < REPO_LOCK_DISABLED || configured_lock_timeout > G_MAXINT32 ||
         ^~
src/libostree/ostree-repo.c:2842:11: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
           return glnx_throw (error, "Invalid lock-timeout-secs '%s'", lock_timeout_seconds);
           ^~~~~~

dbnicholson
dbnicholson requested changes Sep 29, 2018
View reviewed changes
Copy link
Member

@dbnicholson dbnicholson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is definitely the right idea with a few more tweaks. I'd also split this to one commit per conversion since the semantics for each config key are different.

src/libostree/ostree-repo.c
{ g_autofree char *tmp_expiry_seconds = NULL;
{
g_autofree char *tmp_expiry_seconds = NULL;
char *endptr;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't look like this is used.

src/libostree/ostree-repo.c

if (!ot_keyfile_get_value_with_default (self->config, "core", "lock-timeout-secs", "30",
&lock_timeout_seconds, error))
return FALSE;

self->lock_timeout_seconds = g_ascii_strtoll (lock_timeout_seconds, NULL, 10);
configured_lock_timeout = g_ascii_strtoll (lock_timeout_seconds, &endptr, 10);
if (configured_lock_timeout < REPO_LOCK_DISABLED || configured_lock_timeout > G_MAXINT32 ||
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why GMAXINT32? The timeout is a gint.

src/libostree/ostree-repo.c
self->lock_timeout_seconds = g_ascii_strtoll (lock_timeout_seconds, NULL, 10);
configured_lock_timeout = g_ascii_strtoll (lock_timeout_seconds, &endptr, 10);
if (configured_lock_timeout < REPO_LOCK_DISABLED || configured_lock_timeout > G_MAXINT32 ||
*endptr != '\0');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Depending how pedantic you want to be, there's also the case of an empty value. I was raising an error before on lock_timeout == 0 && endptr == lock_timeout_str. You could detect that and set to the internal default rather than erroring or leaving it implicitly as 0.

I'm not totally sure about this, though. I don't have the code in front of me to see what happens.

@pwithnall
Copy link
Member

Note: You could also potentially use g_ascii_string_to_[un]signed() rather than g_strto[u]ll(), if you depend on a new enough GLib version (I haven’ŧ checked).

@mwleeds
Copy link
Member Author

mwleeds commented Sep 29, 2018

Oops, didn't intend for y'all to spend time reviewing that last commit. I was pushing it to get it from one computer to another. But yeah, I'll follow-up and fix it.

@mwleeds mwleeds changed the title lib/repo: Validate lock-timeout-secs config lib/repo: Validate config more strictly Sep 29, 2018
@mwleeds mwleeds changed the title lib/repo: Validate config more strictly [WIP] lib/repo: Validate config more strictly Oct 9, 2018
@mwleeds mwleeds mentioned this pull request Feb 28, 2019
Open
@openshift-ci
Copy link

openshift-ci bot commented Jun 29, 2023

@mwleeds: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/sanity dce18c9 link true /test sanity
ci/prow/images dce18c9 link true /test images
ci/prow/fcos-e2e dce18c9 link true /test fcos-e2e

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pwithnall pwithnall pwithnall left review comments

@dbnicholson dbnicholson dbnicholson requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mwleeds @dbnicholson @cgwalters @rh-atomic-bot @pwithnall