New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] lib/repo: Validate config more strictly #1739
base: main
Are you sure you want to change the base?
Conversation
Now that we're correctly reading negative values for the "lock-timeout-secs" config key, throw an error if it's not within the range of values that have semantic meaning. This mirrors the behavior when other config keys have invalid values.
Currently the locking code checks if the value -1 was set for the config key "lock-timeout-secs" and if so, a thread trying to acquire a lock will block indefinitely. Positive values specify how long to attempt to acquire a lock in a non-blocking way (the attempt is made once every second). But when the value is read from the config file, g_ascii_strtoull() is used, which converts it to an unsigned integer. This commit makes libostree use g_ascii_strtoll() instead, so that it's possible to set that key to -1 as intended.
I like this better than relying on an assert since that's a programmer error, not a user error. Actually, there are a bunch of potential errors not caught here that were in my original implementation in 5321998. See also @pwithnall's review in 5321998#r147145444. |
That link didn't work for me but I think I found what you're referring to here: #1292 (comment) |
@rh-atomic-bot delegate=dbnicholson |
✌️ @dbnicholson can now approve this pull request |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, but I’ll leave the final review to Dan.
Unfortunately it does not look so good to all the compilers:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is definitely the right idea with a few more tweaks. I'd also split this to one commit per conversion since the semantics for each config key are different.
{ g_autofree char *tmp_expiry_seconds = NULL; | ||
{ | ||
g_autofree char *tmp_expiry_seconds = NULL; | ||
char *endptr; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't look like this is used.
|
||
if (!ot_keyfile_get_value_with_default (self->config, "core", "lock-timeout-secs", "30", | ||
&lock_timeout_seconds, error)) | ||
return FALSE; | ||
|
||
self->lock_timeout_seconds = g_ascii_strtoll (lock_timeout_seconds, NULL, 10); | ||
configured_lock_timeout = g_ascii_strtoll (lock_timeout_seconds, &endptr, 10); | ||
if (configured_lock_timeout < REPO_LOCK_DISABLED || configured_lock_timeout > G_MAXINT32 || |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why GMAXINT32
? The timeout is a gint
.
self->lock_timeout_seconds = g_ascii_strtoll (lock_timeout_seconds, NULL, 10); | ||
configured_lock_timeout = g_ascii_strtoll (lock_timeout_seconds, &endptr, 10); | ||
if (configured_lock_timeout < REPO_LOCK_DISABLED || configured_lock_timeout > G_MAXINT32 || | ||
*endptr != '\0'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Depending how pedantic you want to be, there's also the case of an empty value. I was raising an error before on lock_timeout == 0 && endptr == lock_timeout_str
. You could detect that and set to the internal default rather than erroring or leaving it implicitly as 0.
I'm not totally sure about this, though. I don't have the code in front of me to see what happens.
Note: You could also potentially use |
Oops, didn't intend for y'all to spend time reviewing that last commit. I was pushing it to get it from one computer to another. But yeah, I'll follow-up and fix it. |
@mwleeds: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Now that we're correctly reading negative values for the
"lock-timeout-secs" config key, throw an error if it's not within the
range of values that have semantic meaning. This mirrors the behavior
when other config keys have invalid values.