[Libguestfs] [PATCH libnbd 7/9] generator: On entry to API functions, check Flags and OFlags parameters.

Richard W.M. Jones rjones at redhat.com
Sun Aug 11 08:26:14 UTC 2019 

On Sat, Aug 10, 2019 at 04:38:20PM -0500, Eric Blake wrote:
> On 8/10/19 8:02 AM, Richard W.M. Jones wrote:
> > Generate checks that no unknown (at the time of compilation) flags are
> > passed to Flags or OFlags parameters.
> > ---
> >  generator/generator | 20 ++++++++++++++++++++
> >  1 file changed, 20 insertions(+)
> 
> We may still want to introduce a testing mode where you can use libnbd
> to drive unknown flags to a server that understands them, for
> experimenting with protocol extensions not yet included in the NBD
> specification. But if we ever do add such a mode, it shouldn't be hard
> to make this sanity checking conditional on that mode.
> 
> > 
> > diff --git a/generator/generator b/generator/generator
> > index 96d1148..a6aea26 100755
> > --- a/generator/generator
> > +++ b/generator/generator
> > @@ -3689,6 +3689,19 @@ let generate_lib_api_c () =
> >      );
> >  
> >      (* Check parameters are valid. *)
> > +    let print_flags_check n { flag_prefix; flags } =
> > +      let value = match errcode with
> > +        | Some value -> value
> > +        | None -> assert false in
> > +      let mask = List.fold_left (lor) 0 (List.map snd flags) in
> > +      pr "  if ((%s & ~%d) != 0) {\n" n mask;
> > +      pr "    set_error (EINVAL, \"%%s: invalid value for flag: %%d\",\n";
> > +      pr "               \"%s\", %s);\n" n n;
> > +      pr "    ret = %s;\n" value;
> > +      pr "    goto out;\n";
> 
> Some of the checks in lib/rw.c are now unreachable with this in place.
> Is it worth simplifying that?  (But not all of them - there are still
> checks that depend on runtime values, such as nbd_pread accepting _DF
> only if the server advertises it after the client requests structured
> replies).  Also, this lets us pass all four existing command flags to
> all commands that accept an OFlags parameter, even though none of the
> commands accept all flags at once - the real protection being added here
> is the check for completely unrecognized flags.

Right - this doesn't replace fine-grained checks in the functions
themselves.  I'll have a look at lib/rw.c and see what checks might be
removed.

Rich.

> But the changes here look reasonable. ACK.
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3226
> Virtualization:  qemu.org | libvirt.org
> 




-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list