[Libguestfs] [nbdkit PATCH 2/3] server: Expose final thread_model to filter's .get_ready
Richard W.M. Jones
rjones at redhat.com
Mon Aug 10 13:01:21 UTC 2020
On Fri, Aug 07, 2020 at 05:00:52PM -0500, Eric Blake wrote:
> The next patch wants to add a filter that will prevent DoS attacks
> from a plaintext client; to be successful, the filter must guarantee
> that nbdkit did not settle on SERIALIZE_CONNECTIONS. The easiest way
> to solve this is to expose the final thread model to .get_ready, which
> is after the point where .config_complete may have altered it, and
> before any connections are permitted.
>
> Signed-off-by: Eric Blake <eblake at redhat.com>
> ---
> docs/nbdkit-filter.pod | 9 ++++++++-
> include/nbdkit-filter.h | 3 ++-
> server/filters.c | 4 ++--
> filters/extentlist/extentlist.c | 3 ++-
> filters/log/log.c | 2 +-
> filters/rate/rate.c | 2 +-
> filters/stats/stats.c | 2 +-
> tests/test-layers-filter.c | 2 +-
> 8 files changed, 18 insertions(+), 9 deletions(-)
This is fine. Is this something that we would also with to add to
plugin->get_ready in V3 API? If so it would be a good idea to add
this to TODO.
ACK
Rich.
> diff --git a/docs/nbdkit-filter.pod b/docs/nbdkit-filter.pod
> index b6ed5504..32db0938 100644
> --- a/docs/nbdkit-filter.pod
> +++ b/docs/nbdkit-filter.pod
> @@ -298,11 +298,18 @@ with an error message and return C<-1>.
>
> =head2 C<.get_ready>
>
> - int (*get_ready) (nbdkit_next_get_ready *next, void *nxdata);
> + int (*get_ready) (nbdkit_next_get_ready *next, void *nxdata,
> + int thread_model);
>
> This intercepts the plugin C<.get_ready> method and can be used by the
> filter to get ready to serve requests.
>
> +The C<thread_model> parameter informs the filter about the final
> +thread model chosen by nbdkit after considering the results of
> +C<.thread_model> of all filters in the chain after C<.config>. This
> +does not need to be passed on to C<next>, as the model can no longer
> +be altered at this point.
> +
> If there is an error, C<.get_ready> should call C<nbdkit_error> with
> an error message and return C<-1>.
>
> diff --git a/include/nbdkit-filter.h b/include/nbdkit-filter.h
> index 708a1b54..6aba1aec 100644
> --- a/include/nbdkit-filter.h
> +++ b/include/nbdkit-filter.h
> @@ -166,7 +166,8 @@ struct nbdkit_filter {
> nbdkit_backend *nxdata);
> const char *config_help;
> int (*thread_model) (void);
> - int (*get_ready) (nbdkit_next_get_ready *next, nbdkit_backend *nxdata);
> + int (*get_ready) (nbdkit_next_get_ready *next, nbdkit_backend *nxdata,
> + int thread_model);
> int (*after_fork) (nbdkit_next_after_fork *next, nbdkit_backend *nxdata);
> int (*preconnect) (nbdkit_next_preconnect *next, nbdkit_backend *nxdata,
> int readonly);
> diff --git a/server/filters.c b/server/filters.c
> index 90a9a948..0cfae344 100644
> --- a/server/filters.c
> +++ b/server/filters.c
> @@ -183,10 +183,10 @@ filter_get_ready (struct backend *b)
> {
> struct backend_filter *f = container_of (b, struct backend_filter, backend);
>
> - debug ("%s: get_ready", b->name);
> + debug ("%s: get_ready thread_model=%d", b->name, thread_model);
>
> if (f->filter.get_ready) {
> - if (f->filter.get_ready (next_get_ready, b->next) == -1)
> + if (f->filter.get_ready (next_get_ready, b->next, thread_model) == -1)
> exit (EXIT_FAILURE);
> }
> else
> diff --git a/filters/extentlist/extentlist.c b/filters/extentlist/extentlist.c
> index 3005b790..dfb5e808 100644
> --- a/filters/extentlist/extentlist.c
> +++ b/filters/extentlist/extentlist.c
> @@ -260,7 +260,8 @@ parse_extentlist (void)
> }
>
> static int
> -extentlist_get_ready (nbdkit_next_get_ready *next, void *nxdata)
> +extentlist_get_ready (nbdkit_next_get_ready *next, void *nxdata,
> + int thread_model)
> {
> parse_extentlist ();
>
> diff --git a/filters/log/log.c b/filters/log/log.c
> index f8da9ad8..6a3a9b14 100644
> --- a/filters/log/log.c
> +++ b/filters/log/log.c
> @@ -100,7 +100,7 @@ log_config_complete (nbdkit_next_config_complete *next, void *nxdata)
>
> /* Open the logfile. */
> static int
> -log_get_ready (nbdkit_next_get_ready *next, void *nxdata)
> +log_get_ready (nbdkit_next_get_ready *next, void *nxdata, int thread_model)
> {
> int fd;
>
> diff --git a/filters/rate/rate.c b/filters/rate/rate.c
> index 32c47fdf..325f5657 100644
> --- a/filters/rate/rate.c
> +++ b/filters/rate/rate.c
> @@ -145,7 +145,7 @@ rate_config (nbdkit_next_config *next, void *nxdata,
> }
>
> static int
> -rate_get_ready (nbdkit_next_get_ready *next, void *nxdata)
> +rate_get_ready (nbdkit_next_get_ready *next, void *nxdata, int thread_model)
> {
> /* Initialize the global buckets. */
> bucket_init (&read_bucket, rate, BUCKET_CAPACITY);
> diff --git a/filters/stats/stats.c b/filters/stats/stats.c
> index 688078ec..687dd05b 100644
> --- a/filters/stats/stats.c
> +++ b/filters/stats/stats.c
> @@ -210,7 +210,7 @@ stats_config_complete (nbdkit_next_config_complete *next, void *nxdata)
> }
>
> static int
> -stats_get_ready (nbdkit_next_get_ready *next, void *nxdata)
> +stats_get_ready (nbdkit_next_get_ready *next, void *nxdata, int thread_model)
> {
> int fd;
>
> diff --git a/tests/test-layers-filter.c b/tests/test-layers-filter.c
> index 5c5b3f0f..3f295588 100644
> --- a/tests/test-layers-filter.c
> +++ b/tests/test-layers-filter.c
> @@ -84,7 +84,7 @@ test_layers_filter_config_complete (nbdkit_next_config_complete *next,
>
> static int
> test_layers_filter_get_ready (nbdkit_next_get_ready *next,
> - void *nxdata)
> + void *nxdata, int thread_model)
> {
> DEBUG_FUNCTION;
> return next (nxdata);
> --
> 2.28.0
>
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://www.redhat.com/mailman/listinfo/libguestfs
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
More information about the Libguestfs
mailing list