[Libguestfs] [nbdkit PATCH 2/3] server: Expose final thread_model to filter's .get_ready

Eric Blake eblake at redhat.com
Fri Aug 7 22:00:52 UTC 2020 

The next patch wants to add a filter that will prevent DoS attacks
from a plaintext client; to be successful, the filter must guarantee
that nbdkit did not settle on SERIALIZE_CONNECTIONS.  The easiest way
to solve this is to expose the final thread model to .get_ready, which
is after the point where .config_complete may have altered it, and
before any connections are permitted.

Signed-off-by: Eric Blake <eblake at redhat.com>
---
 docs/nbdkit-filter.pod          | 9 ++++++++-
 include/nbdkit-filter.h         | 3 ++-
 server/filters.c                | 4 ++--
 filters/extentlist/extentlist.c | 3 ++-
 filters/log/log.c               | 2 +-
 filters/rate/rate.c             | 2 +-
 filters/stats/stats.c           | 2 +-
 tests/test-layers-filter.c      | 2 +-
 8 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/docs/nbdkit-filter.pod b/docs/nbdkit-filter.pod
index b6ed5504..32db0938 100644
--- a/docs/nbdkit-filter.pod
+++ b/docs/nbdkit-filter.pod
@@ -298,11 +298,18 @@ with an error message and return C<-1>.

 =head2 C<.get_ready>

- int (*get_ready) (nbdkit_next_get_ready *next, void *nxdata);
+ int (*get_ready) (nbdkit_next_get_ready *next, void *nxdata,
+                   int thread_model);

 This intercepts the plugin C<.get_ready> method and can be used by the
 filter to get ready to serve requests.

+The C<thread_model> parameter informs the filter about the final
+thread model chosen by nbdkit after considering the results of
+C<.thread_model> of all filters in the chain after C<.config>.  This
+does not need to be passed on to C<next>, as the model can no longer
+be altered at this point.
+
 If there is an error, C<.get_ready> should call C<nbdkit_error> with
 an error message and return C<-1>.

diff --git a/include/nbdkit-filter.h b/include/nbdkit-filter.h
index 708a1b54..6aba1aec 100644
--- a/include/nbdkit-filter.h
+++ b/include/nbdkit-filter.h
@@ -166,7 +166,8 @@ struct nbdkit_filter {
                           nbdkit_backend *nxdata);
   const char *config_help;
   int (*thread_model) (void);
-  int (*get_ready) (nbdkit_next_get_ready *next, nbdkit_backend *nxdata);
+  int (*get_ready) (nbdkit_next_get_ready *next, nbdkit_backend *nxdata,
+                    int thread_model);
   int (*after_fork) (nbdkit_next_after_fork *next, nbdkit_backend *nxdata);
   int (*preconnect) (nbdkit_next_preconnect *next, nbdkit_backend *nxdata,
                      int readonly);
diff --git a/server/filters.c b/server/filters.c
index 90a9a948..0cfae344 100644
--- a/server/filters.c
+++ b/server/filters.c
@@ -183,10 +183,10 @@ filter_get_ready (struct backend *b)
 {
   struct backend_filter *f = container_of (b, struct backend_filter, backend);

-  debug ("%s: get_ready", b->name);
+  debug ("%s: get_ready thread_model=%d", b->name, thread_model);

   if (f->filter.get_ready) {
-    if (f->filter.get_ready (next_get_ready, b->next) == -1)
+    if (f->filter.get_ready (next_get_ready, b->next, thread_model) == -1)
       exit (EXIT_FAILURE);
   }
   else
diff --git a/filters/extentlist/extentlist.c b/filters/extentlist/extentlist.c
index 3005b790..dfb5e808 100644
--- a/filters/extentlist/extentlist.c
+++ b/filters/extentlist/extentlist.c
@@ -260,7 +260,8 @@ parse_extentlist (void)
 }

 static int
-extentlist_get_ready (nbdkit_next_get_ready *next, void *nxdata)
+extentlist_get_ready (nbdkit_next_get_ready *next, void *nxdata,
+                      int thread_model)
 {
   parse_extentlist ();

diff --git a/filters/log/log.c b/filters/log/log.c
index f8da9ad8..6a3a9b14 100644
--- a/filters/log/log.c
+++ b/filters/log/log.c
@@ -100,7 +100,7 @@ log_config_complete (nbdkit_next_config_complete *next, void *nxdata)

 /* Open the logfile. */
 static int
-log_get_ready (nbdkit_next_get_ready *next, void *nxdata)
+log_get_ready (nbdkit_next_get_ready *next, void *nxdata, int thread_model)
 {
   int fd;

diff --git a/filters/rate/rate.c b/filters/rate/rate.c
index 32c47fdf..325f5657 100644
--- a/filters/rate/rate.c
+++ b/filters/rate/rate.c
@@ -145,7 +145,7 @@ rate_config (nbdkit_next_config *next, void *nxdata,
 }

 static int
-rate_get_ready (nbdkit_next_get_ready *next, void *nxdata)
+rate_get_ready (nbdkit_next_get_ready *next, void *nxdata, int thread_model)
 {
   /* Initialize the global buckets. */
   bucket_init (&read_bucket, rate, BUCKET_CAPACITY);
diff --git a/filters/stats/stats.c b/filters/stats/stats.c
index 688078ec..687dd05b 100644
--- a/filters/stats/stats.c
+++ b/filters/stats/stats.c
@@ -210,7 +210,7 @@ stats_config_complete (nbdkit_next_config_complete *next, void *nxdata)
 }

 static int
-stats_get_ready (nbdkit_next_get_ready *next, void *nxdata)
+stats_get_ready (nbdkit_next_get_ready *next, void *nxdata, int thread_model)
 {
   int fd;

diff --git a/tests/test-layers-filter.c b/tests/test-layers-filter.c
index 5c5b3f0f..3f295588 100644
--- a/tests/test-layers-filter.c
+++ b/tests/test-layers-filter.c
@@ -84,7 +84,7 @@ test_layers_filter_config_complete (nbdkit_next_config_complete *next,

 static int
 test_layers_filter_get_ready (nbdkit_next_get_ready *next,
-                              void *nxdata)
+                              void *nxdata, int thread_model)
 {
   DEBUG_FUNCTION;
   return next (nxdata);
-- 
2.28.0

More information about the Libguestfs mailing list