From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, berto@igalia.com, armbru@redhat.com
Subject: [Qemu-devel] [PATCH v7 27/39] qapi: More rigorous checking for type safety bypass
Date: Wed, 29 Apr 2015 07:06:42 -0600 [thread overview]
Message-ID: <1430312814-19706-28-git-send-email-eblake@redhat.com> (raw)
In-Reply-To: <1430312814-19706-1-git-send-email-eblake@redhat.com>
Now that we have a way to validate every type, we can also be
stricter about enforcing that callers that want to bypass
type safety in generated code. Prior to this patch, it didn't
matter what value was associated with the key 'gen', but it
looked odd that 'gen':'yes' could result in bypassing the
generated code. These changes also enforce the changes made
earlier in the series for documentation and consolidation of
using '**' as the wildcard type, as well as 'gen':false as the
canonical spelling for requesting type bypass.
Note that 'gen':false is a one-way switch away from the default;
we do not support 'gen':true (similar for 'success-response').
In practice, this doesn't matter.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
---
v7: fix typo in commit message
---
scripts/qapi.py | 22 +++++++++++++++++-----
tests/qapi-schema/type-bypass-bad-gen.err | 1 +
tests/qapi-schema/type-bypass-bad-gen.exit | 2 +-
tests/qapi-schema/type-bypass-bad-gen.json | 2 +-
tests/qapi-schema/type-bypass-bad-gen.out | 3 ---
tests/qapi-schema/type-bypass-no-gen.err | 1 +
tests/qapi-schema/type-bypass-no-gen.exit | 2 +-
tests/qapi-schema/type-bypass-no-gen.json | 2 +-
tests/qapi-schema/type-bypass-no-gen.out | 3 ---
9 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/scripts/qapi.py b/scripts/qapi.py
index 2b52932..47b9d9f 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -324,14 +324,15 @@ def check_name(expr_info, source, name, allow_optional = False,
"%s uses invalid name '%s'" % (source, name))
def check_type(expr_info, source, value, allow_array = False,
- allow_dict = False, allow_optional = False, allow_metas = []):
+ allow_dict = False, allow_optional = False,
+ allow_star = False, allow_metas = []):
global all_names
orig_value = value
if value is None:
return
- if value == '**':
+ if allow_star and value == '**':
return
# Check if array type for value is okay
@@ -348,6 +349,10 @@ def check_type(expr_info, source, value, allow_array = False,
# Check if type name for value is okay
if isinstance(value, str):
+ if value == '**':
+ raise QAPIExprError(expr_info,
+ "%s uses '**' but did not request 'gen':false"
+ % source)
if not value in all_names:
raise QAPIExprError(expr_info,
"%s uses unknown type '%s'"
@@ -371,19 +376,22 @@ def check_type(expr_info, source, value, allow_array = False,
check_type(expr_info, "Member '%s' of %s" % (key, source), arg,
allow_array=True, allow_dict=True, allow_optional=True,
allow_metas=['built-in', 'union', 'alternate', 'struct',
- 'enum'])
+ 'enum'], allow_star=allow_star)
def check_command(expr, expr_info):
name = expr['command']
+ allow_star = expr.has_key('gen')
+
check_type(expr_info, "'data' for command '%s'" % name,
expr.get('data'), allow_dict=True, allow_optional=True,
- allow_metas=['union', 'struct'])
+ allow_metas=['union', 'struct'], allow_star=allow_star)
returns_meta = ['union', 'struct']
if name in returns_whitelist:
returns_meta += ['built-in', 'alternate', 'enum']
check_type(expr_info, "'returns' for command '%s'" % name,
expr.get('returns'), allow_array=True, allow_dict=True,
- allow_optional=True, allow_metas=returns_meta)
+ allow_optional=True, allow_metas=returns_meta,
+ allow_star=allow_star)
def check_event(expr, expr_info):
global events
@@ -579,6 +587,10 @@ def check_keys(expr_elem, meta, required, optional=[]):
raise QAPIExprError(info,
"Unknown key '%s' in %s '%s'"
% (key, meta, name))
+ if (key == 'gen' or key == 'success-response') and value != False:
+ raise QAPIExprError(info,
+ "'%s' of %s '%s' should only use false value"
+ % (key, meta, name))
for key in required:
if not expr.has_key(key):
raise QAPIExprError(info,
diff --git a/tests/qapi-schema/type-bypass-bad-gen.err b/tests/qapi-schema/type-bypass-bad-gen.err
index e69de29..a83c3c6 100644
--- a/tests/qapi-schema/type-bypass-bad-gen.err
+++ b/tests/qapi-schema/type-bypass-bad-gen.err
@@ -0,0 +1 @@
+tests/qapi-schema/type-bypass-bad-gen.json:2: 'gen' of command 'foo' should only use false value
diff --git a/tests/qapi-schema/type-bypass-bad-gen.exit b/tests/qapi-schema/type-bypass-bad-gen.exit
index 573541a..d00491f 100644
--- a/tests/qapi-schema/type-bypass-bad-gen.exit
+++ b/tests/qapi-schema/type-bypass-bad-gen.exit
@@ -1 +1 @@
-0
+1
diff --git a/tests/qapi-schema/type-bypass-bad-gen.json b/tests/qapi-schema/type-bypass-bad-gen.json
index bb70bee..e8dec34 100644
--- a/tests/qapi-schema/type-bypass-bad-gen.json
+++ b/tests/qapi-schema/type-bypass-bad-gen.json
@@ -1,2 +1,2 @@
-# FIXME: 'gen' should only appear with value false
+# 'gen' should only appear with value false
{ 'command': 'foo', 'gen': 'whatever' }
diff --git a/tests/qapi-schema/type-bypass-bad-gen.out b/tests/qapi-schema/type-bypass-bad-gen.out
index e678f2c..e69de29 100644
--- a/tests/qapi-schema/type-bypass-bad-gen.out
+++ b/tests/qapi-schema/type-bypass-bad-gen.out
@@ -1,3 +0,0 @@
-[OrderedDict([('command', 'foo'), ('gen', 'whatever')])]
-[]
-[]
diff --git a/tests/qapi-schema/type-bypass-no-gen.err b/tests/qapi-schema/type-bypass-no-gen.err
index e69de29..20cef0a 100644
--- a/tests/qapi-schema/type-bypass-no-gen.err
+++ b/tests/qapi-schema/type-bypass-no-gen.err
@@ -0,0 +1 @@
+tests/qapi-schema/type-bypass-no-gen.json:2: Member 'arg' of 'data' for command 'unsafe' uses '**' but did not request 'gen':false
diff --git a/tests/qapi-schema/type-bypass-no-gen.exit b/tests/qapi-schema/type-bypass-no-gen.exit
index 573541a..d00491f 100644
--- a/tests/qapi-schema/type-bypass-no-gen.exit
+++ b/tests/qapi-schema/type-bypass-no-gen.exit
@@ -1 +1 @@
-0
+1
diff --git a/tests/qapi-schema/type-bypass-no-gen.json b/tests/qapi-schema/type-bypass-no-gen.json
index af87c19..4feae37 100644
--- a/tests/qapi-schema/type-bypass-no-gen.json
+++ b/tests/qapi-schema/type-bypass-no-gen.json
@@ -1,2 +1,2 @@
-# FIXME: type bypass should only work with 'gen':false
+# type bypass only works with 'gen':false
{ 'command': 'unsafe', 'data': { 'arg': '**' }, 'returns': '**' }
diff --git a/tests/qapi-schema/type-bypass-no-gen.out b/tests/qapi-schema/type-bypass-no-gen.out
index 8b2a9ac..e69de29 100644
--- a/tests/qapi-schema/type-bypass-no-gen.out
+++ b/tests/qapi-schema/type-bypass-no-gen.out
@@ -1,3 +0,0 @@
-[OrderedDict([('command', 'unsafe'), ('data', OrderedDict([('arg', '**')])), ('returns', '**')])]
-[]
-[]
--
2.1.0
next prev parent reply other threads:[~2015-04-29 13:07 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-29 13:06 [Qemu-devel] [PATCH v7 00/39] drop qapi nested structs Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 01/39] qapi: Add copyright declaration on docs Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 02/39] qapi: Document type-safety considerations Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 03/39] qapi: Simplify builtin type handling Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 04/39] qapi: Fix generation of 'size' builtin type Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 05/39] qapi: Require ASCII in schema Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 06/39] qapi: Add some enum tests Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 07/39] qapi: Better error messages for bad enums Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 08/39] qapi: Add some union tests Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 09/39] qapi: Clean up test coverage of simple unions Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 10/39] qapi: Forbid base without discriminator in unions Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 11/39] qapi: Tighten checking of unions Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 12/39] qapi: Prepare for catching more semantic parse errors Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 13/39] qapi: Segregate anonymous unions into alternates in generator Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 14/39] qapi: Rename anonymous union type in test Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 15/39] qapi: Document new 'alternate' meta-type Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 16/39] qapi: Use 'alternate' to replace anonymous union Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 17/39] qapi: Add some expr tests Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 18/39] qapi: Better error messages for bad expressions Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 19/39] qapi: Add tests of redefined expressions Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 20/39] qapi: Better error messages for duplicated expressions Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 21/39] qapi: Allow true, false and null in schema json Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 22/39] qapi: Unify type bypass and add tests Eric Blake
2015-05-01 19:55 ` Eric Blake
2015-05-01 20:10 ` [Qemu-devel] [PATCHv7 22a/39] squash: " Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 23/39] qapi: Add some type check tests Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 24/39] qapi: More rigourous checking of types Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 25/39] qapi: Require valid names Eric Blake
2015-05-02 20:51 ` Eric Blake
2015-05-04 7:26 ` Markus Armbruster
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 26/39] qapi: Whitelist commands that don't return dictionary Eric Blake
2015-04-29 13:06 ` Eric Blake [this message]
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 28/39] qapi: Prefer 'struct' over 'type' in generator Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 29/39] qapi: Document 'struct' metatype Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 30/39] qapi: Use 'struct' instead of 'type' in schema Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 31/39] qapi: Forbid " Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 32/39] qapi: Merge UserDefTwo and UserDefNested in tests Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 33/39] qapi: Drop tests for inline nested structs Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 34/39] qapi: Drop inline nested struct in query-version Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 35/39] qapi: Drop inline nested structs in query-pci Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 36/39] qapi: Drop support for inline nested types Eric Blake
2015-05-01 20:20 ` Eric Blake
2015-05-04 7:28 ` Markus Armbruster
2015-05-01 20:29 ` [Qemu-devel] [PATCH v7 36a/39] squash: qapi: Drop dead visitor code related to nested structs Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 37/39] qapi: Tweak doc references to QMP when QGA is also meant Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 38/39] qapi: Support (subset of) \u escapes in strings Eric Blake
2015-04-29 13:06 ` [Qemu-devel] [PATCH v7 39/39] qapi: Check for member name conflicts with a base class Eric Blake
2015-05-01 20:22 ` Eric Blake
2015-05-01 20:27 ` [Qemu-devel] [PATCH v7 39a/39] squash: " Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1430312814-19706-28-git-send-email-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=armbru@redhat.com \
--cc=berto@igalia.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).