From nobody Tue Nov 4 11:28:14 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1602094771; cv=none; d=zohomail.com; s=zohoarc; b=PV/flFgb8TZ6Zv9jmtebIH3OjCvVeo3rrPkcH5lUYICiMgipqxpWygJ8RGVe/BixTKrDnBE0o4OXhKHlN+qSP4+vVjct1CNLlWsGKw/jYOhRebS/YIq/IOIciPkx9XYX4Y+VDgnPE/UkSVWnknX6l1zWvJubvFb78zLMwuH6g4E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602094771; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=AZRQL4J9EzNTKJ0iNLj3+SK83gMajJxvGlvfOiMeSpE=; b=dVnG9Oh6YUVXcrK1CQE67sIIAcIANONPqhRIUn7zoMlL55OPmtFa9mBXGPL4VPPyl7UWqTktIPHZB31sc5Z+0eLb5qxqTutGirnEykVTdU8lavhJ9g8h7KsXbmXJ5FbwezkEys2UKq8xyM619dlaAwFDB1LH5VcXUNeNwHr0Rtc= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1602094771267281.20908036911794; Wed, 7 Oct 2020 11:19:31 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.3647.10579 (Exim 4.92) (envelope-from ) id 1kQE1y-0007Mn-PS; Wed, 07 Oct 2020 18:19:14 +0000 Received: by outflank-mailman (output) from mailman id 3647.10579; Wed, 07 Oct 2020 18:19:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kQE1y-0007Md-L0; Wed, 07 Oct 2020 18:19:14 +0000 Received: by outflank-mailman (input) for mailman id 3647; Wed, 07 Oct 2020 18:19:13 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kQE1x-00072Q-GG for xen-devel@lists.xenproject.org; Wed, 07 Oct 2020 18:19:13 +0000 Received: from chiark.greenend.org.uk (unknown [2001:ba8:1e3::]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id a6c7b4c3-36aa-4ac6-a6a4-36a2a11e9a31; Wed, 07 Oct 2020 18:19:03 +0000 (UTC) Received: from [172.18.45.5] (helo=zealot.relativity.greenend.org.uk) by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with esmtp (return-path ijackson@chiark.greenend.org.uk) id 1kQDk7-0007CF-Nc; Wed, 07 Oct 2020 19:00:47 +0100 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kQE1x-00072Q-GG for xen-devel@lists.xenproject.org; Wed, 07 Oct 2020 18:19:13 +0000 Received: from chiark.greenend.org.uk (unknown [2001:ba8:1e3::]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id a6c7b4c3-36aa-4ac6-a6a4-36a2a11e9a31; Wed, 07 Oct 2020 18:19:03 +0000 (UTC) Received: from [172.18.45.5] (helo=zealot.relativity.greenend.org.uk) by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with esmtp (return-path ijackson@chiark.greenend.org.uk) id 1kQDk7-0007CF-Nc; Wed, 07 Oct 2020 19:00:47 +0100 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a6c7b4c3-36aa-4ac6-a6a4-36a2a11e9a31 From: Ian Jackson To: xen-devel@lists.xenproject.org Cc: Ian Jackson Subject: [OSSTEST PATCH 58/82] runvar access: Introduce access control machinery Date: Wed, 7 Oct 2020 19:00:00 +0100 Message-Id: <20201007180024.7932-59-iwj@xenproject.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201007180024.7932-1-iwj@xenproject.org> References: <20201007180024.7932-1-iwj@xenproject.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ian Jackson This will allow us to trap accesses, during test host setup, to runvars which weren't included in ithe calculation of the sharing scope. Signed-off-by: Ian Jackson --- Osstest/TestSupport.pm | 53 ++++++++++++++++++++++++++++++++++++++++++ README | 2 +- 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/Osstest/TestSupport.pm b/Osstest/TestSupport.pm index ce13d3a6..b1eca0a9 100644 --- a/Osstest/TestSupport.pm +++ b/Osstest/TestSupport.pm @@ -33,6 +33,7 @@ use File::Basename; use IO::Handle; use Carp; use Digest::SHA; +use File::FnMatch qw(:fnmatch); =20 BEGIN { use Exporter (); @@ -141,6 +142,8 @@ BEGIN { target_core_dump_setup sha256file host_shared_mark_ready gitcache_setup + + @accessible_runvar_pats ); %EXPORT_TAGS =3D ( ); =20 @@ -156,6 +159,10 @@ our %timeout=3D qw(RebootDown 100 our $logm_handle=3D new IO::File ">& STDERR" or die $!; our $logm_prefix=3D ''; =20 +# When runvar_access_restrict is called, it will limit reading +# of non-synth runvars to ones which match these glob patterns. +our @accessible_runvar_pats =3D qw(test-host-setup-runvars-will-appear-her= e); + #---------- test script startup ---------- =20 sub tsreadconfig () { @@ -3164,4 +3171,50 @@ END 'home-osstest-gitconfig'); } =20 +sub runvar_access_restrict () { + # restricts runvars to those in @accessible_runvar_pats + return if "@accessible_runvar_pats" eq "*"; + return if tied %r; + tie %r, 'RunvarMonitor', %r; +} + +sub runvar_access_check ($$) { + my ($key, $what) =3D @_; + return if grep { fnmatch $_, $key } @accessible_runvar_pats; + my $m =3D "reuse-uncontrolled runvar $what '$key'\n". + " (controlled runvars are @accessible_runvar_pats)"; + confess $m unless $ENV{OSSTEST_UNCONTROLLED_SHARE_RUNVAR_WARNONLY}; + Carp::cluck $m; +} + +package RunvarMonitor; +use Carp; +use Osstest; +use Osstest::TestSupport; + +sub TIEHASH { + my $self =3D shift; + logm("reuse: restricting runvars to @accessible_runvar_pats"); + return bless { @_ }, $self; +} + +sub _ok { + my $self =3D shift; + my $key =3D shift; + Osstest::TestSupport::runvar_access_check($key, 'access'); +} + +sub FIRSTKEY { + confess + "reuse-uncontrolled runvar scanning - change to use runvar_glob!"; +} +sub FETCH { my ($self, $key) =3D @_; $self->_ok($key); $self->{$key} } +sub EXISTS { my ($self, $key) =3D @_; $self->_ok($key); exists $self->{$ke= y} } +sub STORE { my ($self, $key, $val) =3D @_; $self->{$key} =3D $val; } +sub DELETE { my ($self, $key) =3D @_; delete $self->{$key}; } + +sub CLEAR { confess } +sub SCALAR { confess } +sub UNTIE { confess } + 1; diff --git a/README b/README index ba4bea1d..a929010c 100644 --- a/README +++ b/README @@ -297,7 +297,7 @@ To run osstest in standalone mode: curl netcat chiark-utils-bin - libxml-libxml-perl + libxml-libxml-perl libfile-fnmatch-perl dctrl-tools libnet-snmp-perl (if you are going to use Masterswitch PDUs) =20 --=20 2.20.1