Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use sealded memfd for icon validator #1424

Merged
merged 7 commits into from
Aug 29, 2024
Merged

Use sealded memfd for icon validator #1424

merged 7 commits into from
Aug 29, 2024

Conversation

jsparber
Copy link
Contributor

I split out the first few commits from #1298 that rework how the validator works and that introduce the XdpSealdFd.

CC: @hfiguiere and @GeorgesStavracas

@jsparber
icon-validator: Hard code all icon requirements in validator
aec44ca 
Since we are the only user of the icon-validator we don't need to split
the hard coded limits for icon validation between xdp-utils and the
icon-validator itself.
This moves icon size limit to the icon-validator and drops the second
format check from xdp-validate_serialized_icon.
@swick
Copy link
Contributor

swick commented Aug 26, 2024

@GeorgesStavracas last time we talked about this I think we could agree on making the validator take an argument which specifies what kind of icon should be validated and have all the logic about what a valid icon kind looks like in the validator itself. Do I remember that right?

swick
swick reviewed Aug 26, 2024
View reviewed changes
Copy link
Contributor

@swick swick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general. A few leaks, a bunch of nits but nothing major.

src/xdp-app-info.c Outdated Show resolved Hide resolved
src/xdp-utils.c Outdated Show resolved Hide resolved
src/validate-icon.c Outdated Show resolved Hide resolved
src/validate-icon.c Outdated Show resolved Hide resolved
src/xdp-utils.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Show resolved Hide resolved
src/xdp-sealed-fd.c Show resolved Hide resolved
@GeorgesStavracas
Copy link
Member

@GeorgesStavracas last time we talked about this I think we could agree on making the validator take an argument which specifies what kind of icon should be validated and have all the logic about what a valid icon kind looks like in the validator itself. Do I remember that right?

Yes. But I'm tending not to block this PR on it, it can be a follow-up cleanup just fine.

@jsparber jsparber force-pushed the rework_image_validator branch from 0087624 to 18192c4 Compare August 27, 2024 10:26
swick
swick reviewed Aug 27, 2024
View reviewed changes
src/validate-icon.c Outdated Show resolved Hide resolved
swick
swick reviewed Aug 27, 2024
View reviewed changes
src/validate-icon.c Outdated Show resolved Hide resolved
swick
swick reviewed Aug 27, 2024
View reviewed changes
src/xdp-utils.c Outdated Show resolved Hide resolved
swick
swick reviewed Aug 27, 2024
View reviewed changes
src/xdp-utils.h Outdated Show resolved Hide resolved
@swick
Copy link
Contributor

swick commented Aug 27, 2024

A few more nit picks about alignment and use of gchar/gint and documentation but when they are dealt with this is good to land IMO.

@jsparber jsparber force-pushed the rework_image_validator branch 2 times, most recently from c6a60f0 to 602d4e1 Compare August 28, 2024 08:32
swick
swick reviewed Aug 28, 2024
View reviewed changes
src/validate-icon.c Outdated Show resolved Hide resolved
swick
swick reviewed Aug 28, 2024
View reviewed changes
src/xdp-utils.h Outdated Show resolved Hide resolved
@jsparber
xdp-utils: Make xdp_spawn() fit better our use cases
7e83ac2 
There aren't many places where we need to spawn a subprocess but in all
cases we have a list of commend args and need the output as a response.
Make `xdp_spawn()` and `xdp_spawnv()` nicer to use and only take arguments
that are actually used.
@jsparber
xdp-utils: Allow passing an fd to the spawned child process
5c459e1 
This allows to use the same spawn methods to spawn the icon
validator, in a future commit it switch to this method and start using fds
instead of temp files.
@jsparber jsparber force-pushed the rework_image_validator branch from 602d4e1 to 4719bb6 Compare August 28, 2024 13:14
hfiguiere
hfiguiere reviewed Aug 29, 2024
View reviewed changes
src/validate-icon.c Outdated Show resolved Hide resolved
@jsparber jsparber force-pushed the rework_image_validator branch from 4719bb6 to 77f3ef1 Compare August 29, 2024 11:51
GeorgesStavracas
GeorgesStavracas requested changes Aug 29, 2024
View reviewed changes
Copy link
Member

@GeorgesStavracas GeorgesStavracas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My comments are mostly superficial at this point, my big complaint is that I think inline assignments are overused in these patches. My rule of thumb for this is, only assign variables in ifs / fors / whiles lines when the variable is only going to be used inside the block (i.e. it's an scoped variable).

src/validate-icon.c Outdated Show resolved Hide resolved
src/validate-icon.c Outdated Show resolved Hide resolved
src/validate-icon.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
src/xdp-sealed-fd.c Outdated Show resolved Hide resolved
@jsparber
validate-icon: Read icon from fd instead of a file
2e19f6f 
This reduces the amount of data we need to copy once we allow using
sealable memfd for passing icons, and we can also store bytes icons in a
memfd instead of a temp file.
@jsparber
validate-icon: Add file limit of 4MB
eb346c6 
Images shouldn't be to big in size. 4MBs is more then enough for all
cases.
@jsparber
xdp-sealed-fd: Introduce an object holding a sealed fd
83bc80f 
This object is used to to store GBytes that need to be passed between
processes. In future it will also be used to share data between clients,
the frontend and backend.

The introduced object handles creating and sealing of memfds. It uses
memfd_create() to create a new fd in case GBytes are provided and seals
it.
It also takes already existing memfds and ensures all seals that prevent
data modifications are applied.
@jsparber
xdp-utils: Use XdpSealedFd instead of temporary file for icon validation
1352c45 
This will allow us in future to write GBytesIcons once to a shareable
read-only fd. So that we don't need to load the same date in multiple
places.

Also in a future commit the notification portal will start to accept
sealable memfds (stored in XdpSealedFd) that will be passed onto the
backend. In general, there are multiple places where we can consume an fd
instead of using serialized data (including sending over DBus).
@jsparber jsparber force-pushed the rework_image_validator branch from 77f3ef1 to 1352c45 Compare August 29, 2024 14:01
@GeorgesStavracas GeorgesStavracas added this pull request to the merge queue Aug 29, 2024
@GeorgesStavracas GeorgesStavracas added this to the 1.20 milestone Aug 29, 2024
Merged via the queue into flatpak:main with commit 39feef0 Aug 29, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swick swick swick left review comments

@hfiguiere hfiguiere hfiguiere left review comments

@GeorgesStavracas GeorgesStavracas GeorgesStavracas approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
Triage
Status: Triaged
Milestone
1.20
Development

Successfully merging this pull request may close these issues.
4 participants
@jsparber @swick @GeorgesStavracas @hfiguiere