Xen project Mailing List

Re: [Xen-devel] [PATCH 1/2] make xen ocaml safe-strings compliant

To: Christian Lindig <christian.lindig@xxxxxxxxxx>

From: Michael Young <m.a.young@xxxxxxxxxxxx>

Date: Mon, 12 Mar 2018 19:35:16 +0000 (GMT)

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=m.a.young@xxxxxxxxxxxx;

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, John Thomson <git@xxxxxxxxxxxxxxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Marcello Seri <marcello.seri@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 12 Mar 2018 19:35:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Spamdiagnosticmetadata: NSPM

Spamdiagnosticoutput: 1:99

On Mon, 12 Mar 2018, Christian Lindig wrote:

 The problem with the old patch is illustrated by the following section
 from the old patch for tools/ocaml/xenstored/utils.ml
 @@ -85,7 +85,7 @@ let create_unix_socket name =
  let read_file_single_integer filename =
         let fd = Unix.openfile filename [ Unix.O_RDONLY ] 0o640 in
         let buf = String.make 20 (char_of_int 0) in
 -       let sz = Unix.read fd buf 0 20 in
 +       let sz = Unix.read fd (Bytes.of_string buf) 0 20 in
         Unix.close fd;
         int_of_string (String.sub buf 0 sz)

 where the patch makes Unix.read write to a Bytes copy of buf and buf
 itself is unchanged, so int_of_string sees a string of null characters
 rather than a string to convert into a number.

Good analysis. (Bytes.of_string buf) created a buffer for the result fromread() for which we have no handle.

Reviewing the new patch I believe it is sound. The (new) signature ofread_mmap is

 val read_mmap : backend_mmap -> 'a -> bytes -> int -> int

The new implementation is below - argument s used to be a string value and isnow a bytes value. I would suggest to reflect this in the names (using binstead of s) as this is about conversion between strings and bytes.

   let read_mmap back con s len =
 -      let rd = Xs_ring.read back.mmap s len in
 +      let stmp = String.make len (char_of_int 0) in
 +      let rd = Xs_ring.read back.mmap stmp len in
 +      Bytes.blit_string stmp 0 s 0 rd;
    back.work_again <- (rd > 0);
    if rd > 0 then
     back.eventchn_notify ();

Below are the functions that changed their type and where this also should beconsidered:

 -val read_fd : backend_fd -> 'a -> string -> int -> int
 -val read_mmap : backend_mmap -> 'a -> string -> int -> int
 -val read : t -> string -> int -> int
 -val write_fd : backend_fd -> 'a -> string -> int -> int
 +val read_fd : backend_fd -> 'a -> bytes -> int -> int
 +val read_mmap : backend_mmap -> 'a -> bytes -> int -> int
 +val read : t -> bytes -> int -> int
 +val write_fd : backend_fd -> 'a -> bytes -> int -> int


-- Christian

Here is version 4 of the patch where I have replaced the uses of s with b

where the patch changes it from string to bytes. I have also removed the

two trailing spaces and changed stmp back to s.

Michael Young

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.