-
Notifications
You must be signed in to change notification settings - Fork 375
check sandbox pointers in virtcontainers internal functions #280
Comments
Thanks for opening this, I have assigned P1 priority as it might be good to address it asap. |
@sboeuf Why is it a P1 issue? AFAICT, it is not a bug and does not block any functionality. I am not even convinced we should do it. A P1 issue means it must be fixed ASAP but I see otherwise on this one. And please comment on the two things I listed above so that we can get consensus on internal function parameter sanity checking before introducing random checks here and there. |
I have assigned P1 to make sure we don't forget it, otherwise, I have the feeling that nobody will ever look at it if it is P2 or P3...
We have two options, either we check this for every single function (which seems a bit overkill), or we define what we consider as high level functions where we should check this.
I think we might need to do the same for other parameters, but this should be handled in a different issue then. |
I don't think this is a P1, as there really isn't an severity, but agree we need to come to agreement on this. Let's get feedback from rest of the committee on this if we can't get quick alignment between @jodh-intel and @bergwolf I think that for the two items you made, Peng, we should have the same guidance. For example, we should be consistent on parameter checking; sandbox shouldn't be a special case. Is there a reason you think it would be? Because it comes from a well defined source? Or? I think that doing parameter checking at the API level makes sense 100% for sure, and agree about the ROI of doing the check as it gets passed down through multiple function calls. IF we have test coverage for each of the functions, in the chain already, I'm not sure if it is necessary. Having said that, I don't think this is a top priority/release gating item and we have a pretty big backlog right now for 1.0. This is definitely something we should get agreement on so we can be consistent on implementation and review (the most important thing here, imo). |
You may not get feedback from @jodh-intel this week. I strongly suspect he'd vote for checking all interface parameters all the time, at all levels... but, let's wait for his input on that. Personally, I do think that whilst that leads to better/safer software, it is possibly overkill from the performance pov. I'd vote we check all parameters at all boundaries (API and module interfaces etc.) at a minimum (but I think we all agree on that already). |
@egernst I asked about sandbox pointer specifically because I was asked to check it but not other parameters. I think we should not make it a special case but need to confirm with you guys. I guess we all likely agree on checking all parameters at API and module boundaries. Let's wait @jodh-intel's input when he comes back. |
From @jodh-intel:
IMHO, to make such a change, we need to clarify a few things:
@jodh-intel @sboeuf @egernst please comment.
The text was updated successfully, but these errors were encountered: