| Message ID | 1610360847-21890-1-git-send-email-martin.fuzzey@flowbird.group |
|---|---|
| State | Accepted |
| Commit | 9636bf8b2e319c0f43453f71131ba70856571d05 |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | env: Fix warning when forcing environment without ENV_ACCESS_IGNORE_FORCE | expand |
On Mon, Jan 11, 2021 at 11:27:20AM +0100, Martin Fuzzey wrote: > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > a warning message is displayed when setenv -f is used WITHOUT > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > in lots of log pollution. > > env_flags_validate() returns 0 if the access is accepted, or non zero > if it is refused. > > So the original code > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) > return 0; > #endif > > was correct, it returns 0 (accepts the modification) if forced UNLESS > IGNORE_FORCE is set (in which case access checks in the following code > are applied). The broken patch just added a printf to the force accepted > case. > > To obtain the intent of the patch we need this: > if (flag & H_FORCE) { > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); > #else > return 0; > #endif > } > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> > --- > env/flags.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/env/flags.c b/env/flags.c > index df4aed2..e3e833c 100644 > --- a/env/flags.c > +++ b/env/flags.c > @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, > return 1; > #endif > > -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) { > +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); > +#else > return 0; > - } > #endif > + } > switch (op) { > case env_op_delete: > if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_DELETE) { Marek, does this look right to you? Heinrich, I think this means there''s a follow-up commit that I made to one of the tests that can probably be reverted as well? Thanks for digging in to this Martin!
On 11.01.21 11:27, Martin Fuzzey wrote: > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > a warning message is displayed when setenv -f is used WITHOUT > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > in lots of log pollution. > > env_flags_validate() returns 0 if the access is accepted, or non zero > if it is refused. > > So the original code > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) > return 0; > #endif > > was correct, it returns 0 (accepts the modification) if forced UNLESS > IGNORE_FORCE is set (in which case access checks in the following code > are applied). The broken patch just added a printf to the force accepted > case. > > To obtain the intent of the patch we need this: > if (flag & H_FORCE) { > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); > #else > return 0; > #endif > } > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> > --- > env/flags.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/env/flags.c b/env/flags.c > index df4aed2..e3e833c 100644 > --- a/env/flags.c > +++ b/env/flags.c > @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, Please, add a Sphinx style function description in include/env_flags.h explaining exactly what this function is meant to do. Cf. https://www.kernel.org/doc/html/latest/doc-guide/kernel-doc.html#function-documentation > return 1; > #endif > > -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) { > +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); If this is an error, why don't you return 1 (failure)? Please, use log_err() for error messages. > +#else > return 0; Why shouldn't the other tests be executed? Best regards Heinrich > - } > #endif > + } > switch (op) { > case env_op_delete: > if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_DELETE) { >
On Fri, Jan 15, 2021 at 01:43:44PM -0500, Tom Rini wrote: > On Mon, Jan 11, 2021 at 11:27:20AM +0100, Martin Fuzzey wrote: > > > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > a warning message is displayed when setenv -f is used WITHOUT > > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > > in lots of log pollution. > > > > env_flags_validate() returns 0 if the access is accepted, or non zero > > if it is refused. > > > > So the original code > > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > > if (flag & H_FORCE) > > return 0; > > #endif > > > > was correct, it returns 0 (accepts the modification) if forced UNLESS > > IGNORE_FORCE is set (in which case access checks in the following code > > are applied). The broken patch just added a printf to the force accepted > > case. > > > > To obtain the intent of the patch we need this: > > if (flag & H_FORCE) { > > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > printf("## Error: Can't force access to \"%s\"\n", name); > > #else > > return 0; > > #endif > > } > > > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> > > --- > > env/flags.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/env/flags.c b/env/flags.c > > index df4aed2..e3e833c 100644 > > --- a/env/flags.c > > +++ b/env/flags.c > > @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, > > return 1; > > #endif > > > > -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > > if (flag & H_FORCE) { > > +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > printf("## Error: Can't force access to \"%s\"\n", name); > > +#else > > return 0; > > - } > > #endif > > + } > > switch (op) { > > case env_op_delete: > > if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_DELETE) { > > Marek, does this look right to you? Heinrich, I think this means > there''s a follow-up commit that I made to one of the tests that can > probably be reverted as well? Thanks for digging in to this Martin! Marek? Heinrich? I really want a little feedback on this patch since I think it addresses a tricky problem. Thanks.
On 1/28/21 10:11 AM, Heinrich Schuchardt wrote: [...] >> diff --git a/env/flags.c b/env/flags.c >> index df4aed2..e3e833c 100644 >> --- a/env/flags.c >> +++ b/env/flags.c >> @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, > > Please, add a Sphinx style function description in include/env_flags.h > explaining exactly what this function is meant to do. > > Cf. > https://www.kernel.org/doc/html/latest/doc-guide/kernel-doc.html#function-documentation This is irrelevant, it's a bugfix so docs/improvements are a separate patch. >> return 1; >> #endif >> >> -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE >> if (flag & H_FORCE) { >> +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >> printf("## Error: Can't force access to \"%s\"\n", name); > > If this is an error, why don't you return 1 (failure)? > Please, use log_err() for error messages. > >> +#else >> return 0; > > Why shouldn't the other tests be executed? Because the code is a total mess and thus error prone.
On 1/11/21 11:27 AM, Martin Fuzzey wrote: > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > a warning message is displayed when setenv -f is used WITHOUT > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > in lots of log pollution. > > env_flags_validate() returns 0 if the access is accepted, or non zero > if it is refused. > > So the original code > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) > return 0; > #endif > > was correct, it returns 0 (accepts the modification) if forced UNLESS > IGNORE_FORCE is set (in which case access checks in the following code > are applied). The broken patch just added a printf to the force accepted > case. > > To obtain the intent of the patch we need this: > if (flag & H_FORCE) { > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); > #else > return 0; > #endif > } > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> > --- > env/flags.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/env/flags.c b/env/flags.c > index df4aed2..e3e833c 100644 > --- a/env/flags.c > +++ b/env/flags.c > @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, > return 1; > #endif > > -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) { > +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); > +#else > return 0; > - } > #endif Based on env/Kconfig description of this option: config ENV_ACCESS_IGNORE_FORCE bool "Block forced environment operations" default n help If defined, don't allow the -f switch to env set override variable access flags. I would think the code should look like this: #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE if (flag & H_FORCE) { printf("## Error: Can't force access to \"%s\"\n", name); return 1; } #else if (flag & H_FORCE) return 0; #endif
On Thu, Jan 28, 2021 at 08:07:54PM +0100, Marek Vasut wrote: > On 1/11/21 11:27 AM, Martin Fuzzey wrote: > > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > a warning message is displayed when setenv -f is used WITHOUT > > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > > in lots of log pollution. > > > > env_flags_validate() returns 0 if the access is accepted, or non zero > > if it is refused. > > > > So the original code > > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > > if (flag & H_FORCE) > > return 0; > > #endif > > > > was correct, it returns 0 (accepts the modification) if forced UNLESS > > IGNORE_FORCE is set (in which case access checks in the following code > > are applied). The broken patch just added a printf to the force accepted > > case. > > > > To obtain the intent of the patch we need this: > > if (flag & H_FORCE) { > > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > printf("## Error: Can't force access to \"%s\"\n", name); > > #else > > return 0; > > #endif > > } > > > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> > > --- > > env/flags.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/env/flags.c b/env/flags.c > > index df4aed2..e3e833c 100644 > > --- a/env/flags.c > > +++ b/env/flags.c > > @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, > > return 1; > > #endif > > -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > > if (flag & H_FORCE) { > > +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > printf("## Error: Can't force access to \"%s\"\n", name); > > +#else > > return 0; > > - } > > #endif > > Based on env/Kconfig description of this option: > > config ENV_ACCESS_IGNORE_FORCE > bool "Block forced environment operations" > default n > help > If defined, don't allow the -f switch to env set override variable > access flags. > > I would think the code should look like this: > > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) { > printf("## Error: Can't force access to \"%s\"\n", name); > return 1; > } > #else > if (flag & H_FORCE) > return 0; > #endif So, prior to 0f036bf4b87e we had what you're suggesting, and that lead to 8a5cdf601f8d (which is the commit I was trying to think of) which Heinrich did not like, but was what was needed to get things to function again. Wouldn't what you're proposing break the use case you had in the first place?
Hi Marek, On Thu, 28 Jan 2021 at 20:07, Marek Vasut <marex@denx.de> wrote: > > Based on env/Kconfig description of this option: > > config ENV_ACCESS_IGNORE_FORCE > bool "Block forced environment operations" > default n > help > If defined, don't allow the -f switch to env set override > variable > access flags. > > I would think the code should look like this: > > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) { > printf("## Error: Can't force access to \"%s\"\n", name); > return 1; > } > #else > if (flag & H_FORCE) > return 0; > #endif I don't think that is right. If you do that force update will be refused when CONFIG_ENV_ACCESS_IGNORE_FORCE, regardless if the access would be valid without the force The kconfig options says don't allow the -f switch to OVERRIDE variable access flags, not "don't allow the -f switch to be used" I think we want this truth table -f used ENV_ACCESS_IGNORE _FORCE Access valid ====> result N X N refused N X Y accepted Y N Y accepted Y N N accepted (forced) Y Y Y accepted Y Y N refused with warning Regards, Martin
On 1/28/21 8:26 PM, Tom Rini wrote: > On Thu, Jan 28, 2021 at 08:07:54PM +0100, Marek Vasut wrote: >> On 1/11/21 11:27 AM, Martin Fuzzey wrote: >>> Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") >>> a warning message is displayed when setenv -f is used WITHOUT >>> CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting >>> in lots of log pollution. >>> >>> env_flags_validate() returns 0 if the access is accepted, or non zero >>> if it is refused. >>> >>> So the original code >>> #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE >>> if (flag & H_FORCE) >>> return 0; >>> #endif >>> >>> was correct, it returns 0 (accepts the modification) if forced UNLESS >>> IGNORE_FORCE is set (in which case access checks in the following code >>> are applied). The broken patch just added a printf to the force accepted >>> case. >>> >>> To obtain the intent of the patch we need this: >>> if (flag & H_FORCE) { >>> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >>> printf("## Error: Can't force access to \"%s\"\n", name); >>> #else >>> return 0; >>> #endif >>> } >>> >>> Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") >>> >>> Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> >>> --- >>> env/flags.c | 5 +++-- >>> 1 file changed, 3 insertions(+), 2 deletions(-) >>> >>> diff --git a/env/flags.c b/env/flags.c >>> index df4aed2..e3e833c 100644 >>> --- a/env/flags.c >>> +++ b/env/flags.c >>> @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, >>> return 1; >>> #endif >>> -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE >>> if (flag & H_FORCE) { >>> +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >>> printf("## Error: Can't force access to \"%s\"\n", name); >>> +#else >>> return 0; >>> - } >>> #endif >> >> Based on env/Kconfig description of this option: >> >> config ENV_ACCESS_IGNORE_FORCE >> bool "Block forced environment operations" >> default n >> help >> If defined, don't allow the -f switch to env set override variable >> access flags. >> >> I would think the code should look like this: >> >> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >> if (flag & H_FORCE) { >> printf("## Error: Can't force access to \"%s\"\n", name); >> return 1; >> } >> #else >> if (flag & H_FORCE) >> return 0; >> #endif > > So, prior to 0f036bf4b87e we had what you're suggesting, and that lead > to 8a5cdf601f8d (which is the commit I was trying to think of) which > Heinrich did not like, but was what was needed to get things to function > again. Wouldn't what you're proposing break the use case you had in the > first place? No, the idea is to completely block the -f flag if CONFIG_ENV_ACCESS_IGNORE_FORCE is set from setting anything in the environment. That's how I understand the Kconfig entry help text.
On 1/28/21 8:37 PM, Fuzzey, Martin wrote: > Hi Marek, Hi, > On Thu, 28 Jan 2021 at 20:07, Marek Vasut <marex@denx.de> wrote: >> >> Based on env/Kconfig description of this option: >> >> config ENV_ACCESS_IGNORE_FORCE >> bool "Block forced environment operations" >> default n >> help >> If defined, don't allow the -f switch to env set override >> variable >> access flags. >> >> I would think the code should look like this: >> >> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >> if (flag & H_FORCE) { >> printf("## Error: Can't force access to \"%s\"\n", name); >> return 1; >> } >> #else >> if (flag & H_FORCE) >> return 0; >> #endif > > I don't think that is right. > > If you do that force update will be refused when > CONFIG_ENV_ACCESS_IGNORE_FORCE, regardless if the access would be > valid without the force That's how I understand the option was intended to work, based on the Kconfig help text. > The kconfig options says don't allow the -f switch to OVERRIDE > variable access flags, not "don't allow the -f switch to be used" I suspect the help text needs clarification then.
On Fri, 29 Jan 2021 at 00:05, Marek Vasut <marex@denx.de> wrote: > > On 1/28/21 8:37 PM, Fuzzey, Martin wrote: > > Hi Marek, > > Hi, > > > On Thu, 28 Jan 2021 at 20:07, Marek Vasut <marex@denx.de> wrote: > >> > >> Based on env/Kconfig description of this option: > >> > >> config ENV_ACCESS_IGNORE_FORCE > >> bool "Block forced environment operations" > >> default n > >> help > >> If defined, don't allow the -f switch to env set override > >> variable > >> access flags. > >> > >> I would think the code should look like this: > >> > >> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > >> if (flag & H_FORCE) { > >> printf("## Error: Can't force access to \"%s\"\n", name); > >> return 1; > >> } > >> #else > >> if (flag & H_FORCE) > >> return 0; > >> #endif > > > > I don't think that is right. > > > > If you do that force update will be refused when > > CONFIG_ENV_ACCESS_IGNORE_FORCE, regardless if the access would be > > valid without the force > > That's how I understand the option was intended to work, based on the > Kconfig help text. > Ok we are understanding different things about what it's supposed to do then. But if everyone agrees that the option should completely disable -f then I'm fine with that, in which case the version of the patch you propose is good (and easier to understand). The problem I have is with the current 0f036bf4b87e which leads to log spam on boards that *don't* have CONFIG_ENV_ACCESS_IGNORE_FORCE set and do use -f. > > The kconfig options says don't allow the -f switch to OVERRIDE > > variable access flags, not "don't allow the -f switch to be used" > > I suspect the help text needs clarification then. Agreed Martin
On 1/29/21 8:42 AM, Fuzzey, Martin wrote: > On Fri, 29 Jan 2021 at 00:05, Marek Vasut <marex@denx.de> wrote: >> >> On 1/28/21 8:37 PM, Fuzzey, Martin wrote: >>> Hi Marek, >> >> Hi, >> >>> On Thu, 28 Jan 2021 at 20:07, Marek Vasut <marex@denx.de> wrote: >>>> >>>> Based on env/Kconfig description of this option: >>>> >>>> config ENV_ACCESS_IGNORE_FORCE >>>> bool "Block forced environment operations" >>>> default n >>>> help >>>> If defined, don't allow the -f switch to env set override >>>> variable >>>> access flags. >>>> >>>> I would think the code should look like this: >>>> >>>> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >>>> if (flag & H_FORCE) { >>>> printf("## Error: Can't force access to \"%s\"\n", name); >>>> return 1; >>>> } >>>> #else >>>> if (flag & H_FORCE) >>>> return 0; >>>> #endif >>> >>> I don't think that is right. >>> >>> If you do that force update will be refused when >>> CONFIG_ENV_ACCESS_IGNORE_FORCE, regardless if the access would be >>> valid without the force >> >> That's how I understand the option was intended to work, based on the >> Kconfig help text. >> > > Ok we are understanding different things about what it's supposed to do then. > > But if everyone agrees that the option should completely disable -f > then I'm fine with that, in which case the version of the patch you > propose is good (and easier to understand). > > The problem I have is with the current 0f036bf4b87e which leads to log > spam on boards that *don't* have CONFIG_ENV_ACCESS_IGNORE_FORCE set > and do use -f. Yes, that should be fixed, one way or the other. (in fact, can you also write a test for this case ?)
On Fri, Jan 29, 2021 at 12:03:52AM +0100, Marek Vasut wrote: > On 1/28/21 8:26 PM, Tom Rini wrote: > > On Thu, Jan 28, 2021 at 08:07:54PM +0100, Marek Vasut wrote: > > > On 1/11/21 11:27 AM, Martin Fuzzey wrote: > > > > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > > > a warning message is displayed when setenv -f is used WITHOUT > > > > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > > > > in lots of log pollution. > > > > > > > > env_flags_validate() returns 0 if the access is accepted, or non zero > > > > if it is refused. > > > > > > > > So the original code > > > > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > > > > if (flag & H_FORCE) > > > > return 0; > > > > #endif > > > > > > > > was correct, it returns 0 (accepts the modification) if forced UNLESS > > > > IGNORE_FORCE is set (in which case access checks in the following code > > > > are applied). The broken patch just added a printf to the force accepted > > > > case. > > > > > > > > To obtain the intent of the patch we need this: > > > > if (flag & H_FORCE) { > > > > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > > > printf("## Error: Can't force access to \"%s\"\n", name); > > > > #else > > > > return 0; > > > > #endif > > > > } > > > > > > > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > > > > > > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> > > > > --- > > > > env/flags.c | 5 +++-- > > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/env/flags.c b/env/flags.c > > > > index df4aed2..e3e833c 100644 > > > > --- a/env/flags.c > > > > +++ b/env/flags.c > > > > @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, > > > > return 1; > > > > #endif > > > > -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > > > > if (flag & H_FORCE) { > > > > +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > > > printf("## Error: Can't force access to \"%s\"\n", name); > > > > +#else > > > > return 0; > > > > - } > > > > #endif > > > > > > Based on env/Kconfig description of this option: > > > > > > config ENV_ACCESS_IGNORE_FORCE > > > bool "Block forced environment operations" > > > default n > > > help > > > If defined, don't allow the -f switch to env set override variable > > > access flags. > > > > > > I would think the code should look like this: > > > > > > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > > > if (flag & H_FORCE) { > > > printf("## Error: Can't force access to \"%s\"\n", name); > > > return 1; > > > } > > > #else > > > if (flag & H_FORCE) > > > return 0; > > > #endif > > > > So, prior to 0f036bf4b87e we had what you're suggesting, and that lead > > to 8a5cdf601f8d (which is the commit I was trying to think of) which > > Heinrich did not like, but was what was needed to get things to function > > again. Wouldn't what you're proposing break the use case you had in the > > first place? > > No, the idea is to completely block the -f flag if > CONFIG_ENV_ACCESS_IGNORE_FORCE is set from setting anything in the > environment. That's how I understand the Kconfig entry help text. So was this all a "by inspection" bug then and not something you ran in to in use? I'm a bit worried that "how it's implemented" is relied upon more than "how it's documented in the help", esp since the former is probably older than the latter.
On 2/1/21 8:31 PM, Tom Rini wrote: > On Fri, Jan 29, 2021 at 12:03:52AM +0100, Marek Vasut wrote: >> On 1/28/21 8:26 PM, Tom Rini wrote: >>> On Thu, Jan 28, 2021 at 08:07:54PM +0100, Marek Vasut wrote: >>>> On 1/11/21 11:27 AM, Martin Fuzzey wrote: >>>>> Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") >>>>> a warning message is displayed when setenv -f is used WITHOUT >>>>> CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting >>>>> in lots of log pollution. >>>>> >>>>> env_flags_validate() returns 0 if the access is accepted, or non zero >>>>> if it is refused. >>>>> >>>>> So the original code >>>>> #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE >>>>> if (flag & H_FORCE) >>>>> return 0; >>>>> #endif >>>>> >>>>> was correct, it returns 0 (accepts the modification) if forced UNLESS >>>>> IGNORE_FORCE is set (in which case access checks in the following code >>>>> are applied). The broken patch just added a printf to the force accepted >>>>> case. >>>>> >>>>> To obtain the intent of the patch we need this: >>>>> if (flag & H_FORCE) { >>>>> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >>>>> printf("## Error: Can't force access to \"%s\"\n", name); >>>>> #else >>>>> return 0; >>>>> #endif >>>>> } >>>>> >>>>> Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") >>>>> >>>>> Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> >>>>> --- >>>>> env/flags.c | 5 +++-- >>>>> 1 file changed, 3 insertions(+), 2 deletions(-) >>>>> >>>>> diff --git a/env/flags.c b/env/flags.c >>>>> index df4aed2..e3e833c 100644 >>>>> --- a/env/flags.c >>>>> +++ b/env/flags.c >>>>> @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, >>>>> return 1; >>>>> #endif >>>>> -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE >>>>> if (flag & H_FORCE) { >>>>> +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >>>>> printf("## Error: Can't force access to \"%s\"\n", name); >>>>> +#else >>>>> return 0; >>>>> - } >>>>> #endif >>>> >>>> Based on env/Kconfig description of this option: >>>> >>>> config ENV_ACCESS_IGNORE_FORCE >>>> bool "Block forced environment operations" >>>> default n >>>> help >>>> If defined, don't allow the -f switch to env set override variable >>>> access flags. >>>> >>>> I would think the code should look like this: >>>> >>>> #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE >>>> if (flag & H_FORCE) { >>>> printf("## Error: Can't force access to \"%s\"\n", name); >>>> return 1; >>>> } >>>> #else >>>> if (flag & H_FORCE) >>>> return 0; >>>> #endif >>> >>> So, prior to 0f036bf4b87e we had what you're suggesting, and that lead >>> to 8a5cdf601f8d (which is the commit I was trying to think of) which >>> Heinrich did not like, but was what was needed to get things to function >>> again. Wouldn't what you're proposing break the use case you had in the >>> first place? >> >> No, the idea is to completely block the -f flag if >> CONFIG_ENV_ACCESS_IGNORE_FORCE is set from setting anything in the >> environment. That's how I understand the Kconfig entry help text. > > So was this all a "by inspection" bug then and not something you ran in > to in use? I'm a bit worried that "how it's implemented" is relied upon > more than "how it's documented in the help", esp since the former is > probably older than the latter. The usecase of the writeable list is to completely block the -f flag. Maybe some further cleanup of the env config options is required, because it is poorly documented it seems.
On Mon, Jan 11, 2021 at 11:27:20AM +0100, Martin Fuzzey wrote: > Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > a warning message is displayed when setenv -f is used WITHOUT > CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting > in lots of log pollution. > > env_flags_validate() returns 0 if the access is accepted, or non zero > if it is refused. > > So the original code > #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE > if (flag & H_FORCE) > return 0; > #endif > > was correct, it returns 0 (accepts the modification) if forced UNLESS > IGNORE_FORCE is set (in which case access checks in the following code > are applied). The broken patch just added a printf to the force accepted > case. > > To obtain the intent of the patch we need this: > if (flag & H_FORCE) { > #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE > printf("## Error: Can't force access to \"%s\"\n", name); > #else > return 0; > #endif > } > > Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") > > Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> Applied to u-boot/master, thanks!
diff --git a/env/flags.c b/env/flags.c index df4aed2..e3e833c 100644 --- a/env/flags.c +++ b/env/flags.c @@ -563,12 +563,13 @@ int env_flags_validate(const struct env_entry *item, const char *newval, return 1; #endif -#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE if (flag & H_FORCE) { +#ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE printf("## Error: Can't force access to \"%s\"\n", name); +#else return 0; - } #endif + } switch (op) { case env_op_delete: if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_DELETE) {
Since commit 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") a warning message is displayed when setenv -f is used WITHOUT CONFIG_ENV_ACCESS_IGNORE_FORCE, but the variable is set anyway, resulting in lots of log pollution. env_flags_validate() returns 0 if the access is accepted, or non zero if it is refused. So the original code #ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE if (flag & H_FORCE) return 0; #endif was correct, it returns 0 (accepts the modification) if forced UNLESS IGNORE_FORCE is set (in which case access checks in the following code are applied). The broken patch just added a printf to the force accepted case. To obtain the intent of the patch we need this: if (flag & H_FORCE) { #ifdef CONFIG_ENV_ACCESS_IGNORE_FORCE printf("## Error: Can't force access to \"%s\"\n", name); #else return 0; #endif } Fixes: 0f036bf4b87e ("env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set") Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group> --- env/flags.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)