Re: [devel] [PATCH 0/1] Review Request for imm: Do not update admo name from the after image when committing modification [#2576]

[Hung Nguyen]

Hi Anders,

Thanks for the comments.
I agree with you about that, that would be safer.
I will send new solution to review.

BR,

Hung Nguyen - DEK Technologies


--------------------------------------------------------------------------------
From: Anders Bjornerstedt anders.bjornerst...@telia.com
Sent: Monday, September 11, 2017 4:25PM
To: Hung Nguyen, Zoran Milinkovic
    hung.d.ngu...@dektech.com.au, zoran.milinko...@ericsson.com
Cc: Opensaf-devel
    opensaf-devel@lists.sourceforge.net
Subject: Re: [devel] [PATCH 0/1] Review Request for imm: Do not update admo 
name from the after image when committing modification [#2576]


Another possibly even stronger argument for TRY_AGAIN is that the admin-owner 
mechanism is supposed
to allow a user to establish a stable/safe read-set on some config data.

That is a user that successfully sets a unique admin-owner on a set of objects, 
may expect to read that set of data
while it is *not* being mutated during the read process (unless it is mutated 
under the same admin owner).
With this new "feature" that is no longer true.
A late arriving ccb-commit (from a different admin-owner) could alter any 
object at any time in such a read-set

There is of course today a CCB related safe-read to obtain an even tighter 
guard than the admin-owner clunk.
But legacy applications may depend on the admin-owner clunk to perform stable 
reads.

/AndersBj

----Ursprungligt meddelande----
Från : anders.bjornerst...@telia.com
Datum : 2017-09-11 - 09:59 (GMT)
Till : hung.d.ngu...@dektech.com.au, zoran.milinko...@ericsson.com
Kopia : opensaf-devel@lists.sourceforge.net
Ämne : Re: [devel] [PATCH 0/1] Review Request for imm: Do not update admo name 
from the after image when committing modification [#2576]

Hi,

An alternative and I think cleaner (safer ?) solution would be to not allow 
adminOwnerSet to be performed on an object that is currently
part of an active (not comitted or aborted) CCB, unless the admin-owner-name is 
the same as the current admin-owner-name (not this case).
That is to return TRY_AGAIN on such an admin-owner-set  request.

The admin-owner concept is really a very clunky access-control mechanism.
You could also say that having a "feature" of alowing to set admin-owner on an 
object currently still being processed for CCB commit
is of questionable value. In theory the prior CCB could either abort or commit.

Any performance argument (ccb throughput) can be ignored because config data is 
not intended to support high throughput.

/AndersBj

----Ursprungligt meddelande----
Från : hung.d.ngu...@dektech.com.au
Datum : 2017-09-11 - 08:14 (GMT)
Till : zoran.milinko...@ericsson.com
Kopia : opensaf-devel@lists.sourceforge.net
Ämne : [devel] [PATCH 0/1] Review Request for imm: Do not update admo name from 
the after image when committing modification [#2576]

Summary: imm: Do not update admo name from the after image when committing 
modification [#2576]
Review request for Ticket(s): 2576
Peer Reviewer(s): Zoran
Pull request to:
Affected branch(es): develop, release
Development branch: ticket-2576
Base revision: 10a83558372bbeae8b2d09e0fefd55cbc11dbd5d
Personal repository: git://git.code.sf.net/u/xhunngu/review

--------------------------------
Impacted area       Impact y/n
--------------------------------
Docs                    n
Build system            n
RPM/packaging           n
Configuration files     n
Startup scripts         n
SAF services            y
OpenSAF services        n
Core libraries          n
Samples                 n
Tests                   n
Other                   n


Comments (indicate scope for each "y" above):
---------------------------------------------


revision 365fdbec95c45c4671f12332aed53a87ba4e49a8
Author: Hung Nguyen <hung.d.ngu...@dektech.com.au>
Date:   Mon, 11 Sep 2017 14:01:00 +0700

imm: Do not update admo name from the after image when committing modification 
[#2576]

Value of admo name in the after image may not be correct in some cases,
but value of admo name in the before image (in sObjectMap) is always up to date.

We should keep the admo name value of the before image when committing 
modification.



Complete diffstat:
------------------
src/imm/immnd/ImmModel.cc | 22 +++++++---------------
1 file changed, 7 insertions(+), 15 deletions(-)


Testing Commands:
-----------------



Testing, Expected Results:
--------------------------



Conditions of Submission:
-------------------------
Ack from reviewers.


Arch      Built     Started    Linux distro
-------------------------------------------
mips        n          n
mips64      n          n
x86         n          n
x86_64      n          n
powerpc     n          n
powerpc64   n          n


Reviewer Checklist:
-------------------
[Submitters: make sure that your review doesn't trigger any checkmarks!]


Your checkin has not passed review because (see checked entries):

___ Your RR template is generally incomplete; it has too many blank entries
    that need proper data filled in.

___ You have failed to nominate the proper persons for review and push.

___ Your patches do not have proper short+long header

___ You have grammar/spelling in your header that is unacceptable.

___ You have exceeded a sensible line length in your headers/comments/text.

___ You have failed to put in a proper Trac Ticket # into your commits.

___ You have incorrectly put/left internal data in your comments/files
    (i.e. internal bug tracking tool IDs, product names etc)

___ You have not given any evidence of testing beyond basic build tests.
    Demonstrate some level of runtime or other sanity testing.

___ You have ^M present in some of your files. These have to be removed.

___ You have needlessly changed whitespace or added whitespace crimes
    like trailing spaces, or spaces before tabs.

___ You have mixed real technical changes with whitespace and other
    cosmetic code cleanup changes. These have to be separate commits.

___ You need to refactor your submission into logical chunks; there is
    too much content into a single commit.

___ You have extraneous garbage in your review (merge commits etc)

___ You have giant attachments which should never have been sent;
    Instead you should place your content in a public tree to be pulled.

___ You have too many commits attached to an e-mail; resend as threaded
    commits, or place in a public tree for a pull.

___ You have resent this content multiple times without a clear indication
    of what has changed between each re-send.

___ You have failed to adequately and individually address all of the
    comments and change requests that were proposed in the initial review.

___ You have a misconfigured ~/.gitconfig file (i.e. user.name, user.email etc)

___ Your computer have a badly configured date and time; confusing the
    the threaded patch review.

___ Your changes affect IPC mechanism, and you don't present any results
    for in-service upgradability test.

___ Your changes affect user manual and documentation, your patch series
    do not contain the patch that updates the Doxygen manual.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel