[PATCH RESEND libgpiod v2 10/18] dbus: add the API definitions
Thiago Macieira
thiago at kde.org
Tue Jul 2 09:06:44 UTC 2024
On Tuesday 2 July 2024 08:48:43 CEST Sverdlin, Alexander wrote:
> > What's the point of this property? It looks racy, as the user (whichever
> > it
> > is) can stop using it soon after a true read, or the line can become used
> > right after a false read? The latter could lead to TOCTOU problems.
> >
> > Wouldn't it be better to force users to RequestLine and get an error if
> > the
> > line is busy? Because if it wasn't busy, now the calling application knows
> > nothing else can grab it.
>
> this approach would make the inspection itself racy, isn't it?
> I'm thinking about two instances of "gpiocli info" running in parallel, they
> would display GPIO lines randomly "busy" even in case none of them actually
> is?
Correct, but the race time would be very small. The status application need
not keep the line requested for long, only enough to get the current state.
In any case, my argument is for everything *except* for the status / info
application. That's an outlier application, of which there's likely to be a
single one in the system. However, there will likely be multiple applications
that need lines for actual uses. The argument is that the presence of the
property can lead application authors to check before RequestLine in order to
present a message to their users, possibly because their code is simpler for
reading a property than dealing with an error.
Therefore, my advice is to not have the API that can lead to TOCTOU, even if
by accident.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Principal Engineer - Intel DCAI Platform & System Engineering
More information about the dbus
mailing list