[Spice-devel] [PATCH 1/2] Ensure that plugins cannot bypass version check
Christophe Fergeau
cfergeau at redhat.com
Mon Mar 26 17:06:04 UTC 2018
On Fri, Mar 23, 2018 at 01:05:23PM +0100, Christophe de Dinechin wrote:
> 2. ODR-related problems
>
> The C++ One Definition Rule (ODR) states that all translation units
> must see the same definitions. In the current code, when we call
> Agent::PluginVersionIsCompatible from the plugin, it is an ODR
> violation as soon as we have made any change in the Agent class
> compared to what the plugin was compiled against.
>
> The current code therefore relies on implementation dependent knowlege
> of how virtual functions are laid out in the vtable, and puts
> unnecessary constraints on the changes allowed in the classes
> (e.g. it's not allowed to put anything before some member functions)
Just to be sure I understand everything properly, as I could not figure
it out fully from the commit log... The problem at the moment is that we
expect the plugins to call Agent::PluginVersionIsCompatible(), but if
the agent ABI drastically changed, we won't be able to do that as the
layout of the Agent when the plugin was built and the new layout of the
Agent won't match. Given that Agent::PluginVersionIsCompatible() is
supposed to be used to detect incompatible ABIs, this could be an issue.
After your change, the plugin compatibility detection is changed to be
done from the agent, and it only needs to get an int from the plugin,
which we should be able to not break from an ABI point of view.
However, my understanding is that once the version check has succeeded, we
assume that ODR violations are not going to cause issues, because we
have validated through that version check that the ABI is compatible.
In other word, without any version check, we could have issues with
calling Agent::Register() from a plugin, but thanks to the version
check, we assume that this ODR violation is not going to cause actual
issues?
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180326/1a3e64ae/attachment.sig>
More information about the Spice-devel
mailing list