[PWCI] "[ovs-dev] ovsdb-idl: Add a way to assert IDL txn as read only."

[ovsrobot]

NOTE: This is an auto submission for "[ovs-dev] ovsdb-idl: Add a way to assert IDL txn as read only.".

See "http://patchwork.ozlabs.org/project/openvswitch/list/?series=473167" for details.

Summary by Sourcery

Add a new mechanism to mark ovsdb IDL transactions as read-only with assertions to prevent accidental writes, update tests and CLI to exercise this mode, and correct tunnel flag handling in the native tunnel and GRE parsers.

New Features:

• Introduce ovsdb_idl_txn_assert_read_only API to designate transactions as read-only.
• Add assertion checks to all IDL transaction write paths to enforce read-only mode.

Enhancements:

• Handle IP "Don't Fragment" flag in netdev-native-tnl metadata extraction.
• Change GRE checksum flag logic to use bitwise OR instead of assignment in the GRE parser.

Tests:

• Add a new --assert-read-only test option and pass it through to transactions in test_ovsdb.

Summary by CodeRabbit

• New Features

  • Optional read-only mode for database transactions to guard against unintended writes.

• Bug Fixes

  • Correctly preserve tunnel flags when parsing GRE, maintaining checksum indicators.
  • Propagate IPv4 Don’t Fragment into tunnel metadata, aligning GRE/Geneve flag reporting (+df-csum).
  • Updated NSH trace formatting to simplify header representation.

• Tests

  • Added C-mode tests ensuring read-only transactions reject writes.
  • Updated GRE/Geneve and NSH test expectations to match new flag handling and trace output.

• Documentation

  • Maintainers list updated to reflect emeritus status changes.

[sourcery-ai]

Reviewer's Guide

The patch adds a read-only assertion mechanism to ovsdb-idl transactions by introducing a flag and injecting assertion checks into all mutating operations, extends the test suite to drive this flag, and includes minor fixes in the native tunnel parsing code to handle the IPv4 DF bit and preserve existing GRE checksum flags.

File-Level Changes

Change	Details	Files
Add read-only assertion support in ovsdb-idl transactions	Introduce bool assert_read_only in ovsdb_idl_txn and initialize to false Inject ovs_assert(!txn->assert_read_only) into all write operations (increment, write__, delete, insert, add_map_op, add_set_op) Implement ovsdb_idl_txn_assert_read_only(txn, assert) setter Expose the new setter in the public header	lib/ovsdb-idl.c lib/ovsdb-idl.h
Extend tests to drive the assert_read_only flag	Add aseert_read_only field and '-r/--assert-read-only' option to test context Propagate the assert_read_only flag into idl_set and adjust its signature	tests/test-ovsdb.c
Fix native tunnel parsing to handle DF bit and preserve GRE csum flag	Set FLOW_TNL_F_DONT_FRAGMENT when the IPv4 DF bit is present Use '	=' instead of '=' to preserve existing flags when handling GRE checksum

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

The changes add an IDL transaction read-only assertion API and wire it into tests, adjust GRE/Geneve/NSH tunnel flag handling and representations (notably DF and CSUM), update corresponding test expectations, and modify MAINTAINERS.rst to move a committer to emeritus.

Changes

Cohort / File(s)	Summary
Maintainers update MAINTAINERS.rst	Moved Russell Bryant from active committers to Emeritus Committers.
Tunnel metadata and GRE parsing lib/netdev-native-tnl.c	Propagates IPv4 DF to FLOW_TNL_F_DONT_FRAGMENT in tunnel metadata; preserves existing flags when setting GRE CSUM by OR-ing instead of assigning.
IDL read-only API (core) lib/ovsdb-idl.c, lib/ovsdb-idl.h	Adds bool field assert_read_only to ovsdb_idl_txn; new API ovsdb_idl_txn_assert_read_only(txn, bool); asserts in write paths (increment, write, delete, insert, map/set ops) when read-only is asserted; header declaration added.
Tests: IDL read-only behavior tests/ovsdb-idl.at, tests/test-ovsdb.c	Adds CLI option --assert-read-only (-r) to test-ovsdb; extends idl_set signature to accept read-only flag and calls ovsdb_idl_txn_assert_read_only; adds C-mode tests that verify assertions on insert/set/delete under read-only.
Tests: NSH formatting and flags tests/nsh.at	Updates expected outputs for NSH traces: DF-related flag encoding changes (-df→+df), removal of np field from display, and aligned action strings.
Tests: Packet-type aware paths tests/packet-type-aware.at	Updates expected flows/actions/pcaps reflecting GRE DF/CSUM flag changes and resultant path/control-flow differences (more tunnel-centric, altered recirc presence/order).
Tests: Tunnel push/pop flags tests/tunnel-push-pop.at	Adjusts expected Geneve flags from -df-csum+key to +df-csum+key in a flow-dump line.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as test-ovsdb (CLI)
  participant I as OVSDB IDL
  participant T as IDL Transaction
  participant S as Write Path (insert/set/delete)

  U->>I: idl_set(..., assert_read_only=true)
  I->>T: ovsdb_idl_txn_create()
  I->>T: ovsdb_idl_txn_assert_read_only(T, true)
  U->>S: attempt write (e.g., insert/set/delete)
  S->>T: check T.assert_read_only
  alt read-only asserted
    S-->>U: abort via assertion (write forbidden)
  else not asserted
    S->>I: proceed with write
    I-->>U: normal completion
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

A rabbit taps keys with a rhythmic delight,
“Read-only,” it squeaks, “no writes in sight!”
GRE flags flip, DF rides along,
NSH sheds np, still humming its song.
Tests burrow deeper, outputs aligned—
Carrots for code that’s neatly refined. 🥕✨

Pre-merge checks (2 passed, 1 warning)

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 46.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title clearly and concisely summarizes the primary change — adding a way to assert an ovsdb-idl transaction as read-only — which matches the modifications to lib/ovsdb-idl.{c,h} and the accompanying tests; the bracketed prefixes ([PWCI], [ovs-dev]) are metadata but do not make the title misleading.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch series_473167

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• There's a typo in the test code: aseert_read_only should be assert_read_only.
• The PR currently mixes unrelated OVSDB IDL changes with netdev-native-tnl fixes—consider splitting the netdev patches into a separate commit or PR.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- There's a typo in the test code: `aseert_read_only` should be `assert_read_only`.
- The PR currently mixes unrelated OVSDB IDL changes with netdev-native-tnl fixes—consider splitting the netdev patches into a separate commit or PR.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (15)

lib/ovsdb-idl.h (1)

388-389: Rename parameter and document API intent.

Minor clarity nit: avoid using “assert” as a parameter name and add a short comment to state this is a debug-time assertion (no-op with NDEBUG).

Proposed tweak:

-void ovsdb_idl_txn_assert_read_only(struct ovsdb_idl_txn *txn, bool assert);
+/* Enables a debug-only assertion that the transaction remains read-only.
+ * Has no effect in release builds compiled with NDEBUG. */
+void ovsdb_idl_txn_assert_read_only(struct ovsdb_idl_txn *txn, bool enable);

(Please also update the .c implementation and any call sites accordingly.)

tests/ovsdb-idl.at (1)

3005-3046: Good coverage for read-only mode (insert/set/delete).

The tests correctly expect an assertion failure and ignore exit status, then grep stderr. Consider guarding these with a skip if asserts are disabled (NDEBUG) to avoid false negatives in release builds. Also, you could match a slightly looser regex to reduce fragility across assert formatting changes.

Example adjustments:

• Skip on non-assert builds (pseudo-example, adapt to your build env):

AT_SKIP_IF([test "x$OVS_ENABLE_ASSERTS" = "xno"])

• Loosen grep to tolerate minor message format changes:

-AT_CHECK([grep -qE "assertion !.*txn->assert_read_only failed" stderr], [0])
+AT_CHECK([grep -qE "assert.*read[_ ]only.*failed" stderr], [0])

lib/ovsdb-idl.c (7)

2841-2846: Asserting increment in RO mode is fine; add a clearer guard.

Minor: assert the presence of a txn before dereferencing, then assert RO, for symmetry with other write paths.

Apply:

 void
 ovsdb_idl_txn_increment(struct ovsdb_idl_txn *txn,
                         const struct ovsdb_idl_row *row,
                         const struct ovsdb_idl_column *column,
                         bool force)
 {
@@
-    ovs_assert(!txn->assert_read_only);
+    ovs_assert(txn);
+    ovs_assert(!txn->assert_read_only);

---

3653-3658: Avoid potential NULL-deref chain; assert txn then RO.

Defensive check before row->table->idl->txn->....

Apply:

-    ovs_assert(!row->table->idl->txn->assert_read_only);
+    ovs_assert(row->table && row->table->idl && row->table->idl->txn);
+    ovs_assert(!row->table->idl->txn->assert_read_only);

---

3839-3843: Same guard for delete path.

Mirror the write guard pattern.

Apply:

-    ovs_assert(!is_index_row(row_));
-    ovs_assert(!row->table->idl->txn->assert_read_only);
+    ovs_assert(!is_index_row(row_));
+    ovs_assert(row->table && row->table->idl && row->table->idl->txn);
+    ovs_assert(!row->table->idl->txn->assert_read_only);

---

3868-3873: Same guard for insert path.

Short, consistent guard improves readability.

Apply:

-    ovs_assert(uuid || !persist_uuid);
-    ovs_assert(!txn->assert_read_only);
+    ovs_assert(uuid || !persist_uuid);
+    ovs_assert(txn);
+    ovs_assert(!txn->assert_read_only);

---

4230-4232: Same guard for partial map ops.

Defensive assert before deref.

Apply:

-    ovs_assert(!row->table->idl->txn->assert_read_only);
+    ovs_assert(row->table && row->table->idl && row->table->idl->txn);
+    ovs_assert(!row->table->idl->txn->assert_read_only);

---

4268-4270: Same guard for partial set ops.

Keep guards uniform across write helpers.

Apply:

-    ovs_assert(!row->table->idl->txn->assert_read_only);
+    ovs_assert(row->table && row->table->idl && row->table->idl->txn);
+    ovs_assert(!row->table->idl->txn->assert_read_only);

---

4580-4589: Rename parameter to avoid shadowing common macro name.

Using “assert” as a parameter name is brittle. Prefer “enable”.

Apply:

-void
-ovsdb_idl_txn_assert_read_only(struct ovsdb_idl_txn *txn, bool assert)
+void
+ovsdb_idl_txn_assert_read_only(struct ovsdb_idl_txn *txn, bool enable)
 {
     if (txn) {
-        txn->assert_read_only = assert;
+        txn->assert_read_only = enable;
     }
 }

Note: mirror the rename in the declaration and call sites.

tests/test-ovsdb.c (6)

61-62: Fix typo in flag name (aseert_read_only → assert_read_only).

Keeps the option readable and consistent.

Apply:

-    bool aseert_read_only;
+    bool assert_read_only;

---

97-99: Use no_argument for --assert-read-only.

The option doesn’t take a value; optional_argument is misleading.

Apply:

-        {"assert-read-only", optional_argument, NULL, 'r'},
+        {"assert-read-only", no_argument, NULL, 'r'},

---

136-139: Align field name with the typo fix.

Update assignment accordingly.

Apply:

-        case 'r':
-            pvt->aseert_read_only = true;
+        case 'r':
+            pvt->assert_read_only = true;
             break;

---

2919-2922: Align call site with field rename.

Pass the corrected field name.

Apply:

-            if (!idl_set(idl, arg, step++, pvt->aseert_read_only)) {
+            if (!idl_set(idl, arg, step++, pvt->assert_read_only)) {

---

160-265: Add CLI help for --assert-read-only.

Expose the new flag in usage().

You can append this line in the “Other options” section:

printf("  -r, --assert-read-only     assert IDL transactions are read-only (debug builds)\n");

---

85-158: Optional: initialize new context fields explicitly.

Not required (designated init zeros others), but explicit init aids clarity.

Apply:

-    struct test_ovsdb_pvt_context pvt = {.track = false};
+    struct test_ovsdb_pvt_context pvt = {
+        .write_changed_only = false,
+        .track = false,
+        .assert_read_only = false,
+    };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a2169a and 0febf15.

📒 Files selected for processing (9)

• MAINTAINERS.rst (1 hunks)
• lib/netdev-native-tnl.c (2 hunks)
• lib/ovsdb-idl.c (9 hunks)
• lib/ovsdb-idl.h (1 hunks)
• tests/nsh.at (2 hunks)
• tests/ovsdb-idl.at (1 hunks)
• tests/packet-type-aware.at (8 hunks)
• tests/test-ovsdb.c (6 hunks)
• tests/tunnel-push-pop.at (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

lib/netdev-native-tnl.c (1)

include/sparse/netinet/in.h (1)

• htons (158-161)

lib/ovsdb-idl.h (1)

lib/ovsdb-idl.c (1)

• ovsdb_idl_txn_assert_read_only (4583-4589)

tests/test-ovsdb.c (2)

tests/test-ovsdb.py (1)

• idl_set (450-727)

lib/ovsdb-idl.c (1)

• ovsdb_idl_txn_assert_read_only (4583-4589)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (22)

• GitHub Check: linux gcc dpdk check-afxdp
• GitHub Check: linux clang dpdk-shared
• GitHub Check: linux gcc m32 --disable-ssl
• GitHub Check: linux gcc dpdk --enable-shared
• GitHub Check: linux gcc --enable-afxdp
• GitHub Check: linux clang test --enable-shared
• GitHub Check: linux clang check check-dpdk dpdk
• GitHub Check: linux gcc test -ljemalloc
• GitHub Check: linux gcc test
• GitHub Check: linux clang c99
• GitHub Check: linux clang address,undefined test
• GitHub Check: linux clang test -ljemalloc
• GitHub Check: linux gcc test --enable-shared
• GitHub Check: linux gcc check check-dpdk dpdk
• GitHub Check: linux gcc c99
• GitHub Check: linux gcc --disable-ssl
• GitHub Check: clang-analyze-cache
• GitHub Check: linux deb no dpdk
• GitHub Check: linux rpm fedora
• GitHub Check: build oss-fuzz fuzzers
• GitHub Check: libreswan (ubuntu-24.04)
• GitHub Check: freebsd_build COMPILER:clang freebsd_instance:family/freebsd-14-3-snap

🔇 Additional comments (11)

MAINTAINERS.rst (1)

94-95: Move to Emeritus looks correct and ordering is consistent.

Russell Bryant is removed from Active and added under Emeritus; placement fits the (first-name) alphabetical order and email formatting matches surrounding entries.

tests/tunnel-push-pop.at (1)

688-689: Test expectations updated to reflect DF propagation — looks good.

The switches from flags(-df-csum+key) to flags(+df-csum+key) align with DF being carried into tunnel metadata and GRE/Geneve parsing preserving existing flags. Expectations match the code changes.

Also applies to: 722-724, 776-779

lib/netdev-native-tnl.c (2)

155-158: Correctly propagate IPv4 DF into tunnel flags.

Using htons(IP_DF) against ip_frag_off and OR-ing FLOW_TNL_F_DONT_FRAGMENT is the right approach; integrates cleanly with header build, which sets IP_DF based on tnl flags.

---

474-475: Preserve existing flags when GRE CSUM present — good fix.

Changing from assignment to |= avoids clobbering DF or previously set bits from ip_extract_tnl_md.

tests/nsh.at (1)

1-3: No annotated changes to review in this file.

Proceeding without comments.

tests/packet-type-aware.at (1)

327-327: GRE tunnel flags expectations updated correctly (+df-csum).

The new dump-flow expectations align with preserving DF and GRE CSUM in tunnel metadata. Looks consistent across L2 and L3 paths and through recirc. No further action.

Also applies to: 345-345, 363-363, 381-382, 400-401, 419-419, 1018-1019

lib/ovsdb-idl.h (1)

388-389: Ensure ovsdb_idl_txn_assert_read_only is exported in platform symbol lists

Prototype: lib/ovsdb-idl.h:388; Definition: lib/ovsdb-idl.c:4584. No libopenvswitch.sym/.def found under lib/ in this check — confirm or add ovsdb_idl_txn_assert_read_only to your export list(s) (libopenvswitch.sym/.def or platform equivalents) so test-ovsdb links on all platforms.

lib/ovsdb-idl.c (2)

114-115: Good addition: per-txn read-only flag.

Field name and placement are consistent with other txn state.

---

2775-2776: Initializer added correctly.

Ensures default RW behavior unless explicitly asserted RO.

tests/test-ovsdb.c (2)

2468-2482: Good: RO assertion hooked into idl_set txn.

This correctly enforces RO per txn when enabled.

---

2468-2654: Optional: gate RO assertion to only when writes are attempted — no change required. Current approach asserts at write sites; leave as-is. Verification attempt didn’t run (ripgrep: "No files were searched") — re-run the typo check to confirm no misspellings.