external: normalize unambiguous file id lookup

cheese-cakee · cheese-cakee · commit 079e01bd8f7f · 2026-04-28T13:31:38.000+05:30
external_lookup_id() uses strict string comparison, so file[0xa:0xa] and file[10:10] (the same file) wont match when one side emits hex and the other decimal. Add a numeric comparison path, but only for unambiguous forms to preserve backward compatibility. The key insight from avagins review: a component like 11 is ambiguous it could mean decimal 11 or hex (0x11 = 17 decimal). Without the explicit 0x prefix, there is no way to know the users intent. file[11:17] and file[17:23] could silently match incorrectly. Parse rules: - 0x... => unambiguous hex (explicit prefix) - contains hex digits (a-f/A-F) => unambiguous hex - digits only => ambiguous, do NOT normalize-match Only normalize when BOTH the mnt_id AND inode components are unambiguous. Ambiguous IDs retain their literal/exact semantics. This narrow fix addresses backward compatibility concerns: - CRIU emits bare hex from %x (e.g., file[a:a]): unambiguous, normalizes - CRIU emits bare digits from %x (e.g., file[10:10]): ambiguous, doesnt normalize - User provides file[0xa:0xa]: unambiguous, matches to stored file[0xa:0xa] - User provides file[10:10]: ambiguous, matches to stored file[10:10] - file[10:10] will NOT normalize-match file[0xa:0xa] because the latter is unambiguous Fixes: #2951 Signed-off-by: Farzan Aman Khan <farzanaman99@gmail.com>
diff --git a/criu/external.c b/criu/external.c
@@ -1,3 +1,8 @@
+#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+
 #include "common/err.h"
 #include "common/list.h"
 #include "cr_options.h"
@@ -8,7 +13,91 @@
 
 #include "net.h"
 
-int add_external(char *key)
+static bool
+token_has_hex_letters(const char *start, const char *end)
+{
+	const char *p;
+
+	for (p = start; p < end; p++) {
+		if ((*p >= 'a' && *p <= 'f') || (*p >= 'A' && *p <= 'F'))
+			return true;
+	}
+
+	return false;
+}
+
+static bool
+token_has_hex_prefix(const char *start, const char *end)
+{
+	return (end - start) > 2 && start[0] == '0' &&
+		(start[1] == 'x' || start[1] == 'X';
+}
+
+static bool
+parse_external_id_component(const char *id, char delim, char **end,
+			     unsigned long long *val, bool *unambiguous)
+{
+	char *tmp;
+
+	/*
+	 * First try decimal. If it fully consumes the component, this token is
+	 * ambiguous (digits-only can be decimal or hex).
+	 */
+	errno = 0;
+	*val = strtoull(id, &tmp, 10);
+	if (!errno && tmp != id && *tmp == delim) {
+		*end = tmp;
+		*unambiguous = false;
+		return true;
+	}
+
+	/*
+	 * Fallback to hex for forms decimal parser can't consume up to delim.
+	 * This covers 0x-prefixed values and bare-hex values with a-f/A-F.
+	 */
+	errno = 0;
+	*val = strtoull(id, &tmp, 16);
+	if (errno || tmp == id || *tmp != delim)
+		return false;
+
+	*end = tmp;
+	*unambiguous = token_has_hex_prefix(id, tmp) ||
+		       token_has_hex_letters(id, tmp);
+	return true;
+}
+
+static bool
+parse_external_file_id(const char *id, unsigned int *mnt_id, uint64_t *inode,
+		       bool *unambiguous)
+{
+	char *end = NULL;
+	unsigned long long val;
+	bool mnt_unambiguous, inode_unambiguous;
+
+	if (!strstartswith(id, "file["))
+		return false;
+	id += strlen("file[");
+
+	if (!parse_external_id_component(id, ':', &end, &val, &mnt_unambiguous))
+		return false;
+	if (val > UINT_MAX)
+		return false;
+	*mnt_id = (unsigned int)val;
+
+	id = end + 1;
+	if (!parse_external_id_component(id, ']', &end, &val, &inode_unambiguous))
+		return false;
+	end++;
+	if (*end != '\0')
+		return false;
+
+	*inode = val;
+	*unambiguous = mnt_unambiguous && inode_unambiguous;
+	return true;
+}
+
+int
+add_external(char *key)
 {
 	struct external *ext;
 
@@ -39,10 +128,31 @@ int add_external(char *key)
 bool external_lookup_id(char *id)
 {
 	struct external *ext;
+	unsigned int id_mnt_id, ext_mnt_id;
+	uint64_t id_inode, ext_inode;
+	bool id_unambiguous, ext_unambiguous;
+
+	if (!parse_external_file_id(id, &id_mnt_id, &id_inode, &id_unambiguous))
+		id_unambiguous = false;
 
-	list_for_each_entry(ext, &opts.external, node)
+	list_for_each_entry(ext, &opts.external, node) {
 		if (!strcmp(ext->id, id))
 			return true;
+
+		/*
+		 * Only normalize when BOTH the queried ID and the stored ID
+		 * are unambiguous (explicit 0x prefix or explicit hex digits).
+		 * Ambiguous IDs (digit-only like 11) retain their literal semantics
+		 * and are not matched by normalization to avoid silent miscorrection.
+		 * This preserves backward compatibility with existing checkpoint
+		 * images while enabling proper matching for unambiguous forms.
+		 */
+		if (id_unambiguous &&
+		    parse_external_file_id(ext->id, &ext_mnt_id, &ext_inode, &ext_unambiguous) &&
+		    ext_unambiguous &&
+		    ext_mnt_id == id_mnt_id && ext_inode == id_inode)
+			return true;
+	}
 	return false;
 }
 
