Skip to content

[8.1] Fix lua-enable-insecure-api default value cannot be changed to yes (#3548)#4183

Merged
sarthakaggarwal97 merged 1 commit into
valkey-io:8.1from
dubey02-valkey:backport-3548-8.1
Jul 17, 2026
Merged

[8.1] Fix lua-enable-insecure-api default value cannot be changed to yes (#3548)#4183
sarthakaggarwal97 merged 1 commit into
valkey-io:8.1from
dubey02-valkey:backport-3548-8.1

Conversation

@dubey02

@dubey02 dubey02 commented Jul 16, 2026

Copy link
Copy Markdown

Backport of #3548 to 8.1. Same adaptation as the 9.0 backport in #4182.

Adaptation for 8.1: only the second fix from the original PR (the
lua_insecure_api_current sync in server.c) applies here. The first fix does
not exist on 8.1: the Lua engine is not modularized on this branch (src/lua/,
not src/modules/lua/), there is no per-engine-context
lua_enable_insecure_api field hardcoded to 0, and the deprecated-API
allowlist gate reads server.lua_enable_insecure_api directly in
luaNewIndexAllowList (script_lua.c). Since evalInit() runs in
initServer() after loadServerConfig(), the config-file value is already
honored at Lua state initialization. The engine_lua.c hunk is therefore
dropped.

Validation on 8.1:

  • Full unit/scripting suite passes with the fix
  • Both new tests fail without the fix with the expected symptom: getfenv()
    remains accessible after CONFIG SET lua-enable-insecure-api no because
    updateLuaEnableInsecureApi() sees 0 != 0 as false and skips evalReset()

…alkey-io#3548)

The default value of lua-enable-insecure-api cannot be safely changed
from no to yes due to two issues:

1. In createEngineContext(), lua_enable_insecure_api was hardcoded to 0
   before initializing Lua states, so deprecated APIs (newproxy, setfenv,
   getfenv) were never registered in the global table regardless of the
   actual config value. Once the global table is locked, the config
   change has no effect.

2. lua_insecure_api_current was initialized to 0 (struct zero-init) and
   never synced with the final config value. If the default was changed
   to yes(1), a subsequent CONFIG SET no would see both values as 0 and
   skip the evalReset() call in updateLuaEnableInsecureApi().

Fix by reading the real config via isLuaInsecureAPIEnabled() in
createEngineContext() before Lua state initialization, and syncing
lua_insecure_api_current after all config sources (default, config file,
command-line args) are applied.

8.1 backport note: only fix valkey-io#2 (the lua_insecure_api_current sync in
server.c) applies to this branch. Bug valkey-io#1 does not exist on 8.1: there is
no per-engine-context lua_enable_insecure_api field hardcoded to 0 --
the Lua engine has not been modularized here (src/lua/, not
src/modules/lua/). The deprecated-API allowlist gate reads
server.lua_enable_insecure_api directly (script_lua.c
luaNewIndexAllowList), and evalInit() runs in initServer() after
loadServerConfig(), so the config-file value is already honored at Lua
state initialization. The engine_lua.c hunk is therefore dropped.
Validated: the two new tests fail on 8.1 without the server.c sync and
pass with it.

Signed-off-by: Binbin <binloveplay1314@qq.com>
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a77de0df-bfb2-4cc2-91d0-6aae4b719413

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@valkey-review-bot valkey-review-bot Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found one startup-order issue in the new lua_insecure_api_current sync. The assignment still runs after startup modules, so a module that changes lua-enable-insecure-api from ValkeyModule_OnLoad() can leave the EVAL environment out of sync.

Comment thread src/server.c
* config sources (default, config file, command-line args) have been
* applied, so that updateLuaEnableInsecureApi() can correctly detect
* subsequent changes via CONFIG SET. */
server.lua_insecure_api_current = server.lua_enable_insecure_api;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moduleLoadFromQueue() has already run before this line (src/server.c:7167-7170, src/module.c:12189-12205), and startup modules are allowed to issue ValkeyModule_Call() from ValkeyModule_OnLoad() (tests/modules/basics.c:948-953). That means a module loaded from the config file can call CONFIG SET lua-enable-insecure-api no during OnLoad().

If the server booted with lua-enable-insecure-api yes and enable-protected-configs yes, updateLuaEnableInsecureApi() will compare the zero-initialized server.lua_insecure_api_current against the new 0 and skip evalReset() (src/config.c:2612-2618), so the EVAL Lua state stays initialized with the old yes setting for the rest of startup. Move this sync above moduleLoadFromQueue() so the first CONFIG SET during OnLoad() is compared against the actual startup value.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dubey02 looks like a concern worth checking, would you please check! Thanks!

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @sarthakaggarwal97, I checked that the concern is valid: moduleLoadFromQueue() runs before this sync, so a startup module calling CONFIG SET lua-enable-insecure-api no in OnLoad() would skip the reset. But this ordering is inherited from the original #3548 as merged on unstable, so it affects unstable/9.1 and all other backports equally. I think we should keep this backport same as merged commit and fix the ordering on unstable first, then backport it to the release branches separately.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah I agree with you, I kind of came towards the same conclusion hence merged it. If it's worth fixing, we should raise a PR to unstable as well.

@enjoy-binbin enjoy-binbin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

@sarthakaggarwal97
sarthakaggarwal97 merged commit 1d2e322 into valkey-io:8.1 Jul 17, 2026
70 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants