[libvirt] [PATCH v2 1/5] domain: Fix unknown flags diagnosis in virDomainGetXMLDesc

Tue Feb 19 20:40:08 UTC 2019

On 2/19/19 3:33 PM, Eric Blake wrote:
> On 2/19/19 2:24 PM, Eric Blake wrote:
> 
>>> Since this is limited to the GetXMLDesc processing wouldn't this limit
>>> the exposure in such a way that some new flag expecting some default
>>> action would not return expected or "new" results on the newer libvirt
>>> vs. some older one?  That is limited to VIR_DOMAIN_XML_COMMON_FLAGS
>>> (SECURE, INACTIVE, MIGRATABLE). If say, CHECKPOINTABLE was added to that
>>> list, the get wouldn't fail because it doesn't know the flag, but it
>>> also wouldn't return any XML related to the new flag, right?
>>
>> Indeed - and that's how I found it: I'm trying to add
>> VIR_DOMAIN_XML_SNAPSHOTS and VIR_DOMAIN_XML_CHECKPOINTS flags, and was
>> confused when I patched virsh to support the new flag but the old
>> libvirt didn't react to it in any way (I then confirmed that libvirt
>> running on RHEL 6 _does_ react to the unknown flag).  Missing output is
>> not a security breach, but is annoying enough to be worth comments
>> somewhere as to the fact that the problem exists (worse would be if we
>> wanted to add a flag comparable in nature to VIR_DOMAIN_XML_SECURE,
>> where failure to obey the flag results in leaking XML information that
>> should have been suppressed).
>>
>>>
>>> Secondary to that knowing this would require someone to read this
>>> specific commit message to garnish at least a small understanding of the
>>> issue. Perhaps some comments in domain_conf.h near the new
>>> VIR_DOMAIN_XML_COMMON_FLAGS would help ensure someone doesn't expand
>>> those without understanding the impact. Similarly, near the flags
>>> definition either a similar noteworthy comment or a comment to go read
>>> the domain_conf.h comment. There's a quick comment added before
>>> virDomainDefFormatConvertXMLFlags in this patch that could be expandable
>>> instead. Doesn't mean someone will read and/or understand it, but at
>>> least leaves a trail.
>>
>> Sure, I can add some strategic comments.
> 
> Hmm - is there an easy way to add comments to the public include/
> headers that are useful to developers, but which don't pollute the
> generated documentation?  Or is this the sort of fix where a public doc
> comment that "some older versions of libvirt failed to diagnose unknown
> flags" is acceptable?  Comments in domain_conf.[ch] are much easier as
> they don't affect the public docs.
> 

I'm fine keeping away from the public doc comment about this. If (so
far) no one has noticed, then why call attention to it.

In the long run, I would think it's more important for a libvirt
developer to not lose sight of the issue as opposed to a developer on
libvirt. When/if the new flag is added whomever adds it would hopefully
read the comments and if they don't we can always hope whomever reviews
it may ask.

John