Re: [Qemu-devel] [RFC] New Migration Protocol using Visitor Interface

[Michael S. Tsirkin]

On Mon, Oct 03, 2011 at 09:55:45AM -0500, Anthony Liguori wrote:
> How I see this all evolving in the future is that we would have a
> formal protocol specification.  From that spec, we would generate
> Visitors.  This would handle taking what's on the wire and building
> an in-memory tree.  If an ASN.1 sequence that isn't part of the spec
> is passed, we should just silently discard it.
> 
> I think the scenario above is that we have an array in the spec, but
> the implementation no longer uses that array.  Your concern is that
> its inefficient to keep it in memory?
> 
> I think there are two cases.  The first is that that array is
> required in the spec, but optional in our implementation and that
> decision is made at run time.  In this case, it needs to get entered
> into memory.
> 
> If the array is no longer needed at all in our implementation, we
> can certainly annotate the protocol spec to skip it and not bring it
> into memory.  Maybe it's an internal spec annotation or something.
> 
> All that said, this doesn't seem to be a terribly important problem to solve 
> IMHO.

This is not exactly the concern.
Consider that when we see an optional field we do not recognize,
we need to discard it.

Now, the reason we get a field we do not recognize might be
because someone is feeding us malformed data (to DOS
us, or by mistake). If we just trust input we will
allocate insane amounts of memory.

This is why we should not rely on fields to have reasonable size in the
input, we need to validate them.


-- 
MST