From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Vrabel <david.vrabel@citrix.com>
Subject: Re: [PATCH v2 2/6] libxc/restore: Bail if unknown
	options are found
Date: Mon, 11 May 2015 10:23:37 +0100
Message-ID: <55507519.3010002@citrix.com>
References: <1431119675-23847-1-git-send-email-andrew.cooper3@citrix.com>
	<1431119675-23847-3-git-send-email-andrew.cooper3@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1431119675-23847-3-git-send-email-andrew.cooper3@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Xen-devel <xen-devel@lists.xen.org>
Cc: Wei Liu <wei.liu2@citrix.com>, Yang Hongyang <yanghy@cn.fujitsu.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Ian Campbell <Ian.Campbell@citrix.com>
List-Id: xen-devel@lists.xenproject.org

On 08/05/15 22:14, Andrew Cooper wrote:
> When restoring a domain, check for unknown options in Image Header.  Nothing
> good will come from attempting to continue.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: David Vrabel <david.vrabel@citrix.com>
> CC: Ian Campbell <Ian.Campbell@citrix.com>
> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> CC: Wei Liu <wei.liu2@citrix.com>
> CC: Yang Hongyang <yanghy@cn.fujitsu.com>
> 
> ---
> David: The wording of the spec disallows even adding new options without
> bumping the protocol version.  Do we want to relax the restriction slightly?
> ---
>  docs/specs/libxc-migration-stream.pandoc |    5 +++--
>  tools/libxc/xc_sr_restore.c              |    6 ++++++
>  tools/libxc/xc_sr_stream_format.h        |    2 ++
>  3 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/docs/specs/libxc-migration-stream.pandoc b/docs/specs/libxc-migration-stream.pandoc
> index 520240f..fa501e7 100644
> --- a/docs/specs/libxc-migration-stream.pandoc
> +++ b/docs/specs/libxc-migration-stream.pandoc
> @@ -131,11 +131,12 @@ version     0x00000002.  The version of this specification.
>  
>  options     bit 0: Endianness.  0 = little-endian, 1 = big-endian.
>  
> -            bit 1-15: Reserved.
> +            bit 1-15: Reserved. (Must be zero)
>  --------------------------------------------------------------------
>  
>  The endianness shall be 0 (little-endian) for images generated on an
> -i386, x86_64, or arm host.
> +i386, x86_64, or arm host.  The receiving side should confirm that no
> +unexpected options have been specified.

The image header provides information about the format of the image.  I
suppose one could make an argument that an checkpointed stream is an
infinite stream vs finite, but I think a CHECKPOINT_ENABLE record might
be better?

David