• E
    domain: Fix unknown flags diagnosis in virDomainGetXMLDesc · 27c8fd74
    Eric Blake 提交于
    Many drivers had a comment that they did not validate the incoming
    'flags' to virDomainGetXMLDesc() because they were relying on
    virDomainDefFormat() to do it instead. This used to be the case
    (at least since 461e0f1a and friends in 0.9.4 added unknown flag
    checking in general), but regressed in commit 0ecd6851 (1.2.12),
    when all of the drivers were changed to pass 'flags' through the
    new helper virDomainDefFormatConvertXMLFlags(). Since this helper
    silently ignores unknown flags, we need to implement flag checking
    in each driver instead.
    
    Annoyingly, this means that any new flag values added will silently
    be ignored when targeting an older libvirt, rather than our usual
    practice of loudly diagnosing an unsupported flag.  Add comments
    in domain_conf.[ch] to remind us to be extra vigilant about the
    impact when adding flags (a new flag to add data is safe if the
    older server omitting the requested data doesn't break things in
    the newer client; a new flag to suppress data rather than enhancing
    the existing VIR_DOMAIN_XML_SECURE may form a data leak or even a
    security hole).
    
    In the qemu driver, there are multiple callers all funnelling to
    qemuDomainDefFormatBufInternal(); many of them already validated
    flags (and often only a subset of the full set of possible flags),
    but for ease of maintenance, we can also check flags at the common
    helper function.
    Signed-off-by: NEric Blake <eblake@redhat.com>
    Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
    27c8fd74
qemu_driver.c 713.8 KB