Re: [Qemu-devel] [RFC] New Migration Protocol using Visitor Interface

[Michael S. Tsirkin]

On Mon, Oct 03, 2011 at 08:43:54AM -0500, Anthony Liguori wrote:
> Having the ability to ignore some fields is not enough.

But it is also really required.

> We need to
> also be able to split a single field into multiple fields, and event
> split a single device into multiple devices.  If we're dealing with
> a tree data structure in memory, we have limitless ability to fudge
> things.
> 
> Visitors buy us this.  Right now, we're talking about:
> 
> void virtio_marshal(QEMUFile *f, VirtioDevice *vdev);
> 
> If you just do BER encoding, that doesn't help us.  We still can
> only read from the wire to a VirtioDevice.   If we do:
> 
> void virtio_marshal(Visitor *v, VirtioDevice *vdev);
> 
> We can still do BER encoding.  We can also do QEMUFile encoding in
> the current format.
> 
> But we also can Visit from a QObject.  That means we can write
> something that reads in BER off the wire and generates QObjects
> corresponding to whatever is sent.  We can then manipulate those
> QObjects in memory as much as we'd like before handing a QObject
> Visitor to virtio_marshal.
> 
> Separating parsing off the wire from handing something to the device
> models and allowing transformation in between is the key to
> addressing compatibility in a robust fashion.

Yes. I agree it is required, and doing this with visitors
does looks like a good way to handle that.

However the ability to skip fields at the protocol level
is also required, and it needs to be handled at the
protocol level. For example, I am worried about
invalid input with a huge array size making us allocate
and read a gigabyte into memory on the assumption that we will want to
manipulate it later. Yes we could introduce artificial
buffer size limits but these might then come to bite us.
If instead we can see that no one needs the array
up front, it will be easy to discard.

-- 
MST