Ian Jackson
2007-Dec-03 15:37 UTC
[Xen-devel] xenstore: deprecating but \-quoting binary data
Presently it''s not clear what the allowable character set is for values in xenstore. The current command-line tools just pass values to printf("%s",...) so implicitly assume that it''s 7-bit printable ASCII (since the interpretation of 8-bit characters would be unclear). However there are rumours of programs which dump binary data into xenstore and/or bugs involving nul bytes being added to the ends of xenstore values (and even of some drivers insisting on a spurious nul). There isn''t all that much useful documentation about xenstore. There is a doc detailing which xenstore keys may be used and what their meanings are (interface.tex) but it is very out of date, amongst other reasons because it''s in format which is not very easy to update when adding functionality to the code and because there is no way to check programs'' behaviour in xenstore against the spec. I think the xenstore part of interface.tex should be replaced with a new document in a simpler format, which should amonst other things be sufficiently machine-readable that automatic testing could reveal at least basic out-of-spec behaviours like setting or using undocumented keys. This new document ought to specify the allowable character set of both keys and values, and ought to specify the xenstored protocol as well. It seems to me that the appropriate character set for xenstore values is 7-bit printing ASCII (0x20..0x7e). Values should not have a trailing nul byte `on the wire'' but of course the xs library interface should continue to add an additional nul beyond the quoted length for the convenience of callers. That is consistent with nearly all of the existing uses and makes the whole system much more tractable compared to an explicit expectation that binary data will be stored. (For example, if we like binary data in xenstore, why are uuids represented in their printable hex encoding?) xenstore data is supposedly non-performance-critical metadata for use by control plane machinery so the overhead of printing and parsing text strings is hardly a problem. Applications which set binary values should be deprecated but to avoid breaking those applications xenstored should continue indefinitely to be binary-transparent. Under these circumstances it can only be regarded as a bug that the current command-line tools are lossy in the presence of binary data. Not only does this make them break for those now-deprecated uses, but it also prevents them from being used to detect and debug problems relating to the exact byte strings being recorded in xenstore. As a first step towards the utopia I describe above, below is a patch which causes xenstore-read and -ls to \-escape the values of xenstore keys, and xenstore-write to un-\-escape them. The escaping is a subset of that permitted by C89; only \t \r \n \\ and hex and octal are used and recognised. (So no \f, \a etc.) This change will not change the representation by these tools of values which contain only 7-bit printing ASCII characters unless they contain \''s. Values which contain \''s will need to be quoted on entry and dequoted on exit if being manipulated by xenstore-*. The only values likely to be affected are paths in Windows guest filesystems and in practice we believe that any such filename which is actually relevant to anything will be set other than via xenstore-write. If you''re reading this and believe my previous paragraph to be wrong, please shout now :-). Ian. Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel