Page MenuHomeClusterLabs Projects
Create Task
Maniphest T845

Don't allow id-ref to parent rule within nested rule
Open, NormalPublic
Actions

Description

The following results in an infinite loop within Pacemaker:

<rule id="rule1">
  <rule id-ref="rule1"/>
</rule>

I don't know if a RelaxNG schema can prevent this, but Pacemaker should at least throw an error. Currently it segfaults on my machine.

Since rules can be arbitrarily nested, we should throw an error if a rule's id-ref resolves to any ancestor, not just the immediate parent.

Event Timeline

nrwahl2 triaged this task as Normal priority.Jul 4 2024, 2:28 PM
nrwahl2 created this task.
nrwahl2 created this object with edit policy "Restricted Project (Project)".
nrwahl2 updated the task description. (Show Details)Jul 4 2024, 2:33 PM
nrwahl2 added a project: Restricted Project.
nrwahl2 updated the task description. (Show Details)
clumens assigned this task to waltdisgrace.Tue, Mar 18, 3:07 PM
clumens added a subscriber: clumens.Tue, Mar 18, 3:09 PM

@waltdisgrace Start by adding a unit test to verify that the pacemaker library still just segfaults on that input. I think lib/common/tests/xml_idref/pcmk__xe_dereference_children_test.c would be as good a place as any for this, but @nrwahl2 might have a better suggestion. I can then help you make sense of the segfault and we can figure out where to throw an error.

nrwahl2 added a comment.Tue, Mar 18, 3:21 PM
In T845#15815, @clumens wrote:

I think lib/common/tests/xml_idref/pcmk__xe_dereference_children_test.c would be as good a place as any for this, but @nrwahl2 might have a better suggestion.

That would be fine. I think it makes more sense for this to go in a unit test for pcmk__xe_resolve_idref(), which is what pcmk__xe_dereference_children() is calling in a loop. We don't currently unit-test that function.