[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] [ide] Check that asynchronous (DMA) submission
|
From: |
Ian Jackson |
|
Subject: |
Re: [Qemu-devel] [PATCH] [ide] Check that asynchronous (DMA) submission succeeds |
|
Date: |
Fri, 29 Aug 2008 10:41:04 +0100 |
Anthony Liguori writes ("Re: [Qemu-devel] [PATCH] [ide] Check that asynchronous
(DMA) submission succeeds"):
> It's generally dangerous to call callbacks from the code that is issuing
> a bdrv_aio_ operation. A malicious guest could potentially force the
> emulation into an infinite loop.
I'm not sure exactly what you mean but I'm sure that this is not a
problem in this case. In my patch ide_dma_submit_check is called from
two places:
* ide_read_dma_cb, with ide_read_dma_cb as the callback argument
* ide_write_dma_cb, with ide_write_dma_cb as the callback argument
In both places the only situation where the callback is reentered
immediately is if the aio submission failed. So in that case we
recursively enter the callback function, and we do so exactly once
since we're going to execute the error handling case (ret==-1).
Note that the call to ide_dma_submit_check is at the end of
ide_{read,write}_dma_cb precisely to avoid any kind of reentrancy
problem.
There is no possibility of any looping. Effectively, in the error
case, we go back to the top of ide_{read,write}_dma_cb and execute the
existing error exit.
I'm not sure what you mean in terms of a malicious guest. Surely it
is not surprising that a malicious guest can consume qemu CPU ? Or do
you mean that it can consume qemu CPU indefinitely without needing to
do anything itself ?
But in any case if the arrangements in my patch are confusing or
likely to be broken by someone editing it in the future who doesn't
quite understand these matters, then perhaps we could address this
with a comment ?
Ian.