Re: [Qemu-devel] Re: Spice project is now open

[Andrea Arcangeli]

On Sat, Dec 12, 2009 at 11:40:21AM -0600, Anthony Liguori wrote:
> If Spice can crash a guest, that indicates to me that Spice is 

That's not what I meant, anything in qemu address space can crash a
guest not just spice, even qcow2 could crash a guest, you just need to
*vaddr_in_guest_physical_space = 0 through a corrupted pointer
(corrupted pointers are very rare, gcc is very pedantic, there are
tools to trap those but they historically happened a few times in the
kernel), but when I said it I didn't in mind crashing just the guest,
I meant corrupting qemu memory itself through a different corrupted
vaddr, but it is the same risk, you could flip a bit in a buffer
header holding ext4 metadata in the guest physical address space or
flip a bit in qcow2 cluster bitmap, it doesn't make a difference both
could result in fs corruption in an extremely unlikely scenario (and
that extremely unlikely scenario is the only one where the microkernel
design would eventually payoff, where you get the graphics and mouse
hosed, but the guest sill is reachable through the network). I simply
meant spice should live in the same address space where the other
virtio drivers are living for the same reasons (performance), it's no
different. Izik already answered the other part.

Thanks,
Andrea