[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it? |
|
Date: |
Wed, 19 Sep 2012 09:25:53 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) |
Anthony Liguori <address@hidden> writes:
> Markus Armbruster <address@hidden> writes:
>
>> Jan Kiszka <address@hidden> writes:
>>
>>>>>>> * The issues discussed in this email plus the fact that the guest
>>>>>>> memory may be corrupted, and the guest may be in real-mode even
>>>>>>> when paging is enabled
>>>>>>>
>>>>>>
>>>>>> Yes, there are some limitations with this option. Jan said that he
>>>>>> always use gdb to deal with vmcore, so he needs such information.
>>>>>
>>>>> The point is to overcome the focus on Linux-only dump processing tools.
>>>>
>>>> While I don't care for supporting alternate dump processing tools
>>>> myself, I certainly don't mind supporting them, as long as the code
>>>> satisfies basic safety and reliability requirements.
>>>>
>>>> This code doesn't, as far as I can tell.
>>>
>>> It works, thought not under all circumstances.
>>
>> I don't doubt it works often enough to be useful to somebody. But basic
>> safety and reliability requirements are a bit more than that. They
>> include "don't explode in ways a reasonable user can't be expected to
>> foresee". I don't think a reasonable user can be expected to see that
>> -p is safe only for trusted guests.
>
> We shipped the API, we're not removing it. Our compatibility isn't
> "whatever libvirt is currently using".
Bah, don't be more catholic than the pope. It's been out for how many
days? Have you looked at the code?
> It's perfectly reasonable to ask to document the behavior of the
> method. It's also a trivial patch to qapi-schema.json.
I'm okay with leaving obscure security holes in upstream QEMU,
indefinitely, as long as they're documented. I don't think it's a good
idea, but it's something reasonable people can disagree about.
We need to document that -p is unreliable and unsafe, therefore should
only be used with trusted guests, and its result need not be correct
even then.
> It's unreasonable to ask for an interface to be removed just because it
> could be misused when it has a legimitate use-case.
The issue isn't "misuse" (operator does something stupid), it's abuse
(guest can make it blow up when operator uses it as intended), and
fragility (produces crap when operator uses it as intended, but the
guest isn't in a sufficiently "nice" state).
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, (continued)
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Markus Armbruster, 2012/09/18
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Anthony Liguori, 2012/09/18
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Luiz Capitulino, 2012/09/18
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Anthony Liguori, 2012/09/18
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Wen Congyang, 2012/09/18
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, HATAYAMA Daisuke, 2012/09/18
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Luiz Capitulino, 2012/09/19
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, HATAYAMA Daisuke, 2012/09/19
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?,
Markus Armbruster <=
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Anthony Liguori, 2012/09/19
- Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?, Markus Armbruster, 2012/09/19