qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] The unholy encrypted image key mess

From: Kevin Wolf
Subject: Re: [Qemu-devel] The unholy encrypted image key mess
Date: Mon, 3 Mar 2014 11:58:37 +0100
User-agent: Mutt/1.5.21 (2010-09-15) 
Am 28.02.2014 um 22:01 hat Markus Armbruster geschrieben:
> Questions:
> 
> 1. Should we protect guests from state NEEDKEY?

Yes. An image in state NEEDKEY isn't fully initialised, so we should
make sure that it isn't used.

> 2. If yes, how?
> 
>    Pause the guest when something enters state NEEDKEY?  I'd hate that.
> 
>    Fail device_add in state NEEDKEY?  Takes care of hot-plug, and
>    cold-plug is already protected by cont.

'device_add' should refuse to accept a backend that isn't fully
initialised, so yes, I agree.

'change' is a bit trickier because it involves several low-level actions
at once, and device_add is not one of them. What we probably really need
to do is support a state where no BDS is attached to the device
emulation (a BlockBackend might still be attached, not sure about this
one), but the VM is still running. And then 'change' can detach the BDS,
bring it back to the NEEDKEY state (unrealize in QOM speech?), magic
happens and then we reattach the BDS to the guest device.

We'll also want to protect other parts of qemu from not fully
initialised BDSes, e.g. block jobs or NBD servers shouldn't take such an
BDS as their source.

Kevin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]