Upstream qemu has raised a concern about whether dumping guest memory by reading guest paging tables is a security hole: https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02607.html While auditing libvirt to see if we would be impacted, I noticed that we had some dead code. It is simpler to nuke the dead code and limit our monitor code to just the subset we make use of. * src/qemu/qemu_monitor.h (QEMU_MONITOR_DUMP): Drop poorly named and mostly-unused enum. * src/qemu/qemu_monitor.c (qemuMonitorDumpToFd): Drop arguments. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONDump): Likewise. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONDump): Likewise. * src/qemu/qemu_driver.c (qemuDumpToFd): Update caller. --- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_monitor.c | 12 ++++-------- src/qemu/qemu_monitor.h | 11 +---------- src/qemu/qemu_monitor_json.c | 24 +++++++----------------- src/qemu/qemu_monitor_json.h | 5 +---- 5 files changed, 14 insertions(+), 40 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f14c220..e6e5d02 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3136,7 +3136,7 @@ static int qemuDumpToFd(struct qemud_driver *driver, virDomainObjPtr vm, if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) return -1; - ret = qemuMonitorDumpToFd(priv->mon, 0, fd, 0, 0); + ret = qemuMonitorDumpToFd(priv->mon, fd); qemuDomainObjExitMonitorWithDriver(driver, vm); return ret; diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index b7730fd..b772b28 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -2045,15 +2045,11 @@ int qemuMonitorMigrateCancel(qemuMonitorPtr mon) return ret; } -int qemuMonitorDumpToFd(qemuMonitorPtr mon, - unsigned int flags, - int fd, - unsigned long long begin, - unsigned long long length) +int +qemuMonitorDumpToFd(qemuMonitorPtr mon, int fd) { int ret; - VIR_DEBUG("mon=%p fd=%d flags=%x begin=%llx length=%llx", - mon, fd, flags, begin, length); + VIR_DEBUG("mon=%p fd=%d", mon, fd); if (!mon) { virReportError(VIR_ERR_INVALID_ARG, "%s", @@ -2073,7 +2069,7 @@ int qemuMonitorDumpToFd(qemuMonitorPtr mon, if (qemuMonitorSendFileHandle(mon, "dump", fd) < 0) return -1; - ret = qemuMonitorJSONDump(mon, flags, "fd:dump", begin, length); + ret = qemuMonitorJSONDump(mon, "fd:dump"); if (ret < 0) { if (qemuMonitorCloseFileHandle(mon, "dump") < 0) diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index e37dac8..232ae96 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -387,17 +387,8 @@ int qemuMonitorMigrateToUnix(qemuMonitorPtr mon, int qemuMonitorMigrateCancel(qemuMonitorPtr mon); -typedef enum { - QEMU_MONITOR_DUMP_HAVE_FILTER = 1 << 0, - QEMU_MONITOR_DUMP_PAGING = 1 << 1, - QEMU_MONITOR_DUMP_FLAGS_LAST -} QEMU_MONITOR_DUMP; - int qemuMonitorDumpToFd(qemuMonitorPtr mon, - unsigned int flags, - int fd, - unsigned long long begin, - unsigned long long length); + int fd); int qemuMonitorGraphicsRelocate(qemuMonitorPtr mon, int type, diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index b23be1e..a5198b0 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -2552,28 +2552,18 @@ int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon) return ret; } -int qemuMonitorJSONDump(qemuMonitorPtr mon, - unsigned int flags, - const char *protocol, - unsigned long long begin, - unsigned long long length) +int +qemuMonitorJSONDump(qemuMonitorPtr mon, + const char *protocol) { int ret; virJSONValuePtr cmd = NULL; virJSONValuePtr reply = NULL; - if (flags & QEMU_MONITOR_DUMP_HAVE_FILTER) - cmd = qemuMonitorJSONMakeCommand("dump-guest-memory", - "b:paging", flags & QEMU_MONITOR_DUMP_PAGING ? 1 : 0, - "s:protocol", protocol, - "U:begin", begin, - "U:length", length, - NULL); - else - cmd = qemuMonitorJSONMakeCommand("dump-guest-memory", - "b:paging", flags & QEMU_MONITOR_DUMP_PAGING ? 1 : 0, - "s:protocol", protocol, - NULL); + cmd = qemuMonitorJSONMakeCommand("dump-guest-memory", + "b:paging", false, + "s:protocol", protocol, + NULL); if (!cmd) return -1; diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index bdcf819..b592d12 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -138,10 +138,7 @@ int qemuMonitorJSONMigrate(qemuMonitorPtr mon, int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon); int qemuMonitorJSONDump(qemuMonitorPtr mon, - unsigned int flags, - const char *protocol, - unsigned long long begin, - unsigned long long length); + const char *protocol); int qemuMonitorJSONGraphicsRelocate(qemuMonitorPtr mon, int type, -- 1.7.11.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list