Re: [PATCH] qemu: drop unused arguments for dump-guest-memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2012年09月18日 03:08, Eric Blake wrote:
Upstream qemu has raised a concern about whether dumping guest
memory by reading guest paging tables is a security hole:
https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02607.html

While auditing libvirt to see if we would be impacted, I noticed
that we had some dead code.  It is simpler to nuke the dead code
and limit our monitor code to just the subset we make use of.

* src/qemu/qemu_monitor.h (QEMU_MONITOR_DUMP): Drop poorly named
and mostly-unused enum.
* src/qemu/qemu_monitor.c (qemuMonitorDumpToFd): Drop arguments.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDump): Likewise.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDump): Likewise.
* src/qemu/qemu_driver.c (qemuDumpToFd): Update caller.
---
  src/qemu/qemu_driver.c       |  2 +-
  src/qemu/qemu_monitor.c      | 12 ++++--------
  src/qemu/qemu_monitor.h      | 11 +----------
  src/qemu/qemu_monitor_json.c | 24 +++++++-----------------
  src/qemu/qemu_monitor_json.h |  5 +----
  5 files changed, 14 insertions(+), 40 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f14c220..e6e5d02 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3136,7 +3136,7 @@ static int qemuDumpToFd(struct qemud_driver *driver, virDomainObjPtr vm,
      if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob)<  0)
          return -1;

-    ret = qemuMonitorDumpToFd(priv->mon, 0, fd, 0, 0);
+    ret = qemuMonitorDumpToFd(priv->mon, fd);
      qemuDomainObjExitMonitorWithDriver(driver, vm);

      return ret;
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index b7730fd..b772b28 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -2045,15 +2045,11 @@ int qemuMonitorMigrateCancel(qemuMonitorPtr mon)
      return ret;
  }

-int qemuMonitorDumpToFd(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        int fd,
-                        unsigned long long begin,
-                        unsigned long long length)
+int
+qemuMonitorDumpToFd(qemuMonitorPtr mon, int fd)
  {
      int ret;
-    VIR_DEBUG("mon=%p fd=%d flags=%x begin=%llx length=%llx",
-              mon, fd, flags, begin, length);
+    VIR_DEBUG("mon=%p fd=%d", mon, fd);

      if (!mon) {
          virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -2073,7 +2069,7 @@ int qemuMonitorDumpToFd(qemuMonitorPtr mon,
      if (qemuMonitorSendFileHandle(mon, "dump", fd)<  0)
          return -1;

-    ret = qemuMonitorJSONDump(mon, flags, "fd:dump", begin, length);
+    ret = qemuMonitorJSONDump(mon, "fd:dump");

      if (ret<  0) {
          if (qemuMonitorCloseFileHandle(mon, "dump")<  0)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index e37dac8..232ae96 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -387,17 +387,8 @@ int qemuMonitorMigrateToUnix(qemuMonitorPtr mon,

  int qemuMonitorMigrateCancel(qemuMonitorPtr mon);

-typedef enum {
-  QEMU_MONITOR_DUMP_HAVE_FILTER  = 1<<  0,
-  QEMU_MONITOR_DUMP_PAGING       = 1<<  1,
-  QEMU_MONITOR_DUMP_FLAGS_LAST
-} QEMU_MONITOR_DUMP;
-
  int qemuMonitorDumpToFd(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        int fd,
-                        unsigned long long begin,
-                        unsigned long long length);
+                        int fd);

  int qemuMonitorGraphicsRelocate(qemuMonitorPtr mon,
                                  int type,
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index b23be1e..a5198b0 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2552,28 +2552,18 @@ int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon)
      return ret;
  }

-int qemuMonitorJSONDump(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        const char *protocol,
-                        unsigned long long begin,
-                        unsigned long long length)
+int
+qemuMonitorJSONDump(qemuMonitorPtr mon,
+                    const char *protocol)
  {
      int ret;
      virJSONValuePtr cmd = NULL;
      virJSONValuePtr reply = NULL;

-    if (flags&  QEMU_MONITOR_DUMP_HAVE_FILTER)
-        cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
-                                         "b:paging", flags&  QEMU_MONITOR_DUMP_PAGING ? 1 : 0,
-                                         "s:protocol", protocol,
-                                         "U:begin", begin,
-                                         "U:length", length,
-                                         NULL);
-    else
-        cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
-                                         "b:paging", flags&  QEMU_MONITOR_DUMP_PAGING ? 1 : 0,
-                                         "s:protocol", protocol,
-                                         NULL);
+    cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
+                                     "b:paging", false,
+                                     "s:protocol", protocol,
+                                     NULL);
      if (!cmd)
          return -1;

diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index bdcf819..b592d12 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -138,10 +138,7 @@ int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
  int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon);

  int qemuMonitorJSONDump(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        const char *protocol,
-                        unsigned long long begin,
-                        unsigned long long length);
+                        const char *protocol);

  int qemuMonitorJSONGraphicsRelocate(qemuMonitorPtr mon,
                                      int type,

ACK.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]