From: "Reimar Döffinger" <Reimar.Doeffinger@gmx.de>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Re: [PATCH 5/5] Port apic to new VMState design
Date: Wed, 19 Aug 2009 11:16:22 +0200 [thread overview]
Message-ID: <20090819091622.GA10557@1und1.de> (raw)
In-Reply-To: <4A8BC0C7.4010806@redhat.com>
On Wed, Aug 19, 2009 at 11:07:19AM +0200, Gerd Hoffmann wrote:
> >> When you are able modify the savevm state you already have access to the
> >> host ...
> >
> > Huh? Being able to modify the savevm state is not the same as being able
> > to run arbitrary code on the host.
>
> Yes, in theory. And in practice? What is the point in allowing remote
> write access to savevm state?
E.g. migration between entities that do not 100% trust each other?
Or debugging, a user does savevm and a developer can look at it and
debug after loadvm?
> > Currently there is no way you could even consider running a savevm from
> > an untrusted source, but I think that is just because of qemu's current
> > implementation, not because it has to be.
>
> Getting that right is a pretty big job though ...
I said that already, but I don't think that's a valid excuse to not
consider that _for the design of a new API_. Unless you enjoy designing
a new API every few months...
next prev parent reply other threads:[~2009-08-19 9:16 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-18 13:34 [Qemu-devel] [PATCH RFC 0/5] New VMState table based load/save infrastructure Juan Quintela
2009-08-18 13:34 ` [Qemu-devel] [PATCH 1/5] loadvm already call vm_start() Juan Quintela
2009-08-18 13:34 ` [Qemu-devel] [PATCH 2/5] Don't call vm_start() if there was an error loading Juan Quintela
2009-08-18 13:34 ` [Qemu-devel] [PATCH 3/5] Don't ignore load_state() error return values Juan Quintela
2009-08-18 13:34 ` [Qemu-devel] [PATCH 4/5] New VMstate save/load infrastructure Juan Quintela
2009-08-18 17:13 ` Blue Swirl
2009-08-18 17:56 ` [Qemu-devel] " Juan Quintela
2009-08-19 7:49 ` [Qemu-devel] " Gerd Hoffmann
2009-08-19 9:38 ` [Qemu-devel] " Juan Quintela
2009-08-19 12:43 ` Gerd Hoffmann
2009-08-18 13:34 ` [Qemu-devel] [PATCH 5/5] Port apic to new VMState design Juan Quintela
2009-08-18 14:24 ` Reimar Döffinger
[not found] ` <20090818142405.GA16563@1und1.de>
[not found] ` <m37hx1tc9l.fsf@neno.mitica>
2009-08-18 15:21 ` [Qemu-devel] " Reimar Döffinger
2009-08-18 15:38 ` Juan Quintela
2009-08-18 16:06 ` Reimar Döffinger
2009-08-18 16:37 ` Juan Quintela
2009-08-19 8:00 ` Gerd Hoffmann
2009-08-19 9:10 ` Reimar Döffinger
[not found] ` <20090819085334.GA31062@1und1.de>
[not found] ` <4A8BC0C7.4010806@redhat.com>
2009-08-19 9:16 ` Reimar Döffinger [this message]
2009-08-19 7:41 ` [Qemu-devel] [PATCH RFC 0/5] New VMState table based load/save infrastructure Gerd Hoffmann
2009-08-19 10:15 ` [Qemu-devel] " Juan Quintela
2009-08-19 12:55 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090819091622.GA10557@1und1.de \
--to=reimar.doeffinger@gmx.de \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.