From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
P J P <ppandit@redhat.com>,
Cyrille Chatras <cyrille.chatras@orange.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Qemu Developers <qemu-devel@nongnu.org>,
Prasad J Pandit <pjp@fedoraproject.org>
Subject: Re: [Qemu-devel] [PATCH] ps2: fix PS2Queue counter field type
Date: Wed, 15 Nov 2017 13:30:35 +0000 [thread overview]
Message-ID: <20171115133034.GB4418@work-vm> (raw)
In-Reply-To: <f569ccce-4aa5-423a-25b2-baf69e8e6b43@redhat.com>
* Paolo Bonzini (pbonzini@redhat.com) wrote:
> On 15/11/2017 13:51, Daniel P. Berrange wrote:
> > If you're concerned that someone is tampering with QEMU state
> > in transit during migration, then you're going to end up playing
> > whack-a-mole across the entire QEMU codebase IMHO. The answer
> > to the problem of tampering is to have encryption of the
> > migration data stream between both QEMU's. Thus QEMU on the
> > target merely has to trust QEMU on the source. If QEMU on the
> > source is itself compromised you've already lost and migration
> > won't make life any worse.
> >
>
> This is not entirely true. A lot of such cases were fixed in the past,
> especially when they could cause out-of-bounds access. Someone could
> provide a bad migration stream (e.g. as a fake bug report!), so
> migration data should not be considered trusted.
There's probably others to be honest; it's not something we've
traditionally been careful of.
> However, PJP's patch breaks migration by changing a 4-byte field to
> 1-byte. The correct fix is to range-check the fields in
> ps2_common_post_load.
Agreed.
Dave
> Thanks,
>
> Paolo
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2017-11-15 13:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-15 12:46 [Qemu-devel] [PATCH] ps2: fix PS2Queue counter field type P J P
2017-11-15 12:51 ` Daniel P. Berrange
2017-11-15 13:21 ` Paolo Bonzini
2017-11-15 13:30 ` Dr. David Alan Gilbert [this message]
2017-11-15 13:45 ` Paolo Bonzini
2017-11-16 7:53 ` P J P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171115133034.GB4418@work-vm \
--to=dgilbert@redhat.com \
--cc=berrange@redhat.com \
--cc=cyrille.chatras@orange.com \
--cc=kraxel@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pjp@fedoraproject.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.