From: Paolo Bonzini <pbonzini@redhat.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: kwolf@redhat.com, peter.maydell@linaro.org, aliguori@us.ibm.com,
ehabkost@redhat.com, gleb@redhat.com, mst@redhat.com,
jan.kiszka@siemens.com, quintela@redhat.com,
claudio.fontana@huawei.com, armbru@redhat.com,
aderumier@odiso.com, qemu-devel@nongnu.org,
anthony.perard@citrix.com, alex.williamson@redhat.com,
kraxel@redhat.com, yang.z.zhang@intel.com,
Igor Mammedov <imammedo@redhat.com>,
lcapitulino@redhat.com, afaerber@suse.de,
stefano.stabellini@eu.citrix.com, rth@twiddle.net
Subject: Re: [Qemu-devel] [PATCH 17/21] introduce memory_region_get_address() and use it in kvm/ioapic
Date: Mon, 29 Apr 2013 11:49:25 +0200 [thread overview]
Message-ID: <517E4225.7080804@redhat.com> (raw)
In-Reply-To: <CAAu8pHtLQCen81cjYjf++H6seHPQUirBQ8G+KTxcS+kz-HiM2Q@mail.gmail.com>
Il 27/04/2013 22:57, Blue Swirl ha scritto:
>> The questions are, in order of importance:
>>
>> (1) what privileges would this require in the guest? Answer: a lot.
>>
>> (2) is this likely to happen by chance? Answer: no, not at all.
>>
>> (3) is there a workaround? Answer: yes, disable in-kernel irqchip.
>
> These questions ask if there is a risk of benevolent guests performing
> these activities and I agree that the chances are close to zero.
>
> But the interesting question is to ask if a malevolent guest can bring
> down a VM uncontrollably this way and I think it only needs a few
> elevated privileges in a guest to do this.
If you have them, isn't it simpler to just turn off the VM (using APM or
ACPI)? Also, killing your guest is not a very interesting thing to do
once you've gotten elevated privileges. ;)
>> Simply setting IO_APIC_DEFAULT_ADDRESS is also flawed in my opinion.
>> I'm not sure the in-kernel irqchip handles correctly an overlap between
>> the IOAPIC and LAPIC regions, maybe an abort is predictable after all.
>
> At least the guest needs to be stopped. Perhaps we should have a
> common function which does this and logs the guest error so we can
> start replacing calls to abort() with it.
Yes, that's a good idea. We can reuse the internal error runstate for that.
Paolo
next prev parent reply other threads:[~2013-04-29 9:49 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-23 8:29 [Qemu-devel] [PATCH 00/21 v5] target-i386: CPU hot-add with cpu-add QMP command Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 01/21] cpu: make kvm-stub.o a part of CPU library Igor Mammedov
2013-04-23 15:06 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 02/21] cpu: call cpu_synchronize_post_init() from CPUClass.realize() if hotplugged Igor Mammedov
2013-04-23 15:59 ` Andreas Färber
2013-04-24 12:08 ` Andreas Färber
2013-04-24 13:34 ` Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 03/21] introduce cpu_resume(), for single CPU Igor Mammedov
2013-04-24 15:21 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 04/21] cpu: resume CPU from CPUClass.cpu_common_realizefn() when it is hot-plugged Igor Mammedov
2013-04-24 15:37 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 05/21] introduce CPU hot-plug notifier Igor Mammedov
2013-04-24 16:52 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 06/21] target-i386: pc: update rtc_cmos on CPU hot-plug Igor Mammedov
2013-04-24 17:03 ` Andreas Färber
2013-04-24 20:04 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 07/21] cpu: introduce get_arch_id() method and override it for target-i386 Igor Mammedov
2013-04-24 17:51 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 08/21] exec: add qemu_for_each_cpu Igor Mammedov
2013-04-25 14:48 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 09/21] cpu: add helper cpu_exists(), to check if CPU with specified id exists Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 10/21] acpi_piix4: add infrastructure to send CPU hot-plug GPE to guest Igor Mammedov
2013-04-23 11:38 ` Juan Quintela
2013-04-23 12:54 ` Igor Mammedov
2013-04-23 13:04 ` Michael S. Tsirkin
2013-04-23 14:51 ` Igor Mammedov
2013-04-23 15:01 ` Michael S. Tsirkin
2013-04-23 13:16 ` Juan Quintela
2013-04-23 15:25 ` Juan Quintela
2013-04-23 15:53 ` Igor Mammedov
2013-04-23 13:43 ` Juan Quintela
2013-04-23 13:58 ` Eduardo Habkost
2013-04-23 14:10 ` Igor Mammedov
2013-04-23 16:27 ` [Qemu-devel] [PATCH 10/21 DISGISED v6] " Igor Mammedov
2013-04-24 15:56 ` Igor Mammedov
2013-04-24 16:03 ` Eduardo Habkost
2013-04-24 16:07 ` Paolo Bonzini
2013-04-24 16:09 ` Andreas Färber
2013-04-24 17:22 ` Igor Mammedov
2013-04-24 15:58 ` [Qemu-devel] [PATCH 08/19 v7] " Igor Mammedov
2013-04-24 16:06 ` Andreas Färber
2013-04-24 17:15 ` Igor Mammedov
2013-04-24 18:57 ` [Qemu-devel] [PATCH 10/21 v8] " Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 11/21] target-i386: introduce apic-id property Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 12/21] target-i386: introduce ICC bus/device/bridge Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 13/21] target-i386: cpu: attach ICC bus to CPU on its creation Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 14/21] target-i386: replace MSI_SPACE_SIZE with APIC_SPACE_SIZE Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 15/21] target-i386: kvmvapic: make expilict dependency on sysbus.h Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 16/21] target-i386: move APIC to ICC bus Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 17/21] introduce memory_region_get_address() and use it in kvm/ioapic Igor Mammedov
2013-04-23 17:02 ` Paolo Bonzini
2013-04-23 17:06 ` Peter Maydell
2013-04-23 17:14 ` Paolo Bonzini
2013-04-23 17:26 ` Peter Maydell
2013-04-23 17:39 ` Jan Kiszka
2013-04-23 18:00 ` Peter Maydell
2013-04-23 21:02 ` Paolo Bonzini
2013-04-23 21:39 ` Peter Maydell
2013-04-23 21:46 ` Paolo Bonzini
2013-04-23 22:00 ` Peter Maydell
2013-04-24 10:22 ` Paolo Bonzini
2013-04-24 10:26 ` Paolo Bonzini
2013-04-24 16:02 ` [Qemu-devel] [PATCH 15/19 v2] extend memory_region_find() " Igor Mammedov
2013-04-25 18:37 ` [Qemu-devel] [PATCH 17/21] introduce memory_region_get_address() " Blue Swirl
2013-04-26 14:17 ` Igor Mammedov
2013-04-26 17:35 ` Blue Swirl
2013-04-26 17:46 ` Igor Mammedov
2013-04-26 22:13 ` Paolo Bonzini
2013-04-27 10:09 ` Blue Swirl
2013-04-27 12:12 ` Paolo Bonzini
2013-04-27 20:57 ` Blue Swirl
2013-04-29 9:49 ` Paolo Bonzini [this message]
2013-04-29 9:55 ` Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 18/21] target-i386: move IOAPIC to ICC bus Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 19/21] add hot_add_cpu hook to QEMUMachine and export machine_args Igor Mammedov
2013-04-24 17:25 ` Andreas Färber
2013-04-24 17:42 ` Igor Mammedov
2013-04-25 16:58 ` Eduardo Habkost
2013-04-23 8:29 ` [Qemu-devel] [PATCH 20/21] target-i386: implement machine->hot_add_cpu hook Igor Mammedov
2013-04-24 17:31 ` Andreas Färber
2013-04-24 19:14 ` Eduardo Habkost
2013-04-23 8:29 ` [Qemu-devel] [PATCH 21/21] QMP: add cpu-add command Igor Mammedov
2013-04-23 13:26 ` Luiz Capitulino
2013-04-23 14:15 ` Igor Mammedov
2013-04-24 19:44 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=517E4225.7080804@redhat.com \
--to=pbonzini@redhat.com \
--cc=aderumier@odiso.com \
--cc=afaerber@suse.de \
--cc=alex.williamson@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=anthony.perard@citrix.com \
--cc=armbru@redhat.com \
--cc=blauwirbel@gmail.com \
--cc=claudio.fontana@huawei.com \
--cc=ehabkost@redhat.com \
--cc=gleb@redhat.com \
--cc=imammedo@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=rth@twiddle.net \
--cc=stefano.stabellini@eu.citrix.com \
--cc=yang.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.