From: Paolo Bonzini <pbonzini@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
Paul Durrant <paul.durrant@citrix.com>
Cc: Olaf Hering <olaf@aepfle.de>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
Stefan Weil <sw@weilnetz.de>, Michael Tokarev <mjt@tls.msk.ru>,
QEMU Developers <qemu-devel@nongnu.org>,
Alexander Graf <agraf@suse.de>, Gerd Hoffmann <kraxel@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
xen-devel@lists.xenproject.org
Subject: Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available
Date: Thu, 16 Oct 2014 09:37:14 +0200 [thread overview]
Message-ID: <543F75AA.6050701@redhat.com> (raw)
In-Reply-To: <CAFEAcA8mDXm9iAKub45bQbaVHLt=W_PZgbXscGV3cjZRJyorAg@mail.gmail.com>
Il 15/10/2014 19:30, Peter Maydell ha scritto:
> On 15 October 2014 11:16, Paul Durrant <paul.durrant@citrix.com> wrote:
>> The ioreq-server API added to Xen 4.5 offers better security than
>> the existing Xen/QEMU interface because the shared pages that are
>> used to pass emulation request/results back and forth are removed
>> from the guest's memory space before any requests are serviced.
>> This prevents the guest from mapping these pages (they are in a
>> well known location) and attempting to attack QEMU by synthesizing
>> its own request structures. Hence, this patch modifies configure
>> to detect whether the API is available, and adds the necessary
>> code to use the API if it is.
>
> This commit message doesn't mention it, but presumably this is
> all x86-specific given it's in a file which is only used for
> x86 Xen?
>
>> +static void xen_hvm_pre_save(void *opaque)
>> +{
>> + XenIOState *state = opaque;
>> +
>> + /* Stop servicing emulation requests */
>> + xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid, 0);
>> + xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
>> +}
>> +
>> +static const VMStateDescription vmstate_xen_hvm = {
>> + .name = "xen-hvm",
>> + .version_id = 4,
>> + .minimum_version_id = 4,
>
> This is new in upstream so why's it starting at version 4?
>
>> + .pre_save = xen_hvm_pre_save,
>> + .fields = (VMStateField[]) {
>> + VMSTATE_END_OF_LIST()
>> + },
>
> A vmstate which doesn't actually save any state? This seems
> rather suspicious...
>
>> @@ -1060,12 +1185,19 @@ int xen_hvm_init(ram_addr_t *below_4g_mem_size, ram_addr_t *above_4g_mem_size,
>> xen_ram_init(below_4g_mem_size, above_4g_mem_size, ram_size, ram_memory);
>>
>> qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
>> + vmstate_register(NULL, 0, &vmstate_xen_hvm, state);
>
> Is the new use of vmstate_register() really necessary?
> Usually the state you're saving corresponds to some QOM
> device whose vmsd field you can use instead.
In this case, it seems like a job for a vmstate change handler.
Paolo
next prev parent reply other threads:[~2014-10-16 7:37 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-15 9:16 [Qemu-devel] [PATCH v3 0/2] Xen: Use ioreq-server API Paul Durrant
2014-10-15 9:16 ` Paul Durrant
2014-10-15 9:16 ` [Qemu-devel] [PATCH v3 1/2] Add device listener interface Paul Durrant
2014-10-15 9:54 ` Igor Mammedov
2014-10-15 9:54 ` [Qemu-devel] " Igor Mammedov
2014-10-15 10:05 ` Paul Durrant
2014-10-15 10:05 ` Paul Durrant
2014-10-16 12:41 ` [Qemu-devel] " Igor Mammedov
2014-10-16 12:54 ` Paul Durrant
2014-10-16 12:54 ` [Qemu-devel] " Paul Durrant
2014-10-16 12:41 ` Igor Mammedov
2014-10-15 9:16 ` Paul Durrant
2014-10-15 9:16 ` [PATCH v3 2/2] Xen: Use the ioreq-server API when available Paul Durrant
2014-10-15 9:16 ` [Qemu-devel] " Paul Durrant
2014-10-15 14:37 ` Stefano Stabellini
2014-10-15 14:51 ` Paul Durrant
2014-10-15 14:51 ` [Qemu-devel] " Paul Durrant
2014-10-15 15:04 ` [Qemu-devel] [Xen-devel] " Andrew Cooper
2014-10-15 15:04 ` Stefano Stabellini
2014-10-15 15:04 ` [Qemu-devel] [Xen-devel] " Stefano Stabellini
2014-10-15 15:04 ` Andrew Cooper
2014-10-16 9:51 ` Paul Durrant
2014-10-16 9:51 ` [Qemu-devel] " Paul Durrant
2014-10-16 10:44 ` Stefano Stabellini
2014-10-16 10:44 ` Stefano Stabellini
2014-10-15 14:37 ` Stefano Stabellini
2014-10-15 17:30 ` Peter Maydell
2014-10-15 17:30 ` [Qemu-devel] " Peter Maydell
2014-10-16 7:37 ` Paolo Bonzini [this message]
2014-10-16 8:25 ` Paul Durrant
2014-10-16 10:09 ` Paolo Bonzini
2014-10-16 10:09 ` [Qemu-devel] " Paolo Bonzini
2014-10-16 10:16 ` Paul Durrant
2014-10-16 10:16 ` [Qemu-devel] " Paul Durrant
2014-10-16 10:23 ` Paolo Bonzini
2014-10-16 10:23 ` Paolo Bonzini
2014-10-16 10:25 ` [Qemu-devel] " Paul Durrant
2014-10-16 10:25 ` Paul Durrant
2014-10-16 8:25 ` Paul Durrant
2014-10-16 7:37 ` Paolo Bonzini
2014-10-16 8:23 ` [Qemu-devel] " Paul Durrant
2014-10-16 8:23 ` Paul Durrant
2014-10-16 11:29 ` [Qemu-devel] " Stefano Stabellini
2014-10-16 12:31 ` Peter Maydell
2014-10-16 15:25 ` Stefano Stabellini
2014-10-16 15:25 ` [Qemu-devel] " Stefano Stabellini
2014-10-16 12:31 ` Peter Maydell
2014-10-16 11:29 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543F75AA.6050701@redhat.com \
--to=pbonzini@redhat.com \
--cc=agraf@suse.de \
--cc=aik@ozlabs.ru \
--cc=kraxel@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=olaf@aepfle.de \
--cc=paul.durrant@citrix.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=sw@weilnetz.de \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.