* Guest agent guest-exec memory usage
@ 2024-06-17 13:05 Konstantin Kostiuk
2024-06-17 13:14 ` Daniel P. Berrangé
0 siblings, 1 reply; 2+ messages in thread
From: Konstantin Kostiuk @ 2024-06-17 13:05 UTC (permalink / raw)
To: QEMU
Cc: Dehan Meng, Philippe Mathieu-Daudé, Michael Roth,
Daniel Berrange, Marc-André Lureau, Yan Vugenfirer
[-- Attachment #1: Type: text/plain, Size: 688 bytes --]
Hi All,
During the investigation of a possible memory leak in the `guest-exec`
command of guest-agent, I found unexpected behavior for me. When we execute
the `guest-exec` command with `capture-output = true`, guest-agent stores
stdout/stderr until someone calls `guest-exec-status`.
Just for testing, I executed the `man man` command 1000 times with
`capture-output = true` and guest-agent allocated 36Mb to store the results
and it fully depends on output size.
I want to ask your opinion about this behavior. Is this behavior expected
or not? Should we store all output forever or should we limit it by memory
size/execution time/execution count?
Best Regards,
Konstantin Kostiuk.
[-- Attachment #2: Type: text/html, Size: 884 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Guest agent guest-exec memory usage
2024-06-17 13:05 Guest agent guest-exec memory usage Konstantin Kostiuk
@ 2024-06-17 13:14 ` Daniel P. Berrangé
0 siblings, 0 replies; 2+ messages in thread
From: Daniel P. Berrangé @ 2024-06-17 13:14 UTC (permalink / raw)
To: Konstantin Kostiuk
Cc: QEMU, Dehan Meng, Philippe Mathieu-Daudé, Michael Roth,
Marc-André Lureau, Yan Vugenfirer
On Mon, Jun 17, 2024 at 04:05:07PM +0300, Konstantin Kostiuk wrote:
> Hi All,
>
> During the investigation of a possible memory leak in the `guest-exec`
> command of guest-agent, I found unexpected behavior for me. When we execute
> the `guest-exec` command with `capture-output = true`, guest-agent stores
> stdout/stderr until someone calls `guest-exec-status`.
>
> Just for testing, I executed the `man man` command 1000 times with
> `capture-output = true` and guest-agent allocated 36Mb to store the results
> and it fully depends on output size.
>
> I want to ask your opinion about this behavior. Is this behavior expected
> or not? Should we store all output forever or should we limit it by memory
> size/execution time/execution count?
If 'guest-exec' is enabled in the agent, this says that the host OS users
of the guest-agent are inherently trusted. If they're issuing many guest-exec
commands with capture-output = true, and then batching up the calls to
guest-exec-status for a later time, that's their perogative and not any
worse than other things they can already do with 'guest-exec', such as
requesting a fork-bomb.
Or to put it another way, if the guest OS admin is worried about malicious
usage of 'guest-exec' they should block this command entirely.
One of the patches I have in this series:
https://lists.nongnu.org/archive/html/qemu-devel/2024-06/threads.html
proposes blocking guest-exec by default in the agent, as it is an
inherantly risky command to expose.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-06-17 13:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-17 13:05 Guest agent guest-exec memory usage Konstantin Kostiuk
2024-06-17 13:14 ` Daniel P. Berrangé
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.