From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MvWyg-0002Kz-VC
	for qemu-devel@nongnu.org; Wed, 07 Oct 2009 09:54:50 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MvWyb-0002Ih-1i
	for qemu-devel@nongnu.org; Wed, 07 Oct 2009 09:54:49 -0400
Received: from [199.232.76.173] (port=49518 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MvWya-0002Ia-Sr
	for qemu-devel@nongnu.org; Wed, 07 Oct 2009 09:54:44 -0400
Received: from mx1.redhat.com ([209.132.183.28]:33490)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <mst@redhat.com>) id 1MvWya-0000As-0m
	for qemu-devel@nongnu.org; Wed, 07 Oct 2009 09:54:44 -0400
Date: Wed, 7 Oct 2009 15:52:38 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20091007135238.GB9769@redhat.com>
References: <4AB8DD53.7070806@redhat.com> <4AB8DECA.3090908@redhat.com>
	<4AB8E88C.4040103@redhat.com> <4AB980E6.2070203@codemonkey.ws>
	<4AB9AA8E.7060800@third-harmonic.com> <4AC1A4AD.10509@redhat.com>
	<4ACA1527.9050305@third-harmonic.com>
	<20091005195409.GB3399@redhat.com>
	<4ACC2BE6.2080205@redhat.com> <4ACC9C30.2080505@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4ACC9C30.2080505@codemonkey.ws>
Subject: [Qemu-devel] Re: [PATCH] fix virtio_blk serial pci config breakage,
	v2
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: john cooper <john.cooper@redhat.com>, Rusty Russell <rusty@rustcorp.com.au>, qemu-devel@nongnu.org, Vadim Rozenfeld <vrozenfe@redhat.com>, jens.axboe@oracle.com, Avi Kivity <avi@redhat.com>

On Wed, Oct 07, 2009 at 08:48:32AM -0500, Anthony Liguori wrote:
> john cooper wrote:
>> Michael S. Tsirkin wrote:
>>   
>>>> +    put_le16(p + 0, 0x0);                            /* ATA device */
>>>> +    padstr((char *)(p + 23), QEMU_VERSION, 8);       /* firmware revision */
>>>>       
>>> QEMU version is currently a string like "0.11.50" which is exactly 8
>>> bytes. What if someone makes it longer?  padstr will not 0
>>> terminate string, and only partial data will be there.
>>>     
>>
>> This code treats the field similar to the logic from which
>> it derives (hw/ide.c) in that the field need not be nul
>> terminated.  Quiet truncation to 8 bytes can occur here
>> and in the existing usage but in a practical sense I don't
>> see much of a recourse.  We can flag a warning but the
>> data is realistically a best-effort attempt to provide
>> relevant information in this field.  IOW overflowing
>> this field probably isn't justification alone to modify
>> a too long qemu version string.
>>   
>
> Hrm, we really shouldn't be exposing a version string to the guest in  
> the first place.
>
> That's a compatibility issue.

Actually, it's a good point. Otherwise e.g. the identity changes with
migration. My understanding is that this isn't the only place where
we do this?

> Really, I strongly dislike passing this identity page via virtio.  Why  
> are we still going this route instead of just passing the S/N?

No opinion on this.

> Regards,
>
> Anthony Liguori