From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MObwc-00067G-NT for qemu-devel@nongnu.org; Wed, 08 Jul 2009 14:32:38 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MObwY-0005xv-N2 for qemu-devel@nongnu.org; Wed, 08 Jul 2009 14:32:38 -0400 Received: from [199.232.76.173] (port=38287 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MObwY-0005xg-HI for qemu-devel@nongnu.org; Wed, 08 Jul 2009 14:32:34 -0400 Received: from mx2.redhat.com ([66.187.237.31]:37450) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MObwY-0007O8-2G for qemu-devel@nongnu.org; Wed, 08 Jul 2009 14:32:34 -0400 Message-ID: <4A54E64E.8090100@redhat.com> Date: Wed, 08 Jul 2009 21:32:46 +0300 From: Avi Kivity MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 3/5] Add getfd and closefd monitor commands References: <1247064963.3270.63.camel@blaa> <1247065048-15706-1-git-send-email-markmc@redhat.com> <1247065048-15706-2-git-send-email-markmc@redhat.com> <1247065048-15706-3-git-send-email-markmc@redhat.com> <4A54BABD.3040903@redhat.com> <1247069035.3270.82.camel@blaa> <4A54C634.30007@redhat.com> <4A54E0B3.8090305@codemonkey.ws> <4A54E160.9000900@redhat.com> <4A54E3BC.40306@codemonkey.ws> In-Reply-To: <4A54E3BC.40306@codemonkey.ws> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: Mark McLoughlin , qemu-devel@nongnu.org On 07/08/2009 09:21 PM, Anthony Liguori wrote: > Avi Kivity wrote: >> On 07/08/2009 09:08 PM, Anthony Liguori wrote: >>> Avi Kivity wrote: >>>> I'd prefer the communication layer to queue fds and getfd to >>>> dequeue them. >>> >>> How many do you queue? The correct answer is one, btw ;-) >> >> You queue as many as you receive, and you dequeue as many getfd >> commands as you get. > > Then someone can connect to the monitor and consume an arbitrary > number of fds? I'd be very concerned about the potential to leak fds > within QEMU from a poorly written client. Seems like a very easy > mistake to make. Well, that's intrinsic to the getfd command. We could limit it by saying we support a set number of fds, or even give them fixed names. > >> Nothing prevents the client from sending two getfd commands in a >> single packet. We can either support it or start writing detailed >> documentation and handle the bug reports when people don't read it. > > What would a client do that would result in this happening? It's > really a contrived example when you think about it pragmatically (at > least given today's monitor). I am in fact thinking of tomorrow's monitor. If indeed we follow an rpc model, it should be quite easy to have multiple threads (each doing an unrelated task) each issuing a series of commands and processing the replies. There would be a lock protecting the socket, but there would be no reason to limit the number of outstanding commands. I think that's a perfectly reasonable way to write a client. If the client is written in a high level language it's also reasonable that some buffering would take place and you'd see a single packet containing multiple commands, or a command split into multiple packets. Therefore I'd like to avoid any assumptions in this area. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.