From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:48525) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S70nk-0000xp-8a for qemu-devel@nongnu.org; Mon, 12 Mar 2012 04:40:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1S70nd-0004YV-Vl for qemu-devel@nongnu.org; Mon, 12 Mar 2012 04:40:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:8082) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S70nd-0004YG-M1 for qemu-devel@nongnu.org; Mon, 12 Mar 2012 04:40:13 -0400 Message-ID: <4F5DB6D9.8060007@redhat.com> Date: Mon, 12 Mar 2012 09:42:01 +0100 From: Hans de Goede MIME-Version: 1.0 References: <4F5CA590.1000605@redhat.com> In-Reply-To: <4F5CA590.1000605@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [Spice-devel] seamless migration with spice List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Yonit Halperin Cc: Anthony Liguori , qemu-devel , "spice-devel@freedesktop.org" Hi, On 03/11/2012 02:16 PM, Yonit Halperin wrote: > Hi, > > We would like to implement seamless migration for Spice, i.e., keeping the currently opened spice client session valid after migration. > Today, the spice client establishes the connection to the destination before migration starts, and when migration completes, the client's session is moved to the destination, but all the session data is being reset. > > We face 2 main challenges when coming to implement seamless migration: > > (2) In order to restore the source-client spice session in the destination, we need to pass data from the source to the destination. > Example for such data: in flight copy paste data, in flight usb data > We want to pass the data from the source spice server to the destination, via Spice client. This introduces a possible race: after migration completes, the source qemu can be killed before the spice-server completes transferring the migration data to the client. I don't understand why we must transfer this via the client, we should transfer this info using established qemu migration technologies, and we should transfer it directly from the source to the dest. Passing this through the client, means trusting the client which is crazy (from a security pov), the data passed is not always just data buffers often it contains state info. And transferring this through the client means opening a whole window of injection vulnerabilities, which can simply be avoided by sending the data directly. I know this has been discussed before and I was not involved in that discussion due to -ENOTIME, sorry about that. But just as the solution for sending the data directly from source to dest proposed then was nacked by various qemu people, I nack the send the data through the client solution. That one simply is not acceptable from a security pov. So we must re-think how we can send this data directly from source to dest, in a way which is acceptable in upstream qemu. Regards, Hans