From: Paolo Bonzini <pbonzini@redhat.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: kwolf@redhat.com, peter.maydell@linaro.org, aliguori@us.ibm.com,
ehabkost@redhat.com, gleb@redhat.com, mst@redhat.com,
jan.kiszka@siemens.com, quintela@redhat.com,
claudio.fontana@huawei.com, armbru@redhat.com,
aderumier@odiso.com, qemu-devel@nongnu.org,
anthony.perard@citrix.com, alex.williamson@redhat.com,
kraxel@redhat.com, yang.z.zhang@intel.com,
Igor Mammedov <imammedo@redhat.com>,
lcapitulino@redhat.com, afaerber@suse.de,
stefano.stabellini@eu.citrix.com, rth@twiddle.net
Subject: Re: [Qemu-devel] [PATCH 17/21] introduce memory_region_get_address() and use it in kvm/ioapic
Date: Mon, 29 Apr 2013 11:49:25 +0200 [thread overview]
Message-ID: <517E4225.7080804@redhat.com> (raw)
In-Reply-To: <CAAu8pHtLQCen81cjYjf++H6seHPQUirBQ8G+KTxcS+kz-HiM2Q@mail.gmail.com>
Il 27/04/2013 22:57, Blue Swirl ha scritto:
>> The questions are, in order of importance:
>>
>> (1) what privileges would this require in the guest? Answer: a lot.
>>
>> (2) is this likely to happen by chance? Answer: no, not at all.
>>
>> (3) is there a workaround? Answer: yes, disable in-kernel irqchip.
>
> These questions ask if there is a risk of benevolent guests performing
> these activities and I agree that the chances are close to zero.
>
> But the interesting question is to ask if a malevolent guest can bring
> down a VM uncontrollably this way and I think it only needs a few
> elevated privileges in a guest to do this.
If you have them, isn't it simpler to just turn off the VM (using APM or
ACPI)? Also, killing your guest is not a very interesting thing to do
once you've gotten elevated privileges. ;)
>> Simply setting IO_APIC_DEFAULT_ADDRESS is also flawed in my opinion.
>> I'm not sure the in-kernel irqchip handles correctly an overlap between
>> the IOAPIC and LAPIC regions, maybe an abort is predictable after all.
>
> At least the guest needs to be stopped. Perhaps we should have a
> common function which does this and logs the guest error so we can
> start replacing calls to abort() with it.
Yes, that's a good idea. We can reuse the internal error runstate for that.
Paolo
next prev parent reply other threads:[~2013-04-29 9:49 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-23 8:29 [Qemu-devel] [PATCH 00/21 v5] target-i386: CPU hot-add with cpu-add QMP command Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 01/21] cpu: make kvm-stub.o a part of CPU library Igor Mammedov
2013-04-23 15:06 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 02/21] cpu: call cpu_synchronize_post_init() from CPUClass.realize() if hotplugged Igor Mammedov
2013-04-23 15:59 ` Andreas Färber
2013-04-24 12:08 ` Andreas Färber
2013-04-24 13:34 ` Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 03/21] introduce cpu_resume(), for single CPU Igor Mammedov
2013-04-24 15:21 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 04/21] cpu: resume CPU from CPUClass.cpu_common_realizefn() when it is hot-plugged Igor Mammedov
2013-04-24 15:37 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 05/21] introduce CPU hot-plug notifier Igor Mammedov
2013-04-24 16:52 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 06/21] target-i386: pc: update rtc_cmos on CPU hot-plug Igor Mammedov
2013-04-24 17:03 ` Andreas Färber
2013-04-24 20:04 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 07/21] cpu: introduce get_arch_id() method and override it for target-i386 Igor Mammedov
2013-04-24 17:51 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 08/21] exec: add qemu_for_each_cpu Igor Mammedov
2013-04-25 14:48 ` Andreas Färber
2013-04-23 8:29 ` [Qemu-devel] [PATCH 09/21] cpu: add helper cpu_exists(), to check if CPU with specified id exists Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 10/21] acpi_piix4: add infrastructure to send CPU hot-plug GPE to guest Igor Mammedov
2013-04-23 11:38 ` Juan Quintela
2013-04-23 12:54 ` Igor Mammedov
2013-04-23 13:04 ` Michael S. Tsirkin
2013-04-23 14:51 ` Igor Mammedov
2013-04-23 15:01 ` Michael S. Tsirkin
2013-04-23 13:16 ` Juan Quintela
2013-04-23 15:25 ` Juan Quintela
2013-04-23 15:53 ` Igor Mammedov
2013-04-23 13:43 ` Juan Quintela
2013-04-23 13:58 ` Eduardo Habkost
2013-04-23 14:10 ` Igor Mammedov
2013-04-23 16:27 ` [Qemu-devel] [PATCH 10/21 DISGISED v6] " Igor Mammedov
2013-04-24 15:56 ` Igor Mammedov
2013-04-24 16:03 ` Eduardo Habkost
2013-04-24 16:07 ` Paolo Bonzini
2013-04-24 16:09 ` Andreas Färber
2013-04-24 17:22 ` Igor Mammedov
2013-04-24 15:58 ` [Qemu-devel] [PATCH 08/19 v7] " Igor Mammedov
2013-04-24 16:06 ` Andreas Färber
2013-04-24 17:15 ` Igor Mammedov
2013-04-24 18:57 ` [Qemu-devel] [PATCH 10/21 v8] " Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 11/21] target-i386: introduce apic-id property Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 12/21] target-i386: introduce ICC bus/device/bridge Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 13/21] target-i386: cpu: attach ICC bus to CPU on its creation Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 14/21] target-i386: replace MSI_SPACE_SIZE with APIC_SPACE_SIZE Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 15/21] target-i386: kvmvapic: make expilict dependency on sysbus.h Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 16/21] target-i386: move APIC to ICC bus Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 17/21] introduce memory_region_get_address() and use it in kvm/ioapic Igor Mammedov
2013-04-23 17:02 ` Paolo Bonzini
2013-04-23 17:06 ` Peter Maydell
2013-04-23 17:14 ` Paolo Bonzini
2013-04-23 17:26 ` Peter Maydell
2013-04-23 17:39 ` Jan Kiszka
2013-04-23 18:00 ` Peter Maydell
2013-04-23 21:02 ` Paolo Bonzini
2013-04-23 21:39 ` Peter Maydell
2013-04-23 21:46 ` Paolo Bonzini
2013-04-23 22:00 ` Peter Maydell
2013-04-24 10:22 ` Paolo Bonzini
2013-04-24 10:26 ` Paolo Bonzini
2013-04-24 16:02 ` [Qemu-devel] [PATCH 15/19 v2] extend memory_region_find() " Igor Mammedov
2013-04-25 18:37 ` [Qemu-devel] [PATCH 17/21] introduce memory_region_get_address() " Blue Swirl
2013-04-26 14:17 ` Igor Mammedov
2013-04-26 17:35 ` Blue Swirl
2013-04-26 17:46 ` Igor Mammedov
2013-04-26 22:13 ` Paolo Bonzini
2013-04-27 10:09 ` Blue Swirl
2013-04-27 12:12 ` Paolo Bonzini
2013-04-27 20:57 ` Blue Swirl
2013-04-29 9:49 ` Paolo Bonzini [this message]
2013-04-29 9:55 ` Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 18/21] target-i386: move IOAPIC to ICC bus Igor Mammedov
2013-04-23 8:29 ` [Qemu-devel] [PATCH 19/21] add hot_add_cpu hook to QEMUMachine and export machine_args Igor Mammedov
2013-04-24 17:25 ` Andreas Färber
2013-04-24 17:42 ` Igor Mammedov
2013-04-25 16:58 ` Eduardo Habkost
2013-04-23 8:29 ` [Qemu-devel] [PATCH 20/21] target-i386: implement machine->hot_add_cpu hook Igor Mammedov
2013-04-24 17:31 ` Andreas Färber
2013-04-24 19:14 ` Eduardo Habkost
2013-04-23 8:29 ` [Qemu-devel] [PATCH 21/21] QMP: add cpu-add command Igor Mammedov
2013-04-23 13:26 ` Luiz Capitulino
2013-04-23 14:15 ` Igor Mammedov
2013-04-24 19:44 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=517E4225.7080804@redhat.com \
--to=pbonzini@redhat.com \
--cc=aderumier@odiso.com \
--cc=afaerber@suse.de \
--cc=alex.williamson@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=anthony.perard@citrix.com \
--cc=armbru@redhat.com \
--cc=blauwirbel@gmail.com \
--cc=claudio.fontana@huawei.com \
--cc=ehabkost@redhat.com \
--cc=gleb@redhat.com \
--cc=imammedo@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=rth@twiddle.net \
--cc=stefano.stabellini@eu.citrix.com \
--cc=yang.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).