From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50040)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alistair23@gmail.com>) id 1c3seK-0004Qb-67
	for qemu-devel@nongnu.org; Mon, 07 Nov 2016 17:44:21 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alistair23@gmail.com>) id 1c3seJ-0007cy-Gq
	for qemu-devel@nongnu.org; Mon, 07 Nov 2016 17:44:20 -0500
Received: from mail-it0-x243.google.com ([2607:f8b0:4001:c0b::243]:34966)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <alistair23@gmail.com>)
	id 1c3seJ-0007cn-Bk
	for qemu-devel@nongnu.org; Mon, 07 Nov 2016 17:44:19 -0500
Received: by mail-it0-x243.google.com with SMTP id b123so7044556itb.2
	for <qemu-devel@nongnu.org>; Mon, 07 Nov 2016 14:44:19 -0800 (PST)
MIME-Version: 1.0
Sender: alistair23@gmail.com
In-Reply-To: <CAFEAcA9QT9VphrTDCYxLQu_MWJ1KPV7Y61qiDown_UEDS4hFLw@mail.gmail.com>
References: <d30a50ca3497f2a909cd50f07413dd7250078e9d.1478303567.git.alistair.francis@xilinx.com>
	<CAFEAcA8iAUHH22NfJw5-A=+dwcntVnGA=R5pXbjkEeGOJWAGaQ@mail.gmail.com>
	<CAKmqyKPbNGQV1wUPmJpm9057ngw5hyxDQdBknhWGxmq_dUSE4A@mail.gmail.com>
	<CAFEAcA9QT9VphrTDCYxLQu_MWJ1KPV7Y61qiDown_UEDS4hFLw@mail.gmail.com>
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Mon, 7 Nov 2016 14:43:48 -0800
Message-ID: <CAKmqyKO9TG7WsUqHWyrcZ0z3ywzZGWirV8RxS91Tj2QU7UzC9Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH v1 1/1] cadence_uart: Check baud rate
 generator and divider values on migration
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Alistair Francis <alistair.francis@xilinx.com>, Huawei PSIRT <psirt@huawei.com>, QEMU Developers <qemu-devel@nongnu.org>, Prasad J Pandit <pjp@fedoraproject.org>

On Mon, Nov 7, 2016 at 2:13 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 7 November 2016 at 21:53, Alistair Francis
> <alistair.francis@xilinx.com> wrote:
>> On Sat, Nov 5, 2016 at 6:51 AM, Peter Maydell <peter.maydell@linaro.org> wrote:
>>> Usually we just fail the migration if the incoming
>>> data is bogus -- any particular reason not to take that
>>> approach here?
>>
>> There is no reason, it just seemed a bit much to abort just for this.
>>
>> Should I change it to abort?
>
> I think there are two cases:
>  (1) migration from an old version could be in these
> bogus states (without having crashed the old version
> in the process) -- in that case you can argue for
> sanitizing as being most helpful to the user
> (and should comment that that's why we accept-but-squash)

I think this is actually very unlikely, anyone setting these values by
accident has probably already seen crashes.

>  (2) the out-of-bounds values only happen if somebody
> is deliberately feeding QEMU a bogus incoming data
> stream -- in this case (which is the usual one for
> bounds checks) it's best to return 1 to fail the
> migration.

This seems more likely, so it sounds like I should fail the migration.

Thanks,

Alistair

>
> thanks
> -- PMM
>