[libvirt] [PATCH] qemu: drop unused arguments for dump-guest-memory

Monday, 17 September 2012

Upstream qemu has raised a concern about whether dumping guest
memory by reading guest paging tables is a security hole:
https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02607.html

While auditing libvirt to see if we would be impacted, I noticed
that we had some dead code.  It is simpler to nuke the dead code
and limit our monitor code to just the subset we make use of.

* src/qemu/qemu_monitor.h (QEMU_MONITOR_DUMP): Drop poorly named
and mostly-unused enum.
* src/qemu/qemu_monitor.c (qemuMonitorDumpToFd): Drop arguments.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDump): Likewise.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDump): Likewise.
* src/qemu/qemu_driver.c (qemuDumpToFd): Update caller.
---
 src/qemu/qemu_driver.c       |  2 +-
 src/qemu/qemu_monitor.c      | 12 ++++--------
 src/qemu/qemu_monitor.h      | 11 +----------
 src/qemu/qemu_monitor_json.c | 24 +++++++-----------------
 src/qemu/qemu_monitor_json.h |  5 +----
 5 files changed, 14 insertions(+), 40 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f14c220..e6e5d02 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3136,7 +3136,7 @@ static int qemuDumpToFd(struct qemud_driver *driver, virDomainObjPtr
vm,
     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
         return -1;

-    ret = qemuMonitorDumpToFd(priv->mon, 0, fd, 0, 0);
+    ret = qemuMonitorDumpToFd(priv->mon, fd);
     qemuDomainObjExitMonitorWithDriver(driver, vm);

     return ret;
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index b7730fd..b772b28 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -2045,15 +2045,11 @@ int qemuMonitorMigrateCancel(qemuMonitorPtr mon)
     return ret;
 }

-int qemuMonitorDumpToFd(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        int fd,
-                        unsigned long long begin,
-                        unsigned long long length)
+int
+qemuMonitorDumpToFd(qemuMonitorPtr mon, int fd)
 {
     int ret;
-    VIR_DEBUG("mon=%p fd=%d flags=%x begin=%llx length=%llx",
-              mon, fd, flags, begin, length);
+    VIR_DEBUG("mon=%p fd=%d", mon, fd);

     if (!mon) {
         virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -2073,7 +2069,7 @@ int qemuMonitorDumpToFd(qemuMonitorPtr mon,
     if (qemuMonitorSendFileHandle(mon, "dump", fd) < 0)
         return -1;

-    ret = qemuMonitorJSONDump(mon, flags, "fd:dump", begin, length);
+    ret = qemuMonitorJSONDump(mon, "fd:dump");

     if (ret < 0) {
         if (qemuMonitorCloseFileHandle(mon, "dump") < 0)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index e37dac8..232ae96 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -387,17 +387,8 @@ int qemuMonitorMigrateToUnix(qemuMonitorPtr mon,

 int qemuMonitorMigrateCancel(qemuMonitorPtr mon);

-typedef enum {
-  QEMU_MONITOR_DUMP_HAVE_FILTER  = 1 << 0,
-  QEMU_MONITOR_DUMP_PAGING       = 1 << 1,
-  QEMU_MONITOR_DUMP_FLAGS_LAST
-} QEMU_MONITOR_DUMP;
-
 int qemuMonitorDumpToFd(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        int fd,
-                        unsigned long long begin,
-                        unsigned long long length);
+                        int fd);

 int qemuMonitorGraphicsRelocate(qemuMonitorPtr mon,
                                 int type,
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index b23be1e..a5198b0 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2552,28 +2552,18 @@ int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon)
     return ret;
 }

-int qemuMonitorJSONDump(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        const char *protocol,
-                        unsigned long long begin,
-                        unsigned long long length)
+int
+qemuMonitorJSONDump(qemuMonitorPtr mon,
+                    const char *protocol)
 {
     int ret;
     virJSONValuePtr cmd = NULL;
     virJSONValuePtr reply = NULL;

-    if (flags & QEMU_MONITOR_DUMP_HAVE_FILTER)
-        cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
-                                         "b:paging", flags &
QEMU_MONITOR_DUMP_PAGING ? 1 : 0,
-                                         "s:protocol", protocol,
-                                         "U:begin", begin,
-                                         "U:length", length,
-                                         NULL);
-    else
-        cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
-                                         "b:paging", flags &
QEMU_MONITOR_DUMP_PAGING ? 1 : 0,
-                                         "s:protocol", protocol,
-                                         NULL);
+    cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
+                                     "b:paging", false,
+                                     "s:protocol", protocol,
+                                     NULL);
     if (!cmd)
         return -1;

diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index bdcf819..b592d12 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -138,10 +138,7 @@ int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
 int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon);

 int qemuMonitorJSONDump(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        const char *protocol,
-                        unsigned long long begin,
-                        unsigned long long length);
+                        const char *protocol);

 int qemuMonitorJSONGraphicsRelocate(qemuMonitorPtr mon,
                                     int type,
-- 
1.7.11.4


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH] qemu: drop unused arguments for dump-guest-memory