qemu: drop unused arguments for dump-guest-memory

Upstream qemu has raised a concern about whether dumping guest
memory by reading guest paging tables is a security hole:
https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02607.html

While auditing libvirt to see if we would be impacted, I noticed
that we had some dead code.  It is simpler to nuke the dead code
and limit our monitor code to just the subset we make use of.

* src/qemu/qemu_monitor.h (QEMU_MONITOR_DUMP): Drop poorly named
and mostly-unused enum.
* src/qemu/qemu_monitor.c (qemuMonitorDumpToFd): Drop arguments.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDump): Likewise.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDump): Likewise.
* src/qemu/qemu_driver.c (qemuDumpToFd): Update caller.

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 901e3fe360a6dd49f7ed37dc14f0dd9eda46770a..12ac15c284cdffd1291bbb05cc32779abe304147 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3132,7 +3132,7 @@ static int qemuDumpToFd(struct qemud_driver *driver, virDomainObjPtr vm,
     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
         return -1;
 
-    ret = qemuMonitorDumpToFd(priv->mon, 0, fd, 0, 0);
+    ret = qemuMonitorDumpToFd(priv->mon, fd);
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
     return ret;

diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index f8d717f13f0847cc6ad1dc9a38c42811bd955ad8..f36c8a8f794936f4d6cb6349e64c42d9710016d7 100644 (file)
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -2045,15 +2045,11 @@ int qemuMonitorMigrateCancel(qemuMonitorPtr mon)
     return ret;
 }
 
-int qemuMonitorDumpToFd(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        int fd,
-                        unsigned long long begin,
-                        unsigned long long length)
+int
+qemuMonitorDumpToFd(qemuMonitorPtr mon, int fd)
 {
     int ret;
-    VIR_DEBUG("mon=%p fd=%d flags=%x begin=%llx length=%llx",
-              mon, fd, flags, begin, length);
+    VIR_DEBUG("mon=%p fd=%d", mon, fd);
 
     if (!mon) {
         virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -2073,7 +2069,7 @@ int qemuMonitorDumpToFd(qemuMonitorPtr mon,
     if (qemuMonitorSendFileHandle(mon, "dump", fd) < 0)
         return -1;
 
-    ret = qemuMonitorJSONDump(mon, flags, "fd:dump", begin, length);
+    ret = qemuMonitorJSONDump(mon, "fd:dump");
 
     if (ret < 0) {
         if (qemuMonitorCloseFileHandle(mon, "dump") < 0)

diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index d44e93cb183301307cd52b99552b8f282c52d923..3ebfa3b0dda28819342e8ad2289e9b941de50337 100644 (file)
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -387,17 +387,8 @@ int qemuMonitorMigrateToUnix(qemuMonitorPtr mon,
 
 int qemuMonitorMigrateCancel(qemuMonitorPtr mon);
 
-typedef enum {
-  QEMU_MONITOR_DUMP_HAVE_FILTER  = 1 << 0,
-  QEMU_MONITOR_DUMP_PAGING       = 1 << 1,
-  QEMU_MONITOR_DUMP_FLAGS_LAST
-} QEMU_MONITOR_DUMP;
-
 int qemuMonitorDumpToFd(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        int fd,
-                        unsigned long long begin,
-                        unsigned long long length);
+                        int fd);
 
 int qemuMonitorGraphicsRelocate(qemuMonitorPtr mon,
                                 int type,

diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index ed18a64fae9c3ad39b74a05b9e1a38ba51459f1e..d3a994364fad438628cd25424c73662f156a4311 100644 (file)
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2535,28 +2535,18 @@ int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon)
     return ret;
 }
 
-int qemuMonitorJSONDump(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        const char *protocol,
-                        unsigned long long begin,
-                        unsigned long long length)
+int
+qemuMonitorJSONDump(qemuMonitorPtr mon,
+                    const char *protocol)
 {
     int ret;
     virJSONValuePtr cmd = NULL;
     virJSONValuePtr reply = NULL;
 
-    if (flags & QEMU_MONITOR_DUMP_HAVE_FILTER)
-        cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
-                                         "b:paging", flags & QEMU_MONITOR_DUMP_PAGING ? 1 : 0,
-                                         "s:protocol", protocol,
-                                         "U:begin", begin,
-                                         "U:length", length,
-                                         NULL);
-    else
-        cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
-                                         "b:paging", flags & QEMU_MONITOR_DUMP_PAGING ? 1 : 0,
-                                         "s:protocol", protocol,
-                                         NULL);
+    cmd = qemuMonitorJSONMakeCommand("dump-guest-memory",
+                                     "b:paging", false,
+                                     "s:protocol", protocol,
+                                     NULL);
     if (!cmd)
         return -1;
 

diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index d092b880f1e2b6984aa01ab00bbf855c640f48de..8e80856b7bd72ff8f9280e2aa55cb2bd1b6c0f02 100644 (file)
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -138,10 +138,7 @@ int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
 int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon);
 
 int qemuMonitorJSONDump(qemuMonitorPtr mon,
-                        unsigned int flags,
-                        const char *protocol,
-                        unsigned long long begin,
-                        unsigned long long length);
+                        const char *protocol);
 
 int qemuMonitorJSONGraphicsRelocate(qemuMonitorPtr mon,
                                     int type,