> > We technically should save the addresses and sizes too. It makes > > it a heck of a lot safer then re-reading guest memory since we do some > > validation on the size of the sg elements. > > Not really. > > The guest puts the descriptors in the ring and leaves them there until > the device acks. If it changes them once they're exposed but before > they're acked, it can get either before or after version, and always > could.
The problems start when the guest tries to race against QEMU and defy the validation. Always using the validated version is a bit easier than redoing the validation after migration. Paolo
