Paolo Bonzini <pbonz...@redhat.com> writes:

>> > We technically should save the addresses and sizes too.  It makes
>> > it a heck of a lot safer then re-reading guest memory since we do some
>> > validation on the size of the sg elements.
>> 
>> Not really.
>> 
>> The guest puts the descriptors in the ring and leaves them there until
>> the device acks.  If it changes them once they're exposed but before
>> they're acked, it can get either before or after version, and always
>> could.
>
> The problems start when the guest tries to race against QEMU and defy
> the validation.  Always using the validated version is a bit easier
> than redoing the validation after migration.

Exactly.

Regards,

Anthony Liguori

>
> Paolo


Reply via email to