On Sat, Dec 12, 2009 at 11:40:21AM -0600, Anthony Liguori wrote: > If Spice can crash a guest, that indicates to me that Spice is
That's not what I meant, anything in qemu address space can crash a guest not just spice, even qcow2 could crash a guest, you just need to *vaddr_in_guest_physical_space = 0 through a corrupted pointer (corrupted pointers are very rare, gcc is very pedantic, there are tools to trap those but they historically happened a few times in the kernel), but when I said it I didn't in mind crashing just the guest, I meant corrupting qemu memory itself through a different corrupted vaddr, but it is the same risk, you could flip a bit in a buffer header holding ext4 metadata in the guest physical address space or flip a bit in qcow2 cluster bitmap, it doesn't make a difference both could result in fs corruption in an extremely unlikely scenario (and that extremely unlikely scenario is the only one where the microkernel design would eventually payoff, where you get the graphics and mouse hosed, but the guest sill is reachable through the network). I simply meant spice should live in the same address space where the other virtio drivers are living for the same reasons (performance), it's no different. Izik already answered the other part. Thanks, Andrea
