On Mon, Aug 26, 2019 at 11:59:06 +0800, Yi Li wrote: > merge VIR_STORAGE_FILE_AUTO_SAFE/VIR_STORAGE_FILE_AUTO to VIR_STORAGE_FILE_AUTO > virStorageFileProbeFormatFromBuf will probe the backingStore format. > > Fix the booting issue when setting backingStore format (QCOW image) to RAW image. This description does not really describe what the problem is. > > Signed-off-by: Yi Li <yili@xxxxxxxxxxx> > --- > src/qemu/qemu_block.c | 2 -- > src/util/virstoragefile.c | 4 +--- > src/util/virstoragefile.h | 1 - > 3 files changed, 1 insertion(+), 6 deletions(-) > > @@ -4916,8 +4916,6 @@ virStorageFileGetMetadataRecurse(virStorageSourcePtr src, > goto cleanup; > > if (backingFormat == VIR_STORAGE_FILE_AUTO) > - backingStore->format = VIR_STORAGE_FILE_RAW; > - else if (backingFormat == VIR_STORAGE_FILE_AUTO_SAFE) > backingStore->format = VIR_STORAGE_FILE_AUTO; I don't think we can do this safely. This code was added so that we never let qemu probe the image format. This was due to a security issue as a malicious guest could write a qcow2 or any other storage format header which has backing files into a raw volume. At new start this would be detected as the qcow2 or other format and qemu would open also the backing file. The guest then would gain access to un-allowed resources. While now qemu refuses writing some parts of the raw image if no format was specified I don't think we should remove this code. Users always shall use the correct format. NACK
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
