On Wed, Feb 26, 2020 at 20:39:26 -0600, Eric Blake wrote: > There are many existing qcow2 images that specify a backing file but > no format. This has been the source of CVEs in the past, but has > become more prominent of a problem now that libvirt has switched to > -blockdev. With older -drive, at least the probing was always done by > qemu (so the only risk of a changed format between successive boots of > a guest was if qemu was upgraded and probed differently). But with > newer -blockdev, libvirt must specify a format; if libvirt guesses raw > where the image was formatted, this results in data corruption visible > to the guest; conversely, if libvirt guesses qcow2 where qemu was > using raw, this can result in potential security holes, so modern > libvirt instead refuses to use images without explicit backing format. > > The change in libvirt to reject images without explicit backing format > has pointed out that a number of tools have been far too reliant on > probing in the past. It's time to set a better example in our own > iotests of properly setting this parameter. > > iotest calls to create, rebase, convert, and amend are all impacted to > some degree. It's a bit annoying that we are inconsistent on command > line - while all of those accept -o backing_file=...,backing_fmt=..., > the shortcuts are different: create and rebase have -b and -F, convert > has -B but no -F, and amend has no shortcuts. > > Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> > --- [...] > 113 files changed, 414 insertions(+), 338 deletions(-) > > diff --git a/tests/qemu-iotests/017 b/tests/qemu-iotests/017 > index 0a4b854e6520..585512bb296b 100755 > --- a/tests/qemu-iotests/017 > +++ b/tests/qemu-iotests/017 > @@ -66,7 +66,7 @@ echo "Creating test image with backing file" > echo > > TEST_IMG=$TEST_IMG_SAVE > -_make_test_img -b "$TEST_IMG.base" 6G > +_make_test_img -b "$TEST_IMG.base" -F $IMGFMT 6G > My understanding of the intricacies of the qemu-iotest suite is not good enoug to be able to review this patch. Specifically $IMGFMT in this instance is also used in the '-f' switch of qemu-img in _make_test_img and I don't know if it's expected for the backing file to share the format.
