From: Cedric Bosdonnat <cbosdonnat@suse.com>
To: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>, xen-devel@lists.xen.org
Subject: Re: [PATCH v3] libxl: QED disks support
Date: Tue, 13 Dec 2016 09:15:22 +0100 [thread overview]
Message-ID: <1481616922.2751.1.camel@suse.com> (raw)
In-Reply-To: <22606.57356.611010.86009@mariner.uk.xensource.com>
Hi Ian,
On Mon, 2016-12-12 at 17:36 +0000, Ian Jackson wrote:
> Cédric Bosdonnat writes ("[PATCH v3] libxl: QED disks support"):
> > Qdisk supports qcow and qcow2, extend it to also support qed disk
> > format.
>
> The patch is good.
>
> I have a qualm, though. I think this would increase our security
> support footprint to include the qemu qed disk format driver.
>
> Specifically:
>
> * Does the qed format contain a builtin way to refer to other files,
> like qcow does ? Paradoxically, if it does not, then it is a
> bigger risk for us: because then it might be reasonable for a user
> to feed an untrusted qed image file to xl, for use with a
> likewise-untrusted guest. That means that image-handling bugs in
> qed would be security bugs which we might have to do security
> response for.
QED does support backing files, not sure if this is a good or bad news
on the security topic.
> * We should at least consider the possibility that qed might be
> vulnerable to anomalous guest behaviour. I don't know enough about
> qed to say much about that.
>
> So I would be happy with this patch if it came with a hunk editing
> docs/misc/qemu-xen-security to say something like:
>
> + - backing storage image format: raw, qcow, qcow2, vhd
>
> (And we might want to drop vhd...)
I'm not the one deciding what is supported and what is not. Just tell
me what I should add in the patch regarding that and I'll add it.
--
Cedric
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-12-13 8:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-12 14:19 [PATCH v3] libxl: QED disks support Cédric Bosdonnat
2016-12-12 17:36 ` Ian Jackson
2016-12-13 8:15 ` Cedric Bosdonnat [this message]
2016-12-13 16:12 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1481616922.2751.1.camel@suse.com \
--to=cbosdonnat@suse.com \
--cc=ian.jackson@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.