From: "Ján Tomko" <jtomko@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
pkrempa@redhat.com, qemu-block@nongnu.org,
libvir-list@redhat.com, qemu-devel@nongnu.org, mreitz@redhat.com
Subject: Re: [PATCH v2 3/3] qemu-img: Deprecate use of -b without -F
Date: Thu, 27 Feb 2020 10:43:14 +0100 [thread overview]
Message-ID: <20200227094314.GF2262365@lpt> (raw)
In-Reply-To: <20200227023928.1021959-4-eblake@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1466 bytes --]
On a Wednesday in 2020, Eric Blake wrote:
>Creating an image that requires format probing of the backing image is
>inherently unsafe (we've had several CVEs over the years based on
>probes leaking information to the guest on a subsequent boot). If our
>probing algorithm ever changes, or if other tools like libvirt
>determine a different probe result than we do, then subsequent use of
>that backing file under a different format will present corrupted data
>to the guest. Start a deprecation clock so that future qemu-img can
>refuse to create unsafe backing chains that would rely on probing.
>
>However, there is one time where probing is safe: if we probe raw,
>then it is safe to record that implicitly in the image (but we still
>warn, as it's better to teach the user to supply -F always than to
>make them guess when it is safe).
>
>iotest 114 specifically wants to create an unsafe image for later
>amendment rather than defaulting to our new default of recording a
>probed format, so it needs an update.
>
>Signed-off-by: Eric Blake <eblake@redhat.com>
>---
> qemu-deprecated.texi | 15 +++++++++++++++
> block.c | 21 ++++++++++++++++++++-
> qemu-img.c | 8 +++++++-
> tests/qemu-iotests/114 | 4 ++--
> tests/qemu-iotests/114.out | 1 +
> 5 files changed, 45 insertions(+), 4 deletions(-)
>
This seems to affect code paths that are used even outside of qemu-img,
should the commit message mention it?
Jano
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
prev parent reply other threads:[~2020-02-27 9:44 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-27 2:39 [PATCH v2 0/3] Tighten qemu-img rules on missing backing format Eric Blake
2020-02-27 2:39 ` [PATCH v2 1/3] iotests: Specify explicit backing format where sensible Eric Blake
2020-02-27 7:20 ` Peter Krempa
2020-02-27 9:03 ` Ján Tomko
2020-02-27 13:05 ` Eric Blake
2020-02-27 9:19 ` Ján Tomko
2020-02-27 13:08 ` Eric Blake
2020-03-05 22:58 ` Eric Blake
2020-02-27 2:39 ` [PATCH v2 2/3] block: Add support to warn on backing file change without format Eric Blake
2020-02-27 7:10 ` Peter Krempa
2020-02-27 9:22 ` Ján Tomko
2020-02-27 2:39 ` [PATCH v2 3/3] qemu-img: Deprecate use of -b without -F Eric Blake
2020-02-27 7:09 ` Peter Krempa
2020-02-27 13:13 ` Eric Blake
2020-02-27 9:43 ` Ján Tomko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200227094314.GF2262365@lpt \
--to=jtomko@redhat.com \
--cc=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=libvir-list@redhat.com \
--cc=mreitz@redhat.com \
--cc=pkrempa@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.