From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=35099 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OsbBm-0007yN-6Z for qemu-devel@nongnu.org; Mon, 06 Sep 2010 08:52:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OsbBg-0006Bz-M8 for qemu-devel@nongnu.org; Mon, 06 Sep 2010 08:52:46 -0400 Received: from mail-gw0-f45.google.com ([74.125.83.45]:36810) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OsbBg-0006Bs-H6 for qemu-devel@nongnu.org; Mon, 06 Sep 2010 08:52:40 -0400 Received: by gwb11 with SMTP id 11so1836183gwb.4 for ; Mon, 06 Sep 2010 05:52:40 -0700 (PDT) Message-ID: <4C84E419.50200@codemonkey.ws> Date: Mon, 06 Sep 2010 07:52:41 -0500 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [RFC] qed: Add QEMU Enhanced Disk format References: <1283767478-16740-1-git-send-email-stefanha@linux.vnet.ibm.com> <20100906111821.GG4777@redhat.com> In-Reply-To: <20100906111821.GG4777@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Kevin Wolf , Stefan Hajnoczi , qemu-devel@nongnu.org On 09/06/2010 06:18 AM, Daniel P. Berrange wrote: > I agree with ditching compression, but encryption is an important > capability which cannot be satisfactorily added at other layers > in the stack. While block devices / local filesystems can layer > in dm-crypt in the host, this is not possible with network/cluster > filesystems which account for a non-trivial target audience. ecryptfs should work with NFS these days. If it still doesn't, it will in the not too distant future. > Adding > encryption inside the guest is sub-optimal because you cannot do > secure automation of guest startup. Either you require manaual > intervention to start every guest to enter the key, or if you > hardcode the key, then anyone who can access the guest disk image > can start the guest. I think this belongs in the VFS level but from a format perspective, an encryption feature would be easy to add. >> + >> + if ((s->header.compat_features& QED_CF_BACKING_FORMAT)) { >> + ret = qed_read_string(bs->file, s->header.backing_fmt_offset, >> + s->header.backing_fmt_size, >> + bs->backing_format, >> + sizeof(bs->backing_format)); >> + if (ret< 0) { >> + return ret; >> + } >> + } >> > IMHO we should make the backing format compulsory with use of > the backing file. The only time probing is required is when > initially creating the child image, thereafter there's no > benefit to probing again. > Stefan originally made it mandatory but I asked to make it optional. From a format specification perspective, backing_fmt introduces some problems. What does a backing_fmt of 'vmdk' mean outside of qemu? More importantly, humans to create image formats by hand. Instead, they use tools like qemu-img. If you think we should for the specification of a backing file format in qemu-img, that's the place we should do it. Regards, Anthony Liguori > Regards, > Daniel >