From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:46361)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1TMgDm-0007qA-Vt
	for qemu-devel@nongnu.org; Fri, 12 Oct 2012 10:28:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1TMgDd-0002e4-GG
	for qemu-devel@nongnu.org; Fri, 12 Oct 2012 10:28:14 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36347)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1TMgDd-0002dy-86
	for qemu-devel@nongnu.org; Fri, 12 Oct 2012 10:28:05 -0400
Message-ID: <507828D7.3080306@redhat.com>
Date: Fri, 12 Oct 2012 16:27:35 +0200
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
References: <1350050969-14034-1-git-send-email-stefanha@redhat.com>
	<5078281B.3090702@redhat.com>
In-Reply-To: <5078281B.3090702@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to
	info command
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>
Cc: Kashyap Chamarthy <kashyap.cv@gmail.com>, qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>, =?UTF-8?B?QmVub8OudCBDYW5ldA==?= <benoit@irqsave.net>

Am 12.10.2012 16:24, schrieb Eric Blake:
> On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
>> The qemu-img info --backing-chain option enumerates the backing file
>> chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
>> output becomes:
>>
> 
>> +    do {
>> +        bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING,
>> +                           false);
>> +        if (!bs) {
>> +            goto err;
>> +        }
> 
>> +    } while (filename);
> 
> Eww - infinite loop if presented with malicious data where someone has
> used 'qemu-img rebase -u' to create a cycle.  I think you need a
> followup patch that hashes which files have been opened to date, and
> abort the loop once a cycle is detected.

That would already cause problems in bdrv_open(), so I'd consider it a
separate bug. We should fail gracefully when trying to open such an
image. Once it's open, other code can trust that the chain makes sense.

Kevin