From: Kevin Wolf <kwolf@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: "Kashyap Chamarthy" <kashyap.cv@gmail.com>,
qemu-devel@nongnu.org, "Stefan Hajnoczi" <stefanha@redhat.com>,
"Benoît Canet" <benoit@irqsave.net>
Subject: Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command
Date: Fri, 12 Oct 2012 16:38:15 +0200 [thread overview]
Message-ID: <50782B57.7050208@redhat.com> (raw)
In-Reply-To: <50782A1B.2030106@redhat.com>
Am 12.10.2012 16:32, schrieb Eric Blake:
> On 10/12/2012 08:27 AM, Kevin Wolf wrote:
>> Am 12.10.2012 16:24, schrieb Eric Blake:
>>> On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
>>>> The qemu-img info --backing-chain option enumerates the backing file
>>>> chain. For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
>>>> output becomes:
>>>>
>>>
>>>> + do {
>>>> + bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING,
>>>> + false);
>>>> + if (!bs) {
>>>> + goto err;
>>>> + }
>>>
>>>> + } while (filename);
>>>
>>> Eww - infinite loop if presented with malicious data where someone has
>>> used 'qemu-img rebase -u' to create a cycle. I think you need a
>>> followup patch that hashes which files have been opened to date, and
>>> abort the loop once a cycle is detected.
>>
>> That would already cause problems in bdrv_open(), so I'd consider it a
>> separate bug. We should fail gracefully when trying to open such an
>> image. Once it's open, other code can trust that the chain makes sense.
>
> Hmm. For 'qemu-img info', I can see two behaviors, both useful, when
> presented with a corrupt image. One is to error out right away (because
> qemu would be unable to use the image). But the other is for debugging
> WHY the image is corrupt, at which point I want qemu-img info to display
> as much information as possible, INCLUDING what backing file is recorded
> in the header, so that I can follow the loop and decide where to break
> the loop. Sounds like we might need another flag to bdrv_open() on
> whether to detect cycles; as well as fixing qemu-img info to check for
> cycles on its own when it bypasses normal cycle-checking in bdrv_open.
Makes sense. Though I think BDRV_O_NO_BACKING is enough to implement
this functionality in qemu-img. We'd just have to have an error code
that allows qemu-img to check if we detected a loop so that it can start
searching the broken image.
Kevin
next prev parent reply other threads:[~2012-10-12 14:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-12 14:09 [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command Stefan Hajnoczi
2012-10-12 14:18 ` Eric Blake
2012-10-12 14:24 ` Eric Blake
2012-10-12 14:27 ` Kevin Wolf
2012-10-12 14:32 ` Eric Blake
2012-10-12 14:38 ` Kevin Wolf [this message]
2012-10-12 14:50 ` Eric Blake
2012-10-12 19:16 ` Kashyap Chamarthy
2012-10-12 20:19 ` Kashyap Chamarthy
2012-10-12 20:31 ` Eric Blake
2012-10-13 15:50 ` Kashyap Chamarthy
2012-10-13 21:36 ` Eric Blake
2012-10-14 6:10 ` Kashyap Chamarthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50782B57.7050208@redhat.com \
--to=kwolf@redhat.com \
--cc=benoit@irqsave.net \
--cc=eblake@redhat.com \
--cc=kashyap.cv@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.