From mboxrd@z Thu Jan 1 00:00:00 1970 From: Markus Armbruster Subject: Re: [PATCH] QEMU "drive_init()" Disk Format Security Bypass Date: Mon, 16 Jun 2008 17:38:22 +0200 Message-ID: <87tzfto0ep.fsf@pike.pond.sub.org> References: <200805081800.24064.turkay.eren@gmail.com> <18467.12572.126574.502777@mariner.uk.xensource.com> <20080508171255.GA31908@redhat.com> <18467.13858.203078.97403@mariner.uk.xensource.com> <20080508172304.GB31908@redhat.com> <18467.14318.921215.768838@mariner.uk.xensource.com> <20080508173023.GC31908@redhat.com> <18468.29633.937355.26121@mariner.uk.xensource.com> <18473.52451.967004.377867@mariner.uk.xensource.com> <8763sw9nfx.fsf@pike.pond.sub.org> <18496.793.632548.533855@mariner.uk.xensource.com> <18514.36535.961030.856448@mariner.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: In-Reply-To: <18514.36535.961030.856448@mariner.uk.xensource.com> (Ian Jackson's message of "Fri\, 13 Jun 2008 16\:13\:59 +0100") List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Ian Jackson Cc: Eren =?utf-8?Q?T=C3=BCrkay?= , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Ian Jackson writes: > I wrote: >> Markus Armbruster writes ("Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass"): >> > The -usbdevice argument is ultimately processed by usb_device_add(), >> > which calls usb_msd_init() to do the real work. I think we get (1), >> > but not (2) there, i.e. your change breaks raw format USB disks. >> >> That's quite likely. I hadn't spotted that separate arrangement. The >> best thing to do would be probably be to cross-port the format >> parameter code which upstream have introduced in this area to (mostly) >> fix the bug in their version. I'll look into it. > > The code in current qemu and in ioemu are very different in this area. > The machinery to which qemu added the format=... parameter doesn't > exist in ioemu and I don't think we want to backport that. > > Instead below is a batch which is intended to make > usbdevice = "disk:" > expect a raw device (as this probably is the most usual case) and > usbdevice = "disk-qcow:" > expect a COW image (autodetected, probably qcow2). > > This latter will eventually have to change to bring things into line > with recent qemu, but we can probably provide backwards compatibility > at that time. > > Markus and Eren: could you please try this and let me know if it > solves the problem for you ? I don't have a handy test setup here > right now. If you can't conveniently test it let me know and I'll do > it. > > Regards, > Ian. [...] Patch looks sane. I backported it to F-8 and verified that: 1. usbdevice = "disk:IMG" opens the image IMG raw regardless of file contents. Same for monitor command usb_add disk:IMG. 2. usbdevice = "disk-qcow:IMG" opens the qcow image IMG correctly. Same for monitor command usb_add disk-qcow:IMG. I believe monitor command change is still broken. I tried "change fda IMG", with a qcow image IMG, and it was opened qcow. But changing to a raw image failed; I think that feature was broken by by your security fix.