From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LRWNa-0002yW-EW for qemu-devel@nongnu.org; Mon, 26 Jan 2009 13:40:14 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LRWNS-0002u9-Qv for qemu-devel@nongnu.org; Mon, 26 Jan 2009 13:40:10 -0500 Received: from [199.232.76.173] (port=56391 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LRWNR-0002tm-UV for qemu-devel@nongnu.org; Mon, 26 Jan 2009 13:40:06 -0500 Received: from mx2.redhat.com ([66.187.237.31]:47781) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LRWNQ-0005AL-Cx for qemu-devel@nongnu.org; Mon, 26 Jan 2009 13:40:05 -0500 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n0QIe2tb029933 for ; Mon, 26 Jan 2009 13:40:02 -0500 From: Uri Lublin Date: Mon, 26 Jan 2009 20:39:56 +0200 Message-Id: <1232995199-12086-1-git-send-email-uril@redhat.com> Subject: [Qemu-devel] [PATCH 0/2] qemu block changes: keep backing file format v2 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Uri Lublin The purpose of this patches is to keep the backing file format together with its name, to 1. Provide a way to know the backing file format without probing it (setting the format at creation time). 2. Enable using qcow2 format (and others) over host block devices. (only if the user specifically asks for it, by providing the format). I call "hidden image format" to the following format of a backing file name: "name\0format". Although it can be considered a hack, that's an easy way to support old images with new qemu as well as old qemu with new images (in which case probing would be done), without changing the qcow2 header. If a hidden format exists, use it for the backing file. If no hidden format (or an unknown one) exists we go back to probing. Based on a previous patch from Shahar Frank. http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg01083.html The "name\0format" was suggested by Kevin Wolf on the above thread. Also fixes a security flaw found by Daniel P. Berrange on that same thread which summarizes: "Autoprobing: just say no." The first patch introduces the hidden image format. The second patch enable the user to specify the image format for the backing file upon image creation. Changes from v1: use "name\0format" instead of "fmt:FMT:name" Examples: ### Let /dev/loop0 and /dev/loop1 be qemu-images of format qcow2 and raw. ### 1. Specify qcow2 backing file. demonstrates qcow2 over host block device # ./qemu-img create -F qcow2 -b /dev/loop0 -f qcow2 /tmp/u0.qcow2 Formatting '/tmp/u0.qcow2', fmt=qcow2, backing_file=/dev/loop0, backing_fmt=qcow2, size=20971520 kB # ./x86_64-softmmu/qemu-system-x86_64 -L pc-bios/ -drive file=/tmp/u0.qcow2,format=qcow2 Works with no probing. ### 2. Specify raw backing file. # ./qemu-img create -F raw -b /dev/loop1 -f qcow2 /tmp/u1.qcow2 Formatting '/tmp/u1.qcow2', fmt=qcow2, backing_file=/dev/loop1, backing_fmt=raw, size=307200 kB ### 3. Do not specify backing file format (qcow2). ### Probing of /dev/loop0 "finds" a "host_device" format (instead of qcow2) ### and results with the guest fails to boot. ### Note: wrong size upon create. # ./qemu-img create -b /dev/loop0 -f qcow2 /tmp/p0.qcow2 Formatting '/tmp/p0.qcow2', fmt=qcow2, backing_file=/dev/loop0, size=4245292 kB # ./x86_64-softmmu/qemu-system-x86_64 -L pc-bios/ -drive file=/tmp/p0.qcow2,format=qcow2 Probing /dev/loop0 and guest fails to boot. ### 4. Do not specify backing file format (raw). ### Probing of /dev/loop1 "finds" a "host_device" format ### and results with the guest successfully boot. ### If however a VM with /dev/loop1 is was previously started and the guest ### modified the beginning of the file (writing a fake qcow2 header) ### there is a security problem as the guest user can now access almost ### any file on the host (e.g. /etc/passwd). # ./qemu-img create -b /dev/loop1 -f qcow2 /tmp/p1.qcow2 Formatting '/tmp/p1.qcow2', fmt=qcow2, backing_file=/dev/loop1, size=307200 kB # ./x86_64-softmmu/qemu-system-x86_64 -L pc-bios/ -drive file=/tmp/p1.qcow2,format=qcow2 Works with probing.