From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Ronnie Sahlberg <ronniesahlberg@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>, Peter Lieven <pl@kamp.de>,
Kevin Wolf <kwolf@redhat.com>, John Ferlan <jferlan@redhat.com>,
Pino Toscano <ptoscano@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH for-2.6] Fix association of -drive & -iscsi args
Date: Fri, 22 Apr 2016 11:24:54 +0100 [thread overview]
Message-ID: <1461320695-31372-1-git-send-email-berrange@redhat.com> (raw)
The iSCSI block driver is a bit strange in that it requires a
separate -iscsi arg to pass various values, instead of accepting
them directly with the -drive argument. Pino is working on fixing
that for 2.7:
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02011.html
The problem with the current solution is that the iSCSI block driver
finds the -iscsi arg by using an ID value based on the iSCSI IQN.
Unfortunately most real world IQNs contain a ':' character which
is not valid in QEMU ID strings.
We would like a solution for 2.6 so that libvirt can fix its long
standing CVE-2015-5160 whereby passwords are exposed in the CLI args.
I previously suggested escaping the IQN invalid characters in this
patch:
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02198.html
As well as being somewhat unpleasant John pointed out that it still
doesn't let us have a 1-1 mapping of -iscsi and -drive args.
This patch provides a different approach by letting the -drive arg
specify an explicit ID value via a new 'iscsi-id' property. If the
new prop is not specified, we fallback to the IQN, since we should
maintain compatibility in the unlikely event that someone is using
the current syntax.
Daniel P. Berrange (1):
block: add an 'iscsi-id' value to match -drive with -iscsi opts
block/iscsi.c | 35 +++++++++++++++++++++++------------
qemu-doc.texi | 12 +++++++++---
qemu-options.hx | 4 ++--
3 files changed, 34 insertions(+), 17 deletions(-)
--
2.5.5
next reply other threads:[~2016-04-22 10:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-22 10:24 Daniel P. Berrange [this message]
2016-04-22 10:24 ` [Qemu-devel] [PATCH for-2.6] block: add an 'iscsi-id' value to match -drive with -iscsi opts Daniel P. Berrange
2016-04-22 10:59 ` Kevin Wolf
2016-04-22 11:13 ` Peter Lieven
2016-04-22 11:43 ` Daniel P. Berrange
2016-04-22 11:53 ` Kevin Wolf
2016-04-22 11:55 ` Daniel P. Berrange
2016-04-22 12:10 ` Peter Maydell
2016-04-22 12:29 ` Daniel P. Berrange
2016-04-22 11:50 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1461320695-31372-1-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=jferlan@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pl@kamp.de \
--cc=ptoscano@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=ronniesahlberg@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).