From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46025)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1atYGr-0008CH-R5
	for qemu-devel@nongnu.org; Fri, 22 Apr 2016 06:25:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1atYGq-0006KF-N9
	for qemu-devel@nongnu.org; Fri, 22 Apr 2016 06:25:09 -0400
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 22 Apr 2016 11:24:54 +0100
Message-Id: <1461320695-31372-1-git-send-email-berrange@redhat.com>
Subject: [Qemu-devel] [PATCH for-2.6] Fix association of -drive & -iscsi args
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Ronnie Sahlberg <ronniesahlberg@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>, Peter Lieven <pl@kamp.de>, Kevin Wolf <kwolf@redhat.com>, John Ferlan <jferlan@redhat.com>, Pino Toscano <ptoscano@redhat.com>, "Daniel P. Berrange" <berrange@redhat.com>

The iSCSI block driver is a bit strange in that it requires a
separate -iscsi arg to pass various values, instead of accepting
them directly with the -drive argument. Pino is working on fixing
that for 2.7:

  https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02011.html

The problem with the current solution is that the iSCSI block driver
finds the -iscsi arg by using an ID value based on the iSCSI IQN.
Unfortunately most real world IQNs contain a ':' character which
is not valid in QEMU ID strings.

We would like a solution for 2.6 so that libvirt can fix its long
standing CVE-2015-5160 whereby passwords are exposed in the CLI args.

I previously suggested escaping the IQN invalid characters in this
patch:

  https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02198.html

As well as being somewhat unpleasant John pointed out that it still
doesn't let us have a 1-1 mapping of -iscsi and -drive args.

This patch provides a different approach by letting the -drive arg
specify an explicit ID value via a new 'iscsi-id' property. If the
new prop is not specified, we fallback to the IQN, since we should
maintain compatibility in the unlikely event that someone is using
the current syntax.

Daniel P. Berrange (1):
  block: add an 'iscsi-id' value to match -drive with -iscsi opts

 block/iscsi.c   | 35 +++++++++++++++++++++++------------
 qemu-doc.texi   | 12 +++++++++---
 qemu-options.hx |  4 ++--
 3 files changed, 34 insertions(+), 17 deletions(-)

-- 
2.5.5