From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:33554)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1UDX23-0003m0-3Y
	for qemu-devel@nongnu.org; Thu, 07 Mar 2013 04:22:36 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1UDX22-0007mI-24
	for qemu-devel@nongnu.org; Thu, 07 Mar 2013 04:22:35 -0500
Received: from mx1.redhat.com ([209.132.183.28]:25167)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1UDX21-0007mE-P4
	for qemu-devel@nongnu.org; Thu, 07 Mar 2013 04:22:33 -0500
Date: Thu, 7 Mar 2013 10:22:27 +0100
From: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20130307092227.GG2536@dhcp-200-207.str.redhat.com>
References: <513785A0.1010001@redhat.com>
	<20130306181454.GB3743@localhost.localdomain>
	<51378B97.2000709@redhat.com>
	<20130306184800.GB22782@localhost.localdomain>
	<51379304.50307@dlhnet.de> <5137A964.5020803@redhat.com>
	<20130307085038.GB2536@dhcp-200-207.str.redhat.com>
	<5138563A.4040005@dlhnet.de>
	<20130307090330.GE2536@dhcp-200-207.str.redhat.com>
	<B2ABFEAF-205D-4159-9800-315A4BEAAAD7@dlhnet.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B2ABFEAF-205D-4159-9800-315A4BEAAAD7@dlhnet.de>
Subject: Re: [Qemu-devel] [PATCH 1/7] block: only force IO completion in
 .bdrv_truncate if we are shrinking
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Lieven <pl@dlhnet.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>, Jeff Cody <jcody@redhat.com>, qemu-devel@nongnu.org, stefanha@redhat.com, sw@weilnetz.de

Am 07.03.2013 um 10:16 hat Peter Lieven geschrieben:
> >> If bs->growable is 1 for all drivers, whats the fix status of CVE-2008-0928? This
> >> flag was introduced as a fix for this problem.
> >> 
> >> bdrv_check_byte_request() does nothing useful if bs->growable is 1.
> > 
> > Don't ignore the difference between bdrv_open() and bdrv_file_open().
> > Typically you have two BDSes: On top there is e.g. a qcow2 BDS that is
> > opened through bdrv_open() and has bs->growable = false. Its bs->file is
> > using the file protocol (raw-posix driver) and opened by
> > bdrv_file_open(). This one has bs->file->growable = true so that qcow2
> > can write to newly allocated areas without calling bdrv_truncate()
> > first.
> 
> Sorry, I have to admin I am little confused by what is happening in bdrv_open().
> 
> However, what I can say is that bs->growable is 1 for an iSCSI backed
> harddrive and I wonder how this can happen if bdrv_file_open is not used for
> opening it because that is the only place where bs->growable is set to 1.
> 
> cmdline:
> x86_64-softmmu/qemu-system-x86_64 -k de -enable-kvm -m 1024 -drive if=virtio,file=iscsi://172.21.200.31/iqn.2001-05.com.equallogic:0-8a0906-16470e107-713001aa6de511e0-001-test/0 -vnc :1 -boot dc -monitor stdio

It is used for the iscsi driver. You have a raw BDS (growable == false)
on top of an iscsi one (growable == true).

Kevin