From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36419) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHC0K-0000GM-LR for qemu-devel@nongnu.org; Tue, 12 Aug 2014 09:20:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XHC0E-0000j4-Gi for qemu-devel@nongnu.org; Tue, 12 Aug 2014 09:20:44 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33946) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHC0E-0000iw-4X for qemu-devel@nongnu.org; Tue, 12 Aug 2014 09:20:38 -0400 Date: Tue, 12 Aug 2014 14:20:34 +0100 From: Stefan Hajnoczi Message-ID: <20140812132034.GM20490@stefanha-thinkpad.redhat.com> References: <1406900401-19550-1-git-send-email-lkurusa@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="iUV/lbBrmPtUT9dM" Content-Disposition: inline In-Reply-To: <1406900401-19550-1-git-send-email-lkurusa@redhat.com> Subject: Re: [Qemu-devel] [PATCH 0/3] vpc: support probing of fixed size images List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Levente Kurusa Cc: Kevin Wolf , Stefan Weil , Andrew Jones , Fam Zheng , QEMU Developers --iUV/lbBrmPtUT9dM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 01, 2014 at 03:39:58PM +0200, Levente Kurusa wrote: > Fixed size VPC images do not have a footer, hence the current probe > function will fail and QEMU will fall back to the raw_bsd driver, which is > not the correct behaviour. The specification of the format says that fixed > size images have a footer as the last 512 bytes of the file. The footer is > exactly the same as the header would be in the case of dynamically growing > images. >=20 > For this, we need to read the last 512 bytes of the image, however the > current mechanics predominantly read the first 2048 bytes and pass that > as a buffer to the probe functions. Solve this by passing the > BlockDriverState to the probe functions, hence giving them a chance to re= ad > the extra bytes they might need. I hesitate to add patches that extend image format probing. For the past few years we have always recommended that image files should not be probed. Image probing is prone to security issues because a malicious guest can modify a raw or vpc image by putting another image format header at sector 0. The next time QEMU opens the image it will detect a different format. One evil trick is to refer to a file on the host file system as the backing file, now you can read any file that the QEMU process has access to. Probing also complicates live migration. The source host still has the image file open and may write to it. The destination host shouldn't even read from the image file before handover to avoid file cache coherency issues. Probing is broken. It shouldn't be used. We shouldn't extend it (especially by adding more I/Os). QEMU has the explicit -drive format=3D option. qemu-img has -F and -O options to specify the format. Can you use format=3Dvpc? Stefan --iUV/lbBrmPtUT9dM Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJT6hSiAAoJEJykq7OBq3PIw5oIAL0y953pbW07kQF0lV3pPr4b 6A0+QTuwbTAnV/aI1CJnpw2bEC1G+oCserXNJzqIgLVL8imQhUmnKOh+Wn0Fmacm hUkhcw/HSkj0c4BuI36BovDKz4h0Amah5ZAll9tSDkQg+DzHt6FE42CoU2e9+W5G NXt9GRY3HyRnW9I/Yi8nv7qtD1kKFN3KoyyDxWTv04Tqm9ma5OI3bkJhylFD82TJ xHnhKBdd/mwYD35acGeJav9+b8c0zPb8k0HlG2wDBoHnVnop27OigPqj2buHqQny 0v0DqPl7pWKfrrYbuqiEsdfCg5ZVfVC29oc3OnKpb+KxGIkZldZdrVfs8DSQ1QM= =eEPW -----END PGP SIGNATURE----- --iUV/lbBrmPtUT9dM--