From: Kevin Wolf <kwolf@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: jcody@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing
Date: Thu, 30 Oct 2014 10:30:40 +0100 [thread overview]
Message-ID: <20141030093040.GA9097@noname.str.redhat.com> (raw)
In-Reply-To: <877fzjc76v.fsf@blackfin.pond.sub.org>
Am 29.10.2014 um 14:54 hat Markus Armbruster geschrieben:
> Kevin Wolf <kwolf@redhat.com> writes:
> > Instead, let me try once more to sell my old proposal [1] from the
> > thread you mentioned:
> >
> >> What if we let the raw driver know that it was probed and then it
> >> enables a check that returns -EIO for any write on the first 2k if that
> >> write would make the image look like a different format?
> >
> > Attacks the problem where it arises instead of trying to detect the
> > outcome of it, and works in whatever way it is nested in the BDS graph
> > and whatever way is used to address the image file.
> >
> > Kevin
> >
> > [1] https://lists.nongnu.org/archive/html/qemu-devel/2014-08/msg02548.html
>
> Arbitrarily breaking the virtual hardware that way is incompatible, too.
> It's a bigger no-no for me than changing user interface corner cases or
> deciding what to do with a file based on its file name extension.
It is arbitrarily breaking theoretical cases, while your patch is less
arbitrarily breaking common cases. I strongly prefer the former.
Nobody will ever want to write a qcow2 header into their boot sector for
just running a guest:
0: 51 push %cx
1: 46 inc %si
2: 49 dec %cx
3: fb sti
This code doesn't make any sense. It's similar for other formats. And if
they really have some odd reason to do that, the fix is easy: Either
don't use raw, or pass an explicit format=raw.
> Anthony tried something similar (commit 79368c8), but couldn't get it
> right (commit 8b33d9e).
The discussion back then: http://patchwork.ozlabs.org/patch/58980/
The problem with Anthony's code was that he didn't handle a qiov
correctly that had unaligned members. With today's block layer, this is
not a big deal to implement correctly. We're running coroutines instead
of AIO callbacks and we don't have to do all the manual qiov fixing
magic that Anthony had in his patch, util/iov.c provides all you need.
I'll send out an RFC series that implements this.
Kevin
next prev parent reply other threads:[~2014-10-30 9:30 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-28 16:03 [Qemu-devel] [PATCH RFC 0/2] block: Warn on insecure format probing Markus Armbruster
2014-10-28 16:03 ` [Qemu-devel] [PATCH RFC 1/2] block: Factor bdrv_probe_all() out of find_image_format() Markus Armbruster
2014-10-28 16:34 ` Eric Blake
2014-10-28 16:41 ` Jeff Cody
2014-10-29 15:22 ` Stefan Hajnoczi
2014-10-28 16:03 ` [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing Markus Armbruster
2014-10-28 17:02 ` Eric Blake
2014-10-28 18:29 ` Jeff Cody
2014-10-28 18:56 ` Eric Blake
2014-10-28 19:42 ` Jeff Cody
2014-10-29 7:36 ` Markus Armbruster
2014-10-29 8:25 ` Max Reitz
2014-10-29 7:22 ` Markus Armbruster
2014-10-30 13:58 ` Jeff Cody
2014-11-03 8:07 ` Markus Armbruster
2014-10-29 7:03 ` Markus Armbruster
2014-10-28 18:33 ` Jeff Cody
2014-10-29 6:37 ` Markus Armbruster
2014-10-30 13:52 ` Jeff Cody
2014-11-03 8:11 ` Markus Armbruster
2014-10-29 1:16 ` Fam Zheng
2014-10-29 6:32 ` Markus Armbruster
2014-10-29 10:12 ` Kevin Wolf
2014-10-29 13:54 ` Markus Armbruster
2014-10-29 15:34 ` Stefan Hajnoczi
2014-10-30 9:07 ` Markus Armbruster
2014-10-30 9:24 ` Stefan Hajnoczi
2014-10-30 12:19 ` Markus Armbruster
2014-10-30 9:30 ` Kevin Wolf [this message]
2014-10-30 12:49 ` Markus Armbruster
2014-10-31 11:19 ` Stefan Hajnoczi
2014-10-31 22:45 ` Eric Blake
2014-11-03 8:15 ` Markus Armbruster
2014-11-03 11:13 ` Kevin Wolf
2014-11-04 9:36 ` Markus Armbruster
2014-11-04 10:32 ` Kevin Wolf
2014-11-05 7:58 ` Markus Armbruster
2014-11-03 11:00 ` Kevin Wolf
2014-11-04 9:39 ` Markus Armbruster
2014-11-04 16:09 ` Jeff Cody
2014-11-05 8:05 ` Markus Armbruster
2014-11-05 8:09 ` Max Reitz
2014-10-30 9:08 ` Max Reitz
2014-10-30 9:27 ` Stefan Hajnoczi
2014-10-30 9:36 ` Kevin Wolf
2014-10-31 11:24 ` Stefan Hajnoczi
2014-10-31 11:56 ` Kevin Wolf
2014-11-03 8:54 ` Markus Armbruster
2014-11-03 9:11 ` Max Reitz
2014-11-04 9:34 ` Markus Armbruster
2014-11-03 10:25 ` Kevin Wolf
2014-11-03 15:05 ` Stefan Hajnoczi
2014-11-03 15:13 ` Max Reitz
2014-11-04 9:42 ` Markus Armbruster
2014-11-04 10:11 ` Kevin Wolf
2014-11-04 15:25 ` Stefan Hajnoczi
2014-11-04 15:37 ` Kevin Wolf
2014-11-05 8:39 ` Markus Armbruster
2014-11-05 10:18 ` Eric Blake
2014-10-30 13:02 ` Markus Armbruster
2014-11-03 8:44 ` Max Reitz
2014-10-30 20:45 ` Richard W.M. Jones
2014-11-03 8:18 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141030093040.GA9097@noname.str.redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=jcody@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).