From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50232) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XtfNn-0007Wm-1A for qemu-devel@nongnu.org; Wed, 26 Nov 2014 11:24:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XtfNh-000230-K3 for qemu-devel@nongnu.org; Wed, 26 Nov 2014 11:23:58 -0500 Received: from mail-wi0-x230.google.com ([2a00:1450:400c:c05::230]:46402) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XtfNh-00022n-AQ for qemu-devel@nongnu.org; Wed, 26 Nov 2014 11:23:53 -0500 Received: by mail-wi0-f176.google.com with SMTP id ex7so13095054wid.3 for ; Wed, 26 Nov 2014 08:23:52 -0800 (PST) Date: Wed, 26 Nov 2014 16:23:50 +0000 From: Stefan Hajnoczi Message-ID: <20141126162350.GG14288@stefanha-thinkpad.redhat.com> References: <1416497234-29880-1-git-send-email-kwolf@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="m972NQjnE83KvVa/" Content-Disposition: inline In-Reply-To: <1416497234-29880-1-git-send-email-kwolf@redhat.com> Subject: Re: [Qemu-devel] [PATCH v3 0/9] raw: Prohibit dangerous writes for probed images List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf Cc: jcody@redhat.com, mreitz@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com, armbru@redhat.com --m972NQjnE83KvVa/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 20, 2014 at 04:27:05PM +0100, Kevin Wolf wrote: > See the commit message of patch 7 for the why and how. This series > will probably be only part of the solution and doesn't mean that we > should stop looking for other patches which improve different parts of > the problem. >=20 > See the mailing list thread "Image probing: how it can be insecure, and > what we could do about it" for the complete context. >=20 > v3: > - Patch 5/6: Improved function comment [Max] > - Patch 7: Handle nb_sectors =3D=3D 0 case [Stefan] > - Patch 7: Even longer error message [Eric] > - Patch 9: Don't create a vhdx image in a test for raw, it might not be > compiled in. Use sample images instead, including the more exotic forma= ts. > Add a new sample image containing a GRUB MBR. [Max, Eric] >=20 > v2: > - Fixed offset in qemu_iovec_concat [Kevin] > - Added paragraph to patch 7 explaining that we're not breaking > additional cases, but only change the failure mode of already > broken scenarios [Max] > - Added a warning when opening an image in "restricted raw" mode, > which required a few more patches to make the test cases avoid > this warning [Markus] >=20 >=20 > Kevin Wolf (8): > qemu-io: Allow explicitly specifying format > qemu-iotests: Use qemu-io -f $IMGFMT > qemu-iotests: Add qemu-io format option in Python tests > qtests: Specify image format explicitly > block: Read only one sector for format probing > raw: Prohibit dangerous writes for probed images > qemu-iotests: Fix stderr handling in common.qemu > qemu-iotests: Test writing non-raw image headers to raw image >=20 > Markus Armbruster (1): > block: Factor bdrv_probe_all() out of find_image_format() >=20 > block.c | 51 +++-- > block/raw_bsd.c | 64 +++++- > include/block/block_int.h | 5 + > qemu-io.c | 28 ++- > tests/ahci-test.c | 3 +- > tests/bios-tables-test.c | 2 +- > tests/drive_del-test.c | 2 +- > tests/fdc-test.c | 2 +- > tests/hd-geo-test.c | 2 +- > tests/i440fx-test.c | 5 +- > tests/ide-test.c | 9 +- > tests/nvme-test.c | 2 +- > tests/qemu-iotests/016 | 11 +- > tests/qemu-iotests/030 | 22 +-- > tests/qemu-iotests/040 | 32 +-- > tests/qemu-iotests/048 | 2 +- > tests/qemu-iotests/055 | 18 +- > tests/qemu-iotests/058 | 11 +- > tests/qemu-iotests/071 | 10 +- > tests/qemu-iotests/071.out | 6 +- > tests/qemu-iotests/077 | 2 +- > tests/qemu-iotests/081 | 8 +- > tests/qemu-iotests/081.out | 2 +- > tests/qemu-iotests/089 | 6 +- > tests/qemu-iotests/109 | 132 +++++++++++++ > tests/qemu-iotests/109.out | 231 ++++++++++++++++= ++++++ > tests/qemu-iotests/common | 2 +- > tests/qemu-iotests/common.qemu | 3 +- > tests/qemu-iotests/group | 1 + > tests/qemu-iotests/sample_images/grub_mbr.raw.bz2 | Bin 0 -> 552 bytes > tests/usb-hcd-uhci-test.c | 2 +- > tests/usb-hcd-xhci-test.c | 2 +- > tests/virtio-blk-test.c | 4 +- > tests/virtio-scsi-test.c | 4 +- > 34 files changed, 584 insertions(+), 102 deletions(-) > create mode 100755 tests/qemu-iotests/109 > create mode 100644 tests/qemu-iotests/109.out > create mode 100644 tests/qemu-iotests/sample_images/grub_mbr.raw.bz2 >=20 > --=20 > 1.8.3.1 >=20 >=20 Thanks, applied to my block-next tree: https://github.com/stefanha/qemu/commits/block-next Stefan --m972NQjnE83KvVa/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUdf6WAAoJEJykq7OBq3PIZtcH/Red1T7l9GmvAmUKK3O5t+ug wCxgeS13QgY9oho4X94Q5pv3R6nKWXeQH9MVRJc1dLTnMCOqrqiNJa0z3/FzivGp da1qdpBkR1VBczGkl7/iVUPG/W+X9sGx7g9ZCqzMU9RHcerTRIwEA8Tc7RqgnFkN ADq8QljexflEWr1IZH+tLefxe8eJ7jYArmc8ERhyqF1Mp9CfErPtKhJ2n++LNul8 rIVPBCENsxRzhl2Ol5ByV1WL9Cc68BA75URNBBEnasJAK/mMqd15pM8JRqh+DYV6 3GDirwL9kktU36sRO9reskGn2AJ5g+M9oaTuVgG5FTw1LhJUsomt76TLgK2dYyw= =V23T -----END PGP SIGNATURE----- --m972NQjnE83KvVa/--