From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49308) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z872q-0004XE-Nt for qemu-devel@nongnu.org; Thu, 25 Jun 2015 09:18:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Z872m-0002yT-Fj for qemu-devel@nongnu.org; Thu, 25 Jun 2015 09:18:20 -0400 Date: Thu, 25 Jun 2015 14:18:06 +0100 From: Stefan Hajnoczi Message-ID: <20150625131806.GG4419@stefanha-thinkpad.redhat.com> References: <1435047135-31647-1-git-send-email-pl@kamp.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Wtrm9ATX0sn6fFKv" Content-Disposition: inline In-Reply-To: <1435047135-31647-1-git-send-email-pl@kamp.de> Subject: Re: [Qemu-devel] [Qemu-block] [PATCH] block/nfs: add support for setting debug level List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Lieven Cc: kwolf@redhat.com, ronniesahlberg@gmail.com, qemu-devel@nongnu.org, qemu-block@nongnu.org --Wtrm9ATX0sn6fFKv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 23, 2015 at 10:12:15AM +0200, Peter Lieven wrote: > upcoming libnfs versions will support logging debug messages. Add > support for it in qemu through an URL parameter. >=20 > Signed-off-by: Peter Lieven > --- > block/nfs.c | 4 ++++ > 1 file changed, 4 insertions(+) >=20 > diff --git a/block/nfs.c b/block/nfs.c > index ca9e24e..f7388a3 100644 > --- a/block/nfs.c > +++ b/block/nfs.c > @@ -329,6 +329,10 @@ static int64_t nfs_client_open(NFSClient *client, co= nst char *filename, > } else if (!strcmp(qp->p[i].name, "readahead")) { > nfs_set_readahead(client->context, val); > #endif > +#ifdef LIBNFS_FEATURE_DEBUG > + } else if (!strcmp(qp->p[i].name, "debug")) { > + nfs_set_debug(client->context, val); > +#endif > } else { > error_setg(errp, "Unknown NFS parameter name: %s", > qp->p[i].name); Untrusted users may be able to set these options since they are encoded in the URI. I'm imagining a hosting or cloud scenario like OpenStack. A verbose debug level spams stderr and could consume a lot of disk space. (The uid and gid options are probably okay since the NFS server cannot trust the uid/gid coming from QEMU anyway.) I think we can merge this patch for QEMU 2.4 but I'd like to have a discussion about the security risk of encoding libnfs options in the URI. CCed Eric Blake in case libvirt is affected. Has anyone thought about this and what are the rules? --Wtrm9ATX0sn6fFKv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVi/+NAAoJEJykq7OBq3PIu4wH/1wAdjJ55AbRjE3CTi1kXkMN +CkQL3JIeowgg3AULR0ysFA8BIFsQccojU30RjvOpF3C+GSiszGSQKePqG9OW2xj lRGBcZnWZDqbwdoKpDxknA8/xRS3nf5pqYlIrOliGEonLRcJzki/ICY8YVVwp3qT PGlDNEBNolVT0pqo04ubcY8XWS1ie6DSqNOn1/sdwG1oSv/DZ2wpdWe5cKp3eSvK iBoUdDL1gI4KlBCQ7eJV5ALfHq4nm3tGoLA3IJpevyyoRT+BIeqwymgiT6Z6nDrS 0Ps1s2kcDymPFGAgPX6JGgsHgK4C/THJCIOB1tfg2touFNceNvzeMHGlFKR2gkQ= =WVyw -----END PGP SIGNATURE----- --Wtrm9ATX0sn6fFKv--