qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Ján Tomko" <jtomko@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
	pkrempa@redhat.com, qemu-block@nongnu.org,
	libvir-list@redhat.com, qemu-devel@nongnu.org, mreitz@redhat.com
Subject: Re: [PATCH v2 1/3] iotests: Specify explicit backing format where sensible
Date: Thu, 27 Feb 2020 10:19:55 +0100	[thread overview]
Message-ID: <20200227091955.GD2262365@lpt> (raw)
In-Reply-To: <20200227023928.1021959-2-eblake@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 4259 bytes --]

On a Wednesday in 2020, Eric Blake wrote:
>There are many existing qcow2 images that specify a backing file but
>no format.  This has been the source of CVEs in the past, but has
>become more prominent of a problem now that libvirt has switched to
>-blockdev.  With older -drive, at least the probing was always done by
>qemu (so the only risk of a changed format between successive boots of
>a guest was if qemu was upgraded and probed differently).  But with
>newer -blockdev, libvirt must specify a format; if libvirt guesses raw
>where the image was formatted, this results in data corruption visible
>to the guest; conversely, if libvirt guesses qcow2 where qemu was
>using raw, this can result in potential security holes, so modern
>libvirt instead refuses to use images without explicit backing format.
>
>The change in libvirt to reject images without explicit backing format
>has pointed out that a number of tools have been far too reliant on
>probing in the past.  It's time to set a better example in our own
>iotests of properly setting this parameter.
>
>iotest calls to create, rebase, convert, and amend are all impacted to
>some degree.  It's a bit annoying that we are inconsistent on command
>line - while all of those accept -o backing_file=...,backing_fmt=...,
>the shortcuts are different: create and rebase have -b and -F, convert
>has -B but no -F, and amend has no shortcuts.
>
>Signed-off-by: Eric Blake <eblake@redhat.com>
>---

[...]

Test #225 still uses -b without a format:

./check -vmdk 225
QEMU          -- "/home/jtomko/work/qemu/build/tests/qemu-iotests/../../x86_64-softmmu/qemu-system-x86_64" -nodefaults -display none -accel qtest
QEMU_IMG      -- "/home/jtomko/work/qemu/build/tests/qemu-iotests/../../qemu-img" 
QEMU_IO       -- "/home/jtomko/work/qemu/build/tests/qemu-iotests/../../qemu-io"  --cache writeback --aio threads -f vmdk
QEMU_NBD      -- "/home/jtomko/work/qemu/build/tests/qemu-iotests/../../qemu-nbd" 
IMGFMT        -- vmdk
IMGPROTO      -- file
PLATFORM      -- Linux/x86_64 lpt 5.4.18-200.fc31.x86_64
TEST_DIR      -- /home/jtomko/work/qemu/build/tests/qemu-iotests/scratch
SOCK_DIR      -- /tmp/tmp.OQIdhLcITP
SOCKET_SCM_HELPER -- /home/jtomko/work/qemu/build/tests/qemu-iotests/socket_scm_helper

225      fail       [10:02:31] [10:02:32]                    output mismatch (see 225.out.bad)
--- /home/jtomko/work/qemu/tests/qemu-iotests/225.out   2018-09-07 17:21:39.633931691 +0200
+++ /home/jtomko/work/qemu/build/tests/qemu-iotests/225.out.bad 2020-02-27 10:02:32.362755677 +0100
@@ -1,6 +1,7 @@
  QA output created by 225
  Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=1048576
  Formatting 'TEST_DIR/t.IMGFMT.not_base', fmt=IMGFMT size=1048576
+qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of IMGFMT)
  Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT.base
  
  === Testing fitting VMDK backing image ===
Failures: 225
Failed 1 of 1 iotests

>diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
>index aa911d266a13..322e31e2cd93 100755
>--- a/tests/qemu-iotests/030
>+++ b/tests/qemu-iotests/030
>@@ -32,8 +32,12 @@ class TestSingleDrive(iotests.QMPTestCase):
>
>     def setUp(self):
>         iotests.create_image(backing_img, TestSingleDrive.image_len)
>-        qemu_img('create', '-f', iotests.imgfmt, '-o', 'backing_file=%s' % backing_img, mid_img)
>-        qemu_img('create', '-f', iotests.imgfmt, '-o', 'backing_file=%s' % mid_img, test_img)
>+        qemu_img('create', '-f', iotests.imgfmt,
>+                 '-o', 'backing_file=%s' % backing_img,
>+                 '-F', 'raw', mid_img)
>+        qemu_img('create', '-f', iotests.imgfmt,
>+                 '-o', 'backing_file=%s' % mid_img,
>+                 '-F', iotests.imgfmt, test_img)

Consider not mixing shortcuts with -o options.

>         qemu_io('-f', 'raw', '-c', 'write -P 0x1 0 512', backing_img)
>         qemu_io('-f', iotests.imgfmt, '-c', 'write -P 0x1 524288 512', mid_img)
>         self.vm = iotests.VM().add_drive("blkdebug::" + test_img,

With test #225 fixed:
Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

  parent reply	other threads:[~2020-02-27  9:20 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-27  2:39 [PATCH v2 0/3] Tighten qemu-img rules on missing backing format Eric Blake
2020-02-27  2:39 ` [PATCH v2 1/3] iotests: Specify explicit backing format where sensible Eric Blake
2020-02-27  7:20   ` Peter Krempa
2020-02-27  9:03     ` Ján Tomko
2020-02-27 13:05     ` Eric Blake
2020-02-27  9:19   ` Ján Tomko [this message]
2020-02-27 13:08     ` Eric Blake
2020-03-05 22:58       ` Eric Blake
2020-02-27  2:39 ` [PATCH v2 2/3] block: Add support to warn on backing file change without format Eric Blake
2020-02-27  7:10   ` Peter Krempa
2020-02-27  9:22   ` Ján Tomko
2020-02-27  2:39 ` [PATCH v2 3/3] qemu-img: Deprecate use of -b without -F Eric Blake
2020-02-27  7:09   ` Peter Krempa
2020-02-27 13:13     ` Eric Blake
2020-02-27  9:43   ` Ján Tomko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200227091955.GD2262365@lpt \
    --to=jtomko@redhat.com \
    --cc=eblake@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=libvir-list@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=pkrempa@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).