qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Eric Blake <eblake@redhat.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
	Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>,
	"libvir-list@redhat.com" <libvir-list@redhat.com>,
	Jes Sorensen <Jes.Sorensen@redhat.com>,
	QEMU Developers <qemu-devel@nongnu.org>,
	Stefan Hajnoczi <stefanha@gmail.com>
Subject: Re: [Qemu-devel] live snapshot wiki updated
Date: Wed, 20 Jul 2011 11:47:41 -0600	[thread overview]
Message-ID: <4E2714BD.6030005@redhat.com> (raw)
In-Reply-To: <CAAu8pHsJLrP44jZ6oxsW3DOMYGxVh-4vEwD0hQagp+jjOgd2JA@mail.gmail.com>

On 07/20/2011 11:27 AM, Blue Swirl wrote:
>> We've already told you - qemu must have a way to be passed fds which are
>> associated with names, and when a file refers to another backing file by
>> name, then qemu falls back on its fd/name mapping to use the already-passed
>> fd instead.  Which implies that someone else, either libvirt or a
>> qemu-maintained libblockformat.so, needs to have a stable interface for
>> parsing the backing file name out of an arbitrary qcow2 file, and that this
>> interface must work no matter how many other extensions are added to qcow2.
>
> I'd avoid any name based access in this case. If QEMU has write access
> to main file, it could forge the backing file name in main file to
> point to for example /etc/shadow and then request libvirt to perform
> the opening.

Won't work.  Well, it might work within the context of a single qemu 
process.  But when that process ends, then libvirt would have to touch 
up the qcow2 headers of that file to replace the /etc/shadow name with 
the real backing file name, otherwise, the next time you restart 
qemu-img or a new qemu guest using the same image, the information has 
been lost, since the fd has been closed in the meantime.

We really _do_ need a way to give qemu both an fd and the name of the 
file that the fd is tied to.  On Linux, qemu could use /proc/self/fd to 
reconstruct the name from fd, but that's not portable to other OS.  And 
we've already discussed how in the libvirt model, that libvirt is deemed 
more secure than qemu.  Therefore, I think it is reasonable for qemu to 
make the assumptions that if it exposes a monitor command where the 
supervisor (libvirt or otherwise) can pass in both an fd and a file 
name, that either the supervisor is passing in correct information, or 
that the bug is in the supervisor and not in qemu if the supervisor 
passes in wrong information and things blow up.

And the snapshot_blkdev monitor command is a case where qemu needs to 
create a new qcow2 image on the fly, while referencing the name of an 
existing file.  What backing name do you put in the new qcow2 file 
unless you already have a name association for all fds already open for 
the existing backing file?

-- 
Eric Blake   eblake@redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

  reply	other threads:[~2011-07-20 17:48 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-15 14:58 [Qemu-devel] live snapshot wiki updated Jes Sorensen
2011-07-18 14:08 ` Stefan Hajnoczi
2011-07-19  7:24   ` Jes Sorensen
2011-07-19 13:23     ` Stefan Hajnoczi
2011-07-19 13:27       ` Jes Sorensen
2011-07-19 13:58         ` Eric Blake
2011-07-19 14:09           ` Jes Sorensen
2011-07-19 14:24             ` Eric Blake
2011-07-19 14:30               ` Jes Sorensen
2011-07-19 15:14                 ` Stefan Hajnoczi
2011-07-19 16:46                   ` Daniel P. Berrange
2011-07-20  7:30                     ` Markus Armbruster
2011-07-20  8:23                     ` Jes Sorensen
2011-07-20  9:36                       ` Daniel P. Berrange
2011-07-20 10:15                         ` [Qemu-devel] [libvirt] " Nicolas Sebrecht
2011-07-20 10:28                           ` Daniel P. Berrange
2011-07-20 11:40                             ` [Qemu-devel] [libvirt] " Stefan Hajnoczi
     [not found]                             ` <4E27E610.7090502@redhat.com>
     [not found]                               ` <4E282DE6.1020603@redhat.com>
     [not found]                                 ` <4E283554.4080903@redhat.com>
2011-07-21 14:51                                   ` Eric Blake
     [not found]                         ` <4E27E5A2.2030208@redhat.com>
     [not found]                           ` <4E28317D.9020502@redhat.com>
2011-07-21 15:01                             ` [Qemu-devel] " Stefan Hajnoczi
2011-07-21 19:42                               ` Blue Swirl
2011-07-22  5:06                                 ` Stefan Hajnoczi
2011-07-22 15:49                                   ` Blue Swirl
2011-07-22  7:22                               ` Kevin Wolf
2011-07-22  9:11                                 ` Stefan Hajnoczi
2011-07-22 16:05                                   ` Blue Swirl
2011-07-20  9:50                     ` Kevin Wolf
2011-07-20 10:18                       ` Daniel P. Berrange
2011-07-19 16:14                 ` Anthony Liguori
2011-07-20  8:25                   ` Jes Sorensen
2011-07-20 10:01                     ` Kevin Wolf
2011-07-20 13:25                       ` Jes Sorensen
2011-07-20 13:46                         ` Eric Blake
2011-07-20 17:27                           ` Blue Swirl
2011-07-20 17:47                             ` Eric Blake [this message]
2011-07-20 19:51                               ` Blue Swirl
     [not found]                                 ` <4E27DE5D.5050502@redhat.com>
2011-07-21 19:34                                   ` Blue Swirl
2011-07-20 13:51                         ` Kevin Wolf
2011-07-20 17:20                           ` Blue Swirl
2011-07-20 17:41                             ` Eric Blake
2011-07-20 18:00                               ` Blue Swirl
2011-07-20 18:17                                 ` Eric Blake
2011-07-20 20:01                                   ` Blue Swirl
2011-07-20 20:10                                     ` Eric Blake
     [not found]                             ` <4E27E280.2060306@redhat.com>
2011-07-21 19:01                               ` Blue Swirl
2011-07-22  7:36                           ` Avi Kivity
2011-07-22  8:11                             ` Kevin Wolf
2011-07-22 16:09                               ` Blue Swirl
2011-07-20 13:50                   ` Cleber Rosa
2011-07-20 14:34                     ` Anthony Liguori
2011-07-20 18:34                       ` Cleber Rosa
2011-07-19 16:47                 ` Daniel P. Berrange
2011-07-20  8:26                   ` Jes Sorensen
2011-07-20  9:38                     ` Daniel P. Berrange
2011-07-20 14:35                   ` Anthony Liguori
2011-07-21 18:56                   ` Michael Roth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E2714BD.6030005@redhat.com \
    --to=eblake@redhat.com \
    --cc=Jes.Sorensen@redhat.com \
    --cc=blauwirbel@gmail.com \
    --cc=kwolf@redhat.com \
    --cc=libvir-list@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@gmail.com \
    --cc=stefanha@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).