From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:45530)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1T8rR5-0003vk-Mb
	for qemu-devel@nongnu.org; Tue, 04 Sep 2012 07:36:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1T8rR1-0005sm-70
	for qemu-devel@nongnu.org; Tue, 04 Sep 2012 07:36:51 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51849)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1T8rR0-0005rt-UL
	for qemu-devel@nongnu.org; Tue, 04 Sep 2012 07:36:47 -0400
Message-ID: <5045E78D.1080100@redhat.com>
Date: Tue, 04 Sep 2012 05:35:41 -0600
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <1346663926-20188-1-git-send-email-xiawenc@linux.vnet.ibm.com>
	<1346663926-20188-2-git-send-email-xiawenc@linux.vnet.ibm.com>
	<5044B720.5080205@redhat.com> <5045A2BB.3060007@linux.vnet.ibm.com>
In-Reply-To: <5045A2BB.3060007@linux.vnet.ibm.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enig4944C6C662235BE100E87B71"
Subject: Re: [Qemu-devel] [PATCH 1/6] libqblock APIs
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Cc: kwolf@redhat.com, pbonzini@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org, stefanha@gmail.com

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4944C6C662235BE100E87B71
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 09/04/2012 12:42 AM, Wenchao Xia wrote:
>>> +/**
>>> + * libqblock_init: Initialize the library
>>> + */
>>> +void libqblock_init(void);
>>
>> Is this function safe to call more than once?  Even tighter, is it saf=
e
>> to call this function simultaneously from multiple threads?
>>
>   No, it should be only called once, any other thread should not call
> it again, will document it. About the multiple thread user case, qemu
> block layer can't support that now, will fix that later.

What a shame.  That makes libraries much harder to use.  It is much
nicer to design a library where the initialization is idempotent and
thread-safe, to be called from multiple threads.  Consider:

app links against liba and libb;
liba links against libqb
libb links against libqb

How am I supposed to write liba and libb to guarantee only one single
race-free call to libqblock_init, unless libqblock_init() is idempotent?

Also, should there be a counterpart function for tearing down the
resources used by the library when it is no longer needed?  If so, then
that implies reference counting - each call to init atomically increases
the refcount, and the library frees resources only when the refcount
atomically goes back to 0.


>>> + * @fmt: format options, how to extract the data, only valid member
>>> now is
>>> +     fmt->fmt_type, set NULL if you want auto discovery the format.
>>
>> set to NULL if you want to auto-discover the format
>>
>> Maybe also add a warning about the inherent security risks of attempti=
ng
>> format auto-discovery (any raw image must NOT be probed, as the raw
>> image can emulate any other format and cause qemu to chase down chains=

>> where it should not).
>>
>   it seems qemu-img could find out that an image is raw correctly by
> probing, do you mean give a warning saying that this image is probably
> some formats that qemu do not supported, such as virtual box's image?

No, you got it backwards.  For all non-raw images, qemu can correctly
probe the image.  But for raw images, the guest may have set enough
information in the image to make a probe _think_ that the image is
non-raw, and therefore cause qemu to misbehave.  That is, the security
hole is choosing to probe a raw image, because the probe will not always
successfully return raw.

--=20
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enig4944C6C662235BE100E87B71
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBCAAGBQJQReeNAAoJEKeha0olJ0Nqqm0H+QHZeNzbs9sauKV8Hg8XAXsu
IsOffQxZzPgfLWo7v/uK4E6u20mZUeeR2DP4ZMOLbvDUhy4DjIBPzmOisYmHt+IK
ShKjxwsD0PdAFfP6aYNfHjSA6xPISmzP0g5wdRHGgZCtV8TWC5jdiC322fSyoNIo
mnWvwjh/NinJdbmBTHOzXxB05fpOFhTDu0RaG7qIYAejrgnJdolwsrZFzN+wIMPT
o5sMOGIHvHnvM1kzNOry0fHvvzjk4EquchLuFAeS2qW9U619O7iDfQPa95QCz1m+
U/DGuReQBdPTq12AVu0du3huKV/Ba3e96kneeD/JNzRZylPOWhQjN1jtUFhH6EM=
=QnTE
-----END PGP SIGNATURE-----

--------------enig4944C6C662235BE100E87B71--