From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:51813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TMgIe-0001G6-FZ for qemu-devel@nongnu.org; Fri, 12 Oct 2012 10:33:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TMgIX-0004dJ-Pq for qemu-devel@nongnu.org; Fri, 12 Oct 2012 10:33:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:26215) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TMgIX-0004dF-HT for qemu-devel@nongnu.org; Fri, 12 Oct 2012 10:33:09 -0400 Message-ID: <50782A1B.2030106@redhat.com> Date: Fri, 12 Oct 2012 08:32:59 -0600 From: Eric Blake MIME-Version: 1.0 References: <1350050969-14034-1-git-send-email-stefanha@redhat.com> <5078281B.3090702@redhat.com> <507828D7.3080306@redhat.com> In-Reply-To: <507828D7.3080306@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig03153A0EFD484A68420AB583" Subject: Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf Cc: Kashyap Chamarthy , qemu-devel@nongnu.org, Stefan Hajnoczi , =?UTF-8?B?QmVub8OudCBDYW5ldA==?= This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig03153A0EFD484A68420AB583 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 10/12/2012 08:27 AM, Kevin Wolf wrote: > Am 12.10.2012 16:24, schrieb Eric Blake: >> On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote: >>> The qemu-img info --backing-chain option enumerates the backing file >>> chain. For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the= >>> output becomes: >>> >> >>> + do { >>> + bs =3D bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO= _BACKING, >>> + false); >>> + if (!bs) { >>> + goto err; >>> + } >> >>> + } while (filename); >> >> Eww - infinite loop if presented with malicious data where someone has= >> used 'qemu-img rebase -u' to create a cycle. I think you need a >> followup patch that hashes which files have been opened to date, and >> abort the loop once a cycle is detected. >=20 > That would already cause problems in bdrv_open(), so I'd consider it a > separate bug. We should fail gracefully when trying to open such an > image. Once it's open, other code can trust that the chain makes sense.= Hmm. For 'qemu-img info', I can see two behaviors, both useful, when presented with a corrupt image. One is to error out right away (because qemu would be unable to use the image). But the other is for debugging WHY the image is corrupt, at which point I want qemu-img info to display as much information as possible, INCLUDING what backing file is recorded in the header, so that I can follow the loop and decide where to break the loop. Sounds like we might need another flag to bdrv_open() on whether to detect cycles; as well as fixing qemu-img info to check for cycles on its own when it bypasses normal cycle-checking in bdrv_open. --=20 Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --------------enig03153A0EFD484A68420AB583 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBCAAGBQJQeCobAAoJEKeha0olJ0NqqkQH/iqnPLJPbVQ/WA+iRU6t2QZ1 eHyIpr12MGsrUXeHC5t05ZusaSjfdB9yO0Yg2W8GXQnDexwMtpwXwServjUGruQQ Ry0L22QXTZbpeiSiSs0g5SddYRLzKU51OWsiLJkcUi+f1q0wkeIpISOwOFFZvElO e06gh+cIf+ay1yLlB4ni1SjOj2SxufdV1erdWrq9ZMXhqOs/ThdUPiEzjtR+fFDj 40rhum/TM0fsqI7nPxhjaVYq0O2/nRnwfclEz7BiOHD0xj5EZAHOdFuXSXUoIHxX cSBHN/8aET2M2Vj4J5qmj+mwpXbsgfk+G1WBFbXNwcgWaP/m/eRuxzJ1ZZn/sSs= =wAUl -----END PGP SIGNATURE----- --------------enig03153A0EFD484A68420AB583--