From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45058) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XII3W-00005s-3G for qemu-devel@nongnu.org; Fri, 15 Aug 2014 10:00:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XII3M-0005Ek-3c for qemu-devel@nongnu.org; Fri, 15 Aug 2014 10:00:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:58887) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XII3L-0005Cc-OY for qemu-devel@nongnu.org; Fri, 15 Aug 2014 10:00:24 -0400 Message-ID: <53EE1273.7020303@redhat.com> Date: Fri, 15 Aug 2014 08:00:19 -0600 From: Eric Blake MIME-Version: 1.0 References: <1406900401-19550-1-git-send-email-lkurusa@redhat.com> <20140812132034.GM20490@stefanha-thinkpad.redhat.com> <20140812133542.GA6876@localhost.localdomain> <1643597569.19303034.1408027347194.JavaMail.zimbra@redhat.com> <20140814145733.GA2399@localhost.localdomain> <20140815105519.GC3770@noname.redhat.com> <20140815121402.GB2399@localhost.localdomain> <20140815133756.GF3770@noname.redhat.com> In-Reply-To: <20140815133756.GF3770@noname.redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CGq4nPbifB1cl2q0mXRwFGX1si25IaGR3" Subject: Re: [Qemu-devel] [PATCH 0/3] vpc: support probing of fixed size images List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf , Jeff Cody Cc: Levente Kurusa , Fam Zheng , Stefan Weil , Andrew Jones , QEMU Developers , Stefan Hajnoczi This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CGq4nPbifB1cl2q0mXRwFGX1si25IaGR3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 08/15/2014 07:37 AM, Kevin Wolf wrote: > We can choose Markus's suggestion of using the file name to guess the > format. I don't really like it much, but it seems like a fair compromis= e > that doesn't hurt usability as much. In other words, if a user gives a file a "known suffix", then it is their own fault if they made that file raw and the guest then happened to convert the file to the format matching the suffix? Or would this start giving warnings if the known suffix doesn't match the probed conten= ts? >=20 > If we don't want this, we can approach the problem from a different > angle: The problem is not probing per se, but that images probed as raw= > can be written to by guests in a way that the next time they are probed= > as something else. >=20 > What if we let the raw driver know that it was probed and then it > enables a check that returns -EIO for any write on the first 2k if that= > write would make the image look like a different format? Not entirely future-proof - as we add support for more formats over time, something that passes today could fail in the future. Worse, a guest could exploit an older qemu to write a header that a newer qemu would reject. But it does sound like an interesting approach (preventing the guest from doing something risky). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --CGq4nPbifB1cl2q0mXRwFGX1si25IaGR3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJT7hJzAAoJEKeha0olJ0NqAr0H/3AaJQEEi64O7HsvXQsHZBt7 2di8ZgaidyS1+MH38NTYGpxfpAwm34NYN+vLSBljKXDKMBCHIynyALQGOWOYzu7M /Bn/R3k6VIIrgaw0MXF4Ms7RJ+dmvrNSTI6ADuUih66a98STqzpb89Pw9n4P8aML 227k1PyZwHFrGtbVpq7MKnq/tJab09rccPKdxOOshcclBwd9blshFnDB+egOdMae tVjJVn2VuuwGqTeGuYTg9cYrngO6M8ZynIO/Y9n2WpoZmYro2dV1W+/LN3l9N9Tk qH7I3n6lrW1MSwk5HR/w0O9jNOrk5rewHNDA+PdBg+FjDmn587U5rE5FernBgTo= =soAM -----END PGP SIGNATURE----- --CGq4nPbifB1cl2q0mXRwFGX1si25IaGR3--