From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50645) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XkEOS-0005ZC-Jn for qemu-devel@nongnu.org; Fri, 31 Oct 2014 11:46:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xjqgx-0001gP-R6 for qemu-devel@nongnu.org; Thu, 30 Oct 2014 10:27:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49270) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xjqgx-0001ey-JP for qemu-devel@nongnu.org; Thu, 30 Oct 2014 10:27:11 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s9UER90t030081 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 30 Oct 2014 10:27:10 -0400 Message-ID: <54524ABC.1070406@redhat.com> Date: Thu, 30 Oct 2014 08:27:08 -0600 From: Eric Blake MIME-Version: 1.0 References: <1414671976-5353-1-git-send-email-kwolf@redhat.com> <1414671976-5353-4-git-send-email-kwolf@redhat.com> In-Reply-To: <1414671976-5353-4-git-send-email-kwolf@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="WHp28XImas5Ik04kJuQh98HHWC71dXVav" Subject: Re: [Qemu-devel] [PATCH 3/4] raw: Prohibit dangerous writes for probed images List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf , qemu-devel@nongnu.org Cc: jcody@redhat.com, armbru@redhat.com, stefanha@redhat.com, mreitz@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WHp28XImas5Ik04kJuQh98HHWC71dXVav Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/30/2014 06:26 AM, Kevin Wolf wrote: >=20 > The other differences of this patch to the old one are that it doesn't > silently write something different than the guest requested by zeroing > out some bytes (it fails the request instead) and that it doesn't > maintain a list of signatures in the raw driver (it calls the usual > probe function instead). >=20 > Signed-off-by: Kevin Wolf > --- > block.c | 5 +++-- > + > + drv =3D bdrv_probe_all(buf, 512, NULL); > + if (drv !=3D bs->drv) { > + ret =3D -EPERM; > + goto fail; > + } So, what happens when this returns -EPERM? If the guest is configured to halt on write errors, does this halt the guest and send an event to management? How does it compare to the case of halting on ENOSPACE? Is this particular failure mode something that the host should be able to easily distinguish from other failure modes? But I definitely like that you only do this failure on probed images, and that a user that requests an explicit raw format will never trip up. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --WHp28XImas5Ik04kJuQh98HHWC71dXVav Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUUkq8AAoJEKeha0olJ0NqggQH/1tQcbfsw370TtNzE59PccIC c/ZsWbHLyTEYrZl2kqOXB20g3kDHtYFHciPKnLy6mg6TTBjqDeHRhCdMSvdYRnuv 9B74dmwNMuHRsfza9xYZHu1x6lNXpf2OvH+DV1sjL8krzmbY4JaYENrCWa5sf7gm tg8B45uqCr/8JSzASSg97oShRSOxr7kIuwzfoDUUeuXdgTilYUjAu3T37xqqRmms tBE/EZ5G+nVthAFjDotENeKxTHwj9mTmQ193jCb4uciTy9wZRdPwoW+NPX894Uf9 f963HBoUNTNFHeR1hkTV+1R6UL/Ta+kq+MALPWp0jR2jG4kEk5m1CelwwVZCPmE= =jIsz -----END PGP SIGNATURE----- --WHp28XImas5Ik04kJuQh98HHWC71dXVav--