From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49527) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZeGq7-0003N4-TH for qemu-devel@nongnu.org; Tue, 22 Sep 2015 02:14:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZeGq4-0000xV-Nm for qemu-devel@nongnu.org; Tue, 22 Sep 2015 02:14:07 -0400 Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:49528 helo=mx01.kamp.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZeGq4-0000uQ-CX for qemu-devel@nongnu.org; Tue, 22 Sep 2015 02:14:04 -0400 References: <1435047135-31647-1-git-send-email-pl@kamp.de> <20150625131806.GG4419@stefanha-thinkpad.redhat.com> From: Peter Lieven Message-ID: <5600F1A6.2080900@kamp.de> Date: Tue, 22 Sep 2015 08:13:58 +0200 MIME-Version: 1.0 In-Reply-To: <20150625131806.GG4419@stefanha-thinkpad.redhat.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [Qemu-block] [PATCH] block/nfs: add support for setting debug level List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: kwolf@redhat.com, ronniesahlberg@gmail.com, qemu-devel@nongnu.org, qemu-block@nongnu.org Am 25.06.2015 um 15:18 schrieb Stefan Hajnoczi: > On Tue, Jun 23, 2015 at 10:12:15AM +0200, Peter Lieven wrote: >> upcoming libnfs versions will support logging debug messages. Add >> support for it in qemu through an URL parameter. >> >> Signed-off-by: Peter Lieven >> --- >> block/nfs.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/block/nfs.c b/block/nfs.c >> index ca9e24e..f7388a3 100644 >> --- a/block/nfs.c >> +++ b/block/nfs.c >> @@ -329,6 +329,10 @@ static int64_t nfs_client_open(NFSClient *client, const char *filename, >> } else if (!strcmp(qp->p[i].name, "readahead")) { >> nfs_set_readahead(client->context, val); >> #endif >> +#ifdef LIBNFS_FEATURE_DEBUG >> + } else if (!strcmp(qp->p[i].name, "debug")) { >> + nfs_set_debug(client->context, val); >> +#endif >> } else { >> error_setg(errp, "Unknown NFS parameter name: %s", >> qp->p[i].name); > Untrusted users may be able to set these options since they are encoded > in the URI. I'm imagining a hosting or cloud scenario like OpenStack. > > A verbose debug level spams stderr and could consume a lot of disk > space. > > (The uid and gid options are probably okay since the NFS server cannot > trust the uid/gid coming from QEMU anyway.) > > I think we can merge this patch for QEMU 2.4 but I'd like to have a > discussion about the security risk of encoding libnfs options in the > URI. > > CCed Eric Blake in case libvirt is affected. > > Has anyone thought about this and what are the rules? As I hadn't time to work further on the best way to add options for NFS (and other protocols), would it be feasible to allow passing debug as an URL parameter, but limit the maximum debug level to limit a possible security impact (flooding logs)? If a higher debug level is needed it can be set via device specific options as soon there is a common scheme for them. Peter