From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40830) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZqfP8-0002ro-Oe for qemu-devel@nongnu.org; Mon, 26 Oct 2015 06:53:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZqfP3-0002HF-BN for qemu-devel@nongnu.org; Mon, 26 Oct 2015 06:53:30 -0400 Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:33976 helo=mx01.kamp.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZqfP3-0002Gq-0w for qemu-devel@nongnu.org; Mon, 26 Oct 2015 06:53:25 -0400 References: <1435047135-31647-1-git-send-email-pl@kamp.de> <20150625131806.GG4419@stefanha-thinkpad.redhat.com> <5600F1A6.2080900@kamp.de> <5628841F.4010907@kamp.de> <20151026104551.GD20111@stefanha-x1.localdomain> From: Peter Lieven Message-ID: <562E0615.4080400@kamp.de> Date: Mon, 26 Oct 2015 11:53:09 +0100 MIME-Version: 1.0 In-Reply-To: <20151026104551.GD20111@stefanha-x1.localdomain> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [Qemu-block] [PATCH] block/nfs: add support for setting debug level List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: kwolf@redhat.com, ronniesahlberg@gmail.com, qemu-devel@nongnu.org, qemu-block@nongnu.org Am 26.10.2015 um 11:45 schrieb Stefan Hajnoczi: > On Thu, Oct 22, 2015 at 08:37:19AM +0200, Peter Lieven wrote: >> Am 22.09.2015 um 08:13 schrieb Peter Lieven: >>> Am 25.06.2015 um 15:18 schrieb Stefan Hajnoczi: >>>> On Tue, Jun 23, 2015 at 10:12:15AM +0200, Peter Lieven wrote: >>>>> upcoming libnfs versions will support logging debug messages. Add >>>>> support for it in qemu through an URL parameter. >>>>> >>>>> Signed-off-by: Peter Lieven >>>>> --- >>>>> block/nfs.c | 4 ++++ >>>>> 1 file changed, 4 insertions(+) >>>>> >>>>> diff --git a/block/nfs.c b/block/nfs.c >>>>> index ca9e24e..f7388a3 100644 >>>>> --- a/block/nfs.c >>>>> +++ b/block/nfs.c >>>>> @@ -329,6 +329,10 @@ static int64_t nfs_client_open(NFSClient *client, const char *filename, >>>>> } else if (!strcmp(qp->p[i].name, "readahead")) { >>>>> nfs_set_readahead(client->context, val); >>>>> #endif >>>>> +#ifdef LIBNFS_FEATURE_DEBUG >>>>> + } else if (!strcmp(qp->p[i].name, "debug")) { >>>>> + nfs_set_debug(client->context, val); >>>>> +#endif >>>>> } else { >>>>> error_setg(errp, "Unknown NFS parameter name: %s", >>>>> qp->p[i].name); >>>> Untrusted users may be able to set these options since they are encoded >>>> in the URI. I'm imagining a hosting or cloud scenario like OpenStack. >>>> >>>> A verbose debug level spams stderr and could consume a lot of disk >>>> space. >>>> >>>> (The uid and gid options are probably okay since the NFS server cannot >>>> trust the uid/gid coming from QEMU anyway.) >>>> >>>> I think we can merge this patch for QEMU 2.4 but I'd like to have a >>>> discussion about the security risk of encoding libnfs options in the >>>> URI. >>>> >>>> CCed Eric Blake in case libvirt is affected. >>>> >>>> Has anyone thought about this and what are the rules? >>> As I hadn't time to work further on the best way to add options for NFS (and other >>> protocols), would it be feasible to allow passing debug as an URL parameter, but >>> limit the maximum debug level to limit a possible security impact (flooding logs)? >>> >>> If a higher debug level is needed it can be set via device specific options as soon >>> there is a common scheme for them. >> Any objections? > If you are sure that ERROR and WARN levels (or similar) don't flood the > logs, then it sounds like a solution. Thats not the case. I use debug level 2 for quite some time. Mainly to see NFS connection interruptions. So I would be happy if we could allow for debug <= 2 from the cmdline. Peter