Re: [PATCH v3 1/4] block: Add trivial backing_fmt support to qcow, sheepdog, vmdk
On Mon, Mar 09, 2020 at 04:21:12PM +0100, Kevin Wolf wrote:
Am 06.03.2020 um 23:51 hat Eric Blake geschrieben:
> For qcow2 and qed, we want to encourage the use of -F always, as these
> formats can suffer from data corruption or security holes if backing
> format is probed. But for other formats, the backing format cannot be
> recorded. Making the user decide on a per-format basis whether to
> supply a backing format string is awkward, better is to just blindly
> accept a backing format argument even if it is ignored by the
> contraints of the format at hand.
>
> Signed-off-by: Eric Blake <eblake(a)redhat.com>
I'm not sure if I agree with this reasoning. Accepting and silently
ignoring -F could give users a false sense of security. If I specify a
-F raw and QEMU later probes qcow2, that would be very surprising.
And if the user specifies "-F raw" and we probe qcow2, and the user
does not realize this, they can become silently reliant on always
probing qcow2. If we then honour the "-F raw" option in a later
QEMU release, we'll break the behaviour they've relied on.
IMHO, we must not accept "-F fmt" unless we're in a position to
honour it.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|