Re: [libvirt] [PATCH] util: storage: drop VIR_STORAGE_FILE_AUTO_SAFE
merge VIR_STORAGE_FILE_AUTO_SAFE/VIR_STORAGE_FILE_AUTO to VIR_STORAGE_FILE_AUTO virStorageFileProbeFormatFromBuf will probe the backingStore format.
Fix the booting issue when setting backingStore format (QCOW image) to RAW image.
This description does not really describe what the problem is.
The Guest VM cann't boot correctly as below: 1: Guest VM disk info when shutdown ...... <emulator>/usr/libexec/qemu-kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='directsync' io='native'/> <source file='/vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/> <target dev='vda' bus='virtio'/> <boot order='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </disk> ...... pls: [root@***-130 ~]# qemu-img info /vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e image: /vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e file format: qcow2 virtual size: 80G (85899345920 bytes) disk size: 15M cluster_size: 65536 backing file: /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 corrupt: false [root@***-130 ~]# qemu-img info /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e image: /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e file format: qcow2 virtual size: 80G (85899345920 bytes) disk size: 1.2G cluster_size: 65536 Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 corrupt: false 2: After boot, the backingStore format is not expected ...... <emulator>/usr/libexec/qemu-kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='directsync' io='native'/> <source file='/vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/> <backingStore type='file' index='1'> <format type='raw'/> <source file='/vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/> <backingStore/> </backingStore> <target dev='vda' bus='virtio'/> <boot order='1'/> <alias name='virtio-disk0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </disk> ......
Signed-off-by: Yi Li <yili@winhong.com> --- src/qemu/qemu_block.c | 2 -- src/util/virstoragefile.c | 4 +--- src/util/virstoragefile.h | 1 - 3 files changed, 1 insertion(+), 6 deletions(-)
@@ -4916,8 +4916,6 @@ virStorageFileGetMetadataRecurse(virStorageSourcePtr src, goto cleanup;
if (backingFormat == VIR_STORAGE_FILE_AUTO) - backingStore->format = VIR_STORAGE_FILE_RAW; - else if (backingFormat == VIR_STORAGE_FILE_AUTO_SAFE) backingStore->format = VIR_STORAGE_FILE_AUTO;
I don't think we can do this safely. This code was added so that we never let qemu probe the image format. This was due to a security issue as a malicious guest could write a qcow2 or any other storage format header which has backing files into a raw volume. At new start this would be detected as the qcow2 or other format and qemu would open also the backing file. The guest then would gain access to un-allowed resources.
While now qemu refuses writing some parts of the raw image if no format was specified I don't think we should remove this code. Users always shall use the correct format.
NACK
On Mon, Aug 26, 2019 at 16:59:45 +0800, Yi Li wrote:
merge VIR_STORAGE_FILE_AUTO_SAFE/VIR_STORAGE_FILE_AUTO to VIR_STORAGE_FILE_AUTO virStorageFileProbeFormatFromBuf will probe the backingStore format.
Fix the booting issue when setting backingStore format (QCOW image) to RAW image.
This description does not really describe what the problem is.
The Guest VM cann't boot correctly as below: 1: Guest VM disk info when shutdown ...... <emulator>/usr/libexec/qemu-kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='directsync' io='native'/> <source file='/vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/> <target dev='vda' bus='virtio'/> <boot order='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </disk> ...... pls: [root@***-130 ~]# qemu-img info /vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e image: /vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e file format: qcow2 virtual size: 80G (85899345920 bytes) disk size: 15M cluster_size: 65536 backing file: /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e
The image was created without specifying the backing format. Otherwise you'd get also a: backing file format: qcow2 Please specify the backing store format explicitly when creating the overlays e.g. by using the -F option for qemu-img qemu-img create -f qcow2 -F qcow2 -b /path/to/backing /path/to/overlay This is the exact situation we want to protect from and thus the only thing we could consider is completely reject images which don't have an explicit backing store specified.
participants (2)
-
Peter Krempa -
Yi Li