qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/4] block: Correct bs->growable


From: Kevin Wolf
Subject: Re: [Qemu-devel] [PATCH 1/4] block: Correct bs->growable
Date: Thu, 21 Aug 2014 10:19:46 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

Am 20.08.2014 um 21:13 hat Max Reitz geschrieben:
> On 20.08.2014 13:40, Kevin Wolf wrote:
> >Am 12.07.2014 um 00:23 hat Max Reitz geschrieben:
> >>Currently, the field "growable" in a BDS is set iff the BDS is opened in
> >>protocol mode (with O_BDRV_PROTOCOL). However, not every protocol block
> >>driver allows growing: NBD, for instance, does not. On the other hand,
> >>a non-protocol block driver may allow growing: The raw driver does.
> >>
> >>Fix this by correcting the "growable" field in the driver-specific open
> >>function for the BDS, if necessary.
> >>
> >>Signed-off-by: Max Reitz <address@hidden>
> >I'm not sure I agree with bs->growable = true for raw. It's certainly
> >true that the backend can technically provide the functionality that
> >writes beyond EOF grow the file. That's not the point of bs->growable,
> >though.
> >
> >The point of it was to _forbid_ it to grow even when it's technically
> >possible (non-file protocols weren't really a thing back then, apart
> >from vvfat, so the assumption was that it's always technically
> >possible). growable was introduced with bdrv_check_request(), which is
> >supposed to reject guest requests after the end of the virtual disk (and
> >this fixed a CVE, see commit 71d0770c). You're now disabling this check
> >for raw.
> >
> >I think we need to make sure that bs->growable is only set if it is
> >opened for an image that has drv->requires_growing_file set and
> >therefore not directly used by a guest.
> >
> >Well, except that with node-name a guest will be able to use any image
> >in the chain... Might this mean that it's really a BlockBackend
> >property?
> 
> I guess I can make things easy for me by just introducing some
> "really_growable" or "writes_beyond_eof" field or something for the
> sake of this series. ;-)

Nah, don't evade the real solution... Using BDRV_O_PROTOCOL like we
currently do isn't quite right either. If you clear growable when
requires_growing_file isn't set for the parent, you should be fine. I
think. Or hope.

Kevin



reply via email to

[Prev in Thread] Current Thread [Next in Thread]