qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v11 1/2] block/vxhs.c: Add support for a new blo

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [PATCH v11 1/2] block/vxhs.c: Add support for a new block device type called "vxhs"
Date: Wed, 19 Apr 2017 17:27:05 +0100
User-agent: Mutt/1.8.0 (2017-02-23) 
On Mon, Apr 03, 2017 at 08:48:08PM -0700, Ashish Mittal wrote:
> Source code for the qnio library that this code loads can be downloaded from:
> https://github.com/VeritasHyperScale/libqnio.git
> 
> Sample command line using JSON syntax:
> ./x86_64-softmmu/qemu-system-x86_64 -name instance-00000008 -S -vnc 0.0.0.0:0
> -k en-us -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
> -msg timestamp=on
> 'json:{"driver":"vxhs","vdisk-id":"c3e9095a-a5ee-4dce-afeb-2a59fb387410",
> "server":{"host":"172.172.17.4","port":"9999"}}'
> 
> Sample command line using URI syntax:
> qemu-img convert -f raw -O raw -n
> /var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad
> vxhs://192.168.0.1:9999/c6718f6b-0401-441d-a8c3-1f0064d75ee0
> 
> Sample command line using TLS credentials (run in secure mode):
> ./qemu-io --object
> tls-creds-x509,id=tls0,dir=/etc/pki/qemu/vxhs,endpoint=client -c 'read
> -v 66000 2.5k' 'json:{"server.host": "127.0.0.1", "server.port": "9999",
> "vdisk-id": "/test.raw", "driver": "vxhs", "tls-creds":"tls0"}'
> 
> Signed-off-by: Ashish Mittal <address@hidden>
> ---
> v11 changelog:
> (1) Replaced InetSocketAddress with InetSocketAddressBase.
> (2) Removed access to qemu_uuid.
> (3) Removed unnecessary g_strdup()/g_free().
> (4) Removed unused acb->qiov.
> (5) Changed vxhs_init_and_ref() and vxhs_unref() per suggestion.
> (6) Removed unnecessary initializations from local variables.

QEMU code:

Reviewed-by: Stefan Hajnoczi <address@hidden>

libvxhs is not robust yet.  Here are two examples:

1. If the response from the server has an invalid magic number then the
   whole VM is aborted:

   QNIO_API_(void) kvset_unmarshal(qnio_byte_t * bs, kvset_t * *p)
   {
       ...
       assert(magic == kvset_magic);

2. There are buffer overflows and other memory corruptions.  For example
   when kv_binary_unpack() gets size=-1 over the wire.

The code needs to be audited line-by-line by someone aware of secure
coding practices.  Please look into this.

Also, is there a plan for getting libvxhs into Fedora and Debian?

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]