[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v11 1/2] block/vxhs.c: Add support for a new blo
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [PATCH v11 1/2] block/vxhs.c: Add support for a new block device type called "vxhs" |
Date: |
Wed, 19 Apr 2017 17:27:05 +0100 |
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Mon, Apr 03, 2017 at 08:48:08PM -0700, Ashish Mittal wrote:
> Source code for the qnio library that this code loads can be downloaded from:
> https://github.com/VeritasHyperScale/libqnio.git
>
> Sample command line using JSON syntax:
> ./x86_64-softmmu/qemu-system-x86_64 -name instance-00000008 -S -vnc 0.0.0.0:0
> -k en-us -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
> -msg timestamp=on
> 'json:{"driver":"vxhs","vdisk-id":"c3e9095a-a5ee-4dce-afeb-2a59fb387410",
> "server":{"host":"172.172.17.4","port":"9999"}}'
>
> Sample command line using URI syntax:
> qemu-img convert -f raw -O raw -n
> /var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad
> vxhs://192.168.0.1:9999/c6718f6b-0401-441d-a8c3-1f0064d75ee0
>
> Sample command line using TLS credentials (run in secure mode):
> ./qemu-io --object
> tls-creds-x509,id=tls0,dir=/etc/pki/qemu/vxhs,endpoint=client -c 'read
> -v 66000 2.5k' 'json:{"server.host": "127.0.0.1", "server.port": "9999",
> "vdisk-id": "/test.raw", "driver": "vxhs", "tls-creds":"tls0"}'
>
> Signed-off-by: Ashish Mittal <address@hidden>
> ---
> v11 changelog:
> (1) Replaced InetSocketAddress with InetSocketAddressBase.
> (2) Removed access to qemu_uuid.
> (3) Removed unnecessary g_strdup()/g_free().
> (4) Removed unused acb->qiov.
> (5) Changed vxhs_init_and_ref() and vxhs_unref() per suggestion.
> (6) Removed unnecessary initializations from local variables.
QEMU code:
Reviewed-by: Stefan Hajnoczi <address@hidden>
libvxhs is not robust yet. Here are two examples:
1. If the response from the server has an invalid magic number then the
whole VM is aborted:
QNIO_API_(void) kvset_unmarshal(qnio_byte_t * bs, kvset_t * *p)
{
...
assert(magic == kvset_magic);
2. There are buffer overflows and other memory corruptions. For example
when kv_binary_unpack() gets size=-1 over the wire.
The code needs to be audited line-by-line by someone aware of secure
coding practices. Please look into this.
Also, is there a plan for getting libvxhs into Fedora and Debian?
signature.asc
Description: PGP signature