[libvirt] [PATCH] util: storage: drop VIR_STORAGE_FILE_AUTO_SAFE
Yi Li
yili at winhong.com
Mon Aug 26 08:59:45 UTC 2019
>> merge VIR_STORAGE_FILE_AUTO_SAFE/VIR_STORAGE_FILE_AUTO to VIR_STORAGE_FILE_AUTO
>> virStorageFileProbeFormatFromBuf will probe the backingStore format.
>>
>> Fix the booting issue when setting backingStore format (QCOW image) to RAW image.
>
>This description does not really describe what the problem is.
>
The Guest VM cann't boot correctly as below:
1: Guest VM disk info when shutdown
......
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='directsync' io='native'/>
<source file='/vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/>
<target dev='vda' bus='virtio'/>
<boot order='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</disk>
......
pls:
[root@***-130 ~]# qemu-img info /vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e
image: /vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e
file format: qcow2
virtual size: 80G (85899345920 bytes)
disk size: 15M
cluster_size: 65536
backing file: /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
[root@***-130 ~]# qemu-img info /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e
image: /vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e
file format: qcow2
virtual size: 80G (85899345920 bytes)
disk size: 1.2G
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
2: After boot, the backingStore format is not expected
......
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='directsync' io='native'/>
<source file='/vms/images/.transient/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/>
<backingStore type='file' index='1'>
<format type='raw'/>
<source file='/vms/images/f6e5eb8b-7d81-443d-aab0-bb1cca1cf29e'/>
<backingStore/>
</backingStore>
<target dev='vda' bus='virtio'/>
<boot order='1'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</disk>
......
>>
>> Signed-off-by: Yi Li <yili at winhong.com>
>> ---
>> src/qemu/qemu_block.c | 2 --
>> src/util/virstoragefile.c | 4 +---
>> src/util/virstoragefile.h | 1 -
>> 3 files changed, 1 insertion(+), 6 deletions(-)
>>
>> @@ -4916,8 +4916,6 @@ virStorageFileGetMetadataRecurse(virStorageSourcePtr src,
>> goto cleanup;
>>
>> if (backingFormat == VIR_STORAGE_FILE_AUTO)
>> - backingStore->format = VIR_STORAGE_FILE_RAW;
>> - else if (backingFormat == VIR_STORAGE_FILE_AUTO_SAFE)
>> backingStore->format = VIR_STORAGE_FILE_AUTO;
>
>I don't think we can do this safely. This code was added so that we
>never let qemu probe the image format. This was due to a security issue
>as a malicious guest could write a qcow2 or any other storage format
>header which has backing files into a raw volume. At new start this
>would be detected as the qcow2 or other format and qemu would open also
>the backing file. The guest then would gain access to un-allowed
>resources.
>
>While now qemu refuses writing some parts of the raw image if no format
>was specified I don't think we should remove this code. Users always
>shall use the correct format.
>
>NACK
More information about the libvir-list
mailing list