[PATCH v2 1/3] iotests: Specify explicit backing format where sensible
Eric Blake
eblake at redhat.com
Thu Feb 27 13:05:44 UTC 2020
On 2/27/20 1:20 AM, Peter Krempa wrote:
> On Wed, Feb 26, 2020 at 20:39:26 -0600, Eric Blake wrote:
>> There are many existing qcow2 images that specify a backing file but
>> no format. This has been the source of CVEs in the past, but has
>> become more prominent of a problem now that libvirt has switched to
>> -blockdev. With older -drive, at least the probing was always done by
>> qemu (so the only risk of a changed format between successive boots of
>> a guest was if qemu was upgraded and probed differently). But with
>> newer -blockdev, libvirt must specify a format; if libvirt guesses raw
>> where the image was formatted, this results in data corruption visible
>> to the guest; conversely, if libvirt guesses qcow2 where qemu was
>> using raw, this can result in potential security holes, so modern
>> libvirt instead refuses to use images without explicit backing format.
>>
>> The change in libvirt to reject images without explicit backing format
>> has pointed out that a number of tools have been far too reliant on
>> probing in the past. It's time to set a better example in our own
>> iotests of properly setting this parameter.
>>
>> iotest calls to create, rebase, convert, and amend are all impacted to
>> some degree. It's a bit annoying that we are inconsistent on command
>> line - while all of those accept -o backing_file=...,backing_fmt=...,
>> the shortcuts are different: create and rebase have -b and -F, convert
>> has -B but no -F, and amend has no shortcuts.
>>
>> Signed-off-by: Eric Blake <eblake at redhat.com>
>> ---
>
> [...]
>
>> 113 files changed, 414 insertions(+), 338 deletions(-)
>>
>> diff --git a/tests/qemu-iotests/017 b/tests/qemu-iotests/017
>> index 0a4b854e6520..585512bb296b 100755
>> --- a/tests/qemu-iotests/017
>> +++ b/tests/qemu-iotests/017
>> @@ -66,7 +66,7 @@ echo "Creating test image with backing file"
>> echo
>>
>> TEST_IMG=$TEST_IMG_SAVE
>> -_make_test_img -b "$TEST_IMG.base" 6G
>> +_make_test_img -b "$TEST_IMG.base" -F $IMGFMT 6G
>>
>
> My understanding of the intricacies of the qemu-iotest suite is not good
> enoug to be able to review this patch. Specifically $IMGFMT in this
> instance is also used in the '-f' switch of qemu-img in _make_test_img
> and I don't know if it's expected for the backing file to share the
> format.
That's fine; I'm hoping a qemu expert reviews as well.
$IMGFMT allows an iotest to be run on multiple formats (qcow2, qed,
vmdk); most tests in this patch series either hard-coded the base image
to be 'raw' (in which case I added -F raw) or to be the same type as the
wrapper image under test (in which case it is -F $IMGFMT). We have very
few tests that would try to mix-and-match other formats, such as a qcow2
on top of qed.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
More information about the libvir-list
mailing list