[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> writes:

> I wrote:
>> Markus Armbruster writes ("Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk 
>> Format Security Bypass"):
>> > The -usbdevice argument is ultimately processed by usb_device_add(),
>> > which calls usb_msd_init() to do the real work.  I think we get (1),
>> > but not (2) there, i.e. your change breaks raw format USB disks.
>> That's quite likely.  I hadn't spotted that separate arrangement.  The
>> best thing to do would be probably be to cross-port the format
>> parameter code which upstream have introduced in this area to (mostly)
>> fix the bug in their version.  I'll look into it.
> The code in current qemu and in ioemu are very different in this area.
> The machinery to which qemu added the format=... parameter doesn't
> exist in ioemu and I don't think we want to backport that.
> Instead below is a batch which is intended to make
>    usbdevice = "disk:<filename>"
> expect a raw device (as this probably is the most usual case) and
>    usbdevice = "disk-qcow:<filename>"
> expect a COW image (autodetected, probably qcow2).
> This latter will eventually have to change to bring things into line
> with recent qemu, but we can probably provide backwards compatibility
> at that time.
> Markus and Eren: could you please try this and let me know if it
> solves the problem for you ?  I don't have a handy test setup here
> right now.  If you can't conveniently test it let me know and I'll do
> it.
> Regards,
> Ian.

Patch looks sane.  I backported it to F-8 and verified that:

1. usbdevice = "disk:IMG" opens the image IMG raw regardless of file
   contents.  Same for monitor command usb_add disk:IMG.

2. usbdevice = "disk-qcow:IMG" opens the qcow image IMG correctly.
   Same for monitor command usb_add disk-qcow:IMG.

I believe monitor command change is still broken.  I tried "change fda
IMG", with a qcow image IMG, and it was opened qcow.  But changing to
a raw image failed; I think that feature was broken by by your
security fix.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.