Xen project Mailing List

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

From: Markus Armbruster <armbru@xxxxxxxxxx>

Date: Mon, 16 Jun 2008 17:38:22 +0200

Cc: Eren TÃrkay <turkay.eren@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 16 Jun 2008 08:38:48 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> writes: > I wrote: >> Markus Armbruster writes ("Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk >> Format Security Bypass"): >> > The -usbdevice argument is ultimately processed by usb_device_add(), >> > which calls usb_msd_init() to do the real work. I think we get (1), >> > but not (2) there, i.e. your change breaks raw format USB disks. >> >> That's quite likely. I hadn't spotted that separate arrangement. The >> best thing to do would be probably be to cross-port the format >> parameter code which upstream have introduced in this area to (mostly) >> fix the bug in their version. I'll look into it. > > The code in current qemu and in ioemu are very different in this area. > The machinery to which qemu added the format=... parameter doesn't > exist in ioemu and I don't think we want to backport that. > > Instead below is a batch which is intended to make > usbdevice = "disk:<filename>" > expect a raw device (as this probably is the most usual case) and > usbdevice = "disk-qcow:<filename>" > expect a COW image (autodetected, probably qcow2). > > This latter will eventually have to change to bring things into line > with recent qemu, but we can probably provide backwards compatibility > at that time. > > Markus and Eren: could you please try this and let me know if it > solves the problem for you ? I don't have a handy test setup here > right now. If you can't conveniently test it let me know and I'll do > it. > > Regards, > Ian. [...] Patch looks sane. I backported it to F-8 and verified that: 1. usbdevice = "disk:IMG" opens the image IMG raw regardless of file contents. Same for monitor command usb_add disk:IMG. 2. usbdevice = "disk-qcow:IMG" opens the qcow image IMG correctly. Same for monitor command usb_add disk-qcow:IMG. I believe monitor command change is still broken. I tried "change fda IMG", with a qcow image IMG, and it was opened qcow. But changing to a raw image failed; I think that feature was broken by by your security fix. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.