xenbits.xensource.com Git - qemu-xen-3.4-testing.git/commit

author	Ian Jackson <iwj@mariner.uk.xensource.com>
	Tue, 8 Jul 2008 09:29:37 +0000 (10:29 +0100)
committer	Ian Jackson <Ian.Jackson@eu.citrix.com>
	Tue, 8 Jul 2008 09:29:37 +0000 (10:29 +0100)
commit	41d1997f9000d949866f9cfe1112dc188b60b36f
tree	dd624cd7ab9b33cc22411f475a04a39a5c459722	tree
parent	f8c7b0728e2ca16221f56c7b5b571d30675f6bdd	commit \| diff

fix disk format security vulnerability; do not guess format for qcow vbds

These are the accidentally dropped hunks of xen-unstable 17606 and 17646.

Particularly, 17606 is important:

  * make the xenstore reader in qemu-dm's startup determine which
    of qemu's block drivers to use according to the xenstore
    backend `type' field.  This `type' field typically comes from
    the front of the drive mapping string in ioemu.  The
    supported cases are:
      xm config file string      `type'  image format    qemu driver
       phy:[/dev/]<device>        phy     raw image       bdrv_raw
       file:<filename>            file    raw image       bdrv_raw
       tap:aio:<filename>         tap     raw image       bdrv_raw
       tap:qcow:<image>           tap     not raw         autoprobe
       tap:<cow-fmt>:<image>      tap     named format    bdrv_<cow-fmt>
    It is still necessary to autoprobe when the image is specified as
    `tap:qcow:<image>', because qemu distinguishes `qcow' and `qcow2'
    whereas blktap doesn't; `qcow' in xenstore typically means what
    qemu calls qcow2.  This is OK because qemu can safely distinguish
    the different cow formats provided we know it's not a raw image.