[libvirt] [PATCH] qemu: Put format=raw onto cmd line for SCSI passthrough
Daniel P. Berrangé
berrange at redhat.com
Fri Oct 12 12:43:10 UTC 2018
On Fri, Oct 12, 2018 at 02:27:26PM +0200, Michal Privoznik wrote:
> On 10/12/2018 02:17 PM, Daniel P. Berrangé wrote:
> > On Fri, Oct 12, 2018 at 01:14:51PM +0200, Michal Privoznik wrote:
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1632833
> >>
> >> When doing a SCSI passthrough we don't put format= onto the
> >> command line. This causes qemu to probe the format automatically
> >> which ends up in a warning in the domain log and possible qemu
> >> disabling writes to the first block (according to the warning
> >> message).
> >
> > If the warning message is correct, this should have been reported
> > as a security bug to libvirt and given a CVE.
>
> Why is that? It the message is correct, qemu would prevent from writing
> to the first block. No harm there.
Only QEMU >= 2.3.0 has that protection, so this is not
something we can rely to avoid calling it a CVE. It just
means distros when QEMU >=2.3.0 would not be affected by
the CVE.
> > On the other hand if the warning from QEMU isn't correct, then
> > QEMU shouldn't have printed the warning about it being dangerous.
>
> In my testing I was able to write to the first block. Therefore, IMO
> qemu is throwing incorrect warning message.
>
> >
> > So something is missing here either way.
>
> Sure, but that doesn't invalidate my patch, does it?
Only the commit message - if this is a security flaw, we must be more
explicit about it in the commit.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list