Am 07.03.2013 um 10:16 hat Peter Lieven geschrieben: > >> If bs->growable is 1 for all drivers, whats the fix status of > >> CVE-2008-0928? This > >> flag was introduced as a fix for this problem. > >> > >> bdrv_check_byte_request() does nothing useful if bs->growable is 1. > > > > Don't ignore the difference between bdrv_open() and bdrv_file_open(). > > Typically you have two BDSes: On top there is e.g. a qcow2 BDS that is > > opened through bdrv_open() and has bs->growable = false. Its bs->file is > > using the file protocol (raw-posix driver) and opened by > > bdrv_file_open(). This one has bs->file->growable = true so that qcow2 > > can write to newly allocated areas without calling bdrv_truncate() > > first. > > Sorry, I have to admin I am little confused by what is happening in > bdrv_open(). > > However, what I can say is that bs->growable is 1 for an iSCSI backed > harddrive and I wonder how this can happen if bdrv_file_open is not used for > opening it because that is the only place where bs->growable is set to 1. > > cmdline: > x86_64-softmmu/qemu-system-x86_64 -k de -enable-kvm -m 1024 -drive > if=virtio,file=iscsi://172.21.200.31/iqn.2001-05.com.equallogic:0-8a0906-16470e107-713001aa6de511e0-001-test/0 > -vnc :1 -boot dc -monitor stdio
It is used for the iscsi driver. You have a raw BDS (growable == false) on top of an iscsi one (growable == true). Kevin