Am 07.03.2013 um 10:22 schrieb Kevin Wolf <kw...@redhat.com>: > Am 07.03.2013 um 10:16 hat Peter Lieven geschrieben: >>>> If bs->growable is 1 for all drivers, whats the fix status of >>>> CVE-2008-0928? This >>>> flag was introduced as a fix for this problem. >>>> >>>> bdrv_check_byte_request() does nothing useful if bs->growable is 1. >>> >>> Don't ignore the difference between bdrv_open() and bdrv_file_open(). >>> Typically you have two BDSes: On top there is e.g. a qcow2 BDS that is >>> opened through bdrv_open() and has bs->growable = false. Its bs->file is >>> using the file protocol (raw-posix driver) and opened by >>> bdrv_file_open(). This one has bs->file->growable = true so that qcow2 >>> can write to newly allocated areas without calling bdrv_truncate() >>> first. >> >> Sorry, I have to admin I am little confused by what is happening in >> bdrv_open(). >> >> However, what I can say is that bs->growable is 1 for an iSCSI backed >> harddrive and I wonder how this can happen if bdrv_file_open is not used for >> opening it because that is the only place where bs->growable is set to 1. >> >> cmdline: >> x86_64-softmmu/qemu-system-x86_64 -k de -enable-kvm -m 1024 -drive >> if=virtio,file=iscsi://172.21.200.31/iqn.2001-05.com.equallogic:0-8a0906-16470e107-713001aa6de511e0-001-test/0 >> -vnc :1 -boot dc -monitor stdio > > It is used for the iscsi driver. You have a raw BDS (growable == false) > on top of an iscsi one (growable == true).
Ok, but growable == true is wrong for the iSCSI driver isn`t it? Peter