On Fri, Nov 07, 2014 at 08:39:16PM +0100, Kevin Wolf wrote: > See the commit message of patch 7 for the why and how. This series > will probably be only part of the solution and doesn't mean that we > should stop looking for other patches which improve different parts of > the problem. > > See the mailing list thread "Image probing: how it can be insecure, and > what we could do about it" for the complete context. > > v2: > - Fixed offset in qemu_iovec_concat [Kevin] > - Added paragraph to patch 7 explaining that we're not breaking > additional cases, but only change the failure mode of already > broken scenarios [Max] > - Added a warning when opening an image in "restricted raw" mode, > which required a few more patches to make the test cases avoid > this warning [Markus] > > > Kevin Wolf (8): > qemu-io: Allow explicitly specifying format > qemu-iotests: Use qemu-io -f $IMGFMT > qemu-iotests: Add qemu-io format option in Python tests > qtests: Specify image format explicitly > block: Read only one sector for format probing > raw: Prohibit dangerous writes for probed images > qemu-iotests: Fix stderr handling in common.qemu > qemu-iotests: Test writing non-raw image headers to raw image > > Markus Armbruster (1): > block: Factor bdrv_probe_all() out of find_image_format() > > block.c | 48 +++++++++---- > block/raw_bsd.c | 57 +++++++++++++++- > include/block/block_int.h | 5 ++ > qemu-io.c | 28 +++++--- > tests/ahci-test.c | 3 +- > tests/bios-tables-test.c | 2 +- > tests/drive_del-test.c | 2 +- > tests/fdc-test.c | 2 +- > tests/hd-geo-test.c | 2 +- > tests/i440fx-test.c | 5 +- > tests/ide-test.c | 9 +-- > tests/nvme-test.c | 2 +- > tests/qemu-iotests/016 | 11 +-- > tests/qemu-iotests/030 | 22 +++--- > tests/qemu-iotests/040 | 32 ++++----- > tests/qemu-iotests/048 | 2 +- > tests/qemu-iotests/055 | 18 ++--- > tests/qemu-iotests/058 | 11 +-- > tests/qemu-iotests/071 | 10 +-- > tests/qemu-iotests/071.out | 6 +- > tests/qemu-iotests/077 | 2 +- > tests/qemu-iotests/081 | 8 ++- > tests/qemu-iotests/081.out | 2 +- > tests/qemu-iotests/089 | 6 +- > tests/qemu-iotests/109 | 100 +++++++++++++++++++++++++++ > tests/qemu-iotests/109.out | 149 > +++++++++++++++++++++++++++++++++++++++++ > tests/qemu-iotests/common | 2 +- > tests/qemu-iotests/common.qemu | 3 +- > tests/qemu-iotests/group | 1 + > tests/usb-hcd-uhci-test.c | 2 +- > tests/usb-hcd-xhci-test.c | 2 +- > tests/virtio-blk-test.c | 4 +- > tests/virtio-scsi-test.c | 4 +- > 33 files changed, 460 insertions(+), 102 deletions(-) > create mode 100755 tests/qemu-iotests/109 > create mode 100644 tests/qemu-iotests/109.out
QEMU 2.3 material but looks pretty close. Eric and Max had comments, I also posted a question about the nb_sectors == 0 edge-case. Stefan
pgpQqxnz5_blG.pgp
Description: PGP signature