On Fri, Aug 01, 2014 at 03:39:58PM +0200, Levente Kurusa wrote: > Fixed size VPC images do not have a footer, hence the current probe > function will fail and QEMU will fall back to the raw_bsd driver, which is > not the correct behaviour. The specification of the format says that fixed > size images have a footer as the last 512 bytes of the file. The footer is > exactly the same as the header would be in the case of dynamically growing > images. > > For this, we need to read the last 512 bytes of the image, however the > current mechanics predominantly read the first 2048 bytes and pass that > as a buffer to the probe functions. Solve this by passing the > BlockDriverState to the probe functions, hence giving them a chance to read > the extra bytes they might need.
I hesitate to add patches that extend image format probing. For the past few years we have always recommended that image files should not be probed. Image probing is prone to security issues because a malicious guest can modify a raw or vpc image by putting another image format header at sector 0. The next time QEMU opens the image it will detect a different format. One evil trick is to refer to a file on the host file system as the backing file, now you can read any file that the QEMU process has access to. Probing also complicates live migration. The source host still has the image file open and may write to it. The destination host shouldn't even read from the image file before handover to avoid file cache coherency issues. Probing is broken. It shouldn't be used. We shouldn't extend it (especially by adding more I/Os). QEMU has the explicit -drive format= option. qemu-img has -F and -O options to specify the format. Can you use format=vpc? Stefan
pgp1IQ1c5K_lM.pgp
Description: PGP signature
