1. Patchew
  2. Libvirt
  3. [PATCH 0/4] Remove unfinished support for external data store of qcow2 files
  4. View patch

[PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension

Peter Krempa posted 4 patches 5 years, 9 months ago
[PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension
Posted by Peter Krempa 5 years, 9 months ago 
The implementation was never finished in libvirt. Remove it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/virstoragefile.c | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 32ca481cc0..6dc9d1f016 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -199,7 +199,6 @@ qedGetBackingStore(char **, int *, const char *, size_t);

 #define QCOW2_HDR_EXTENSION_END 0
 #define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
-#define QCOW2_HDR_EXTENSION_DATA_FILE 0x44415441

 #define QCOW2v3_HDR_FEATURES_INCOMPATIBLE (QCOW2_HDR_TOTAL_SIZE)
 #define QCOW2v3_HDR_FEATURES_COMPATIBLE (QCOW2v3_HDR_FEATURES_INCOMPATIBLE+8)
@@ -426,8 +425,7 @@ cowGetBackingStore(char **res,
 static int
 qcow2GetExtensions(const char *buf,
                    size_t buf_size,
-                   int *backingFormat,
-                   char **externalDataStoreRaw)
+                   int *backingFormat)
 {
     size_t offset;
     size_t extension_start;
@@ -517,19 +515,6 @@ qcow2GetExtensions(const char *buf,
             break;
         }

-        case QCOW2_HDR_EXTENSION_DATA_FILE: {
-            if (!externalDataStoreRaw)
-                break;
-
-            if (VIR_ALLOC_N(*externalDataStoreRaw, len + 1) < 0)
-                return -1;
-            memcpy(*externalDataStoreRaw, buf + offset, len);
-            (*externalDataStoreRaw)[len] = '\0';
-            VIR_DEBUG("parsed externalDataStoreRaw='%s'",
-                      *externalDataStoreRaw);
-            break;
-        }
-
         case QCOW2_HDR_EXTENSION_END:
             return 0;
         }
@@ -579,7 +564,7 @@ qcowXGetBackingStore(char **res,
     memcpy(*res, buf + offset, size);
     (*res)[size] = '\0';

-    if (qcow2GetExtensions(buf, buf_size, format, NULL) < 0)
+    if (qcow2GetExtensions(buf, buf_size, format) < 0)
         return BACKING_STORE_INVALID;

     return BACKING_STORE_OK;
-- 
2.26.0
Re: [PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension
Posted by Ján Tomko 5 years, 9 months ago 
On a Friday in 2020, Peter Krempa wrote:
>The implementation was never finished in libvirt. Remove it.
>
>Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>---
> src/util/virstoragefile.c | 19 ++-----------------
> 1 file changed, 2 insertions(+), 17 deletions(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
Re: [PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension
Posted by Eric Blake 5 years, 9 months ago 
On 4/24/20 4:24 AM, Peter Krempa wrote:
> The implementation was never finished in libvirt. Remove it.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>   src/util/virstoragefile.c | 19 ++-----------------
>   1 file changed, 2 insertions(+), 17 deletions(-)

Shouldn't we at least recognize if there is a qcow2 file with the 
extension header set, at which point we can error out and tell the user 
their image is unsupported, rather than trying to use it without the 
data file?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org
Re: [PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension
Posted by Peter Krempa 5 years, 9 months ago 
On Fri, Apr 24, 2020 at 09:52:00 -0500, Eric Blake wrote:
> On 4/24/20 4:24 AM, Peter Krempa wrote:
> > The implementation was never finished in libvirt. Remove it.
> > 
> > Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> > ---
> >   src/util/virstoragefile.c | 19 ++-----------------
> >   1 file changed, 2 insertions(+), 17 deletions(-)
> 
> Shouldn't we at least recognize if there is a qcow2 file with the extension
> header set, at which point we can error out and tell the user their image is
> unsupported, rather than trying to use it without the data file?

I don't think it's scalable to do so unless qemu exposes a whitelist of
supported extensions we can declare we support. Otherwise we are
band-aiding stuff we lear that exists and ignore any other extensions.
Re: [PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension
Posted by Eric Blake 5 years, 9 months ago 
On 4/24/20 10:18 AM, Peter Krempa wrote:
> On Fri, Apr 24, 2020 at 09:52:00 -0500, Eric Blake wrote:
>> On 4/24/20 4:24 AM, Peter Krempa wrote:
>>> The implementation was never finished in libvirt. Remove it.
>>>
>>> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>>> ---
>>>    src/util/virstoragefile.c | 19 ++-----------------
>>>    1 file changed, 2 insertions(+), 17 deletions(-)
>>
>> Shouldn't we at least recognize if there is a qcow2 file with the extension
>> header set, at which point we can error out and tell the user their image is
>> unsupported, rather than trying to use it without the data file?
> 
> I don't think it's scalable to do so unless qemu exposes a whitelist of
> supported extensions we can declare we support. Otherwise we are
> band-aiding stuff we lear that exists and ignore any other extensions.

external data files have an incompatible feature bit set in addition to 
the header extension.  Maybe whitelisting header extensions is 
prohibitive, but we should be able to recognize when a qcow2 file has an 
incompatible feature bit set that we are not aware of, and assume that 
since we don't know about the feature, we also don't know how to safely 
pass that file to qemu.

That is, we could quickly reject qcow2 files with offset 72-79 
containing bit 2 set, until we are ready to support external data files 
in libvirt.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org
Re: [PATCH 4/4] util: qcow2GetExtensions: Remove support for 'data file' extension
Posted by Peter Krempa 5 years, 9 months ago 
On Fri, Apr 24, 2020 at 10:25:15 -0500, Eric Blake wrote:
> On 4/24/20 10:18 AM, Peter Krempa wrote:
> > On Fri, Apr 24, 2020 at 09:52:00 -0500, Eric Blake wrote:
> > > On 4/24/20 4:24 AM, Peter Krempa wrote:
> > > > The implementation was never finished in libvirt. Remove it.
> > > > 
> > > > Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> > > > ---
> > > >    src/util/virstoragefile.c | 19 ++-----------------
> > > >    1 file changed, 2 insertions(+), 17 deletions(-)
> > > 
> > > Shouldn't we at least recognize if there is a qcow2 file with the extension
> > > header set, at which point we can error out and tell the user their image is
> > > unsupported, rather than trying to use it without the data file?
> > 
> > I don't think it's scalable to do so unless qemu exposes a whitelist of
> > supported extensions we can declare we support. Otherwise we are
> > band-aiding stuff we lear that exists and ignore any other extensions.
> 
> external data files have an incompatible feature bit set in addition to the
> header extension.  Maybe whitelisting header extensions is prohibitive, but
> we should be able to recognize when a qcow2 file has an incompatible feature
> bit set that we are not aware of, and assume that since we don't know about
> the feature, we also don't know how to safely pass that file to qemu.
> 
> That is, we could quickly reject qcow2 files with offset 72-79 containing
> bit 2 set, until we are ready to support external data files in libvirt.

Are there any specific reasons to do so? If so we should track them in a
bug/issue in the first place. Additionally I'm against extending the
qcow2 header parser beyond what's strictly necessary. In the end our
reimplementation of of the parser is considered a security measure.

I've pushed the patches for now. If somebody will require the 'data
file' field the last patch can always be reverted.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.