Series comparison

-[PULL 0/1] Block patches
+[Qemu-devel] [PULL v2 0/5] Block patches
-The following changes since commit 871af84dd599fab68c8ed414d9ecbdb2bcfc5801:
+The following changes since commit 741e1a618b126e664f7b723e6fe1b7ace511caf7:
-  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2025-01-29 09:51:03 -0500)
+  Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-09-07-1' into staging (2018-09-24 18:12:54 +0100)
 are available in the Git repository at:
-  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
+  git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request
-for you to fetch changes up to 58607752d173438994d28dea7e2c2587726663e6:
+for you to fetch changes up to 637fa44ab80c6b317adf1d117494325a95daad60:
-  parallels: fix ext_off assertion failure due to overflow (2025-01-30 15:22:28 -0500)
+  curl: Make sslverify=off disable host as well as peer verification. (2018-09-24 23:46:05 -0400)
 ----------------------------------------------------------------
-Pull request
+RBD and Curl patches
 ----------------------------------------------------------------
-Denis Rastyogin (1):
+Jeff Cody (4):
-  parallels: fix ext_off assertion failure due to overflow
+  block/rbd: pull out qemu_rbd_convert_options
   block/rbd: Attempt to parse legacy filenames
   block/rbd: add iotest for rbd legacy keyvalue filename parsing
   block/rbd: add deprecation documentation for filename keyvalue pairs
- block/parallels.c | 4 ++++
+Richard W.M. Jones (1):
-file changed, 4 insertions(+)
+  curl: Make sslverify=off disable host as well as peer verification.
  block/curl.c               |  2 +
  block/rbd.c                | 90 ++++++++++++++++++++++++++++++++------
  qemu-deprecated.texi       | 15 +++++++
  tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++
  tests/qemu-iotests/231.out |  9 ++++
  tests/qemu-iotests/group   |  1 +
 files changed, 165 insertions(+), 14 deletions(-)
  create mode 100755 tests/qemu-iotests/231
  create mode 100644 tests/qemu-iotests/231.out
 --
-.48.1
+.17.1

-New patch
+[Qemu-devel] [PULL v2 1/5] block/rbd: pull out qemu_rbd_convert_options
+Code movement to pull the conversion from Qdict to BlockdevOptionsRbd
+into a helper function.
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: John Snow <jsnow@redhat.com>
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: 5b49a980f2cde6610ab1df41bb0277d00b5db893.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ block/rbd.c | 36 ++++++++++++++++++++++++------------
+file changed, 24 insertions(+), 12 deletions(-)
+diff --git a/block/rbd.c b/block/rbd.c
+index XXXXXXX..XXXXXXX 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -XXX,XX +XXX,XX @@ failed_opts:
+     return r;
+ }
++static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
++                                    Error **errp)
++{
++    Visitor *v;
++    Error *local_err = NULL;
++
++    /* Convert the remaining options into a QAPI object */
++    v = qobject_input_visitor_new_flat_confused(options, errp);
++    if (!v) {
++        return -EINVAL;
++    }
++
++    visit_type_BlockdevOptionsRbd(v, NULL, opts, &local_err);
++    visit_free(v);
++
++    if (local_err) {
++        error_propagate(errp, local_err);
++        return -EINVAL;
++    }
++
++    return 0;
++}
++
+ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+                          Error **errp)
+ {
+     BDRVRBDState *s = bs->opaque;
+     BlockdevOptionsRbd *opts = NULL;
+-    Visitor *v;
+     const QDictEntry *e;
+     Error *local_err = NULL;
+     char *keypairs, *secretid;
+@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+         qdict_del(options, "password-secret");
+     }
+-    /* Convert the remaining options into a QAPI object */
+-    v = qobject_input_visitor_new_flat_confused(options, errp);
+-    if (!v) {
+-        r = -EINVAL;
+-        goto out;
+-    }
+-
+-    visit_type_BlockdevOptionsRbd(v, NULL, &opts, &local_err);
+-    visit_free(v);
+-
++    r = qemu_rbd_convert_options(options, &opts, &local_err);
+     if (local_err) {
+         error_propagate(errp, local_err);
+-        r = -EINVAL;
+         goto out;
+     }
+--
+.17.1

-New patch
+[Qemu-devel] [PULL v2 2/5] block/rbd: Attempt to parse legacy filenames
+When we converted rbd to get rid of the older key/value-centric
+encoding format, we broke compatibility with image files with backing
+file strings encoded in the old format.
+This leaves a bit of an ugly conundrum, and a hacky solution.
+If the initial attempt to parse the "proper" options fails, it assumes
+that we may have an older key/value encoded filename.  Fall back to
+attempting to parse the filename, and extract the required options from
+it.  If that fails, pass along the original error message.
+We do not support mixed modern usage alongside legacy keyvalue pair
+usage.
+A deprecation warning has been added, although care should be taken
+when actually deprecating since the impact is not limited to
+commandline or qapi usage, but also opening existing images.
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: 15b332e5432ad069441f7275a46080f465d789a0.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ block/rbd.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--
+file changed, 52 insertions(+), 2 deletions(-)
+diff --git a/block/rbd.c b/block/rbd.c
+index XXXXXXX..XXXXXXX 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
+     return 0;
+ }
++static int qemu_rbd_attempt_legacy_options(QDict *options,
++                                           BlockdevOptionsRbd **opts,
++                                           char **keypairs)
++{
++    char *filename;
++    int r;
++
++    filename = g_strdup(qdict_get_try_str(options, "filename"));
++    if (!filename) {
++        return -EINVAL;
++    }
++    qdict_del(options, "filename");
++
++    qemu_rbd_parse_filename(filename, options, NULL);
++
++    /* keypairs freed by caller */
++    *keypairs = g_strdup(qdict_get_try_str(options, "=keyvalue-pairs"));
++    if (*keypairs) {
++        qdict_del(options, "=keyvalue-pairs");
++    }
++
++    r = qemu_rbd_convert_options(options, opts, NULL);
++
++    g_free(filename);
++    return r;
++}
++
+ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+                          Error **errp)
+ {
+@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+     r = qemu_rbd_convert_options(options, &opts, &local_err);
+     if (local_err) {
+-        error_propagate(errp, local_err);
+-        goto out;
++        /* If keypairs are present, that means some options are present in
++         * the modern option format.  Don't attempt to parse legacy option
++         * formats, as we won't support mixed usage. */
++        if (keypairs) {
++            error_propagate(errp, local_err);
++            goto out;
++        }
++
++        /* If the initial attempt to convert and process the options failed,
++         * we may be attempting to open an image file that has the rbd options
++         * specified in the older format consisting of all key/value pairs
++         * encoded in the filename.  Go ahead and attempt to parse the
++         * filename, and see if we can pull out the required options. */
++        r = qemu_rbd_attempt_legacy_options(options, &opts, &keypairs);
++        if (r < 0) {
++            /* Propagate the original error, not the legacy parsing fallback
++             * error, as the latter was just a best-effort attempt. */
++            error_propagate(errp, local_err);
++            goto out;
++        }
++        /* Take care whenever deciding to actually deprecate; once this ability
++         * is removed, we will not be able to open any images with legacy-styled
++         * backing image strings. */
++        error_report("RBD options encoded in the filename as keyvalue pairs "
++                     "is deprecated");
+     }
+     /* Remove the processed options from the QDict (the visitor processes
+--
+.17.1

-New patch
+[Qemu-devel] [PULL v2 3/5] block/rbd: add iotest for rbd legacy keyvalue filename parsing
+This is a small test that will check for the ability to parse
+both legacy and modern options for rbd.
+The way the test is set up is for failure to occur, but without
+having to wait to timeout on a non-existent rbd server.  The error
+messages in the success path show that the arguments were parsed.
+The failure behavior prior to the patch series that has this test, is
+qemu-img complaining about mandatory options (e.g. 'pool') not being
+provided.
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: f830580e339b974a83ed4870d11adcdc17f49a47.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++++++++++++++
+ tests/qemu-iotests/231.out |  9 ++++++
+ tests/qemu-iotests/group   |  1 +
+files changed, 72 insertions(+)
+ create mode 100755 tests/qemu-iotests/231
+ create mode 100644 tests/qemu-iotests/231.out
+diff --git a/tests/qemu-iotests/231 b/tests/qemu-iotests/231
+new file mode 100755
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/tests/qemu-iotests/231
+@@ -XXX,XX +XXX,XX @@
++#!/bin/bash
++#
++# Test legacy and modern option parsing for rbd/ceph.  This will not
++# actually connect to a ceph server, but rather looks for the appropriate
++# error message that indicates we parsed the options correctly.
++#
++# Copyright (C) 2018 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++
++# creator
++owner=jcody@redhat.com
++
++seq=`basename $0`
++echo "QA output created by $seq"
++
++here=`pwd`
++status=1    # failure is the default!
++
++_cleanup()
++{
++    rm "${BOGUS_CONF}"
++}
++trap "_cleanup; exit \$status" 0 1 2 3 15
++
++# get standard environment, filters and checks
++. ./common.rc
++. ./common.filter
++
++_supported_fmt generic
++_supported_proto rbd
++_supported_os Linux
++
++BOGUS_CONF=${TEST_DIR}/ceph-$$.conf
++touch "${BOGUS_CONF}"
++
++_filter_conf()
++{
++    sed -e "s#$BOGUS_CONF#BOGUS_CONF#g"
++}
++
++# We expect this to fail, with no monitor ip provided and a null conf file.  Just want it
++# to fail in the right way.
++$QEMU_IMG info "json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=${BOGUS_CONF}'}" 2>&1 | _filter_conf
++$QEMU_IMG info "json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'${BOGUS_CONF}'}" 2>&1 | _filter_conf
++
++# success, all done
++echo "*** done"
++rm -f $seq.full
++status=0
+diff --git a/tests/qemu-iotests/231.out b/tests/qemu-iotests/231.out
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/tests/qemu-iotests/231.out
+@@ -XXX,XX +XXX,XX @@
++QA output created by 231
++qemu-img: RBD options encoded in the filename as keyvalue pairs is deprecated.  Future versions may cease to parse these options in the future.
++unable to get monitor info from DNS SRV with service name: ceph-mon
++no monitors specified to connect to.
++qemu-img: Could not open 'json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=BOGUS_CONF'}': error connecting: No such file or directory
++unable to get monitor info from DNS SRV with service name: ceph-mon
++no monitors specified to connect to.
++qemu-img: Could not open 'json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'BOGUS_CONF'}': error connecting: No such file or directory
++*** done
+diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
+index XXXXXXX..XXXXXXX 100644
+--- a/tests/qemu-iotests/group
++++ b/tests/qemu-iotests/group
+@@ -XXX,XX +XXX,XX @@
+auto quick
+auto quick
+auto quick
++231 auto quick
+--
+.17.1

-New patch
+[Qemu-devel] [PULL v2 4/5] block/rbd: add deprecation documentation for filename keyvalue pairs
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: 647f5b5ab7efd8bf567a504c832b1d2d6f719b23.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ qemu-deprecated.texi | 15 +++++++++++++++
+file changed, 15 insertions(+)
+diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
+index XXXXXXX..XXXXXXX 100644
+--- a/qemu-deprecated.texi
++++ b/qemu-deprecated.texi
+@@ -XXX,XX +XXX,XX @@ used instead.
+ In order to prevent QEMU from automatically opening an image's backing
+ chain, use ``"backing": null'' instead.
++@subsubsection rbd keyvalue pair encoded filenames: "" (since 3.1.0)
++
++Options for ``rbd'' should be specified according to its runtime options,
++like other block drivers.  Legacy parsing of keyvalue pair encoded
++filenames is useful to open images with the old format for backing files;
++These image files should be updated to use the current format.
++
++Example of legacy encoding:
++
++@code{json:@{"file.driver":"rbd", "file.filename":"rbd:rbd/name"@}}
++
++The above, converted to the current supported format:
++
++@code{json:@{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"@}}
++
+ @subsection vio-spapr-device device options
+ @subsubsection "irq": "" (since 3.0.0)
+--
+.17.1

-[PULL 1/1] parallels: fix ext_off assertion failure due to overflow
+[Qemu-devel] [PULL v2 5/5] curl: Make sslverify=off disable host as well as peer verification.
-From: Denis Rastyogin <gerben@altlinux.org>
+From: "Richard W.M. Jones" <rjones@redhat.com>
-This error was discovered by fuzzing qemu-img.
+The sslverify setting is supposed to turn off all TLS certificate
 checks in libcurl.  However because of the way we use it, it only
 turns off peer certificate authenticity checks
 (CURLOPT_SSL_VERIFYPEER).  This patch makes it also turn off the check
 that the server name in the certificate is the same as the server
 you're connecting to (CURLOPT_SSL_VERIFYHOST).
-When ph.ext_off has a sufficiently large value, the operation
+We can use Google's server at 8.8.8.8 which happens to have a bad TLS
-le64_to_cpu(ph.ext_off) << BDRV_SECTOR_BITS in
+certificate to demonstrate this:
 parallels_read_format_extension() can cause an overflow in int64_t.
 This overflow triggers the assert(ext_off > 0)
 check in block/parallels-ext.c: parallels_read_format_extension(),
 leading to a crash.
-This commit adds a check to prevent overflow when shifting ph.ext_off
+$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
-by BDRV_SECTOR_BITS, ensuring that the value remains within a valid range.
+qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
 Could not open backing image to determine size.
-Reported-by: Leonid Reviakin <L.reviakin@fobos-nt.ru>
+With this patch applied, qemu-img connects to the server regardless of
-Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
+the bad certificate:
-Reviewed-by: Denis V. Lunev <den@openvz.org>
-Message-ID: <20241212104212.513947-2-gerben@altlinux.org>
+$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found
 (The 404 error is expected because 8.8.8.8 is not actually serving a
 file called "/foo".)
 Of course the default (without sslverify=off) remains to always check
 the certificate:
 $ ./qemu-img create -q -f qcow2 -b 'json: { "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
 qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
 Could not open backing image to determine size.
 Further information about the two settings is available here:
 https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
 https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
 Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
 Message-id: 20180914095622.19698-1-rjones@redhat.com
 Signed-off-by: Jeff Cody <jcody@redhat.com>
 ---
- block/parallels.c | 4 ++++
+ block/curl.c | 2 ++
-file changed, 4 insertions(+)
+file changed, 2 insertions(+)
-diff --git a/block/parallels.c b/block/parallels.c
+diff --git a/block/curl.c b/block/curl.c
 index XXXXXXX..XXXXXXX 100644
---- a/block/parallels.c
+--- a/block/curl.c
-+++ b/block/parallels.c
++++ b/block/curl.c
-@@ -XXX,XX +XXX,XX @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
+@@ -XXX,XX +XXX,XX @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
-         error_setg(errp, "Catalog too large");
+         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
-         return -EFBIG;
+         curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
-     }
+                          (long) s->sslverify);
-+    if (le64_to_cpu(ph.ext_off) >= (INT64_MAX >> BDRV_SECTOR_BITS)) {
++        curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
-+        error_setg(errp, "Invalid image: Too big offset");
++                         s->sslverify ? 2L : 0L);
-+        return -EFBIG;
+         if (s->cookie) {
-+    }
+             curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
+         }
      size = bat_entry_off(s->bat_size);
      s->header_size = ROUND_UP(size, bdrv_opt_mem_align(bs->file->bs));
 --
-.48.1
+.17.1

From: Denis Rastyogin <gerben@altlinux.org>

This error was discovered by fuzzing qemu-img.

When ph.ext_off has a sufficiently large value, the operation
le64_to_cpu(ph.ext_off) << BDRV_SECTOR_BITS in
parallels_read_format_extension() can cause an overflow in int64_t.
This overflow triggers the assert(ext_off > 0)
check in block/parallels-ext.c: parallels_read_format_extension(),
leading to a crash.

This commit adds a check to prevent overflow when shifting ph.ext_off
by BDRV_SECTOR_BITS, ensuring that the value remains within a valid range.

Reported-by: Leonid Reviakin <L.reviakin@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-ID: <20241212104212.513947-2-gerben@altlinux.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/parallels.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/block/parallels.c b/block/parallels.c
index XXXXXXX..XXXXXXX 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -XXX,XX +XXX,XX @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
         error_setg(errp, "Catalog too large");
         return -EFBIG;
     }
+    if (le64_to_cpu(ph.ext_off) >= (INT64_MAX >> BDRV_SECTOR_BITS)) {
+        error_setg(errp, "Invalid image: Too big offset");
+        return -EFBIG;
+    }
 
     size = bat_entry_off(s->bat_size);
     s->header_size = ROUND_UP(size, bdrv_opt_mem_align(bs->file->bs));
-- 
2.48.1

The following changes since commit 741e1a618b126e664f7b723e6fe1b7ace511caf7:

Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-09-07-1' into staging (2018-09-24 18:12:54 +0100)

are available in the Git repository at:

git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request

for you to fetch changes up to 637fa44ab80c6b317adf1d117494325a95daad60:

curl: Make sslverify=off disable host as well as peer verification. (2018-09-24 23:46:05 -0400)

----------------------------------------------------------------
RBD and Curl patches
----------------------------------------------------------------

Jeff Cody (4):
  block/rbd: pull out qemu_rbd_convert_options
  block/rbd: Attempt to parse legacy filenames
  block/rbd: add iotest for rbd legacy keyvalue filename parsing
  block/rbd: add deprecation documentation for filename keyvalue pairs

Richard W.M. Jones (1):
  curl: Make sslverify=off disable host as well as peer verification.

block/curl.c               |  2 +
 block/rbd.c                | 90 ++++++++++++++++++++++++++++++++------
 qemu-deprecated.texi       | 15 +++++++
 tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++
 tests/qemu-iotests/231.out |  9 ++++
 tests/qemu-iotests/group   |  1 +
 6 files changed, 165 insertions(+), 14 deletions(-)
 create mode 100755 tests/qemu-iotests/231
 create mode 100644 tests/qemu-iotests/231.out

-- 
2.17.1

Code movement to pull the conversion from Qdict to BlockdevOptionsRbd
into a helper function.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 5b49a980f2cde6610ab1df41bb0277d00b5db893.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 block/rbd.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index XXXXXXX..XXXXXXX 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -XXX,XX +XXX,XX @@ failed_opts:
     return r;
 }
 
+static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
+                                    Error **errp)
+{
+    Visitor *v;
+    Error *local_err = NULL;
+
+    /* Convert the remaining options into a QAPI object */
+    v = qobject_input_visitor_new_flat_confused(options, errp);
+    if (!v) {
+        return -EINVAL;
+    }
+
+    visit_type_BlockdevOptionsRbd(v, NULL, opts, &local_err);
+    visit_free(v);
+
+    if (local_err) {
+        error_propagate(errp, local_err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
 static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
                          Error **errp)
 {
     BDRVRBDState *s = bs->opaque;
     BlockdevOptionsRbd *opts = NULL;
-    Visitor *v;
     const QDictEntry *e;
     Error *local_err = NULL;
     char *keypairs, *secretid;
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
         qdict_del(options, "password-secret");
     }
 
-    /* Convert the remaining options into a QAPI object */
-    v = qobject_input_visitor_new_flat_confused(options, errp);
-    if (!v) {
-        r = -EINVAL;
-        goto out;
-    }
-
-    visit_type_BlockdevOptionsRbd(v, NULL, &opts, &local_err);
-    visit_free(v);
-
+    r = qemu_rbd_convert_options(options, &opts, &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
-        r = -EINVAL;
         goto out;
     }
 
-- 
2.17.1

When we converted rbd to get rid of the older key/value-centric
encoding format, we broke compatibility with image files with backing
file strings encoded in the old format.

This leaves a bit of an ugly conundrum, and a hacky solution.

If the initial attempt to parse the "proper" options fails, it assumes
that we may have an older key/value encoded filename.  Fall back to
attempting to parse the filename, and extract the required options from
it.  If that fails, pass along the original error message.

We do not support mixed modern usage alongside legacy keyvalue pair
usage.

A deprecation warning has been added, although care should be taken
when actually deprecating since the impact is not limited to
commandline or qapi usage, but also opening existing images.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 15b332e5432ad069441f7275a46080f465d789a0.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 block/rbd.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 52 insertions(+), 2 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index XXXXXXX..XXXXXXX 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
     return 0;
 }
 
+static int qemu_rbd_attempt_legacy_options(QDict *options,
+                                           BlockdevOptionsRbd **opts,
+                                           char **keypairs)
+{
+    char *filename;
+    int r;
+
+    filename = g_strdup(qdict_get_try_str(options, "filename"));
+    if (!filename) {
+        return -EINVAL;
+    }
+    qdict_del(options, "filename");
+
+    qemu_rbd_parse_filename(filename, options, NULL);
+
+    /* keypairs freed by caller */
+    *keypairs = g_strdup(qdict_get_try_str(options, "=keyvalue-pairs"));
+    if (*keypairs) {
+        qdict_del(options, "=keyvalue-pairs");
+    }
+
+    r = qemu_rbd_convert_options(options, opts, NULL);
+
+    g_free(filename);
+    return r;
+}
+
 static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
                          Error **errp)
 {
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
 
     r = qemu_rbd_convert_options(options, &opts, &local_err);
     if (local_err) {
-        error_propagate(errp, local_err);
-        goto out;
+        /* If keypairs are present, that means some options are present in
+         * the modern option format.  Don't attempt to parse legacy option
+         * formats, as we won't support mixed usage. */
+        if (keypairs) {
+            error_propagate(errp, local_err);
+            goto out;
+        }
+
+        /* If the initial attempt to convert and process the options failed,
+         * we may be attempting to open an image file that has the rbd options
+         * specified in the older format consisting of all key/value pairs
+         * encoded in the filename.  Go ahead and attempt to parse the
+         * filename, and see if we can pull out the required options. */
+        r = qemu_rbd_attempt_legacy_options(options, &opts, &keypairs);
+        if (r < 0) {
+            /* Propagate the original error, not the legacy parsing fallback
+             * error, as the latter was just a best-effort attempt. */
+            error_propagate(errp, local_err);
+            goto out;
+        }
+        /* Take care whenever deciding to actually deprecate; once this ability
+         * is removed, we will not be able to open any images with legacy-styled
+         * backing image strings. */
+        error_report("RBD options encoded in the filename as keyvalue pairs "
+                     "is deprecated");
     }
 
     /* Remove the processed options from the QDict (the visitor processes
-- 
2.17.1

This is a small test that will check for the ability to parse
both legacy and modern options for rbd.

The way the test is set up is for failure to occur, but without
having to wait to timeout on a non-existent rbd server.  The error
messages in the success path show that the arguments were parsed.

The failure behavior prior to the patch series that has this test, is
qemu-img complaining about mandatory options (e.g. 'pool') not being
provided.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: f830580e339b974a83ed4870d11adcdc17f49a47.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/231.out |  9 ++++++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 72 insertions(+)
 create mode 100755 tests/qemu-iotests/231
 create mode 100644 tests/qemu-iotests/231.out

diff --git a/tests/qemu-iotests/231 b/tests/qemu-iotests/231
new file mode 100755
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/qemu-iotests/231
@@ -XXX,XX +XXX,XX @@
+#!/bin/bash
+#
+# Test legacy and modern option parsing for rbd/ceph.  This will not
+# actually connect to a ceph server, but rather looks for the appropriate
+# error message that indicates we parsed the options correctly.
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=jcody@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1	# failure is the default!
+
+_cleanup()
+{
+    rm "${BOGUS_CONF}"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt generic
+_supported_proto rbd
+_supported_os Linux
+
+BOGUS_CONF=${TEST_DIR}/ceph-$$.conf
+touch "${BOGUS_CONF}"
+
+_filter_conf()
+{
+    sed -e "s#$BOGUS_CONF#BOGUS_CONF#g"
+}
+
+# We expect this to fail, with no monitor ip provided and a null conf file.  Just want it
+# to fail in the right way.
+$QEMU_IMG info "json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=${BOGUS_CONF}'}" 2>&1 | _filter_conf
+$QEMU_IMG info "json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'${BOGUS_CONF}'}" 2>&1 | _filter_conf
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/231.out b/tests/qemu-iotests/231.out
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/qemu-iotests/231.out
@@ -XXX,XX +XXX,XX @@
+QA output created by 231
+qemu-img: RBD options encoded in the filename as keyvalue pairs is deprecated.  Future versions may cease to parse these options in the future.
+unable to get monitor info from DNS SRV with service name: ceph-mon
+no monitors specified to connect to.
+qemu-img: Could not open 'json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=BOGUS_CONF'}': error connecting: No such file or directory
+unable to get monitor info from DNS SRV with service name: ceph-mon
+no monitors specified to connect to.
+qemu-img: Could not open 'json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'BOGUS_CONF'}': error connecting: No such file or directory
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -XXX,XX +XXX,XX @@
 226 auto quick
 227 auto quick
 229 auto quick
+231 auto quick
-- 
2.17.1

Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 647f5b5ab7efd8bf567a504c832b1d2d6f719b23.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 qemu-deprecated.texi | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index XXXXXXX..XXXXXXX 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -XXX,XX +XXX,XX @@ used instead.
 In order to prevent QEMU from automatically opening an image's backing
 chain, use ``"backing": null'' instead.
 
+@subsubsection rbd keyvalue pair encoded filenames: "" (since 3.1.0)
+
+Options for ``rbd'' should be specified according to its runtime options,
+like other block drivers.  Legacy parsing of keyvalue pair encoded
+filenames is useful to open images with the old format for backing files;
+These image files should be updated to use the current format.
+
+Example of legacy encoding:
+
+@code{json:@{"file.driver":"rbd", "file.filename":"rbd:rbd/name"@}}
+
+The above, converted to the current supported format:
+
+@code{json:@{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"@}}
+
 @subsection vio-spapr-device device options
 
 @subsubsection "irq": "" (since 3.0.0)
-- 
2.17.1

From: "Richard W.M. Jones" <rjones@redhat.com>

The sslverify setting is supposed to turn off all TLS certificate
checks in libcurl.  However because of the way we use it, it only
turns off peer certificate authenticity checks
(CURLOPT_SSL_VERIFYPEER).  This patch makes it also turn off the check
that the server name in the certificate is the same as the server
you're connecting to (CURLOPT_SSL_VERIFYHOST).

We can use Google's server at 8.8.8.8 which happens to have a bad TLS
certificate to demonstrate this:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
Could not open backing image to determine size.

With this patch applied, qemu-img connects to the server regardless of
the bad certificate:

(The 404 error is expected because 8.8.8.8 is not actually serving a
file called "/foo".)

Of course the default (without sslverify=off) remains to always check
the certificate:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
Could not open backing image to determine size.

Further information about the two settings is available here:

https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 20180914095622.19698-1-rjones@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 block/curl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block/curl.c b/block/curl.c
index XXXXXXX..XXXXXXX 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -XXX,XX +XXX,XX @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
         curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
                          (long) s->sslverify);
+        curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
+                         s->sslverify ? 2L : 0L);
         if (s->cookie) {
             curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
         }
-- 
2.17.1