Series comparison

-[PULL 0/1] Block patches
+[Qemu-devel] [PULL v2 0/5] Block patches
-The following changes since commit 661c2e1ab29cd9c4d268ae3f44712e8d421c0e56:
+The following changes since commit 741e1a618b126e664f7b723e6fe1b7ace511caf7:
-  scripts/checkpatch: Fix a typo (2025-03-04 09:30:26 +0800)
+  Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-09-07-1' into staging (2018-09-24 18:12:54 +0100)
 are available in the Git repository at:
-  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
+  git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request
-for you to fetch changes up to 2ad638a3d160923ef3dbf87c73944e6e44bdc724:
+for you to fetch changes up to 637fa44ab80c6b317adf1d117494325a95daad60:
-  block/qed: fix use-after-free by nullifying timer pointer after free (2025-03-06 10:19:54 +0800)
+  curl: Make sslverify=off disable host as well as peer verification. (2018-09-24 23:46:05 -0400)
 ----------------------------------------------------------------
-Pull request
+RBD and Curl patches
 QED need_check_timer use-after-free fix
 ----------------------------------------------------------------
-Denis Rastyogin (1):
+Jeff Cody (4):
-  block/qed: fix use-after-free by nullifying timer pointer after free
+  block/rbd: pull out qemu_rbd_convert_options
   block/rbd: Attempt to parse legacy filenames
   block/rbd: add iotest for rbd legacy keyvalue filename parsing
   block/rbd: add deprecation documentation for filename keyvalue pairs
- block/qed.c | 1 +
+Richard W.M. Jones (1):
-file changed, 1 insertion(+)
+  curl: Make sslverify=off disable host as well as peer verification.
  block/curl.c               |  2 +
  block/rbd.c                | 90 ++++++++++++++++++++++++++++++++------
  qemu-deprecated.texi       | 15 +++++++
  tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++
  tests/qemu-iotests/231.out |  9 ++++
  tests/qemu-iotests/group   |  1 +
 files changed, 165 insertions(+), 14 deletions(-)
  create mode 100755 tests/qemu-iotests/231
  create mode 100644 tests/qemu-iotests/231.out
 --
-.48.1
+.17.1

-New patch
+[Qemu-devel] [PULL v2 1/5] block/rbd: pull out qemu_rbd_convert_options
+Code movement to pull the conversion from Qdict to BlockdevOptionsRbd
+into a helper function.
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: John Snow <jsnow@redhat.com>
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: 5b49a980f2cde6610ab1df41bb0277d00b5db893.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ block/rbd.c | 36 ++++++++++++++++++++++++------------
+file changed, 24 insertions(+), 12 deletions(-)
+diff --git a/block/rbd.c b/block/rbd.c
+index XXXXXXX..XXXXXXX 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -XXX,XX +XXX,XX @@ failed_opts:
+     return r;
+ }
++static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
++                                    Error **errp)
++{
++    Visitor *v;
++    Error *local_err = NULL;
++
++    /* Convert the remaining options into a QAPI object */
++    v = qobject_input_visitor_new_flat_confused(options, errp);
++    if (!v) {
++        return -EINVAL;
++    }
++
++    visit_type_BlockdevOptionsRbd(v, NULL, opts, &local_err);
++    visit_free(v);
++
++    if (local_err) {
++        error_propagate(errp, local_err);
++        return -EINVAL;
++    }
++
++    return 0;
++}
++
+ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+                          Error **errp)
+ {
+     BDRVRBDState *s = bs->opaque;
+     BlockdevOptionsRbd *opts = NULL;
+-    Visitor *v;
+     const QDictEntry *e;
+     Error *local_err = NULL;
+     char *keypairs, *secretid;
+@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+         qdict_del(options, "password-secret");
+     }
+-    /* Convert the remaining options into a QAPI object */
+-    v = qobject_input_visitor_new_flat_confused(options, errp);
+-    if (!v) {
+-        r = -EINVAL;
+-        goto out;
+-    }
+-
+-    visit_type_BlockdevOptionsRbd(v, NULL, &opts, &local_err);
+-    visit_free(v);
+-
++    r = qemu_rbd_convert_options(options, &opts, &local_err);
+     if (local_err) {
+         error_propagate(errp, local_err);
+-        r = -EINVAL;
+         goto out;
+     }
+--
+.17.1

-[PULL 1/1] block/qed: fix use-after-free by nullifying timer pointer after free
+[Qemu-devel] [PULL v2 2/5] block/rbd: Attempt to parse legacy filenames
-From: Denis Rastyogin <gerben@altlinux.org>
+When we converted rbd to get rid of the older key/value-centric
 encoding format, we broke compatibility with image files with backing
 file strings encoded in the old format.
-This error was discovered by fuzzing qemu-img.
+This leaves a bit of an ugly conundrum, and a hacky solution.
-In the QED block driver, the need_check_timer timer is freed in
+If the initial attempt to parse the "proper" options fails, it assumes
-bdrv_qed_detach_aio_context, but the pointer to the timer is not
+that we may have an older key/value encoded filename.  Fall back to
-set to NULL. This can lead to a use-after-free scenario
+attempting to parse the filename, and extract the required options from
-in bdrv_qed_drain_begin().
+it.  If that fails, pass along the original error message.
-The need_check_timer pointer is set to NULL after freeing the timer.
+We do not support mixed modern usage alongside legacy keyvalue pair
-Which helps catch this condition when checking in bdrv_qed_drain_begin().
+usage.
-Closes: https://gitlab.com/qemu-project/qemu/-/issues/2852
+A deprecation warning has been added, although care should be taken
-Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
+when actually deprecating since the impact is not limited to
-Message-ID: <20250304083927.37681-1-gerben@altlinux.org>
+commandline or qapi usage, but also opening existing images.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 Reviewed-by: Eric Blake <eblake@redhat.com>
 Signed-off-by: Jeff Cody <jcody@redhat.com>
 Message-id: 15b332e5432ad069441f7275a46080f465d789a0.1536704901.git.jcody@redhat.com
 Signed-off-by: Jeff Cody <jcody@redhat.com>
 ---
- block/qed.c | 1 +
+ block/rbd.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--
-file changed, 1 insertion(+)
+file changed, 52 insertions(+), 2 deletions(-)
-diff --git a/block/qed.c b/block/qed.c
+diff --git a/block/rbd.c b/block/rbd.c
 index XXXXXXX..XXXXXXX 100644
---- a/block/qed.c
+--- a/block/rbd.c
-+++ b/block/qed.c
++++ b/block/rbd.c
-@@ -XXX,XX +XXX,XX @@ static void bdrv_qed_detach_aio_context(BlockDriverState *bs)
+@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
+     return 0;
      qed_cancel_need_check_timer(s);
      timer_free(s->need_check_timer);
 +    s->need_check_timer = NULL;
  }
- static void bdrv_qed_attach_aio_context(BlockDriverState *bs,
++static int qemu_rbd_attempt_legacy_options(QDict *options,
 +                                           BlockdevOptionsRbd **opts,
 +                                           char **keypairs)
 +{
 +    char *filename;
 +    int r;
 +
 +    filename = g_strdup(qdict_get_try_str(options, "filename"));
 +    if (!filename) {
 +        return -EINVAL;
 +    }
 +    qdict_del(options, "filename");
 +
 +    qemu_rbd_parse_filename(filename, options, NULL);
 +
 +    /* keypairs freed by caller */
 +    *keypairs = g_strdup(qdict_get_try_str(options, "=keyvalue-pairs"));
 +    if (*keypairs) {
 +        qdict_del(options, "=keyvalue-pairs");
 +    }
 +
 +    r = qemu_rbd_convert_options(options, opts, NULL);
 +
 +    g_free(filename);
 +    return r;
 +}
 +
  static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
                           Error **errp)
  {
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
      r = qemu_rbd_convert_options(options, &opts, &local_err);
      if (local_err) {
 -        error_propagate(errp, local_err);
 -        goto out;
 +        /* If keypairs are present, that means some options are present in
 +         * the modern option format.  Don't attempt to parse legacy option
 +         * formats, as we won't support mixed usage. */
 +        if (keypairs) {
 +            error_propagate(errp, local_err);
 +            goto out;
 +        }
 +
 +        /* If the initial attempt to convert and process the options failed,
 +         * we may be attempting to open an image file that has the rbd options
 +         * specified in the older format consisting of all key/value pairs
 +         * encoded in the filename.  Go ahead and attempt to parse the
 +         * filename, and see if we can pull out the required options. */
 +        r = qemu_rbd_attempt_legacy_options(options, &opts, &keypairs);
 +        if (r < 0) {
 +            /* Propagate the original error, not the legacy parsing fallback
 +             * error, as the latter was just a best-effort attempt. */
 +            error_propagate(errp, local_err);
 +            goto out;
 +        }
 +        /* Take care whenever deciding to actually deprecate; once this ability
 +         * is removed, we will not be able to open any images with legacy-styled
 +         * backing image strings. */
 +        error_report("RBD options encoded in the filename as keyvalue pairs "
 +                     "is deprecated");
      }
      /* Remove the processed options from the QDict (the visitor processes
 --
-.48.1
+.17.1

-New patch
+[Qemu-devel] [PULL v2 3/5] block/rbd: add iotest for rbd legacy keyvalue filename parsing
+This is a small test that will check for the ability to parse
+both legacy and modern options for rbd.
+The way the test is set up is for failure to occur, but without
+having to wait to timeout on a non-existent rbd server.  The error
+messages in the success path show that the arguments were parsed.
+The failure behavior prior to the patch series that has this test, is
+qemu-img complaining about mandatory options (e.g. 'pool') not being
+provided.
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: f830580e339b974a83ed4870d11adcdc17f49a47.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++++++++++++++
+ tests/qemu-iotests/231.out |  9 ++++++
+ tests/qemu-iotests/group   |  1 +
+files changed, 72 insertions(+)
+ create mode 100755 tests/qemu-iotests/231
+ create mode 100644 tests/qemu-iotests/231.out
+diff --git a/tests/qemu-iotests/231 b/tests/qemu-iotests/231
+new file mode 100755
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/tests/qemu-iotests/231
+@@ -XXX,XX +XXX,XX @@
++#!/bin/bash
++#
++# Test legacy and modern option parsing for rbd/ceph.  This will not
++# actually connect to a ceph server, but rather looks for the appropriate
++# error message that indicates we parsed the options correctly.
++#
++# Copyright (C) 2018 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++
++# creator
++owner=jcody@redhat.com
++
++seq=`basename $0`
++echo "QA output created by $seq"
++
++here=`pwd`
++status=1    # failure is the default!
++
++_cleanup()
++{
++    rm "${BOGUS_CONF}"
++}
++trap "_cleanup; exit \$status" 0 1 2 3 15
++
++# get standard environment, filters and checks
++. ./common.rc
++. ./common.filter
++
++_supported_fmt generic
++_supported_proto rbd
++_supported_os Linux
++
++BOGUS_CONF=${TEST_DIR}/ceph-$$.conf
++touch "${BOGUS_CONF}"
++
++_filter_conf()
++{
++    sed -e "s#$BOGUS_CONF#BOGUS_CONF#g"
++}
++
++# We expect this to fail, with no monitor ip provided and a null conf file.  Just want it
++# to fail in the right way.
++$QEMU_IMG info "json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=${BOGUS_CONF}'}" 2>&1 | _filter_conf
++$QEMU_IMG info "json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'${BOGUS_CONF}'}" 2>&1 | _filter_conf
++
++# success, all done
++echo "*** done"
++rm -f $seq.full
++status=0
+diff --git a/tests/qemu-iotests/231.out b/tests/qemu-iotests/231.out
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/tests/qemu-iotests/231.out
+@@ -XXX,XX +XXX,XX @@
++QA output created by 231
++qemu-img: RBD options encoded in the filename as keyvalue pairs is deprecated.  Future versions may cease to parse these options in the future.
++unable to get monitor info from DNS SRV with service name: ceph-mon
++no monitors specified to connect to.
++qemu-img: Could not open 'json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=BOGUS_CONF'}': error connecting: No such file or directory
++unable to get monitor info from DNS SRV with service name: ceph-mon
++no monitors specified to connect to.
++qemu-img: Could not open 'json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'BOGUS_CONF'}': error connecting: No such file or directory
++*** done
+diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
+index XXXXXXX..XXXXXXX 100644
+--- a/tests/qemu-iotests/group
++++ b/tests/qemu-iotests/group
+@@ -XXX,XX +XXX,XX @@
+auto quick
+auto quick
+auto quick
++231 auto quick
+--
+.17.1

-New patch
+[Qemu-devel] [PULL v2 4/5] block/rbd: add deprecation documentation for filename keyvalue pairs
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+Message-id: 647f5b5ab7efd8bf567a504c832b1d2d6f719b23.1536704901.git.jcody@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ qemu-deprecated.texi | 15 +++++++++++++++
+file changed, 15 insertions(+)
+diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
+index XXXXXXX..XXXXXXX 100644
+--- a/qemu-deprecated.texi
++++ b/qemu-deprecated.texi
+@@ -XXX,XX +XXX,XX @@ used instead.
+ In order to prevent QEMU from automatically opening an image's backing
+ chain, use ``"backing": null'' instead.
++@subsubsection rbd keyvalue pair encoded filenames: "" (since 3.1.0)
++
++Options for ``rbd'' should be specified according to its runtime options,
++like other block drivers.  Legacy parsing of keyvalue pair encoded
++filenames is useful to open images with the old format for backing files;
++These image files should be updated to use the current format.
++
++Example of legacy encoding:
++
++@code{json:@{"file.driver":"rbd", "file.filename":"rbd:rbd/name"@}}
++
++The above, converted to the current supported format:
++
++@code{json:@{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"@}}
++
+ @subsection vio-spapr-device device options
+ @subsubsection "irq": "" (since 3.0.0)
+--
+.17.1

-New patch
+[Qemu-devel] [PULL v2 5/5] curl: Make sslverify=off disable host as well as peer verification.
+From: "Richard W.M. Jones" <rjones@redhat.com>
+The sslverify setting is supposed to turn off all TLS certificate
+checks in libcurl.  However because of the way we use it, it only
+turns off peer certificate authenticity checks
+(CURLOPT_SSL_VERIFYPEER).  This patch makes it also turn off the check
+that the server name in the certificate is the same as the server
+you're connecting to (CURLOPT_SSL_VERIFYHOST).
+We can use Google's server at 8.8.8.8 which happens to have a bad TLS
+certificate to demonstrate this:
+$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
+qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
+Could not open backing image to determine size.
+With this patch applied, qemu-img connects to the server regardless of
+the bad certificate:
+$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
+qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found
+(The 404 error is expected because 8.8.8.8 is not actually serving a
+file called "/foo".)
+Of course the default (without sslverify=off) remains to always check
+the certificate:
+$ ./qemu-img create -q -f qcow2 -b 'json: { "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
+qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
+Could not open backing image to determine size.
+Further information about the two settings is available here:
+https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
+https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+Message-id: 20180914095622.19698-1-rjones@redhat.com
+Signed-off-by: Jeff Cody <jcody@redhat.com>
+---
+ block/curl.c | 2 ++
+file changed, 2 insertions(+)
+diff --git a/block/curl.c b/block/curl.c
+index XXXXXXX..XXXXXXX 100644
+--- a/block/curl.c
++++ b/block/curl.c
+@@ -XXX,XX +XXX,XX @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
+         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+         curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
+                          (long) s->sslverify);
++        curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
++                         s->sslverify ? 2L : 0L);
+         if (s->cookie) {
+             curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
+         }
+--
+.17.1

From: Denis Rastyogin <gerben@altlinux.org>

This error was discovered by fuzzing qemu-img.

In the QED block driver, the need_check_timer timer is freed in
bdrv_qed_detach_aio_context, but the pointer to the timer is not
set to NULL. This can lead to a use-after-free scenario
in bdrv_qed_drain_begin().

The need_check_timer pointer is set to NULL after freeing the timer.
Which helps catch this condition when checking in bdrv_qed_drain_begin().

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2852
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250304083927.37681-1-gerben@altlinux.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/qed.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/qed.c b/block/qed.c
index XXXXXXX..XXXXXXX 100644
--- a/block/qed.c
+++ b/block/qed.c
@@ -XXX,XX +XXX,XX @@ static void bdrv_qed_detach_aio_context(BlockDriverState *bs)
 
     qed_cancel_need_check_timer(s);
     timer_free(s->need_check_timer);
+    s->need_check_timer = NULL;
 }
 
 static void bdrv_qed_attach_aio_context(BlockDriverState *bs,
-- 
2.48.1

The following changes since commit 741e1a618b126e664f7b723e6fe1b7ace511caf7:

Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-09-07-1' into staging (2018-09-24 18:12:54 +0100)

are available in the Git repository at:

git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request

for you to fetch changes up to 637fa44ab80c6b317adf1d117494325a95daad60:

curl: Make sslverify=off disable host as well as peer verification. (2018-09-24 23:46:05 -0400)

----------------------------------------------------------------
RBD and Curl patches
----------------------------------------------------------------

Jeff Cody (4):
  block/rbd: pull out qemu_rbd_convert_options
  block/rbd: Attempt to parse legacy filenames
  block/rbd: add iotest for rbd legacy keyvalue filename parsing
  block/rbd: add deprecation documentation for filename keyvalue pairs

Richard W.M. Jones (1):
  curl: Make sslverify=off disable host as well as peer verification.

block/curl.c               |  2 +
 block/rbd.c                | 90 ++++++++++++++++++++++++++++++++------
 qemu-deprecated.texi       | 15 +++++++
 tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++
 tests/qemu-iotests/231.out |  9 ++++
 tests/qemu-iotests/group   |  1 +
 6 files changed, 165 insertions(+), 14 deletions(-)
 create mode 100755 tests/qemu-iotests/231
 create mode 100644 tests/qemu-iotests/231.out

-- 
2.17.1

Code movement to pull the conversion from Qdict to BlockdevOptionsRbd
into a helper function.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 5b49a980f2cde6610ab1df41bb0277d00b5db893.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 block/rbd.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index XXXXXXX..XXXXXXX 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -XXX,XX +XXX,XX @@ failed_opts:
     return r;
 }
 
+static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
+                                    Error **errp)
+{
+    Visitor *v;
+    Error *local_err = NULL;
+
+    /* Convert the remaining options into a QAPI object */
+    v = qobject_input_visitor_new_flat_confused(options, errp);
+    if (!v) {
+        return -EINVAL;
+    }
+
+    visit_type_BlockdevOptionsRbd(v, NULL, opts, &local_err);
+    visit_free(v);
+
+    if (local_err) {
+        error_propagate(errp, local_err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
 static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
                          Error **errp)
 {
     BDRVRBDState *s = bs->opaque;
     BlockdevOptionsRbd *opts = NULL;
-    Visitor *v;
     const QDictEntry *e;
     Error *local_err = NULL;
     char *keypairs, *secretid;
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
         qdict_del(options, "password-secret");
     }
 
-    /* Convert the remaining options into a QAPI object */
-    v = qobject_input_visitor_new_flat_confused(options, errp);
-    if (!v) {
-        r = -EINVAL;
-        goto out;
-    }
-
-    visit_type_BlockdevOptionsRbd(v, NULL, &opts, &local_err);
-    visit_free(v);
-
+    r = qemu_rbd_convert_options(options, &opts, &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
-        r = -EINVAL;
         goto out;
     }
 
-- 
2.17.1

When we converted rbd to get rid of the older key/value-centric
encoding format, we broke compatibility with image files with backing
file strings encoded in the old format.

This leaves a bit of an ugly conundrum, and a hacky solution.

If the initial attempt to parse the "proper" options fails, it assumes
that we may have an older key/value encoded filename.  Fall back to
attempting to parse the filename, and extract the required options from
it.  If that fails, pass along the original error message.

We do not support mixed modern usage alongside legacy keyvalue pair
usage.

A deprecation warning has been added, although care should be taken
when actually deprecating since the impact is not limited to
commandline or qapi usage, but also opening existing images.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 15b332e5432ad069441f7275a46080f465d789a0.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 block/rbd.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 52 insertions(+), 2 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index XXXXXXX..XXXXXXX 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_convert_options(QDict *options, BlockdevOptionsRbd **opts,
     return 0;
 }
 
+static int qemu_rbd_attempt_legacy_options(QDict *options,
+                                           BlockdevOptionsRbd **opts,
+                                           char **keypairs)
+{
+    char *filename;
+    int r;
+
+    filename = g_strdup(qdict_get_try_str(options, "filename"));
+    if (!filename) {
+        return -EINVAL;
+    }
+    qdict_del(options, "filename");
+
+    qemu_rbd_parse_filename(filename, options, NULL);
+
+    /* keypairs freed by caller */
+    *keypairs = g_strdup(qdict_get_try_str(options, "=keyvalue-pairs"));
+    if (*keypairs) {
+        qdict_del(options, "=keyvalue-pairs");
+    }
+
+    r = qemu_rbd_convert_options(options, opts, NULL);
+
+    g_free(filename);
+    return r;
+}
+
 static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
                          Error **errp)
 {
@@ -XXX,XX +XXX,XX @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
 
     r = qemu_rbd_convert_options(options, &opts, &local_err);
     if (local_err) {
-        error_propagate(errp, local_err);
-        goto out;
+        /* If keypairs are present, that means some options are present in
+         * the modern option format.  Don't attempt to parse legacy option
+         * formats, as we won't support mixed usage. */
+        if (keypairs) {
+            error_propagate(errp, local_err);
+            goto out;
+        }
+
+        /* If the initial attempt to convert and process the options failed,
+         * we may be attempting to open an image file that has the rbd options
+         * specified in the older format consisting of all key/value pairs
+         * encoded in the filename.  Go ahead and attempt to parse the
+         * filename, and see if we can pull out the required options. */
+        r = qemu_rbd_attempt_legacy_options(options, &opts, &keypairs);
+        if (r < 0) {
+            /* Propagate the original error, not the legacy parsing fallback
+             * error, as the latter was just a best-effort attempt. */
+            error_propagate(errp, local_err);
+            goto out;
+        }
+        /* Take care whenever deciding to actually deprecate; once this ability
+         * is removed, we will not be able to open any images with legacy-styled
+         * backing image strings. */
+        error_report("RBD options encoded in the filename as keyvalue pairs "
+                     "is deprecated");
     }
 
     /* Remove the processed options from the QDict (the visitor processes
-- 
2.17.1

This is a small test that will check for the ability to parse
both legacy and modern options for rbd.

The way the test is set up is for failure to occur, but without
having to wait to timeout on a non-existent rbd server.  The error
messages in the success path show that the arguments were parsed.

The failure behavior prior to the patch series that has this test, is
qemu-img complaining about mandatory options (e.g. 'pool') not being
provided.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: f830580e339b974a83ed4870d11adcdc17f49a47.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 tests/qemu-iotests/231     | 62 ++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/231.out |  9 ++++++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 72 insertions(+)
 create mode 100755 tests/qemu-iotests/231
 create mode 100644 tests/qemu-iotests/231.out

diff --git a/tests/qemu-iotests/231 b/tests/qemu-iotests/231
new file mode 100755
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/qemu-iotests/231
@@ -XXX,XX +XXX,XX @@
+#!/bin/bash
+#
+# Test legacy and modern option parsing for rbd/ceph.  This will not
+# actually connect to a ceph server, but rather looks for the appropriate
+# error message that indicates we parsed the options correctly.
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=jcody@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1	# failure is the default!
+
+_cleanup()
+{
+    rm "${BOGUS_CONF}"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt generic
+_supported_proto rbd
+_supported_os Linux
+
+BOGUS_CONF=${TEST_DIR}/ceph-$$.conf
+touch "${BOGUS_CONF}"
+
+_filter_conf()
+{
+    sed -e "s#$BOGUS_CONF#BOGUS_CONF#g"
+}
+
+# We expect this to fail, with no monitor ip provided and a null conf file.  Just want it
+# to fail in the right way.
+$QEMU_IMG info "json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=${BOGUS_CONF}'}" 2>&1 | _filter_conf
+$QEMU_IMG info "json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'${BOGUS_CONF}'}" 2>&1 | _filter_conf
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/231.out b/tests/qemu-iotests/231.out
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/qemu-iotests/231.out
@@ -XXX,XX +XXX,XX @@
+QA output created by 231
+qemu-img: RBD options encoded in the filename as keyvalue pairs is deprecated.  Future versions may cease to parse these options in the future.
+unable to get monitor info from DNS SRV with service name: ceph-mon
+no monitors specified to connect to.
+qemu-img: Could not open 'json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=BOGUS_CONF'}': error connecting: No such file or directory
+unable to get monitor info from DNS SRV with service name: ceph-mon
+no monitors specified to connect to.
+qemu-img: Could not open 'json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'BOGUS_CONF'}': error connecting: No such file or directory
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -XXX,XX +XXX,XX @@
 226 auto quick
 227 auto quick
 229 auto quick
+231 auto quick
-- 
2.17.1

Signed-off-by: Jeff Cody <jcody@redhat.com>
Message-id: 647f5b5ab7efd8bf567a504c832b1d2d6f719b23.1536704901.git.jcody@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 qemu-deprecated.texi | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index XXXXXXX..XXXXXXX 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -XXX,XX +XXX,XX @@ used instead.
 In order to prevent QEMU from automatically opening an image's backing
 chain, use ``"backing": null'' instead.
 
+@subsubsection rbd keyvalue pair encoded filenames: "" (since 3.1.0)
+
+Options for ``rbd'' should be specified according to its runtime options,
+like other block drivers.  Legacy parsing of keyvalue pair encoded
+filenames is useful to open images with the old format for backing files;
+These image files should be updated to use the current format.
+
+Example of legacy encoding:
+
+@code{json:@{"file.driver":"rbd", "file.filename":"rbd:rbd/name"@}}
+
+The above, converted to the current supported format:
+
+@code{json:@{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"@}}
+
 @subsection vio-spapr-device device options
 
 @subsubsection "irq": "" (since 3.0.0)
-- 
2.17.1

From: "Richard W.M. Jones" <rjones@redhat.com>

The sslverify setting is supposed to turn off all TLS certificate
checks in libcurl.  However because of the way we use it, it only
turns off peer certificate authenticity checks
(CURLOPT_SSL_VERIFYPEER).  This patch makes it also turn off the check
that the server name in the certificate is the same as the server
you're connecting to (CURLOPT_SSL_VERIFYHOST).

We can use Google's server at 8.8.8.8 which happens to have a bad TLS
certificate to demonstrate this:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.sslverify": "off", "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
Could not open backing image to determine size.

With this patch applied, qemu-img connects to the server regardless of
the bad certificate:

(The 404 error is expected because 8.8.8.8 is not actually serving a
file called "/foo".)

Of course the default (without sslverify=off) remains to always check
the certificate:

$ ./qemu-img create -q -f qcow2 -b 'json: { "file.driver": "https", "file.url": "https://8.8.8.8/foo" }' /var/tmp/file.qcow2
qemu-img: /var/tmp/file.qcow2: CURL: Error opening file: SSL: no alternative certificate subject name matches target host name '8.8.8.8'
Could not open backing image to determine size.

Further information about the two settings is available here:

https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 20180914095622.19698-1-rjones@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 block/curl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block/curl.c b/block/curl.c
index XXXXXXX..XXXXXXX 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -XXX,XX +XXX,XX @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
         curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
                          (long) s->sslverify);
+        curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
+                         s->sslverify ? 2L : 0L);
         if (s->cookie) {
             curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
         }
-- 
2.17.1