aboutsummaryrefslogtreecommitdiff
path: root/block_int.h
AgeCommit message (Collapse)Author
2010-09-08Revert "Make default invocation of block drivers safer (v3)"Anthony Liguori
This reverts commit 79368c81bf8cf93864d7afc88b81b05d8f0a2c90. Conflicts: block.c I haven't been able to come up with a solution yet for the corruption caused by unaligned requests from the IDE disk so revert until a solution can be written. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-08-03block: Change bdrv_eject() not to drop the imageMarkus Armbruster
bdrv_eject() gets called when a device model opens or closes the tray. If the block driver implements method bdrv_eject(), that method gets called. Drivers host_cdrom implements it, and it opens and closes the physical tray, and nothing else. When a device model opens, then closes the tray, media changes only if the user actively changes the physical media while the tray is open. This is matches how physical hardware behaves. If the block driver doesn't implement method bdrv_eject(), we do something quite different: opening the tray severs the connection to the image by calling bdrv_close(), and closing the tray does nothing. When the device model opens, then closes the tray, media is gone, unless the user actively inserts another one while the tray is open, with a suitable change command in the monitor. This isn't how physical hardware behaves. Rather inconvenient when programs "helpfully" eject media to give you a chance to change it. The way bdrv_eject() behaves here turns that chance into a must, which is not what these programs or their users expect. Change the default action not to call bdrv_close(). Instead, note the tray status in new BlockDriverState member tray_open. Use it in bdrv_is_inserted(). Arguably, the device models should keep track of tray status themselves. But this is less invasive. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-08-03block: Fix bdrv_has_zero_initKevin Wolf
Assuming that any image on a block device is not properly zero-initialized is actually wrong: Only raw images have this problem. Any other image format shouldn't care about it, they initialize everything properly themselves. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-26block: default to 0 minimal / optiomal I/O sizeChristoph Hellwig
Currently we set them to 512 bytes unless manually specified. Unforuntaly some brain-dead partitioning tools create unaligned partitions if they get low enough optiomal I/O size values, so don't report any at all unless explicitly set. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-15Make default invocation of block drivers safer (v3)Anthony Liguori
CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could trick the block probing code into accessing arbitrary files in a guest. To mitigate this, we added an explicit format parameter to -drive which disabling block probing. Fast forward to today, and the vast majority of users do not use this parameter. libvirt does not use this by default nor does virt-manager. Most users want block probing so we should try to make it safer. This patch adds some logic to the raw device which attempts to detect a write operation to the beginning of a raw device. If the first 4 bytes happen to match an image file that has a backing file that we support, it scrubs the signature to all zeros. If a user specifies an explicit format parameter, this behavior is disabled. I contend that while a legitimate guest could write such a signature to the header, we would behave incorrectly anyway upon the next invocation of QEMU. This simply changes the incorrect behavior to not involve a security vulnerability. I've tested this pretty extensively both in the positive and negative case. I'm not 100% confident in the block layer's ability to deal with zero sized writes particularly with respect to the aio functions so some additional eyes would be appreciated. Even in the case of a single sector write, we have to make sure to invoked the completion from a bottom half so just removing the zero sized write is not an option. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-06qcow2/vdi: Change check to distinguish error casesKevin Wolf
This distinguishes between harmless leaks and real corruption. Hopefully users better understand what qemu-img check wants to tell them. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: Catch attempt to attach multiple devices to a blockdevMarkus Armbruster
For instance, -device scsi-disk,drive=foo -device scsi-disk,drive=foo happily creates two SCSI disks connected to the same block device. It's all downhill from there. Device usb-storage deliberately attaches twice to the same blockdev, which fails with the fix in place. Detach before the second attach there. Also catch attempt to delete while a guest device model is attached. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02qdev: Decouple qdev_prop_drive from DriveInfoMarkus Armbruster
Make the property point to BlockDriverState, cutting out the DriveInfo middleman. This prepares the ground for block devices that don't have a DriveInfo. Currently all user-defined ones have a DriveInfo, because the only way to define one is -drive & friends (they go through drive_init()). DriveInfo is closely tied to -drive, and like -drive, it mixes information about host and guest part of the block device. I'm working towards a new way to define block devices, with clean host/guest separation, and I need to get DriveInfo out of the way for that. Fortunately, the device models are perfectly happy with BlockDriverState, except for two places: ide_drive_initfn() and scsi_disk_initfn() need to check the DriveInfo for a serial number set with legacy -drive serial=... Use drive_get_by_blockdev() there. Device model code should now use DriveInfo only when explicitly dealing with drives defined the old way, i.e. without -device. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-22block: fix physical_block_size calculationChristoph Hellwig
Both SCSI and virtio expect the physical block size relative to the logical block size. So get the factor first before calculating the log2. Reported-by: Mike Cao <bcao@redhat.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-15block: Move error actions from DriveInfo to BlockDriverStateMarkus Armbruster
That's where they belong semantically (block device host part), even though the actions are actually executed by guest device code. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03block: Add wr_highest_sector blockstatKevin Wolf
This adds the wr_highest_sector blockstat which implements what is generally known as the high watermark. It is the highest offset of a sector written to the respective BlockDriverState since it has been opened. The query-blockstat QMP command is extended to add this value to the result, and also to add the statistics of the underlying protocol in a new "parent" field. Note that to get the "high watermark" of a qcow2 image, you need to look into the wr_highest_sector field of the parent (which can be a file, a host_device, ...). The wr_highest_sector of the qcow2 BlockDriverState itself is the highest offset on the _virtual_ disk that the guest has written to. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03block: Open the underlying image file in generic codeKevin Wolf
Format drivers shouldn't need to bother with things like file names, but rather just get an open BlockDriverState for the underlying protocol. This patch introduces this behaviour for bdrv_open implementation. For protocols which need to access the filename to open their file/device/connection/... a new callback bdrv_file_open is introduced which doesn't get an underlying file opened. For now, also some of the more obscure formats use bdrv_file_open because they open() the file themselves instead of using the block.c functions. They need to be fixed in later patches. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23block: Convert first_drv to QLISTStefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23block: Convert bdrv_first to QTAILQStefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23block: Do not export bdrv_firstStefan Hajnoczi
The bdrv_first linked list of BlockDriverStates is currently extern so that block migration can iterate the list. However, since there is already a bdrv_iterate() function there is no need to expose bdrv_first. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23blkdebug: Add events and rulesKevin Wolf
Block drivers can trigger a blkdebug event whenever they reach a place where it could be useful to inject an error for testing/debugging purposes. Rules are read from a blkdebug config file and describe which action is taken when an event is triggered. For now this is only injecting an error (with a few options) or changing the state (which is an integer). Rules can be declared to be active only in a specific state; this way later rules can distiguish on which path we came to trigger their event. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-03-17block: add logical_block_size propertyChristoph Hellwig
Add a logical block size attribute as various guest side tools only increase the filesystem sector size based on it, not the advisory physical block size. For scsi we already have support for a different logical block size in place for CDROMs that we can built upon. Only my recent block device characteristics VPD page needs some fixups. Note that we leave the logial block size for CDROMs hardcoded as the 2k value is expected for it in general. For virtio-blk we already have a feature flag claiming to support a variable logical block size that was added for the s390 kuli hypervisor. Interestingly it does not actually change the units in which the protocol works, which is still fixed at 512 bytes, but only communicates a different minimum I/O granularity. So all we need to do in virtio is to add a trap for unaligned I/O and round down the device size to the next multiple of the logical block size. IDE does not support any other logical block size than 512 bytes. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-19block: more read-only changes, related to backing filesNaphtali Sprei
Open backing file read-only where possible Upgrade backing file to read-write during commit, back to read-only after commit If upgrade fail, back to read-only. If also fail, "disconnect" the drive. Signed-off-by: Naphtali Sprei <nsprei@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-10block: add topology qdev propertiesChristoph Hellwig
Add three new qdev properties to export block topology information to the guest. This is needed to get optimal I/O alignment for RAID arrays or SSDs. The options are: - physical_block_size to specify the physical block size of the device, this is going to increase from 512 bytes to 4096 kilobytes for many modern storage devices - min_io_size to specify the minimal I/O size without performance impact, this is typically set to the RAID chunk size for arrays. - opt_io_size to specify the optimal sustained I/O size, this is typically the RAID stripe width for arrays. I decided to not auto-probe these values from blkid which might easily be possible as I don't know how to deal with these issues on migration. Note that we specificly only set the physical_block_size, and not the logial one which is the unit all I/O is described in. The reason for that is that IDE does not support increasing the logical block size and at last for now I want to stick to one meachnisms in queue and allow for easy switching of transports for a given backing image which would not be possible if scsi and virtio use real 4k sectors, while ide only uses the physical block exponent. To make this more common for the different block drivers introduce a new BlockConf structure holding all common block properties and a DEFINE_BLOCK_PROPERTIES macro to add them all together, mirroring what is done for network drivers. Also switch over all block drivers to use it, except for the floppy driver which has weird driveA/driveB properties and probably won't require any advanced block options ever. Example usage for a virtio device with 4k physical block size and 8k optimal I/O size: -drive file=scratch.img,media=disk,cache=none,id=scratch \ -device virtio-blk-pci,drive=scratch,physical_block_size=4096,opt_io_size=8192 aliguori: updated patch to take into account BLOCK events Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-09Count dirty blocks and expose an API to get dirty countLiran Schour
This will manage dirty counter for each device and will allow to get the dirty counter from above. Signed-off-by: Liran Schour <lirans@il.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-13block: Add bdrv_change_backing_fileKevin Wolf
Introduce the functions needed to change the backing file of an image. The function is implemented for qcow2. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-03qemu-img: There is more than one host device driverKevin Wolf
I haven't heard yet of anyone using qemu-img to copy an image to a real floppy, but it's a valid use case. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-03block migration: Cleanup dirty tracking codeJan Kiszka
This switches the dirty bitmap to a true bitmap, reducing its footprint (specifically in caches). It moreover fixes off-by-one bugs in set_dirty_bitmap (nb_sectors+1 were marked) and bdrv_get_dirty (limit check allowed one sector behind end of drive). And is drops redundant dirty_tracking field from BlockDriverState. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-11-17Expose a mechanism to trace block writeslirans@il.ibm.com
To support live migration without shared storage we need to be able to trace writes to disk while migrating. This Patch expose dirty block tracking per device to be polled from upper layer. Changes from v4: - Register dirty tracking for each block device. - Minor coding style issues. - Block.c will now manage a dirty bitmap per device once bdrv_set_dirty_tracking() is called. Bitmap is polled by the upper layer (block-migration.c). Signed-off-by: Liran Schour <lirans@il.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-09-11block: add aio_flush operationChristoph Hellwig
Instead stalling the VCPU while serving a cache flush try to do it asynchronously. Use our good old helper thread pool to issue an asynchronous fdatasync for raw-posix. Note that while Linux AIO implements a fdatasync operation it is not useful for us because it isn't actually implement in asynchronous fashion. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-09-11block: add enable_write_cache flagChristoph Hellwig
Add a enable_write_cache flag in the block driver state, and use it to decide if we claim to have a volatile write cache that needs controlled flushing from the guest. The flag is off if cache=writethrough is defined because O_DSYNC guarantees that every write goes to stable storage, and it is on for cache=none and cache=writeback. Both scsi-disk and ide now use the new flage, changing from their defaults of always off (ide) or always on (scsi-disk). Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-09-11Add bdrv_aio_multiwriteKevin Wolf
One performance problem of qcow2 during the initial image growth are sequential writes that are not cluster aligned. In this case, when a first requests requires to allocate a new cluster but writes only to the first couple of sectors in that cluster, the rest of the cluster is zeroed - just to be overwritten by the following second request that fills up the cluster. Let's try to merge sequential write requests to the same cluster, so we can avoid to write the zero padding to the disk in the first place. As a nice side effect, also other formats take advantage of dealing with less and larger requests. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-08-27qcow2: Metadata preallocationKevin Wolf
This introduces a qemu-img create option for qcow2 which allows the metadata to be preallocated, i.e. clusters are reserved in the refcount table and L1/L2 tables, but no data is written to them. Metadata is quite small, so this happens in almost no time. Especially with qcow2 on virtio this helps to gain a bit of performance during the initial writes. However, as soon as create a snapshot, we're back to the normal slow speed, obviously. So this isn't the real fix, but kind of a cheat while we're still having trouble with qcow2 on virtio. Note that the option is disabled by default and needs to be specified explicitly using qemu-img create -f qcow2 -o preallocation=metadata. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-07-16replace bdrv_{get, put}_buffer with bdrv_{load, save}_vmstateChristoph Hellwig
The VM state offset is a concept internal to the image format. Replace the old bdrv_{get,put}_buffer method that require an index into the image file that is constructed from the VM state offset and an offset into the vmstate with the bdrv_{load,save}_vmstate that just take an offset into the VM state. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-15block: add bdrv_probe_device methodChristoph Hellwig
Add a bdrv_probe_device method to all BlockDriver instances implementing host devices to move matching of host device types into the actual drivers. For now we keep exacly the old matching behaviour based on the devices names, although we really should have better detetion methods based on device information in the future. Signed-off-by: Christoph Hellwig <hch@lst.de>
2009-05-27fully split aio_pool from BlockDriverChristoph Hellwig
Now that we have a separate aio pool structure we can remove those aio pool details from BlockDriver. Every driver supporting AIO now needs to declare a static AIOPool with the aiocb size and the cancellation method. This cleans up the current code considerably and will make it cleaner and more obvious to support two different aio implementations behind a single BlockDriver. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-05-22qcow2: Allow different cluster sizesKevin Wolf
Add an option to specify the cluster size of a newly created qcow2 image. Default is 4k which is the same value that was hard-coded before. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-05-22Convert all block drivers to new bdrv_createKevin Wolf
Now we can make use of the newly introduced option structures. Instead of having bdrv_create carry more and more parameters (which are format specific in most cases), just pass a option structure as defined by the driver itself. bdrv_create2() contains an emulation of the old interface to simplify the transition. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-04-22implement qemu_blockalign (Stefano Stabellini)aliguori
this patch adds a buffer_alignment field to BlockDriverState and implements a qemu_blockalign function that uses that field to allocate a memory aligned buffer to be used by the block driver. buffer_alignment is initialized to 512 but each block driver can set a different value (at the moment none of them do). This patch modifies ide.c, block-qcow.c, block-qcow2.c and block.c to use qemu_blockalign instead of qemu_memalign. There is only one place left that still uses qemu_memalign to allocate buffers used by block drivers that is posix-aio-compat:handle_aiocb_rw because it is not possible to get the BlockDriverState from that function. However I think it is not important because posix-aio-compat already deals with driver specific code so it is supposed to know its own needs. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7229 c046a42c-6fe2-441c-8c8c-71466251a162
2009-04-21Introduce bdrv_check (Kevin Wolf)aliguori
From: Kevin Wolf <kwolf@redhat.com> Introduce a new bdrv_check function pointer for block drivers. Modify qcow2 to return an error status in check_refcounts(), so it can implement bdrv_check. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7214 c046a42c-6fe2-441c-8c8c-71466251a162
2009-04-07push down vector linearization to posix-aio-compat.c (Christoph Hellwig)aliguori
Make all AIO requests vectored and defer linearization until the actual I/O thread. This prepares for using native preadv/pwritev. Also enables asynchronous direct I/O by handling that case in the I/O thread. Qcow and qcow2 propably want to be adopted to directly deal with multi-segment requests, but that can be implemented later. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7020 c046a42c-6fe2-441c-8c8c-71466251a162
2009-04-05Fix savevm after BDRV_FILE size enforcementaliguori
We now enforce that you cannot write beyond the end of a non-growable file. qcow2 files are not growable but we rely on them being growable to do savevm/loadvm. Temporarily allow them to be growable by introducing a new API specifically for savevm read/write operations. Reported-by: malc Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6994 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-28block: support known backing format for image create and open (Uri Lublin)aliguori
Added a backing_format field to BlockDriverState. Added bdrv_create2 and drv->bdrv_create2 to create an image with a known backing file format. Upon bdrv_open2 if backing format is known use it, instead of probing the (backing) image. Signed-off-by: Uri Lublin <uril@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6908 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-28new scsi-generic abstraction, use SG_IO (Christoph Hellwig)aliguori
Okay, I started looking into how to handle scsi-generic I/O in the new world order. I think the best is to use the SG_IO ioctl instead of the read/write interface as that allows us to support scsi passthrough on disk/cdrom devices, too. See Hannes patch on the kvm list from August for an example. Now that we always do ioctls we don't need another abstraction than bdrv_ioctl for the synchronous requests for now, and for asynchronous requests I've added a aio_ioctl abstraction keeping it simple. Long-term we might want to move the ops to a higher-level abstraction and let the low-level code fill out the request header, but I'm lazy enough to leave that to the people trying to support scsi-passthrough on a non-Linux OS. Tested lightly by issuing various sg_ commands from sg3-utils in a guest to a host CDROM device. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6895 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-20Refactor aio callback allocation to use an aiocb pool (Avi Kivity)aliguori
Move the AIOCB allocation code to use a dedicate structure, AIOPool. AIOCB specific information, such as the AIOCB size and cancellation routine, is moved into the pool. At present, there is exactly one pool per block format driver, maintaining the status quo. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6870 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-12Drop internal bdrv_pread()/bdrv_pwrite() APIs (Avi Kivity)aliguori
Now that scsi generic no longer uses bdrv_pread() and bdrv_pwrite(), we can drop the corresponding internal APIs, which overlap bdrv_read()/bdrv_write() and, being byte oriented, are unnatural for a block device. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6824 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-12Add internal scsi generic block API (Avi Kivity)aliguori
Add an internal API for the generic block layer to send scsi generic commands to block format driver. This means block format drivers no longer need to consider overloaded nb_sectors parameters. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6823 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-05monitor: Rework early disk password inquiry (Jan Kiszka)aliguori
Reading the passwords for encrypted hard disks during early startup is broken (I guess for quiet a while now): - No monitor terminal is ready for input at this point - Forcing all mux'ed terminals into monitor mode can confuse other users of that channels To overcome these issues and to lay the ground for a clean decoupling of monitor terminals, this patch changes the initial password inquiry as follows: - Prevent autostart if there is some encrypted disk - Once the user tries to resume the VM, prompt for all missing passwords - Only resume if all passwords were accepted Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6707 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-03Fix CVE-2008-0928 - insufficient block device address range checking ↵aliguori
(Anthony Liguori) Introduce a growable flag that's set by bdrv_file_open(). Block devices should never be growable, only files that are being used by block devices. I went through Fabrice's early comments about the patch that was first applied. While I disagree with that patch, I also disagree with Fabrice's suggestion. There's no good reason to do the checks in the block drivers themselves. It just increases the possibility that this bug could show up again. Since we're calling bdrv_getlength() to determine the length, we're giving the block drivers a chance to chime in and let us know what range is valid. Basically, this patch makes the BlockDriver API guarantee that all requests are within 0..bdrv_getlength() which to me seems like a Good Thing. What do others think? Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6677 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-11qemu: record devfn on block driver instance (Marcelo Tosatti)aliguori
Record PCIDev on the BlockDriverState structure to locate for release on hot-removal. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6597 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-08Use an option rom instead of boot sector for -kernelaliguori
Generate an option rom instead of using a hijacked boot sector for kernel booting. This just requires adding a small option ROM header and a few more instructions to the boot sector to take over the int19 vector and run our boot code. A disk is no longer needed when using -kernel on x86. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5650 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-17Fix warnings that would be caused by ld flag --warn-commonblueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5240 c046a42c-6fe2-441c-8c8c-71466251a162
2008-03-11Revert fix for CVE-2008-0928. Will be fixed in a different way later.aurel32
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4041 c046a42c-6fe2-441c-8c8c-71466251a162
2008-03-11Fix CVE-2008-0928 - insufficient block device address range checkingaurel32
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4037 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-24Real SCSI device passthrough (v4), by Laurent Vivier.ths
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3851 c046a42c-6fe2-441c-8c8c-71466251a162