bdrv_img_create will temporarily open the backing file to probe its size.
However, this could be done with a read-write open if the wrong flags are
passed to bdrv_img_create. Since there is really no documentation on
what flags can be passed, assume that bdrv_img_create receives the flags
with which the new image will be opened; sanitize them when opening
the backing file.
Reported-by: Eric Blake <ebl...@redhat.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
block.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/block.c b/block.c
index 3f5bc92..e84a0a9 100644
--- a/block.c
+++ b/block.c
@@ -4064,10 +4064,15 @@ int bdrv_img_create(const char *filename, const char
*fmt,
if (backing_file && backing_file->value.s) {
uint64_t size;
char buf[32];
+ int back_flags;
+
+ /* backing files always opened read-only */
+ back_flags =
+ flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
bs = bdrv_new("");
- ret = bdrv_open(bs, backing_file->value.s, flags, backing_drv);
+ ret = bdrv_open(bs, backing_file->value.s, back_flags,
backing_drv);
if (ret < 0) {
error_report("Could not open '%s'", backing_file->value.s);
goto out;
--
1.7.9.3
