When an image is modified to point to the new backing file, the backing
file format is set to NULL, which means auto-probe. This is wrong, in
fact it is a small security problem.
Reviewed-by: Kevin Wolf <kw...@redhat.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
block/stream.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/block/stream.c b/block/stream.c
index 54f2b39..2b492d5 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -240,11 +240,14 @@ retry:
}
if (!block_job_is_cancelled(&s->common) && sector_num == end && ret == 0) {
- const char *base_id = NULL;
+ const char *base_id = NULL, *base_fmt = NULL;
if (base) {
base_id = s->backing_file_id;
+ if (base->drv) {
+ base_fmt = base->drv->format_name;
+ }
}
- ret = bdrv_change_backing_file(bs, base_id, NULL);
+ ret = bdrv_change_backing_file(bs, base_id, base_fmt);
close_unused_images(bs, base, base_id);
}
--
1.7.9.3
