Am 20.08.2014 um 21:13 hat Max Reitz geschrieben: > On 20.08.2014 13:40, Kevin Wolf wrote: > >Am 12.07.2014 um 00:23 hat Max Reitz geschrieben: > >>Currently, the field "growable" in a BDS is set iff the BDS is opened in > >>protocol mode (with O_BDRV_PROTOCOL). However, not every protocol block > >>driver allows growing: NBD, for instance, does not. On the other hand, > >>a non-protocol block driver may allow growing: The raw driver does. > >> > >>Fix this by correcting the "growable" field in the driver-specific open > >>function for the BDS, if necessary. > >> > >>Signed-off-by: Max Reitz <mre...@redhat.com> > >I'm not sure I agree with bs->growable = true for raw. It's certainly > >true that the backend can technically provide the functionality that > >writes beyond EOF grow the file. That's not the point of bs->growable, > >though. > > > >The point of it was to _forbid_ it to grow even when it's technically > >possible (non-file protocols weren't really a thing back then, apart > >from vvfat, so the assumption was that it's always technically > >possible). growable was introduced with bdrv_check_request(), which is > >supposed to reject guest requests after the end of the virtual disk (and > >this fixed a CVE, see commit 71d0770c). You're now disabling this check > >for raw. > > > >I think we need to make sure that bs->growable is only set if it is > >opened for an image that has drv->requires_growing_file set and > >therefore not directly used by a guest. > > > >Well, except that with node-name a guest will be able to use any image > >in the chain... Might this mean that it's really a BlockBackend > >property? > > I guess I can make things easy for me by just introducing some > "really_growable" or "writes_beyond_eof" field or something for the > sake of this series. ;-)
Nah, don't evade the real solution... Using BDRV_O_PROTOCOL like we currently do isn't quite right either. If you clear growable when requires_growing_file isn't set for the parent, you should be fine. I think. Or hope. Kevin
