See the commit message of patch 7 for the why and how. This series will probably be only part of the solution and doesn't mean that we should stop looking for other patches which improve different parts of the problem.
See the mailing list thread "Image probing: how it can be insecure, and what we could do about it" for the complete context. v2: - Fixed offset in qemu_iovec_concat [Kevin] - Added paragraph to patch 7 explaining that we're not breaking additional cases, but only change the failure mode of already broken scenarios [Max] - Added a warning when opening an image in "restricted raw" mode, which required a few more patches to make the test cases avoid this warning [Markus] Kevin Wolf (8): qemu-io: Allow explicitly specifying format qemu-iotests: Use qemu-io -f $IMGFMT qemu-iotests: Add qemu-io format option in Python tests qtests: Specify image format explicitly block: Read only one sector for format probing raw: Prohibit dangerous writes for probed images qemu-iotests: Fix stderr handling in common.qemu qemu-iotests: Test writing non-raw image headers to raw image Markus Armbruster (1): block: Factor bdrv_probe_all() out of find_image_format() block.c | 48 +++++++++---- block/raw_bsd.c | 57 +++++++++++++++- include/block/block_int.h | 5 ++ qemu-io.c | 28 +++++--- tests/ahci-test.c | 3 +- tests/bios-tables-test.c | 2 +- tests/drive_del-test.c | 2 +- tests/fdc-test.c | 2 +- tests/hd-geo-test.c | 2 +- tests/i440fx-test.c | 5 +- tests/ide-test.c | 9 +-- tests/nvme-test.c | 2 +- tests/qemu-iotests/016 | 11 +-- tests/qemu-iotests/030 | 22 +++--- tests/qemu-iotests/040 | 32 ++++----- tests/qemu-iotests/048 | 2 +- tests/qemu-iotests/055 | 18 ++--- tests/qemu-iotests/058 | 11 +-- tests/qemu-iotests/071 | 10 +-- tests/qemu-iotests/071.out | 6 +- tests/qemu-iotests/077 | 2 +- tests/qemu-iotests/081 | 8 ++- tests/qemu-iotests/081.out | 2 +- tests/qemu-iotests/089 | 6 +- tests/qemu-iotests/109 | 100 +++++++++++++++++++++++++++ tests/qemu-iotests/109.out | 149 +++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/common | 2 +- tests/qemu-iotests/common.qemu | 3 +- tests/qemu-iotests/group | 1 + tests/usb-hcd-uhci-test.c | 2 +- tests/usb-hcd-xhci-test.c | 2 +- tests/virtio-blk-test.c | 4 +- tests/virtio-scsi-test.c | 4 +- 33 files changed, 460 insertions(+), 102 deletions(-) create mode 100755 tests/qemu-iotests/109 create mode 100644 tests/qemu-iotests/109.out -- 1.8.3.1
