Google Git
Sign in
qemu / qemu / bd385a5298d7062668e804d73944d52aec9549f1
commitbd385a5298d7062668e804d73944d52aec9549f1[log] [tgz]
authorKevin Wolf <kwolf@redhat.com>Thu Apr 11 15:06:01 2024 +0200
committerKevin Wolf <kwolf@redhat.com>Tue Jul 02 18:09:51 2024 +0200
tree413d1d8b7504c38c39eea88859c02b96910827dc
parentc80a339587fe4148292c260716482dd2f86d4476 [diff]
qcow2: Don't open data_file with BDRV_O_NO_IO

One use case for 'qemu-img info' is verifying that untrusted images
don't reference an unwanted external file, be it as a backing file or an
external data file. To make sure that calling 'qemu-img info' can't
already have undesired side effects with a malicious image, just don't
open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
I/O, we don't need to have it open.

This changes the output of iotests case 061, which used 'qemu-img info'
to show that opening an image with an invalid data file fails. After
this patch, it succeeds. Replace this part of the test with a qemu-io
call, but keep the final 'qemu-img info' to show that the invalid data
file is correctly displayed in the output.

Fixes: CVE-2024-4467
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
3 files changed
tree: 413d1d8b7504c38c39eea88859c02b96910827dc
  1. .github/
  2. .gitlab/
  3. .gitlab-ci.d/
  4. accel/
  5. audio/
  6. authz/
  7. backends/
  8. block/
  9. bsd-user/
  10. chardev/
  11. common-user/
  12. configs/
  13. contrib/
  14. crypto/
  15. disas/
  16. docs/
  17. dump/
  18. ebpf/
  19. fpu/
  20. fsdev/
  21. gdb-xml/
  22. gdbstub/
  23. host/
  24. hw/
  25. include/
  26. io/
  27. libdecnumber/
  28. linux-headers/
  29. linux-user/
  30. migration/
  31. monitor/
  32. nbd/
  33. net/
  34. pc-bios/
  35. plugins/
  36. po/
  37. python/
  38. qapi/
  39. qga/
  40. qobject/
  41. qom/
  42. replay/
  43. roms/
  44. scripts/
  45. scsi/
  46. semihosting/
  47. stats/
  48. storage-daemon/
  49. stubs/
  50. subprojects/
  51. system/
  52. target/
  53. tcg/
  54. tests/
  55. tools/
  56. trace/
  57. ui/
  58. util/
  59. .dir-locals.el
  60. .editorconfig
  61. .exrc
  62. .gdbinit
  63. .git-blame-ignore-revs
  64. .gitattributes
  65. .gitignore
  66. .gitlab-ci.yml
  67. .gitmodules
  68. .gitpublish
  69. .mailmap
  70. .patchew.yml
  71. .readthedocs.yml
  72. .travis.yml
  73. block.c
  74. blockdev-nbd.c
  75. blockdev.c
  76. blockjob.c
  77. configure
  78. COPYING
  79. COPYING.LIB
  80. cpu-common.c
  81. cpu-target.c
  82. event-loop-base.c
  83. gitdm.config
  84. hmp-commands-info.hx
  85. hmp-commands.hx
  86. iothread.c
  87. job-qmp.c
  88. job.c
  89. Kconfig
  90. Kconfig.host
  91. LICENSE
  92. MAINTAINERS
  93. Makefile
  94. meson.build
  95. meson_options.txt
  96. module-common.c
  97. os-posix.c
  98. os-win32.c
  99. page-target.c
  100. page-vary-common.c
  101. page-vary-target.c
  102. pythondeps.toml
  103. qemu-bridge-helper.c
  104. qemu-edid.c
  105. qemu-img-cmds.hx
  106. qemu-img.c
  107. qemu-io-cmds.c
  108. qemu-io.c
  109. qemu-keymap.c
  110. qemu-nbd.c
  111. qemu-options.hx
  112. qemu.nsi
  113. qemu.sasl
  114. README.rst
  115. replication.c
  116. trace-events
  117. VERSION
  118. version.rc