Stefano Stabellini
2012-Jun-06 10:54 UTC
[PATCH] disable virtfs compilation by default in upstream QEMU
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> --- diff --git a/tools/Makefile b/tools/Makefile index 7b14678..dae7995 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -157,6 +157,7 @@ subdir-all-qemu-xen-dir subdir-install-qemu-xen-dir: qemu-xen-dir-find --bindir=$(LIBEXEC) \ --datadir=$(SHAREDIR)/qemu-xen \ --disable-kvm \ + --disable-virtfs \ --python=$(PYTHON) \ $(IOEMU_CONFIGURE_CROSS); \ $(MAKE) install
Ian Jackson
2012-Jun-07 17:26 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
Stefano Stabellini writes ("[Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"):> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson
2012-Jun-07 17:36 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
Ian Jackson writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"):> Stefano Stabellini writes ("[Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > > Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>In fact I did a build test before pushing and it failed. See below. The source directory /u/iwj/work/1/qemu-upstream-unstable.git contains 6d8b472233779c2a028a03843603030d2b1aee86 and I did a hg/git clean before the build test. So I have stripped out that changeset. Ian. make[3]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools/qemu-xen-traditional-dir'' make[2]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools'' make[2]: Entering directory `/u/iwj/work/xen-unstable-tools.hg/tools'' if test -d /u/iwj/work/1/qemu-upstream-unstable.git ; then \ mkdir -p qemu-xen-dir; \ else \ export GIT=git; \ /u/iwj/work/xen-unstable-tools.hg/tools/../scripts/git-checkout.sh /u/iwj/work/1/qemu-upstream-unstable.git master qemu-xen-dir ; \ fi if test -d /u/iwj/work/1/qemu-upstream-unstable.git ; then \ source=/u/iwj/work/1/qemu-upstream-unstable.git; \ else \ source=.; \ fi; \ cd qemu-xen-dir; \ $source/configure --enable-xen --target-list=i386-softmmu \ --source-path=$source \ --extra-cflags="-I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/include \ -I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/libxc \ -I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/xenstore \ -I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/xenstore/compat" \ --extra-ldflags="-L/u/iwj/work/xen-unstable-tools.hg/tools/../tools/libxc \ -L/u/iwj/work/xen-unstable-tools.hg/tools/../tools/xenstore" \ --bindir=/usr/lib/xen/bin \ --datadir=/usr/share/qemu-xen \ --disable-kvm \ --disable-virtfs \ --python=python \ ; \ make install ERROR: unknown option --disable-virtfs Usage: configure [options] Options: [defaults in brackets after descriptions] Standard options: --help print this message --prefix=PREFIX install in PREFIX [/usr/local] --interp-prefix=PREFIX where to find shared libraries, etc. use %M for cpu name [/usr/gnemul/qemu-%M] --target-list=LIST set target list (default: build everything) Available targets: i386-softmmu x86_64-softmmu alpha-softmmu arm-softmmu cris-softmmu lm32-softmmu m68k-softmmu microblaze-softmmu microblazeel-softmmu mips-softmmu mipsel-softmmu mips64-softmmu mips64el-softmmu ppc-softmmu ppcemb-softmmu ppc64-softmmu sh4-softmmu sh4eb-softmmu sparc-softmmu sparc64-softmmu s390x-softmmu xtensa-softmmu xtensaeb-softmmu i386-linux-user x86_64-linux-user alpha-linux-user arm-linux-user armeb-linux-user cris-linux-user m68k-linux-user microblaze-linux-user microblazeel-linux-user mips-linux-user mipsel-linux-user ppc-linux-user ppc64-linux-user ppc64abi32-linux-user sh4-linux-user sh4eb-linux-user sparc-linux-user sparc64-linux-user sparc32plus-linux-user unicore32-linux-user s390x-linux-user Advanced options (experts only): --source-path=PATH path of source code [/u/iwj/work/1/qemu-upstream-unstable.git] --cross-prefix=PREFIX use PREFIX for compile tools [] --cc=CC use C compiler CC [gcc] --host-cc=CC use C compiler CC [gcc] for code run at build time --extra-cflags=CFLAGS append extra C compiler flags QEMU_CFLAGS --extra-ldflags=LDFLAGS append extra linker flags LDFLAGS --make=MAKE use specified make [make] --install=INSTALL use specified install [install] --python=PYTHON use specified python [python] --smbd=SMBD use specified smbd [/usr/sbin/smbd] --static enable static build [no] --mandir=PATH install man pages in PATH --datadir=PATH install firmware in PATH --docdir=PATH install documentation in PATH --bindir=PATH install binaries in PATH --sysconfdir=PATH install config in PATH/qemu --enable-debug-tcg enable TCG debugging --disable-debug-tcg disable TCG debugging (default) --enable-debug enable common debug build options --enable-sparse enable sparse checker --disable-sparse disable sparse checker (default) --disable-strip disable stripping binaries --disable-werror disable compilation abort on warning --disable-sdl disable SDL --enable-sdl enable SDL --disable-vnc disable VNC --enable-vnc enable VNC --enable-cocoa enable COCOA (Mac OS X only) --audio-drv-list=LIST set audio drivers list: Available drivers: oss alsa sdl esd pa fmod --audio-card-list=LIST set list of emulated audio cards [ac97 es1370 sb16 hda] Available cards: ac97 es1370 sb16 cs4231a adlib gus hda --block-drv-whitelist=L set block driver whitelist (affects only QEMU, not qemu-img) --enable-mixemu enable mixer emulation --disable-xen disable xen backend driver support --enable-xen enable xen backend driver support --disable-brlapi disable BrlAPI --enable-brlapi enable BrlAPI --disable-vnc-tls disable TLS encryption for VNC server --enable-vnc-tls enable TLS encryption for VNC server --disable-vnc-sasl disable SASL encryption for VNC server --enable-vnc-sasl enable SASL encryption for VNC server --disable-vnc-jpeg disable JPEG lossy compression for VNC server --enable-vnc-jpeg enable JPEG lossy compression for VNC server --disable-vnc-png disable PNG compression for VNC server (default) --enable-vnc-png enable PNG compression for VNC server --disable-vnc-thread disable threaded VNC server --enable-vnc-thread enable threaded VNC server --disable-curses disable curses output --enable-curses enable curses output --disable-curl disable curl connectivity --enable-curl enable curl connectivity --disable-fdt disable fdt device tree --enable-fdt enable fdt device tree --disable-check-utests disable check unit-tests --enable-check-utests enable check unit-tests --disable-bluez disable bluez stack connectivity --enable-bluez enable bluez stack connectivity --disable-slirp disable SLIRP userspace network connectivity --disable-kvm disable KVM acceleration support --enable-kvm enable KVM acceleration support --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI) --disable-nptl disable usermode NPTL support --enable-nptl enable usermode NPTL support --enable-system enable all system emulation targets --disable-system disable all system emulation targets --enable-user enable supported user emulation targets --disable-user disable all user emulation targets --enable-linux-user enable all linux usermode emulation targets --disable-linux-user disable all linux usermode emulation targets --enable-darwin-user enable all darwin usermode emulation targets --disable-darwin-user disable all darwin usermode emulation targets --enable-bsd-user enable all BSD usermode emulation targets --disable-bsd-user disable all BSD usermode emulation targets --enable-guest-base enable GUEST_BASE support for usermode emulation targets --disable-guest-base disable GUEST_BASE support --enable-pie build Position Independent Executables --disable-pie do not build Position Independent Executables --fmod-lib path to FMOD library --fmod-inc path to FMOD includes --oss-lib path to OSS library --enable-uname-release=R Return R for uname -r in usermode emulation --cpu=CPU Build for host CPU [i386] --sparc_cpu=V Build qemu for Sparc architecture v7, v8, v8plus, v8plusa, v9 --disable-uuid disable uuid support --enable-uuid enable uuid support --disable-vde disable support for vde network --enable-vde enable support for vde network --disable-linux-aio disable Linux AIO support --enable-linux-aio enable Linux AIO support --disable-attr disables attr and xattr support --enable-attr enable attr and xattr support --disable-blobs disable installing provided firmware blobs --enable-docs enable documentation build --disable-docs disable documentation build --disable-vhost-net disable vhost-net acceleration support --enable-vhost-net enable vhost-net acceleration support --enable-trace-backend=B Set trace backend Available backends: nop simple stderr ust dtrace --with-trace-file=NAME Full PATH,NAME of file to store traces Default:trace-<pid> --disable-spice disable spice --enable-spice enable spice --enable-rbd enable building the rados block device (rbd) --disable-libiscsi disable iscsi support --enable-libiscsi enable iscsi support --disable-smartcard disable smartcard support --enable-smartcard enable smartcard support --disable-smartcard-nss disable smartcard nss support --enable-smartcard-nss enable smartcard nss support --disable-usb-redir disable usb network redirection support --enable-usb-redir enable usb network redirection support --disable-guest-agent disable building of the QEMU Guest Agent --enable-guest-agent enable building of the QEMU Guest Agent NOTE: The object files are built at the place where configure is launched make[3]: Entering directory `/u/iwj/work/xen-unstable-tools.hg/tools/qemu-xen-dir'' make[3]: *** No rule to make target `install''. Stop. make[3]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools/qemu-xen-dir'' make[2]: *** [subdir-install-qemu-xen-dir] Error 2 make[2]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools'' make[1]: *** [subdirs-install] Error 2 make[1]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools'' make: *** [install-tools] Error 2
Stefano Stabellini
2012-Jun-08 10:17 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
On Thu, 7 Jun 2012, Ian Jackson wrote:> Ian Jackson writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > Stefano Stabellini writes ("[Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > > Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > > > > Committed-by: Ian Jackson <ian.jackson@eu.citrix.com> > > In fact I did a build test before pushing and it failed. See below. > > The source directory /u/iwj/work/1/qemu-upstream-unstable.git contains > 6d8b472233779c2a028a03843603030d2b1aee86 and I did a hg/git clean > before the build test. > > So I have stripped out that changeset. >Thanks! I was working on the wrong tree (QEMU 1.1 rather than QEMU 1.0). Unfortunately the fix that went upstream for this compilation issue is not suitable for 1.0 either, so we''ll have to live with this bug a little while longer.> > make[3]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools/qemu-xen-traditional-dir'' > make[2]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools'' > make[2]: Entering directory `/u/iwj/work/xen-unstable-tools.hg/tools'' > if test -d /u/iwj/work/1/qemu-upstream-unstable.git ; then \ > mkdir -p qemu-xen-dir; \ > else \ > export GIT=git; \ > /u/iwj/work/xen-unstable-tools.hg/tools/../scripts/git-checkout.sh /u/iwj/work/1/qemu-upstream-unstable.git master qemu-xen-dir ; \ > fi > if test -d /u/iwj/work/1/qemu-upstream-unstable.git ; then \ > source=/u/iwj/work/1/qemu-upstream-unstable.git; \ > else \ > source=.; \ > fi; \ > cd qemu-xen-dir; \ > $source/configure --enable-xen --target-list=i386-softmmu \ > --source-path=$source \ > --extra-cflags="-I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/include \ > -I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/libxc \ > -I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/xenstore \ > -I/u/iwj/work/xen-unstable-tools.hg/tools/../tools/xenstore/compat" \ > --extra-ldflags="-L/u/iwj/work/xen-unstable-tools.hg/tools/../tools/libxc \ > -L/u/iwj/work/xen-unstable-tools.hg/tools/../tools/xenstore" \ > --bindir=/usr/lib/xen/bin \ > --datadir=/usr/share/qemu-xen \ > --disable-kvm \ > --disable-virtfs \ > --python=python \ > ; \ > make install > ERROR: unknown option --disable-virtfs > > Usage: configure [options] > Options: [defaults in brackets after descriptions] > > Standard options: > --help print this message > --prefix=PREFIX install in PREFIX [/usr/local] > --interp-prefix=PREFIX where to find shared libraries, etc. > use %M for cpu name [/usr/gnemul/qemu-%M] > --target-list=LIST set target list (default: build everything) > Available targets: i386-softmmu x86_64-softmmu > alpha-softmmu arm-softmmu cris-softmmu lm32-softmmu > m68k-softmmu microblaze-softmmu microblazeel-softmmu > mips-softmmu mipsel-softmmu mips64-softmmu > mips64el-softmmu ppc-softmmu ppcemb-softmmu > ppc64-softmmu sh4-softmmu sh4eb-softmmu > sparc-softmmu sparc64-softmmu s390x-softmmu > xtensa-softmmu xtensaeb-softmmu i386-linux-user > x86_64-linux-user alpha-linux-user arm-linux-user > armeb-linux-user cris-linux-user m68k-linux-user > microblaze-linux-user microblazeel-linux-user > mips-linux-user mipsel-linux-user ppc-linux-user > ppc64-linux-user ppc64abi32-linux-user > sh4-linux-user sh4eb-linux-user sparc-linux-user > sparc64-linux-user sparc32plus-linux-user > unicore32-linux-user s390x-linux-user > > Advanced options (experts only): > --source-path=PATH path of source code [/u/iwj/work/1/qemu-upstream-unstable.git] > --cross-prefix=PREFIX use PREFIX for compile tools [] > --cc=CC use C compiler CC [gcc] > --host-cc=CC use C compiler CC [gcc] for code run at > build time > --extra-cflags=CFLAGS append extra C compiler flags QEMU_CFLAGS > --extra-ldflags=LDFLAGS append extra linker flags LDFLAGS > --make=MAKE use specified make [make] > --install=INSTALL use specified install [install] > --python=PYTHON use specified python [python] > --smbd=SMBD use specified smbd [/usr/sbin/smbd] > --static enable static build [no] > --mandir=PATH install man pages in PATH > --datadir=PATH install firmware in PATH > --docdir=PATH install documentation in PATH > --bindir=PATH install binaries in PATH > --sysconfdir=PATH install config in PATH/qemu > --enable-debug-tcg enable TCG debugging > --disable-debug-tcg disable TCG debugging (default) > --enable-debug enable common debug build options > --enable-sparse enable sparse checker > --disable-sparse disable sparse checker (default) > --disable-strip disable stripping binaries > --disable-werror disable compilation abort on warning > --disable-sdl disable SDL > --enable-sdl enable SDL > --disable-vnc disable VNC > --enable-vnc enable VNC > --enable-cocoa enable COCOA (Mac OS X only) > --audio-drv-list=LIST set audio drivers list: > Available drivers: oss alsa sdl esd pa fmod > --audio-card-list=LIST set list of emulated audio cards [ac97 es1370 sb16 hda] > Available cards: ac97 es1370 sb16 cs4231a adlib gus hda > --block-drv-whitelist=L set block driver whitelist > (affects only QEMU, not qemu-img) > --enable-mixemu enable mixer emulation > --disable-xen disable xen backend driver support > --enable-xen enable xen backend driver support > --disable-brlapi disable BrlAPI > --enable-brlapi enable BrlAPI > --disable-vnc-tls disable TLS encryption for VNC server > --enable-vnc-tls enable TLS encryption for VNC server > --disable-vnc-sasl disable SASL encryption for VNC server > --enable-vnc-sasl enable SASL encryption for VNC server > --disable-vnc-jpeg disable JPEG lossy compression for VNC server > --enable-vnc-jpeg enable JPEG lossy compression for VNC server > --disable-vnc-png disable PNG compression for VNC server (default) > --enable-vnc-png enable PNG compression for VNC server > --disable-vnc-thread disable threaded VNC server > --enable-vnc-thread enable threaded VNC server > --disable-curses disable curses output > --enable-curses enable curses output > --disable-curl disable curl connectivity > --enable-curl enable curl connectivity > --disable-fdt disable fdt device tree > --enable-fdt enable fdt device tree > --disable-check-utests disable check unit-tests > --enable-check-utests enable check unit-tests > --disable-bluez disable bluez stack connectivity > --enable-bluez enable bluez stack connectivity > --disable-slirp disable SLIRP userspace network connectivity > --disable-kvm disable KVM acceleration support > --enable-kvm enable KVM acceleration support > --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI) > --disable-nptl disable usermode NPTL support > --enable-nptl enable usermode NPTL support > --enable-system enable all system emulation targets > --disable-system disable all system emulation targets > --enable-user enable supported user emulation targets > --disable-user disable all user emulation targets > --enable-linux-user enable all linux usermode emulation targets > --disable-linux-user disable all linux usermode emulation targets > --enable-darwin-user enable all darwin usermode emulation targets > --disable-darwin-user disable all darwin usermode emulation targets > --enable-bsd-user enable all BSD usermode emulation targets > --disable-bsd-user disable all BSD usermode emulation targets > --enable-guest-base enable GUEST_BASE support for usermode > emulation targets > --disable-guest-base disable GUEST_BASE support > --enable-pie build Position Independent Executables > --disable-pie do not build Position Independent Executables > --fmod-lib path to FMOD library > --fmod-inc path to FMOD includes > --oss-lib path to OSS library > --enable-uname-release=R Return R for uname -r in usermode emulation > --cpu=CPU Build for host CPU [i386] > --sparc_cpu=V Build qemu for Sparc architecture v7, v8, v8plus, v8plusa, v9 > --disable-uuid disable uuid support > --enable-uuid enable uuid support > --disable-vde disable support for vde network > --enable-vde enable support for vde network > --disable-linux-aio disable Linux AIO support > --enable-linux-aio enable Linux AIO support > --disable-attr disables attr and xattr support > --enable-attr enable attr and xattr support > --disable-blobs disable installing provided firmware blobs > --enable-docs enable documentation build > --disable-docs disable documentation build > --disable-vhost-net disable vhost-net acceleration support > --enable-vhost-net enable vhost-net acceleration support > --enable-trace-backend=B Set trace backend > Available backends: nop simple stderr ust dtrace > --with-trace-file=NAME Full PATH,NAME of file to store traces > Default:trace-<pid> > --disable-spice disable spice > --enable-spice enable spice > --enable-rbd enable building the rados block device (rbd) > --disable-libiscsi disable iscsi support > --enable-libiscsi enable iscsi support > --disable-smartcard disable smartcard support > --enable-smartcard enable smartcard support > --disable-smartcard-nss disable smartcard nss support > --enable-smartcard-nss enable smartcard nss support > --disable-usb-redir disable usb network redirection support > --enable-usb-redir enable usb network redirection support > --disable-guest-agent disable building of the QEMU Guest Agent > --enable-guest-agent enable building of the QEMU Guest Agent > > NOTE: The object files are built at the place where configure is launched > make[3]: Entering directory `/u/iwj/work/xen-unstable-tools.hg/tools/qemu-xen-dir'' > make[3]: *** No rule to make target `install''. Stop. > make[3]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools/qemu-xen-dir'' > make[2]: *** [subdir-install-qemu-xen-dir] Error 2 > make[2]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools'' > make[1]: *** [subdirs-install] Error 2 > make[1]: Leaving directory `/u/iwj/work/xen-unstable-tools.hg/tools'' > make: *** [install-tools] Error 2 >
Ian Jackson
2012-Jun-08 11:11 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"):> Thanks! I was working on the wrong tree (QEMU 1.1 rather than QEMU > 1.0). Unfortunately the fix that went upstream for this compilation > issue is not suitable for 1.0 either, so we''ll have to live with this > bug a little while longer.Forgive my ignorance, but now I want to know: what is virtfs ? Is it a potential security issue which might allow guests to do something exciting ? Ian.
Stefano Stabellini
2012-Jun-08 11:20 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
On Fri, 8 Jun 2012, Ian Jackson wrote:> Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > Thanks! I was working on the wrong tree (QEMU 1.1 rather than QEMU > > 1.0). Unfortunately the fix that went upstream for this compilation > > issue is not suitable for 1.0 either, so we''ll have to live with this > > bug a little while longer. > > Forgive my ignorance, but now I want to know: what is virtfs ? Is it > a potential security issue which might allow guests to do something > exciting ?virtfs allows guest and host to share a folder. You can restrict access to the folder in various ways: http://wiki.qemu.org/Documentation/9psetup
Ian Jackson
2012-Jun-08 11:27 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"):> On Fri, 8 Jun 2012, Ian Jackson wrote: > > Forgive my ignorance, but now I want to know: what is virtfs ? Is it > > a potential security issue which might allow guests to do something > > exciting ? > > virtfs allows guest and host to share a folder. You can restrict > access to the folder in various ways:So what is the default configuration ? Do we have any protection from possible bugs in the virtfs access control system ? Ian.
Stefano Stabellini
2012-Jun-11 09:46 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
On Fri, 8 Jun 2012, Ian Jackson wrote:> Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > On Fri, 8 Jun 2012, Ian Jackson wrote: > > > Forgive my ignorance, but now I want to know: what is virtfs ? Is it > > > a potential security issue which might allow guests to do something > > > exciting ? > > > > virtfs allows guest and host to share a folder. You can restrict > > access to the folder in various ways: > > So what is the default configuration ?The default is on.> Do we have any protection from > possible bugs in the virtfs access control system ?Nothing more and nothing less than QEMU 1.0 stable provides.
Ian Jackson
2012-Jun-11 13:47 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"):> On Fri, 8 Jun 2012, Ian Jackson wrote: > > So what is the default configuration ? > > The default is on. > > > Do we have any protection from > > possible bugs in the virtfs access control system ? > > Nothing more and nothing less than QEMU 1.0 stable provides.That situation seems like a release-critical bug from our point of view. And this is relevant because we''re now using upstream qemu 1.0 by default for some guests. Ian.
Ian Campbell
2012-Jun-12 10:20 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
On Mon, 2012-06-11 at 14:47 +0100, Ian Jackson wrote:> Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > On Fri, 8 Jun 2012, Ian Jackson wrote: > > > So what is the default configuration ? > > > > The default is on. > > > > > Do we have any protection from > > > possible bugs in the virtfs access control system ? > > > > Nothing more and nothing less than QEMU 1.0 stable provides. > > That situation seems like a release-critical bug from our point of > view. > > And this is relevant because we''re now using upstream qemu 1.0 by > default for some guests.Is the "fix" here as simple as hardcoding some sort of "-virtfs=off" in the libxl function which builds the command line for upstream qemu? Is it possible to access virtfs if virtio is not enabled? Ian.
Stefano Stabellini
2012-Jun-12 10:30 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
On Mon, 11 Jun 2012, Ian Jackson wrote:> Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > On Fri, 8 Jun 2012, Ian Jackson wrote: > > > So what is the default configuration ? > > > > The default is on. > > > > > Do we have any protection from > > > possible bugs in the virtfs access control system ? > > > > Nothing more and nothing less than QEMU 1.0 stable provides. > > That situation seems like a release-critical bug from our point of > view.virtfs is not enabled unless you pass specific arguments to QEMU, which we do not. Besides saying that an open source technology X is dangerous because it has been developed by a different community than ours, without giving any technical reasons for it, is just spreading FUD. QEMU provides a much wider surface of attack than just virtfs. What protections do we have from the other QEMU bugs? Linux PV backend drivers are directly exposed to guest frontend PV drivers. What protections do we have in Linux? What protections do we have from other Linux bugs in dom0?> And this is relevant because we''re now using upstream qemu 1.0 by > default for some guests.Only in PV guests, for which this discussion is not relevant.
Ian Campbell
2012-Jun-12 16:29 UTC
Re: [PATCH] disable virtfs compilation by default in upstream QEMU
On Tue, 2012-06-12 at 11:30 +0100, Stefano Stabellini wrote:> On Mon, 11 Jun 2012, Ian Jackson wrote: > > Stefano Stabellini writes ("Re: [Xen-devel] [PATCH] disable virtfs compilation by default in upstream QEMU"): > > > On Fri, 8 Jun 2012, Ian Jackson wrote: > > > > So what is the default configuration ? > > > > > > The default is on.[...]> virtfs is not enabled unless you pass specific arguments to QEMU, > which we do not.OK, so it doesn''t really default to on as you said above. Rather the feature is compiled in but disabled by default. This is much safer.> Besides saying that an open source technology X is dangerous because it > has been developed by a different community than ours, without giving > any technical reasons for it, is just spreading FUD.[...] I do think we need to consider the impact of (perhaps unintentionally) enabling things which may cause interactions which the relevant upstream and/or we may not have anticipated. We especially need to consider this in the case where a new thing is enabled by default -- which is no longer believed to be the case with virtfs but imagine for example if virtfs were on by default then the admin might need to take steps to lock down the directory which it exported to the guest by default or something. That might come as a surprise if the admin didn''t actually ask for virtfs and has know idea that it even exists. Since virtfs is actually off by default I don''t think we have much to worry about.> > And this is relevant because we''re now using upstream qemu 1.0 by > > default for some guests. > > Only in PV guests, for which this discussion is not relevant.Ian.