On Wed, Jul 11, 2018 at 3:40 PM Stefan Hajnoczi <
address@hidden> wrote:
On Thu, Jul 05, 2018 at 02:10:58AM +0300, Nir Soffer wrote:
CCing Eric and Paolo, who maintain QEMU's NBD code.
> I'm trying to access a qcow2 image via /dev/nbdX device.
Untrusted disk images should not be attached to the host using qemu-nbd
(or loopback devices) for security reasons. If you hit this bug during
development or ad-hoc qemu-nbd usage, then that's fine. But I just
wanted to post a reminder that production use cases should not use this
feature when dealing with untrusted disk images.
Thanks for the warning. We intend to use it with oVirt disks, which are generally
created by qemu. But these disks may also be uploaded by the oVirt administrator
or by a backup application. They can also be modified by anything running on
a hypervisor, since oVirt storage is available on all hypervisors. Finally it can be
corrupted on storage.
Basically anything we feed to qemu or qemu-img may be fed to qemu-nbd.
We assume that qemu-nbd is robust to handle broken images. Without this we
would not be able to provide guest data for incremental backup or other purposes.
Nir
> I'm connecting a fedora 27 image (created using virt-builder) on a block
> device:
>
> qemu-nbd -c /dev/nbd0 -f qcow2 -n --detect-zeroes=on --aio=native
> /dev/27837a03-64f9-4f2b-abb0-daa2195b01ae/acb196da-31fc-454d-856b-c31ab24715b3
>
> It works, and I can read and write to the image via /dev/nbd0.
>
> Disconnecting the device "works":
>
> # qemu-nbd -d /dev/nbd0
> /dev/nbd0 disconnected
>
> But when trying to connect the image again, I get this error:
>
> # qemu-nbd -c /dev/nbd1 -f qcow2 -n --detect-zeroes=on --aio=native
> /dev/27837a03-64f9-4f2b-abb0-daa2195b01ae/acb196da-31fc-454d-856b-c31ab24715b3
> Failed to set NBD socket
> Disconnect client, due to: Unexpected end-of-file before all bytes were read
>
> Turns out each time nbd devices is disconnected, it leaves the device
> and all the partitions on it "connected":
>
> # lsblk
> ...
> nbd0
> 43:0 0 6G 0 disk
> ├─nbd0p1
> 43:1 0 1M 0 part
> ├─nbd0p2
> 43:2 0 1G 0 part
> ├─nbd0p3
> 43:3 0 615M 0 part
> └─nbd0p4
> 43:4 0 4.4G 0 part
> nbd1
> 43:32 0 6G 0 disk
> ├─nbd1p1
> 43:33 0 1M 0 part
> ├─nbd1p2
> 43:34 0 1G 0 part
> ├─nbd1p3
> 43:35 0 615M 0 part
> └─nbd1p4
> 43:36 0 4.4G 0 part
>
> I tried also to do:
>
> kpartx -d /dev/nbd1
> qemu-nbd -d /dev/nbd1
>
> But I get the same results.
>
> Testing on Fedora 28:
> kernel-4.17.2-200.fc28.x86_64
> qemu-img-2.12.0-0.5.rc1.fc28.x86_64
>
> Nir