[pve-devel] [PATCH qemu] zeroinit: fix regression with filename parsing

Fiona Ebner f.ebner at proxmox.com
Mon Jul 8 13:57:25 CEST 2024


Am 08.07.24 um 12:09 schrieb Fiona Ebner:
> As reported in the community forum [0], cloning or importing images
> to RBD storages (without the krbd setting) was broken. This is a
> result of no filename parsing happening anymore in bdrv_open_child()
> after commit b242e7f ("backport fix for CVE-2024-4467"), which the
> zeroinit relied on for passing along the RBD filename+key-value pairs.
> 
> There is a dedicated function for opening the file child which still
> does filename parsing. Use that for opening the file child. Role and
> flags should still be the same as with the manual bdrv_open_child(),
> because the zeroinit driver is a filter, and the assignment bs->file
> is also done by bdrv_open_file_child().
> 

Also forgot to mention for completeness that the PBS driver is not
affected, because it doesn't use bdrv_open_child() and the alloc-track
block driver is not affected, because it passes options to
bdrv_open_child() rather than a filename that potentially still needs to
be parsed.

> Fixes: b242e7f ("backport fix for CVE-2024-4467")
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>




More information about the pve-devel mailing list