aboutsummaryrefslogtreecommitdiff
path: root/docs/system
diff options
context:
space:
mode:
authorEric Blake <eblake@redhat.com>2021-05-03 14:36:00 -0700
committerKevin Wolf <kwolf@redhat.com>2021-07-09 13:18:32 +0200
commit497a30dbb065937d67f6c43af6dd78492e1d6f6d (patch)
tree2a6244c2bd5ddf0f69f8427724713eeac1c1baba /docs/system
parent5a385bf5c5cb3069fab17c014cf4b4f629509f1e (diff)
downloadqemu-497a30dbb065937d67f6c43af6dd78492e1d6f6d.zip
qemu-497a30dbb065937d67f6c43af6dd78492e1d6f6d.tar.gz
qemu-497a30dbb065937d67f6c43af6dd78492e1d6f6d.tar.bz2
qemu-img: Require -F with -b backing image
Back in commit d9f059aa6c (qemu-img: Deprecate use of -b without -F), we deprecated the ability to create a file with a backing image that requires qemu to perform format probing. Qemu can still probe older files for backwards compatibility, but it is time to finish off the ability to create such images, due to the potential security risk they present. Update a couple of iotests affected by the change. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20210503213600.569128-3-eblake@redhat.com> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'docs/system')
-rw-r--r--docs/system/deprecated.rst20
-rw-r--r--docs/system/removed-features.rst19
2 files changed, 19 insertions, 20 deletions
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 9626a1f..25d6c4c 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -282,26 +282,6 @@ this CPU is also deprecated.
Related binaries
----------------
-qemu-img backing file without format (since 5.1)
-''''''''''''''''''''''''''''''''''''''''''''''''
-
-The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img
-convert`` to create or modify an image that depends on a backing file
-now recommends that an explicit backing format be provided. This is
-for safety: if QEMU probes a different format than what you thought,
-the data presented to the guest will be corrupt; similarly, presenting
-a raw image to a guest allows a potential security exploit if a future
-probe sees a non-raw image based on guest writes.
-
-To avoid the warning message, or even future refusal to create an
-unsafe image, you must pass ``-o backing_fmt=`` (or the shorthand
-``-F`` during create) to specify the intended backing format. You may
-use ``qemu-img rebase -u`` to retroactively add a backing format to an
-existing image. However, be aware that there are already potential
-security risks to blindly using ``qemu-img info`` to probe the format
-of an untrusted backing image, when deciding what format to add into
-an existing image.
-
Backwards compatibility
-----------------------
diff --git a/docs/system/removed-features.rst b/docs/system/removed-features.rst
index b64ea55..28bb035 100644
--- a/docs/system/removed-features.rst
+++ b/docs/system/removed-features.rst
@@ -503,6 +503,25 @@ backing chain should be performed with ``qemu-img rebase -u`` either
before or after the remaining changes being performed by amend, as
appropriate.
+qemu-img backing file without format (removed in 6.1)
+'''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img
+convert`` to create or modify an image that depends on a backing file
+now requires that an explicit backing format be provided. This is
+for safety: if QEMU probes a different format than what you thought,
+the data presented to the guest will be corrupt; similarly, presenting
+a raw image to a guest allows a potential security exploit if a future
+probe sees a non-raw image based on guest writes.
+
+To avoid creating unsafe backing chains, you must pass ``-o
+backing_fmt=`` (or the shorthand ``-F`` during create) to specify the
+intended backing format. You may use ``qemu-img rebase -u`` to
+retroactively add a backing format to an existing image. However, be
+aware that there are already potential security risks to blindly using
+``qemu-img info`` to probe the format of an untrusted backing image,
+when deciding what format to add into an existing image.
+
Block devices
-------------