bdrv_img_create will temporarily open the backing file to probe its size.
However, this could be done with a read-write open if the wrong flags are
passed to bdrv_img_create. Since there is really no documentation on
what flags can be passed, assume that bdrv_img_create receives the flags
with which the new image will be opened; sanitize them when opening
the backing file.
Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
if (backing_file && backing_file->value.s) {
uint64_t size;
char buf[32];
+ int back_flags;
+
+ /* backing files always opened read-only */
+ back_flags =
+ flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
bs = bdrv_new("");
- ret = bdrv_open(bs, backing_file->value.s, flags, backing_drv);
+ ret = bdrv_open(bs, backing_file->value.s, back_flags, backing_drv);
if (ret < 0) {
error_report("Could not open '%s'", backing_file->value.s);
goto out;