From owner-freebsd-virtualization@FreeBSD.ORG Sat Feb 8 20:14:06 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7EA92E6D for ; Sat, 8 Feb 2014 20:14:06 +0000 (UTC) Received: from mail-pb0-x22e.google.com (mail-pb0-x22e.google.com [IPv6:2607:f8b0:400e:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4A79E1B0D for ; Sat, 8 Feb 2014 20:14:06 +0000 (UTC) Received: by mail-pb0-f46.google.com with SMTP id um1so4599093pbc.5 for ; Sat, 08 Feb 2014 12:14:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=VBMa6D5KFaiwvdGBnvLTLd9ePuzgSprQ88th6ng0Anc=; b=fG+dHcHbYolLe3WZVK4o3w0qER37yLiP/69g5QLNgm4DcZrEwEk7aitQBccLnMs97s fW8dBAwcHF7PvN2xjBO0VpcJsLqm6NL8rEAUombOvXpGbpprMZeQCJHI+SYHjCPrIk5N rRhL14xLQ8JUbBcTsF4PnDFItosvvEQSITIJxwM4w+BgnvLRKaduKganXUQ64U1vnxUf NLxQnOsol0fV6QugQCCFce7VXgtxXVmnNoZm/NAQ9c9c6BUWW8h5wUC2KUN4Cg+pLApU BwK7D12A8VBBoqxBRw/qtZgVwvyJb5qZLWSY2SU78Vl1ZfDG0Flc6GCgbgzdhEKnQS2l pFQg== MIME-Version: 1.0 X-Received: by 10.69.19.139 with SMTP id gu11mr27999427pbd.149.1391890445893; Sat, 08 Feb 2014 12:14:05 -0800 (PST) Received: by 10.68.155.38 with HTTP; Sat, 8 Feb 2014 12:14:05 -0800 (PST) In-Reply-To: References: <52F5363D.8040102@freebsd.org> Date: Sat, 8 Feb 2014 15:14:05 -0500 Message-ID: Subject: Re: Report of my virtual network lab migrated from virtualbox to bhyve From: Aryeh Friedman To: Adam Vande More Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: FreeBSD virtualization X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2014 20:14:06 -0000 On Sat, Feb 8, 2014 at 3:01 PM, Adam Vande More wrote: > > On Sat, Feb 8, 2014 at 6:51 AM, Aryeh Friedman wrote: >> >> bhyve blindly read/writes into the middle of the file without consulting >> the filesystem and thus bypassing any things like sparse fill in.... namely >> all you gain is a few seconds of startup time (matter of fact I think >> truncate might use sparse allocation [i.e. attempting to read into the >> middle with guest OS control will result in potentially seeing host data]) >> > > If this is true then there is a *critical* security issue. > > Using sparse files isn't to gain performance, it's to conserve disk space. > Using md devices backed by sparse images would accomplish this. If the > sparsify app works on FreeBSD, then there should be no problem using those > type of volumes. > > It sounds almost identical to the qcow2 security issue being discussed on qemu-devel@qemu.org recently. This might be a *HUGE* win for bhyve then in considering that it's default format is raw (should ahci-hdd be the default?). devel/qemu (not sure about -dev) uses qcow2 as a default and when playing with it on other OS's I found that it seemed to default to that also. It is my understand that most of the open source cloud platforms use qcow2 as their default also (I remember this from an attempt to install openstack grizzly last summer... I have not checked havana though... can any of the freebsd-openstack confirm this?). -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org