June 2021 - Devel - Libvirt List Archives

[PATCH v2 0/3] qapi & doc: deprecate drive-backup

by Vladimir Sementsov-Ogievskiy

Hi all! See 03 commit message for details. 01-02 are preparation docs update. v2: add a lot of documentation changes v1 was "[PATCH] qapi: deprecate drive-backup" Supersedes: <20210423125900.3640-1-vsementsov(a)virtuozzo.com> Vladimir Sementsov-Ogievskiy (3): docs/block-replication: use blockdev-backup docs/interop/bitmaps: use blockdev-backup qapi: deprecate drive-backup docs/block-replication.txt | 4 +- docs/interop/bitmaps.rst | 285 +++++++++++++++++++------ docs/interop/live-block-operations.rst | 47 ++-- docs/system/deprecated.rst | 11 + qapi/block-core.json | 5 +- 5 files changed, 263 insertions(+), 89 deletions(-) -- 2.29.2

3 years, 2 months

4
17
0 / 0

[PATCH v4 for v7.6.0 00/14] Introduce virtio-mem <memory/> model

by Michal Privoznik

v4 of: https://listman.redhat.com/archives/libvir-list/2021-April/msg01138.html diff to v3: - Rebased code on the top of master - Tried to work in all Peter's review suggestions - Fixed a bug where adjusting <requested/> was viewed as hotplug of new <memory/> by XML validator and thus if <maxMemory/> was close enough to <currentMemory/> the validator reported an error (this was reported by David). You can also find these patches on my branch: https://gitlab.com/MichalPrivoznik/libvirt/-/tree/virtio_mem_v4 Michal Prívozník (14): virhostmem: Introduce virHostMemGetTHPSize() qemu_capabilities: Introduce QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI conf: Introduce virtio-mem <memory/> model qemu: Build command line for virtio-mem qemu: Wire up <memory/> live update Introduce <actual/> property to virtio-mem conf: Introduce virDomainMemoryFindByDeviceAlias() qemu: Wire up MEMORY_DEVICE_SIZE_CHANGE event qemu: Refresh the actual size of virtio-mem on monitor reconnect qemu: Account for both memballoon and virtio-mem qemuDomainSetMemoryFlags: Take virtio-mem into consideration virsh: Introduce update-memory-device command news: document recent virtio memory addition kbase: Document virtio-mem NEWS.rst | 12 + docs/formatdomain.rst | 45 +++- docs/kbase/index.rst | 4 + docs/kbase/memorydevices.rst | 150 +++++++++++ docs/kbase/meson.build | 1 + docs/manpages/virsh.rst | 30 +++ docs/schemas/domaincommon.rng | 16 ++ examples/c/misc/event-test.c | 17 ++ include/libvirt/libvirt-domain.h | 23 ++ src/conf/domain_conf.c | 118 ++++++++- src/conf/domain_conf.h | 15 ++ src/conf/domain_event.c | 84 ++++++ src/conf/domain_event.h | 10 + src/conf/domain_validate.c | 39 +++ src/libvirt_private.syms | 5 + src/qemu/qemu_alias.c | 10 +- src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 13 +- src/qemu/qemu_domain.c | 33 ++- src/qemu/qemu_domain.h | 1 + src/qemu/qemu_domain_address.c | 38 ++- src/qemu/qemu_driver.c | 240 +++++++++++++++++- src/qemu/qemu_hotplug.c | 18 ++ src/qemu/qemu_hotplug.h | 5 + src/qemu/qemu_monitor.c | 37 +++ src/qemu/qemu_monitor.h | 28 ++ src/qemu/qemu_monitor_json.c | 97 +++++-- src/qemu/qemu_monitor_json.h | 5 + src/qemu/qemu_process.c | 72 ++++++ src/qemu/qemu_validate.c | 8 + src/remote/remote_daemon_dispatch.c | 30 +++ src/remote/remote_driver.c | 32 +++ src/remote/remote_protocol.x | 14 +- src/remote_protocol-structs | 7 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 2 + src/security/security_selinux.c | 2 + src/util/virhostmem.c | 54 ++++ src/util/virhostmem.h | 3 + tests/domaincapsmock.c | 9 + .../caps_5.1.0.x86_64.xml | 1 + .../caps_5.2.0.x86_64.xml | 1 + .../caps_6.0.0.x86_64.xml | 1 + .../caps_6.1.0.x86_64.xml | 1 + ...mory-hotplug-virtio-mem.x86_64-latest.args | 41 +++ .../memory-hotplug-virtio-mem.xml | 67 +++++ tests/qemuxml2argvtest.c | 1 + ...emory-hotplug-virtio-mem.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 1 + tools/virsh-domain.c | 169 ++++++++++++ 51 files changed, 1562 insertions(+), 53 deletions(-) create mode 100644 docs/kbase/memorydevices.rst create mode 100644 tests/qemuxml2argvdata/memory-hotplug-virtio-mem.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/memory-hotplug-virtio-mem.xml create mode 120000 tests/qemuxml2xmloutdata/memory-hotplug-virtio-mem.x86_64-latest.xml -- 2.31.1

3 years, 2 months

4
21
0 / 0

[PATCH v3 0/4] Dirty Ring support (Libvirt)

by huangy81＠chinatelecom.cn

From: Hyman Huang(黄勇) <huangy81(a)chinatelecom.cn> v3 - rebase master and fix the confilict when apply "conf: introduce dirty_ring_size in struct "_virDomainDef" to current master. v2 - split patchset into 4 patches - leave out the tcg case when building commandline. - handle the VIR_DOMAIN_KVM_DIRTY_RING case independently in , virDomainFeatureDefParse and virDomainDefFeaturesCheckABIStability, do not integrate it with other cases... - add dirty ring size check in virDomainDefFeaturesCheckABIStability - modify zero checks on integers of dirty ring size in a explicit way. - set the default value of dirty ring size in a post-parser callback. - check the absence of kvm_feature in a explicit way. - code clean of virTristateSwitchTypeToString function. this version's modification base on Peter's advices mostly, thanks a lot, please review ! Best Regards ! Hyman Huang(黄勇) v1 since qemu has introduced a dirty ring feature in 6.1.0, may be it's the right time to introduce dirty ring in libvirt meanwhile. this patch add feature named 'dirty-ring', which enable dirty ring feature when starting vm. to try this out, three things has done in this patchset: - introduce QEMU_CAPS_ACCEL so the the libvirt can use it to select the right option when specifying the accelerator type. - switch the option "-machine accel=xxx" to "-accel xxx" when specifying accelerator type once libvirt build QEMU command line, so that dirty-ring-size property can be passed to qemu when start vm. - introduce dirty_ring_size to hold the ring size configured by user and pass dirty_ring_size when building qemu commandline if dirty ring feature enabled. though dirty ring is per-cpu logically, the size of dirty ring is registered by 'struct kvm' in QEMU. so we would like to place the dirty_ring_size as a property of vm in Libvirt as the QEMU do. the dirty ring feature is disabled by default, and if enabled, the default value of ring size if 4096 if size not configured. for more details about dirty ring and "-accel" option, please refer to: https://lore.kernel.org/qemu-devel/20210108165050.406906-10-peterx@redhat... https://lore.kernel.org/qemu-devel/3aa73987-40e8-3619-0723-9f17f73850bd@r... please review, Thanks! Best Regards ! Hyman Huang(黄勇) (4): qemu_capabilities: introduce QEMU_CAPS_ACCEL qemu_command: switch accelerator option to new style conf: introduce dirty_ring_size in struct "_virDomainDef" qemu: support dirty ring feature docs/formatdomain.rst | 16 +++-- docs/schemas/domaincommon.rng | 10 +++ src/conf/domain_conf.c | 74 +++++++++++++++++++++- src/conf/domain_conf.h | 4 ++ src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 40 +++++++++++- tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 + ...64-default-cpu-kvm-virt-4.2.aarch64-latest.args | 3 +- .../aarch64-features-sve.aarch64-latest.args | 3 +- .../channel-unix-guestfwd.x86_64-latest.args | 3 +- .../clock-timer-armvtimer.aarch64-latest.args | 3 +- .../console-virtio-unix.x86_64-latest.args | 3 +- .../cpu-Icelake-Server-pconfig.x86_64-3.1.0.args | 3 +- .../cpu-Icelake-Server-pconfig.x86_64-latest.args | 3 +- .../cpu-tsc-frequency.x86_64-4.0.0.args | 3 +- .../cpu-tsc-high-frequency.x86_64-latest.args | 3 +- .../default-video-type-aarch64.aarch64-latest.args | 3 +- .../default-video-type-ppc64.ppc64-latest.args | 3 +- .../default-video-type-s390x.s390x-latest.args | 3 +- .../disk-cdrom-network.x86_64-2.12.0.args | 3 +- .../disk-cdrom-network.x86_64-latest.args | 3 +- .../disk-network-http.x86_64-latest.args | 3 +- .../hugepages-memaccess3.x86_64-latest.args | 3 +- .../intel-iommu-aw-bits.x86_64-latest.args | 3 +- .../intel-iommu-caching-mode.x86_64-latest.args | 3 +- .../intel-iommu-device-iotlb.x86_64-latest.args | 3 +- .../intel-iommu-eim.x86_64-latest.args | 3 +- ...ty-sev-missing-platform-info.x86_64-2.12.0.args | 3 +- .../launch-security-sev.x86_64-2.12.0.args | 3 +- .../launch-security-sev.x86_64-6.0.0.args | 3 +- ...emfd-memory-default-hugepage.x86_64-latest.args | 3 +- .../memfd-memory-numa.x86_64-latest.args | 3 +- .../memory-hotplug-virtio-pmem.x86_64-5.2.0.args | 3 +- .../memory-hotplug-virtio-pmem.x86_64-latest.args | 3 +- .../os-firmware-bios.x86_64-latest.args | 3 +- ...irmware-efi-no-enrolled-keys.x86_64-latest.args | 3 +- .../os-firmware-efi-secboot.x86_64-latest.args | 3 +- .../os-firmware-efi.x86_64-latest.args | 3 +- .../parallel-unix-chardev.x86_64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-2.7.ppc64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-3.1.ppc64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-4.2.ppc64-latest.args | 3 +- ...efault-cpu-kvm-ccw-virtio-2.7.s390x-latest.args | 3 +- ...efault-cpu-kvm-ccw-virtio-4.2.s390x-latest.args | 3 +- .../smartcard-passthrough-unix.x86_64-latest.args | 3 +- .../usb-redir-unix.x86_64-latest.args | 3 +- .../vhost-user-fs-fd-memory.x86_64-latest.args | 3 +- .../virtio-rng-builtin.x86_64-5.2.0.args | 3 +- .../virtio-rng-builtin.x86_64-latest.args | 3 +- .../virtio-rng-egd-unix.x86_64-5.2.0.args | 3 +- .../virtio-rng-egd-unix.x86_64-latest.args | 3 +- ...86_64-default-cpu-kvm-pc-4.2.x86_64-latest.args | 3 +- ...6_64-default-cpu-kvm-q35-4.2.x86_64-latest.args | 3 +- 91 files changed, 268 insertions(+), 55 deletions(-) -- 1.8.3.1

3 years, 2 months

2
5
0 / 0

[libvirt PATCH 0/4] RFC: tests: introduce lavocado

by Beraldo Leal

lavocado aims to be an alternative test framework for the libvirt project using Python, python-libvirt and Avocado. This can be used to write unit, functional and integration tests and it is inspired by the libvirt-tck framework. This series introduces the basic framework along with some basic test examples that I got from libvirt-tck. I would appreciate your comments on this RFC, to see if this fits this project's needs. Also, names and locations are just a proposal and can be changed. For now, this framework assumes that you are going to run the tests in a fresh clean environment, i.e. a VM. If you decide to use your local system, beware that execution of the tests may affect your system. One of the future goals of this framework is to utilize nested virtualization technologies and hence make sure an L1 guest is provisioned automatically for the tests to be executed in this environment and not tamper with your main system. I'm adding more information with some details inside the README file. Beraldo Leal (4): tests: introduce lavocado: initial code structure tests.lavocado: adding basic transient domain tests tests.lavocado: adding a .gitignore tests.lavocado: adding a README and Makefile for convenience tests/lavocado/.gitignore | 3 + tests/lavocado/Makefile | 2 + tests/lavocado/README.md | 124 +++++++++++++++++ tests/lavocado/lavocado/__init__.py | 0 tests/lavocado/lavocado/defaults.py | 11 ++ tests/lavocado/lavocado/exceptions.py | 20 +++ tests/lavocado/lavocado/helpers/__init__.py | 0 tests/lavocado/lavocado/helpers/domains.py | 75 ++++++++++ tests/lavocado/lavocado/test.py | 144 ++++++++++++++++++++ tests/lavocado/requirements.txt | 3 + tests/lavocado/templates/domain.xml.jinja | 20 +++ tests/lavocado/tests/domain/transient.py | 102 ++++++++++++++ 12 files changed, 504 insertions(+) create mode 100644 tests/lavocado/.gitignore create mode 100644 tests/lavocado/Makefile create mode 100644 tests/lavocado/README.md create mode 100644 tests/lavocado/lavocado/__init__.py create mode 100644 tests/lavocado/lavocado/defaults.py create mode 100644 tests/lavocado/lavocado/exceptions.py create mode 100644 tests/lavocado/lavocado/helpers/__init__.py create mode 100644 tests/lavocado/lavocado/helpers/domains.py create mode 100644 tests/lavocado/lavocado/test.py create mode 100644 tests/lavocado/requirements.txt create mode 100644 tests/lavocado/templates/domain.xml.jinja create mode 100644 tests/lavocado/tests/domain/transient.py -- 2.26.3

3 years, 4 months

4
25
0 / 0

[PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons

by Jim Fehlig

V2: https://listman.redhat.com/archives/libvir-list/2021-June/msg00676.html V1: https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html Changes since V2: Patches 3 and 4 ACKed and pushed since they are bug fixes independent of modular vs monolithic daemons. The qemu_bridge_helper subprofile in patch 1 was adjusted for communication with virtqemud instead of libvirtd. After snooping through git history, I found a few capabilities explicitly added for xen that have been added back to the virtxend profile. Note: The profile for virtlxcd will have to wait until the following issue is fixed https://gitlab.com/libvirt/libvirt/-/issues/181 Jim Fehlig (2): Apparmor: Add profile for virtqemud Apparmor: Add profile for virtxend src/security/apparmor/libvirt-qemu | 3 + src/security/apparmor/meson.build | 2 + src/security/apparmor/usr.sbin.virtqemud.in | 134 ++++++++++++++++++++ src/security/apparmor/usr.sbin.virtxend.in | 55 ++++++++ 4 files changed, 194 insertions(+) create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in create mode 100644 src/security/apparmor/usr.sbin.virtxend.in -- 2.31.1

3 years, 4 months

4
7
0 / 0

[PATCH 00/10] ch: Add Console support

by William Douglas

This series enables console support in the cloud-hypervisor driver. Cloud-hypervisor only supports a single console or serial device at a time, hence the checks to ensure the domain configuration is only passing one or the other. I wasn't sure if the controller device should have some additonal validation handling so I just did the minimal to get the console open functioning. William Douglas (10): ch_monitor: Make unused function static ch_monitor: Update virCHMonitorGet to handle accept a response ch_monitor: Use virCHMonitorGet to access cloud-hypervisor API ch_monitor: Add pty json builder function ch_monitor: Make use of the PTY json builder ch_process: Handle enabled console devices ch_process: Update the domain with console path information ch_domain: Allow controller and chr devices ch_driver: Add handler for console API ch_driver: Turn on the domainOpenConsole API src/ch/ch_domain.c | 4 +- src/ch/ch_driver.c | 78 +++++++++++++++++++++++++++++ src/ch/ch_monitor.c | 117 ++++++++++++++++++++++++++++++++++++++++++-- src/ch/ch_monitor.h | 3 ++ src/ch/ch_process.c | 67 +++++++++++++++++++++++++ 5 files changed, 263 insertions(+), 6 deletions(-) -- 2.31.1

3 years, 4 months

3
18
0 / 0

[PATCH v3 0/3] Implement virDomainGetMessages for test driver

by Luke Yue

v3: - Squash tests commit - Extract the same code in test driver and qemu driver to a function Luke Yue (3): test_driver: Implement virDomainGetMessages test_driver: Introduce testDomainObjCheckTaint conf: domain: Introduce and use virDomainObjGetMessages() src/conf/domain_conf.c | 53 +++++++++++++++++++++++++++ src/conf/domain_conf.h | 5 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_driver.c | 34 +----------------- src/test/test_driver.c | 78 ++++++++++++++++++++++++++++++++++++++++ tests/virshtest.c | 2 ++ 6 files changed, 140 insertions(+), 33 deletions(-) -- 2.32.0

3 years, 4 months

2
8
0 / 0

[PATCH] lib: Specify domain redefinition requirements

by Roman Bolshakov

There might be misunderstanding [1] when libvirt permits domain redefinition and if it's a valid case at all. 1. https://github.com/ansible-collections/community.libvirt/blob/b973d7c4b40... Signed-off-by: Roman Bolshakov <r.bolshakov(a)yadro.com> --- src/libvirt-domain.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 750e32f0ca..e48f3cdb02 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -6290,8 +6290,8 @@ virDomainGetBlockInfo(virDomainPtr domain, const char *disk, * * Define a domain, but does not start it. * This definition is persistent, until explicitly undefined with - * virDomainUndefine(). A previous definition for this domain would be - * overridden if it already exists. + * virDomainUndefine(). A previous definition for this domain with the same + * UUID and name would be overridden if it already exists. * * virDomainFree should be used to free the resources after the * domain object is no longer needed. @@ -6333,8 +6333,8 @@ virDomainDefineXML(virConnectPtr conn, const char *xml) * * Defines a domain, but does not start it. * This definition is persistent, until explicitly undefined with - * virDomainUndefine(). A previous definition for this domain would be - * overridden if it already exists. + * virDomainUndefine(). A previous definition for this domain with the same + * UUID and name would be overridden if it already exists. * * virDomainFree should be used to free the resources after the * domain object is no longer needed. -- 2.32.0

3 years, 4 months

2
1
0 / 0

Add SELinux policy for Virt

by Nikola Knazekova

Hi, I created SELinux policy for Libvirt drivers, as part of Decentralized SELinux Policy (DSP) project. DSP guidelines is available: https://fedoraproject.org/wiki/SELinux/IndependentPolicy Discussion about the first version of SELinux policy for Libvirt is available on gitlab: https://gitlab.com/libvirt/libvirt/-/merge_requests/65 SELinux policy was created for: Hypervisor drivers: - virtqemud (QEMU/KVM) - virtlxcd (LXC) - virtvboxd (VirtualBox) Secondary drivers: - virtstoraged (host storage mgmt) - virtnetworkd (virtual network mgmt) - virtinterface (network interface mgmt) - virtnodedevd (physical device mgmt) - virtsecretd (security credential mgmt) - virtnwfilterd (ip[6]tables/ebtables mgmt) - virtproxyd (proxy daemon) SELinux policy for virtvxz and virtxend has not been created yet, because I wasn't able to reproduce AVC messages. These drivers run in unconfined_domain until the AVC messages are reproduced internally and policy for these drivers is made. Can you please look at it? Thanks Nikola

3 years, 4 months

5
45
0 / 0

[PATCH 2/2] qemu-img: Require -F with -b backing image

by Eric Blake

Back in commit d9f059aa6c (qemu-img: Deprecate use of -b without -F), we deprecated the ability to create a file with a backing image that requires qemu to perform format probing. Qemu can still probe older files for backwards compatibility, but it is time to finish off the ability to create such images, due to the potential security risk they present. Update a couple of iotests affected by the change. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- docs/system/deprecated.rst | 20 ----------------- docs/system/removed-features.rst | 19 ++++++++++++++++ block.c | 37 ++++++++++---------------------- qemu-img.c | 6 ++++-- tests/qemu-iotests/114 | 18 ++++++++-------- tests/qemu-iotests/114.out | 11 ++++------ tests/qemu-iotests/301 | 4 +--- tests/qemu-iotests/301.out | 16 ++------------ 8 files changed, 50 insertions(+), 81 deletions(-) diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 9ec1a9d0e03e..aa6f7d84e583 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -315,26 +315,6 @@ this CPU is also deprecated. Related binaries ---------------- -qemu-img backing file without format (since 5.1) -'''''''''''''''''''''''''''''''''''''''''''''''' - -The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img -convert`` to create or modify an image that depends on a backing file -now recommends that an explicit backing format be provided. This is -for safety: if QEMU probes a different format than what you thought, -the data presented to the guest will be corrupt; similarly, presenting -a raw image to a guest allows a potential security exploit if a future -probe sees a non-raw image based on guest writes. - -To avoid the warning message, or even future refusal to create an -unsafe image, you must pass ``-o backing_fmt=`` (or the shorthand -``-F`` during create) to specify the intended backing format. You may -use ``qemu-img rebase -u`` to retroactively add a backing format to an -existing image. However, be aware that there are already potential -security risks to blindly using ``qemu-img info`` to probe the format -of an untrusted backing image, when deciding what format to add into -an existing image. - Backwards compatibility ----------------------- diff --git a/docs/system/removed-features.rst b/docs/system/removed-features.rst index 28b5df757d35..1928d8a483c0 100644 --- a/docs/system/removed-features.rst +++ b/docs/system/removed-features.rst @@ -466,6 +466,25 @@ backing chain should be performed with ``qemu-img rebase -u`` either before or after the remaining changes being performed by amend, as appropriate. +qemu-img backing file without format (removed in 6.1) +''''''''''''''''''''''''''''''''''''''''''''''''''''' + +The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img +convert`` to create or modify an image that depends on a backing file +now requires that an explicit backing format be provided. This is +for safety: if QEMU probes a different format than what you thought, +the data presented to the guest will be corrupt; similarly, presenting +a raw image to a guest allows a potential security exploit if a future +probe sees a non-raw image based on guest writes. + +To avoid creating unsafe backing chains, you must pass ``-o +backing_fmt=`` (or the shorthand ``-F`` during create) to specify the +intended backing format. You may use ``qemu-img rebase -u`` to +retroactively add a backing format to an existing image. However, be +aware that there are already potential security risks to blindly using +``qemu-img info`` to probe the format of an untrusted backing image, +when deciding what format to add into an existing image. + Block devices ------------- diff --git a/block.c b/block.c index 874c22c43e3d..931e37a8499b 100644 --- a/block.c +++ b/block.c @@ -5033,7 +5033,7 @@ int coroutine_fn bdrv_co_check(BlockDriverState *bs, * -ENOTSUP - format driver doesn't support changing the backing file */ int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file, - const char *backing_fmt, bool warn) + const char *backing_fmt, bool require) { BlockDriver *drv = bs->drv; int ret; @@ -5047,10 +5047,8 @@ int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file, return -EINVAL; } - if (warn && backing_file && !backing_fmt) { - warn_report("Deprecated use of backing file without explicit " - "backing format, use of this image requires " - "potentially unsafe format probing"); + if (require && backing_file && !backing_fmt) { + return -EINVAL; } if (drv->bdrv_change_backing_file != NULL) { @@ -6556,24 +6554,11 @@ void bdrv_img_create(const char *filename, const char *fmt, goto out; } else { if (!backing_fmt) { - warn_report("Deprecated use of backing file without explicit " - "backing format (detected format of %s)", - bs->drv->format_name); - if (bs->drv != &bdrv_raw) { - /* - * A probe of raw deserves the most attention: - * leaving the backing format out of the image - * will ensure bs->probed is set (ensuring we - * don't accidentally commit into the backing - * file), and allow more spots to warn the users - * to fix their toolchain when opening this image - * later. For other images, we can safely record - * the format that we probed. - */ - backing_fmt = bs->drv->format_name; - qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, backing_fmt, - NULL); - } + error_setg(&local_err, + "Backing file specified without backing format"); + error_append_hint(&local_err, "Detected format of %s.", + bs->drv->format_name); + goto out; } if (size == -1) { /* Opened BS, have no size */ @@ -6590,9 +6575,9 @@ void bdrv_img_create(const char *filename, const char *fmt, } /* (backing_file && !(flags & BDRV_O_NO_BACKING)) */ } else if (backing_file && !backing_fmt) { - warn_report("Deprecated use of unopened backing file without " - "explicit backing format, use of this image requires " - "potentially unsafe format probing"); + error_setg(&local_err, + "Backing file specified without backing format"); + goto out; } if (size == -1) { diff --git a/qemu-img.c b/qemu-img.c index a5993682aad4..3cdfcaa23f6b 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -2505,8 +2505,10 @@ static int img_convert(int argc, char **argv) if (out_baseimg_param) { if (!qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT)) { - warn_report("Deprecated use of backing file without explicit " - "backing format"); + error_report("Use of backing file requires explicit " + "backing format"); + ret = -1; + goto out; } } diff --git a/tests/qemu-iotests/114 b/tests/qemu-iotests/114 index 43cb0bc6c344..3e30b402bc4c 100755 --- a/tests/qemu-iotests/114 +++ b/tests/qemu-iotests/114 @@ -44,16 +44,16 @@ _supported_os Linux # qcow2.py does not work too well with external data files _unsupported_imgopts data_file -# Intentionally specify backing file without backing format; demonstrate -# the difference in warning messages when backing file could be probed. -# Note that only a non-raw probe result will affect the resulting image. +# Older qemu-img could set up backing file without backing format; modern +# qemu can't but we can use qcow2.py to simulate older files. truncate -s $((64 * 1024 * 1024)) "$TEST_IMG.orig" -_make_test_img -b "$TEST_IMG.orig" 64M +_make_test_img -b "$TEST_IMG.orig" -F raw 64M +$PYTHON qcow2.py "$TEST_IMG" del-header-ext 0xE2792ACA TEST_IMG="$TEST_IMG.base" _make_test_img 64M $QEMU_IMG convert -O qcow2 -B "$TEST_IMG.orig" "$TEST_IMG.orig" "$TEST_IMG" -_make_test_img -b "$TEST_IMG.base" 64M -_make_test_img -u -b "$TEST_IMG.base" 64M +_make_test_img -b "$TEST_IMG.base" -F $IMGFMT 64M +_make_test_img -u -b "$TEST_IMG.base" -F $IMGFMT 64M # Set an invalid backing file format $PYTHON qcow2.py "$TEST_IMG" add-header-ext 0xE2792ACA "foo" @@ -64,9 +64,9 @@ _img_info $QEMU_IO -c "open $TEST_IMG" -c "read 0 4k" 2>&1 | _filter_qemu_io | _filter_testdir $QEMU_IO -c "open -o backing.driver=$IMGFMT $TEST_IMG" -c "read 0 4k" | _filter_qemu_io -# Rebase the image, to show that omitting backing format triggers a warning, -# but probing now lets us use the backing file. -$QEMU_IMG rebase -u -b "$TEST_IMG.base" "$TEST_IMG" +# Rebase the image, to show that backing format is required. +$QEMU_IMG rebase -u -b "$TEST_IMG.base" "$TEST_IMG" && echo "unexpected pass" +$QEMU_IMG rebase -u -b "$TEST_IMG.base" -F $IMGFMT "$TEST_IMG" $QEMU_IO -c "open $TEST_IMG" -c "read 0 4k" 2>&1 | _filter_qemu_io | _filter_testdir # success, all done diff --git a/tests/qemu-iotests/114.out b/tests/qemu-iotests/114.out index 0a37d20c82a9..172454401257 100644 --- a/tests/qemu-iotests/114.out +++ b/tests/qemu-iotests/114.out @@ -1,12 +1,9 @@ QA output created by 114 -qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of raw) -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.orig +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.orig backing_fmt=raw Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=67108864 -qemu-img: warning: Deprecated use of backing file without explicit backing format -qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of IMGFMT) +qemu-img: Use of backing file requires explicit backing format +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT -qemu-img: warning: Deprecated use of unopened backing file without explicit backing format, use of this image requires potentially unsafe format probing -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.base image: TEST_DIR/t.IMGFMT file format: IMGFMT virtual size: 64 MiB (67108864 bytes) @@ -17,7 +14,7 @@ qemu-io: can't open device TEST_DIR/t.qcow2: Could not open backing file: Unknow no file open, try 'help open' read 4096/4096 bytes at offset 0 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -qemu-img: warning: Deprecated use of backing file without explicit backing format, use of this image requires potentially unsafe format probing +qemu-img: Could not change the backing file to '/home/eblake/qemu/build/tests/qemu-iotests/scratch/t.qcow2.base': Invalid argument read 4096/4096 bytes at offset 0 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) *** done diff --git a/tests/qemu-iotests/301 b/tests/qemu-iotests/301 index 9f943cadbe24..220de1043fa5 100755 --- a/tests/qemu-iotests/301 +++ b/tests/qemu-iotests/301 @@ -3,7 +3,7 @@ # # Test qcow backing file warnings # -# Copyright (C) 2020 Red Hat, Inc. +# Copyright (C) 2020-2021 Red Hat, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -46,7 +46,6 @@ echo "== qcow backed by qcow ==" TEST_IMG="$TEST_IMG.base" _make_test_img $size _make_test_img -b "$TEST_IMG.base" $size -_img_info _make_test_img -b "$TEST_IMG.base" -F $IMGFMT $size _img_info @@ -71,7 +70,6 @@ echo "== qcow backed by raw ==" rm "$TEST_IMG.base" truncate --size=$size "$TEST_IMG.base" _make_test_img -b "$TEST_IMG.base" $size -_img_info _make_test_img -b "$TEST_IMG.base" -F raw $size _img_info diff --git a/tests/qemu-iotests/301.out b/tests/qemu-iotests/301.out index 9004dad6392f..e280658191e1 100644 --- a/tests/qemu-iotests/301.out +++ b/tests/qemu-iotests/301.out @@ -2,13 +2,7 @@ QA output created by 301 == qcow backed by qcow == Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=33554432 -qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of IMGFMT) -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT -image: TEST_DIR/t.IMGFMT -file format: IMGFMT -virtual size: 32 MiB (33554432 bytes) -cluster_size: 512 -backing file: TEST_DIR/t.IMGFMT.base +qemu-img: TEST_DIR/t.IMGFMT: Backing file specified without backing format Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT image: TEST_DIR/t.IMGFMT file format: IMGFMT @@ -36,13 +30,7 @@ cluster_size: 512 backing file: TEST_DIR/t.IMGFMT.base == qcow backed by raw == -qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of raw) -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base -image: TEST_DIR/t.IMGFMT -file format: IMGFMT -virtual size: 32 MiB (33554432 bytes) -cluster_size: 512 -backing file: TEST_DIR/t.IMGFMT.base +qemu-img: TEST_DIR/t.IMGFMT: Backing file specified without backing format Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=raw image: TEST_DIR/t.IMGFMT file format: IMGFMT -- 2.31.1

3 years, 4 months

2
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel June 2021