[PATCH 7/8] qemu: capabilities: Introduce QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED

Historically the 'scsi' passthrough feature of virtio-blk-pci was enabled by default. Libvirt was disabling it due to security implications outlined in libvirt commit v0.9.9-4-g177db08775 if it was not explicitly requested. In qemu commit v2.4.0-1566-ged65fd1a27 the default value was changed to disabled in preparation for virtio-1. Starting from QEMU-5.0 the 'scsi' property was also deprecated. There replacement for the functionality is to use 'virtio-scsi' for the purpose. This isn't a direct replacement though. Add capability named QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED which allows us to stop formatting the 'scsi=' property if it's disabled by default and not requested so that we don't use deprecated features. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- src/qemu/qemu_capabilities.c | 20 ++++++++++++++++++- src/qemu/qemu_capabilities.h | 1 + .../caps_5.0.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + .../caps_5.0.0.riscv64.xml | 1 + .../caps_5.0.0.x86_64.xml | 1 + .../caps_5.1.0.x86_64.xml | 1 + 7 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 94a1e5e3b8..0e7db2643a 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -580,6 +580,7 @@ VIR_ENUM_IMPL(virQEMUCaps, "machine.pseries.cap-sbbc", "machine.pseries.cap-ibs", "tcg", + "virtio-blk-pci.scsi.default.disabled", ); @@ -1319,10 +1320,27 @@ static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioBalloon[] { "packed", QEMU_CAPS_VIRTIO_PACKED_QUEUES, NULL }, }; + +static int +virQEMUCapsDevicePropsVirtioBlkSCSIDefault(virJSONValuePtr props, + virQEMUCapsPtr qemuCaps) +{ + bool def = false; + + if (virJSONValueObjectGetBoolean(props, "default-value", &def) < 0) + return 0; + + if (def == false) + virQEMUCapsSet(qemuCaps, QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED); + + return 0; +} + + static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioBlk[] = { { "ioeventfd", QEMU_CAPS_VIRTIO_IOEVENTFD, NULL }, { "event_idx", QEMU_CAPS_VIRTIO_BLK_EVENT_IDX, NULL }, - { "scsi", QEMU_CAPS_VIRTIO_BLK_SCSI, NULL }, + { "scsi", QEMU_CAPS_VIRTIO_BLK_SCSI, virQEMUCapsDevicePropsVirtioBlkSCSIDefault }, { "logical_block_size", QEMU_CAPS_BLOCKIO, NULL }, { "num-queues", QEMU_CAPS_VIRTIO_BLK_NUM_QUEUES, NULL }, { "share-rw", QEMU_CAPS_DISK_SHARE_RW, NULL }, diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index cdeaf09cce..db8bebe3df 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -561,6 +561,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_MACHINE_PSERIES_CAP_SBBC, /* -machine pseries.cap-sbbc */ QEMU_CAPS_MACHINE_PSERIES_CAP_IBS, /* -machine pseries.cap-ibs */ QEMU_CAPS_TCG, /* QEMU does support TCG */ + QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED, /* virtio-blk-pci.scsi disabled by default */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml index 1f743aaa11..618ad8ee14 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml @@ -191,6 +191,7 @@ <flag name='virtio.packed'/> <flag name='pcie-root-port.hotplug'/> <flag name='tcg'/> + <flag name='virtio-blk-pci.scsi.default.disabled'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml index a5f0bb538b..0f5dce9264 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml @@ -199,6 +199,7 @@ <flag name='machine.pseries.cap-sbbc'/> <flag name='machine.pseries.cap-ibs'/> <flag name='tcg'/> + <flag name='virtio-blk-pci.scsi.default.disabled'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml index e9651ca581..bc6a27e87e 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml @@ -187,6 +187,7 @@ <flag name='pcie-root-port.hotplug'/> <flag name='aio.io_uring'/> <flag name='tcg'/> + <flag name='virtio-blk-pci.scsi.default.disabled'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml index f127f38bcc..ed4c08e99e 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml @@ -232,6 +232,7 @@ <flag name='pcie-root-port.hotplug'/> <flag name='aio.io_uring'/> <flag name='tcg'/> + <flag name='virtio-blk-pci.scsi.default.disabled'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml index 9611549bd7..f7018daa84 100644 --- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml @@ -232,6 +232,7 @@ <flag name='pcie-root-port.hotplug'/> <flag name='aio.io_uring'/> <flag name='tcg'/> + <flag name='virtio-blk-pci.scsi.default.disabled'/> <version>5000050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> -- 2.26.2