qemu: capabilities: Introduce QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED

Historically the 'scsi' passthrough feature of virtio-blk-pci
was enabled by default. Libvirt was disabling it due to security
implications outlined in libvirt commit v0.9.9-4-g177db08775 if it was
not explicitly requested. In qemu commit v2.4.0-1566-ged65fd1a27 the
default value was changed to disabled in preparation for virtio-1.
Starting from QEMU-5.0 the 'scsi' property was also deprecated. There
replacement for the functionality is to use 'virtio-scsi' for the
purpose. This isn't a direct replacement though.

Add capability named QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED which
allows us to stop formatting the 'scsi=' property if it's disabled by
default and not requested so that we don't use deprecated features.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 94a1e5e3b811be05f7e437dd59fe09d888160b7d..0e7db2643a81ad1ce47379af4b1288ec9ed9024f 100644 (file)
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -580,6 +580,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "machine.pseries.cap-sbbc",
               "machine.pseries.cap-ibs",
               "tcg",
+              "virtio-blk-pci.scsi.default.disabled",
     );
 
 
@@ -1319,10 +1320,27 @@ static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioBalloon[]
     { "packed", QEMU_CAPS_VIRTIO_PACKED_QUEUES, NULL },
 };
 
+
+static int
+virQEMUCapsDevicePropsVirtioBlkSCSIDefault(virJSONValuePtr props,
+                                           virQEMUCapsPtr qemuCaps)
+{
+    bool def = false;
+
+    if (virJSONValueObjectGetBoolean(props, "default-value", &def) < 0)
+        return 0;
+
+    if (def == false)
+        virQEMUCapsSet(qemuCaps, QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED);
+
+    return 0;
+}
+
+
 static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioBlk[] = {
     { "ioeventfd", QEMU_CAPS_VIRTIO_IOEVENTFD, NULL },
     { "event_idx", QEMU_CAPS_VIRTIO_BLK_EVENT_IDX, NULL },
-    { "scsi", QEMU_CAPS_VIRTIO_BLK_SCSI, NULL },
+    { "scsi", QEMU_CAPS_VIRTIO_BLK_SCSI, virQEMUCapsDevicePropsVirtioBlkSCSIDefault },
     { "logical_block_size", QEMU_CAPS_BLOCKIO, NULL },
     { "num-queues", QEMU_CAPS_VIRTIO_BLK_NUM_QUEUES, NULL },
     { "share-rw", QEMU_CAPS_DISK_SHARE_RW, NULL },

diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index cdeaf09cce403967a64e9ea5ebc7e39bcf93bdcb..db8bebe3dffb74324755fa16b5707f5232f694fa 100644 (file)
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -561,6 +561,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
     QEMU_CAPS_MACHINE_PSERIES_CAP_SBBC, /* -machine pseries.cap-sbbc */
     QEMU_CAPS_MACHINE_PSERIES_CAP_IBS, /* -machine pseries.cap-ibs */
     QEMU_CAPS_TCG, /* QEMU does support TCG */
+    QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED, /* virtio-blk-pci.scsi disabled by default */
 
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;

diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
index 1f743aaa11a766744e30d62c17b289d1cc162d4d..618ad8ee14e52cd625e322a46de1a4005bb119ac 100644 (file)
--- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
@@ -191,6 +191,7 @@
   <flag name='virtio.packed'/>
   <flag name='pcie-root-port.hotplug'/>
   <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
   <version>5000000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>61700241</microcodeVersion>

diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
index a5f0bb538b66b59e64955670f26ab43a700da1a8..0f5dce9264d1ee33c8fea3fd765b88b4f018e460 100644 (file)
--- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
@@ -199,6 +199,7 @@
   <flag name='machine.pseries.cap-sbbc'/>
   <flag name='machine.pseries.cap-ibs'/>
   <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
   <version>5000000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>42900241</microcodeVersion>

diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
index e9651ca5813d3b610c6a2c09ca8599ae6f73ed16..bc6a27e87e7338c0e62baa2d845c35cb3d8589e9 100644 (file)
--- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
@@ -187,6 +187,7 @@
   <flag name='pcie-root-port.hotplug'/>
   <flag name='aio.io_uring'/>
   <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
   <version>5000000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>0</microcodeVersion>

diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
index f127f38bcc0823dffd853c784b59d6d556fef6d1..ed4c08e99ec19f10f8a65b07031c5f89793973b3 100644 (file)
--- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
@@ -232,6 +232,7 @@
   <flag name='pcie-root-port.hotplug'/>
   <flag name='aio.io_uring'/>
   <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
   <version>5000000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100241</microcodeVersion>

diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
index 9611549bd7a3bebe1255d337589e540760af1fe4..f7018daa84999818d4cf5b9a1c07c140471cb4c9 100644 (file)
--- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
@@ -232,6 +232,7 @@
   <flag name='pcie-root-port.hotplug'/>
   <flag name='aio.io_uring'/>
   <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
   <version>5000050</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100242</microcodeVersion>