qemu: conf: Remove 'allow_disk_format_probing' config option

author Peter Krempa <pkrempa@redhat.com>

Mon, 4 Jun 2018 07:00:27 +0000 (09:00 +0200)

committer Peter Krempa <pkrempa@redhat.com>

Fri, 8 Jun 2018 07:26:37 +0000 (09:26 +0200)
author Peter Krempa <pkrempa@redhat.com>
Mon, 4 Jun 2018 07:00:27 +0000 (09:00 +0200)
committer Peter Krempa <pkrempa@redhat.com>
Fri, 8 Jun 2018 07:26:37 +0000 (09:26 +0200)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf

index 1bdebc2d789c46a3107808f108e8b1bae3e5b3a4..76afe88b0c90b431d0360228ccd0f4a0978bd9b6 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -650,18 +650,6 @@
  #relaxed_acs_check = 1
  
  
-# If allow_disk_format_probing is enabled, libvirt will probe disk
-# images to attempt to identify their format, when not otherwise
-# specified in the XML. This is disabled by default.
-#
-# WARNING: Enabling probing is a security hole in almost all
-# deployments. It is strongly recommended that users update their
-# guest XML <disk> elements to include  <driver type='XXXX'/>
-# elements instead of enabling this option.
-#
-#allow_disk_format_probing = 1
-
-
  # In order to prevent accidentally starting two domains that
  # share one writable disk, libvirt offers two approaches for
  # locking files. The first one is sanlock, the other one,
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c

index 43476170a1780e80bf616f86ed3cf4ef074bdd97..f079ae3221c91dbd17baee10a96fe82713cf056d 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -511,6 +511,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
      char **nvram = NULL;
      char *corestr = NULL;
      char **namespaces = NULL;
+    bool tmp;
  
      /* Just check the file is readable before opening it, otherwise
       * libvirt emits an error.
@@ -803,8 +804,13 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
          goto cleanup;
      if (virConfGetValueBool(conf, "clear_emulator_capabilities", &cfg->clearEmulatorCapabilities) < 0)
          goto cleanup;
-    if (virConfGetValueBool(conf, "allow_disk_format_probing", &cfg->allowDiskFormatProbing) < 0)
+    if (virConfGetValueBool(conf, "allow_disk_format_probing", &tmp) < 0)
          goto cleanup;
+    if (tmp) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("allow_disk_format_probing is no longer supported"));
+        goto cleanup;
+    }
      if (virConfGetValueBool(conf, "set_process_name", &cfg->setProcessName) < 0)
          goto cleanup;
      if (virConfGetValueUInt(conf, "max_processes", &cfg->maxProcesses) < 0)
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h

index 545dc73433189192d83e5440d06167b29fdd4d55..a8d84efea2888476f0f1535f8224c64d47dc2cdb 100644 (file)
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -164,7 +164,6 @@ struct _virQEMUDriverConfig {
      bool vncAllowHostAudio;
      bool nogfxAllowHostAudio;
      bool clearEmulatorCapabilities;
-    bool allowDiskFormatProbing;
      bool setProcessName;
  
      unsigned int maxProcesses;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index c5237e4d418da6a2763ff34587cf8db2caa20118..68d1114a5a7d080d7c67a6072d110e5181184afe 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5973,39 +5973,23 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDefPtr disk,
  static int
  qemuDomainDeviceDiskDefPostParse(virDomainDiskDefPtr disk,
                                   virQEMUCapsPtr qemuCaps,
-                                 unsigned int parseFlags,
-                                 virQEMUDriverConfigPtr cfg)
+                                 unsigned int parseFlags)
  {
      /* set default disk types and drivers */
-    /* assign default storage format and driver according to config */
-    if (cfg->allowDiskFormatProbing) {
-        /* default disk format for drives */
-        if (virDomainDiskGetFormat(disk) == VIR_STORAGE_FILE_NONE &&
-            (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_FILE ||
-             virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_BLOCK))
-            virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_AUTO);
-
-        /* default disk format for mirrored drive */
-        if (disk->mirror &&
-            disk->mirror->format == VIR_STORAGE_FILE_NONE)
-            disk->mirror->format = VIR_STORAGE_FILE_AUTO;
-    } else {
-        /* default driver if probing is forbidden */
-        if (!virDomainDiskGetDriver(disk) &&
-            virDomainDiskSetDriver(disk, "qemu") < 0)
-            return -1;
+    if (!virDomainDiskGetDriver(disk) &&
+        virDomainDiskSetDriver(disk, "qemu") < 0)
+        return -1;
  
-        /* default disk format for drives */
-        if (virDomainDiskGetFormat(disk) == VIR_STORAGE_FILE_NONE &&
-            (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_FILE ||
-             virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_BLOCK))
-            virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_RAW);
+    /* default disk format for drives */
+    if (virDomainDiskGetFormat(disk) == VIR_STORAGE_FILE_NONE &&
+        (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_FILE ||
+         virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_BLOCK))
+        virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_RAW);
  
-        /* default disk format for mirrored drive */
-        if (disk->mirror &&
-            disk->mirror->format == VIR_STORAGE_FILE_NONE)
-            disk->mirror->format = VIR_STORAGE_FILE_RAW;
-    }
+    /* default disk format for mirrored drive */
+    if (disk->mirror &&
+        disk->mirror->format == VIR_STORAGE_FILE_NONE)
+        disk->mirror->format = VIR_STORAGE_FILE_RAW;
  
      if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
                                                          parseFlags) < 0)
@@ -6100,7 +6084,6 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
       * function shall not fail in that case. It will be re-run on VM startup
       * with the capabilities populated. */
      virQEMUCapsPtr qemuCaps = parseOpaque;
-    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
      int ret = -1;
  
      switch ((virDomainDeviceType) dev->type) {
@@ -6110,7 +6093,7 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
  
      case VIR_DOMAIN_DEVICE_DISK:
          ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, qemuCaps,
-                                               parseFlags, cfg);
+                                               parseFlags);
          break;
  
      case VIR_DOMAIN_DEVICE_VIDEO:
@@ -6168,7 +6151,6 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
          break;
      }
  
-    virObjectUnref(cfg);
      return ret;
  }
  
@@ -7182,11 +7164,6 @@ void qemuDomainObjCheckDiskTaint(virQEMUDriverPtr driver,
                                   qemuDomainLogContextPtr logCtxt)
  {
      virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
-    int format = virDomainDiskGetFormat(disk);
-
-    if ((!format || format == VIR_STORAGE_FILE_AUTO) &&
-        cfg->allowDiskFormatProbing)
-        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING, logCtxt);
  
      if (disk->rawio == VIR_TRISTATE_BOOL_YES)
          qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES,
@@ -8142,8 +8119,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
      qemuDomainGetImageIds(cfg, vm, src, disk->src, &uid, &gid);
  
      if (virStorageFileGetMetadata(src,
-                                  uid, gid,
-                                  cfg->allowDiskFormatProbing,
+                                  uid, gid, false,
                                    report_broken) < 0)
          goto cleanup;
  
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index 38ea865ce33a61ec7cdcdbb071bb6f1cbe0d2f50..2f28674ef5548fb6b4499eed511d893bb1bd02c7 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -365,8 +365,6 @@ qemuSecurityInit(virQEMUDriverPtr driver)
      virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
      unsigned int flags = 0;
  
-    if (cfg->allowDiskFormatProbing)
-        flags |= VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE;
      if (cfg->securityDefaultConfined)
          flags |= VIR_SECURITY_MANAGER_DEFAULT_CONFINED;
      if (cfg->securityRequireConfined)
@@ -11966,8 +11964,7 @@ qemuStorageLimitsRefresh(virQEMUDriverPtr driver,
      if (virStorageSourceUpdateBackingSizes(src, fd, &sb) < 0)
          goto cleanup;
  
-    if (virStorageSourceUpdateCapacity(src, buf, len,
-                                       cfg->allowDiskFormatProbing) < 0)
+    if (virStorageSourceUpdateCapacity(src, buf, len, false) < 0)
          goto cleanup;
  
      /* If guest is not using raw disk format and is on a host block
@@ -14196,16 +14193,11 @@ qemuDomainSnapshotCreateInactiveExternal(virQEMUDriverPtr driver,
                                     defdisk->src->path,
                                     virStorageFileFormatTypeToString(defdisk->src->format));
          } else {
-            if (!cfg->allowDiskFormatProbing) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("unknown image format of '%s' and "
-                                 "format probing is disabled"),
-                               defdisk->src->path);
-                goto cleanup;
-            }
-
-            /* adds cmd line arg: backing_file=/path/to/backing/file */
-            virCommandAddArgFormat(cmd, "backing_file=%s", defdisk->src->path);
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("unknown image format of '%s' and "
+                             "format probing is disabled"),
+                           defdisk->src->path);
+            goto cleanup;
          }
  
          /* adds cmd line args: /path/to/target/file */
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in

index f903e76fb3786269fd5cf2f460bb32043c8878dc..61690ee92cf732b1592421e64578bccd98a13c89 100644 (file)
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -79,7 +79,6 @@ module Test_libvirtd_qemu =
  { "dump_guest_core" = "1" }
  { "mac_filter" = "1" }
  { "relaxed_acs_check" = "1" }
-{ "allow_disk_format_probing" = "1" }
  { "lock_manager" = "lockd" }
  { "max_queued" = "0" }
  { "keepalive_interval" = "5" }
author	Peter Krempa <pkrempa@redhat.com>
	Mon, 4 Jun 2018 07:00:27 +0000 (09:00 +0200)
committer	Peter Krempa <pkrempa@redhat.com>
	Fri, 8 Jun 2018 07:26:37 +0000 (09:26 +0200)
src/qemu/qemu.conf		patch \| blob \| blame \| history
src/qemu/qemu_conf.c		patch \| blob \| blame \| history
src/qemu/qemu_conf.h		patch \| blob \| blame \| history
src/qemu/qemu_domain.c		patch \| blob \| blame \| history
src/qemu/qemu_driver.c		patch \| blob \| blame \| history
src/qemu/test_libvirtd_qemu.aug.in		patch \| blob \| blame \| history