Accepting request 781323 from home:jfehlig:branches:bug1165588
- qemu: Allow format probing under special circumstances ae9e6c2a-qemu-allow-cond-format-probe.patch bsc#1165588 OBS-URL: https://build.opensuse.org/request/show/781323 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=807
This commit is contained in:
parent
13d77271a1
commit
e105b7ee0f
136
ae9e6c2a-qemu-allow-cond-format-probe.patch
Normal file
136
ae9e6c2a-qemu-allow-cond-format-probe.patch
Normal file
@ -0,0 +1,136 @@
|
||||
commit ae9e6c2a2b75d958995c661f7bb64ed4353a6404
|
||||
Author: Peter Krempa <pkrempa@redhat.com>
|
||||
Date: Mon Feb 17 10:08:25 2020 +0100
|
||||
|
||||
virStorageFileGetMetadataRecurse: Allow format probing under special circumstances
|
||||
|
||||
Allow format probing to work around lazy clients which did not specify
|
||||
their format in the overlay. Format probing will be allowed only, if we
|
||||
are able to probe the image, the probing result was successful and the
|
||||
probed image does not have any backing or data file.
|
||||
|
||||
This relaxes the restrictions which were imposed in commit 3615e8b39bad
|
||||
in cases when we know that the image probing will not result in security
|
||||
issues or data corruption.
|
||||
|
||||
We perform the image format detection and in the case that we were able
|
||||
to probe the format and the format does not specify a backing store (or
|
||||
doesn't support backing store) we can use this format.
|
||||
|
||||
With pre-blockdev configurations this will restore the previous
|
||||
behaviour for the images mentioned above as qemu would probe the format
|
||||
anyways. It also improves error reporting compared to the old state as
|
||||
we now report that the backing chain will be broken in case when there
|
||||
is a backing file.
|
||||
|
||||
In blockdev configurations this ensures that libvirt will not cause data
|
||||
corruption by ending the chain prematurely without notifying the user,
|
||||
but still allows the old semantics when the users forgot to specify the
|
||||
format.
|
||||
|
||||
Users thus don't have to re-invent when image format detection is safe
|
||||
to do.
|
||||
|
||||
The price for this is that libvirt will need to keep the image format
|
||||
detector still current and working or replace it by invocation of
|
||||
qemu-img.
|
||||
|
||||
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-6.0.0/src/util/virstoragefile.c
|
||||
===================================================================
|
||||
--- libvirt-6.0.0.orig/src/util/virstoragefile.c
|
||||
+++ libvirt-6.0.0/src/util/virstoragefile.c
|
||||
@@ -4907,6 +4907,7 @@ virStorageFileGetMetadataRecurse(virStor
|
||||
virHashTablePtr cycle,
|
||||
unsigned int depth)
|
||||
{
|
||||
+ virStorageFileFormat orig_format = src->format;
|
||||
int ret = -1;
|
||||
const char *uniqueName;
|
||||
ssize_t headerLen;
|
||||
@@ -4919,10 +4920,17 @@ virStorageFileGetMetadataRecurse(virStor
|
||||
src->path, src->format,
|
||||
(unsigned int)uid, (unsigned int)gid);
|
||||
|
||||
+ if (src->format == VIR_STORAGE_FILE_AUTO_SAFE)
|
||||
+ src->format = VIR_STORAGE_FILE_AUTO;
|
||||
+
|
||||
/* exit if we can't load information about the current image */
|
||||
rv = virStorageFileSupportsBackingChainTraversal(src);
|
||||
- if (rv <= 0)
|
||||
+ if (rv <= 0) {
|
||||
+ if (orig_format == VIR_STORAGE_FILE_AUTO)
|
||||
+ return -2;
|
||||
+
|
||||
return rv;
|
||||
+ }
|
||||
|
||||
if (virStorageFileInitAs(src, uid, gid) < 0)
|
||||
return -1;
|
||||
@@ -4960,6 +4968,18 @@ virStorageFileGetMetadataRecurse(virStor
|
||||
&backingFormat) < 0)
|
||||
goto cleanup;
|
||||
|
||||
+ /* If we probed the format we MUST ensure that nothing else than the current
|
||||
+ * image (this includes both backing files and external data store) is
|
||||
+ * considered for security labelling and/or recursion. */
|
||||
+ if (orig_format == VIR_STORAGE_FILE_AUTO) {
|
||||
+ if (src->backingStoreRaw || src->externalDataStoreRaw) {
|
||||
+ src->format = VIR_STORAGE_FILE_RAW;
|
||||
+ VIR_FREE(src->backingStoreRaw);
|
||||
+ VIR_FREE(src->externalDataStoreRaw);
|
||||
+ return -2;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (src->backingStoreRaw) {
|
||||
if ((rv = virStorageSourceNewFromBacking(src, &backingStore)) < 0)
|
||||
goto cleanup;
|
||||
@@ -4972,36 +4992,21 @@ virStorageFileGetMetadataRecurse(virStor
|
||||
|
||||
backingStore->format = backingFormat;
|
||||
|
||||
- if (backingStore->format == VIR_STORAGE_FILE_AUTO) {
|
||||
- /* Assuming the backing store to be raw can lead to failures. We do
|
||||
- * it only when we must not report an error to prevent losing VMs.
|
||||
- * Otherwise report an error.
|
||||
- */
|
||||
- if (report_broken) {
|
||||
+ if ((rv = virStorageFileGetMetadataRecurse(backingStore, parent,
|
||||
+ uid, gid,
|
||||
+ report_broken,
|
||||
+ cycle, depth + 1)) < 0) {
|
||||
+ if (!report_broken)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (rv == -2) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||
_("format of backing image '%s' of image '%s' was not specified in the image metadata "
|
||||
"(See https://libvirt.org/kbase/backing_chains.html for troubleshooting)"),
|
||||
src->backingStoreRaw, NULLSTR(src->path));
|
||||
- return -1;
|
||||
}
|
||||
|
||||
- backingStore->format = VIR_STORAGE_FILE_RAW;
|
||||
- }
|
||||
-
|
||||
- if (backingStore->format == VIR_STORAGE_FILE_AUTO_SAFE)
|
||||
- backingStore->format = VIR_STORAGE_FILE_AUTO;
|
||||
-
|
||||
- if ((ret = virStorageFileGetMetadataRecurse(backingStore, parent,
|
||||
- uid, gid,
|
||||
- report_broken,
|
||||
- cycle, depth + 1)) < 0) {
|
||||
- if (report_broken)
|
||||
- goto cleanup;
|
||||
-
|
||||
- /* if we fail somewhere midway, just accept and return a
|
||||
- * broken chain */
|
||||
- ret = 0;
|
||||
- goto cleanup;
|
||||
+ return -1;
|
||||
}
|
||||
} else {
|
||||
/* add terminator */
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 3 23:22:42 UTC 2020 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- qemu: Allow format probing under special circumstances
|
||||
ae9e6c2a-qemu-allow-cond-format-probe.patch
|
||||
bsc#1165588
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 5 22:51:48 UTC 2020 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
|
@ -342,6 +342,7 @@ Patch0: 6c1dddaf-libxl-shutdown-inhibit.patch
|
||||
Patch1: 849052ec-libxl-support-credit2.patch
|
||||
Patch2: 72ed254b-drop-exec-perms-bashcompletion.patch
|
||||
Patch3: e092daac-prohib-parallel-tunneled-mig.patch
|
||||
Patch4: ae9e6c2a-qemu-allow-cond-format-probe.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: libxl-dom-reset.patch
|
||||
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
|
||||
@ -879,6 +880,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch150 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user