From e105b7ee0f1764811d123ab66b0296bc9f92b95b24179c898dbc9c5e9cede8ff Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 3 Mar 2020 23:45:14 +0000 Subject: [PATCH] Accepting request 781323 from home:jfehlig:branches:bug1165588 - qemu: Allow format probing under special circumstances ae9e6c2a-qemu-allow-cond-format-probe.patch bsc#1165588 OBS-URL: https://build.opensuse.org/request/show/781323 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=807 --- ae9e6c2a-qemu-allow-cond-format-probe.patch | 136 ++++++++++++++++++++ libvirt.changes | 7 + libvirt.spec | 2 + 3 files changed, 145 insertions(+) create mode 100644 ae9e6c2a-qemu-allow-cond-format-probe.patch diff --git a/ae9e6c2a-qemu-allow-cond-format-probe.patch b/ae9e6c2a-qemu-allow-cond-format-probe.patch new file mode 100644 index 0000000..1939cae --- /dev/null +++ b/ae9e6c2a-qemu-allow-cond-format-probe.patch @@ -0,0 +1,136 @@ +commit ae9e6c2a2b75d958995c661f7bb64ed4353a6404 +Author: Peter Krempa +Date: Mon Feb 17 10:08:25 2020 +0100 + + virStorageFileGetMetadataRecurse: Allow format probing under special circumstances + + Allow format probing to work around lazy clients which did not specify + their format in the overlay. Format probing will be allowed only, if we + are able to probe the image, the probing result was successful and the + probed image does not have any backing or data file. + + This relaxes the restrictions which were imposed in commit 3615e8b39bad + in cases when we know that the image probing will not result in security + issues or data corruption. + + We perform the image format detection and in the case that we were able + to probe the format and the format does not specify a backing store (or + doesn't support backing store) we can use this format. + + With pre-blockdev configurations this will restore the previous + behaviour for the images mentioned above as qemu would probe the format + anyways. It also improves error reporting compared to the old state as + we now report that the backing chain will be broken in case when there + is a backing file. + + In blockdev configurations this ensures that libvirt will not cause data + corruption by ending the chain prematurely without notifying the user, + but still allows the old semantics when the users forgot to specify the + format. + + Users thus don't have to re-invent when image format detection is safe + to do. + + The price for this is that libvirt will need to keep the image format + detector still current and working or replace it by invocation of + qemu-img. + + Signed-off-by: Peter Krempa + Reviewed-by: Daniel P. Berrangé + +Index: libvirt-6.0.0/src/util/virstoragefile.c +=================================================================== +--- libvirt-6.0.0.orig/src/util/virstoragefile.c ++++ libvirt-6.0.0/src/util/virstoragefile.c +@@ -4907,6 +4907,7 @@ virStorageFileGetMetadataRecurse(virStor + virHashTablePtr cycle, + unsigned int depth) + { ++ virStorageFileFormat orig_format = src->format; + int ret = -1; + const char *uniqueName; + ssize_t headerLen; +@@ -4919,10 +4920,17 @@ virStorageFileGetMetadataRecurse(virStor + src->path, src->format, + (unsigned int)uid, (unsigned int)gid); + ++ if (src->format == VIR_STORAGE_FILE_AUTO_SAFE) ++ src->format = VIR_STORAGE_FILE_AUTO; ++ + /* exit if we can't load information about the current image */ + rv = virStorageFileSupportsBackingChainTraversal(src); +- if (rv <= 0) ++ if (rv <= 0) { ++ if (orig_format == VIR_STORAGE_FILE_AUTO) ++ return -2; ++ + return rv; ++ } + + if (virStorageFileInitAs(src, uid, gid) < 0) + return -1; +@@ -4960,6 +4968,18 @@ virStorageFileGetMetadataRecurse(virStor + &backingFormat) < 0) + goto cleanup; + ++ /* If we probed the format we MUST ensure that nothing else than the current ++ * image (this includes both backing files and external data store) is ++ * considered for security labelling and/or recursion. */ ++ if (orig_format == VIR_STORAGE_FILE_AUTO) { ++ if (src->backingStoreRaw || src->externalDataStoreRaw) { ++ src->format = VIR_STORAGE_FILE_RAW; ++ VIR_FREE(src->backingStoreRaw); ++ VIR_FREE(src->externalDataStoreRaw); ++ return -2; ++ } ++ } ++ + if (src->backingStoreRaw) { + if ((rv = virStorageSourceNewFromBacking(src, &backingStore)) < 0) + goto cleanup; +@@ -4972,36 +4992,21 @@ virStorageFileGetMetadataRecurse(virStor + + backingStore->format = backingFormat; + +- if (backingStore->format == VIR_STORAGE_FILE_AUTO) { +- /* Assuming the backing store to be raw can lead to failures. We do +- * it only when we must not report an error to prevent losing VMs. +- * Otherwise report an error. +- */ +- if (report_broken) { ++ if ((rv = virStorageFileGetMetadataRecurse(backingStore, parent, ++ uid, gid, ++ report_broken, ++ cycle, depth + 1)) < 0) { ++ if (!report_broken) ++ return 0; ++ ++ if (rv == -2) { + virReportError(VIR_ERR_OPERATION_INVALID, + _("format of backing image '%s' of image '%s' was not specified in the image metadata " + "(See https://libvirt.org/kbase/backing_chains.html for troubleshooting)"), + src->backingStoreRaw, NULLSTR(src->path)); +- return -1; + } + +- backingStore->format = VIR_STORAGE_FILE_RAW; +- } +- +- if (backingStore->format == VIR_STORAGE_FILE_AUTO_SAFE) +- backingStore->format = VIR_STORAGE_FILE_AUTO; +- +- if ((ret = virStorageFileGetMetadataRecurse(backingStore, parent, +- uid, gid, +- report_broken, +- cycle, depth + 1)) < 0) { +- if (report_broken) +- goto cleanup; +- +- /* if we fail somewhere midway, just accept and return a +- * broken chain */ +- ret = 0; +- goto cleanup; ++ return -1; + } + } else { + /* add terminator */ diff --git a/libvirt.changes b/libvirt.changes index bae6e14..395ceec 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 3 23:22:42 UTC 2020 - James Fehlig + +- qemu: Allow format probing under special circumstances + ae9e6c2a-qemu-allow-cond-format-probe.patch + bsc#1165588 + ------------------------------------------------------------------- Wed Feb 5 22:51:48 UTC 2020 - James Fehlig diff --git a/libvirt.spec b/libvirt.spec index d82cc4b..d3c4dde 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -342,6 +342,7 @@ Patch0: 6c1dddaf-libxl-shutdown-inhibit.patch Patch1: 849052ec-libxl-support-credit2.patch Patch2: 72ed254b-drop-exec-perms-bashcompletion.patch Patch3: e092daac-prohib-parallel-tunneled-mig.patch +Patch4: ae9e6c2a-qemu-allow-cond-format-probe.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -879,6 +880,7 @@ libvirt plugin for NSS for translating domain names into IP addresses. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1