mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-22 20:45:18 +00:00
177db08775
In the past, generic SCSI commands issued from a guest to a virtio disk were always passed through to the underlying disk by qemu, and the kernel would also pass them on. As a result of CVE-2011-4127 (see: http://seclists.org/oss-sec/2011/q4/536), qemu now honors its scsi=on|off device option for virtio-blk-pci (which enables/disables passthrough of generic SCSI commands), and the kernel will only allow the commands for physical devices (not for partitions or logical volumes). The default behavior of qemu is still to allow sending generic SCSI commands to physical disks that are presented to a guest as virtio-blk-pci devices, but libvirt prefers to disable those commands in the standard virtio block devices, enabling it only when specifically requested (hopefully indicating that the requester understands what they're asking for). For this purpose, a new libvirt disk device type (device='lun') has been created. device='lun' is identical to the default device='disk', except that: 1) It is only allowed if bus='virtio', type='block', and the qemu version is "new enough" to support it ("new enough" == qemu 0.11 or better), otherwise the domain will fail to start and a CONFIG_UNSUPPORTED error will be logged). 2) The option "scsi=on" will be added to the -device arg to allow SG_IO commands (if device !='lun', "scsi=off" will be added to the -device arg so that SG_IO commands are specifically forbidden). Guests which continue to use disk device='disk' (the default) will no longer be able to use SG_IO commands on the disk; those that have their disk device changed to device='lun' will still be able to use SG_IO commands. *docs/formatdomain.html.in - document the new device attribute value. *docs/schemas/domaincommon.rng - allow it in the RNG *tests/* - update the args of several existing tests to add scsi=off, and add one new test that will test scsi=on. *src/conf/domain_conf.c - update domain XML parser and formatter *src/qemu/qemu_(command|driver|hotplug).c - treat VIR_DOMAIN_DISK_DEVICE_LUN *almost* identically to VIR_DOMAIN_DISK_DEVICE_DISK, except as indicated above. Note that no support for this new device value was added to any hypervisor drivers other than qemu, because it's unclear what it might mean (if anything) to those drivers.
31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
|
|
/usr/bin/qemu \
|
|
-S \
|
|
-M pc \
|
|
-m 214 \
|
|
-smp 1 \
|
|
-nographic \
|
|
-nodefaults \
|
|
-monitor unix:/tmp/test-monitor,server,nowait \
|
|
-no-acpi \
|
|
-boot dnca \
|
|
-drive file=/tmp/vda.img,if=none,id=drive-virtio-disk0,boot=on \
|
|
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0 \
|
|
-drive file=/tmp/vdb.img,if=none,id=drive-virtio-disk1 \
|
|
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1 \
|
|
-drive file=/dev/HostVG/hda,if=none,id=drive-ide0-0-0 \
|
|
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
|
|
-drive file=/dev/HostVG/hdb,if=none,id=drive-ide0-0-1 \
|
|
-device ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 \
|
|
-drive file=/dev/HostVG/hdc,if=none,media=cdrom,id=drive-ide0-1-0 \
|
|
-device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 \
|
|
-drive file=/dev/fd0,if=none,id=drive-fdc0-0-0 \
|
|
-global isa-fdc.driveA=drive-fdc0-0-0 \
|
|
-drive file=/dev/fd1,if=none,id=drive-fdc0-0-1 \
|
|
-global isa-fdc.driveB=drive-fdc0-0-1 \
|
|
-device virtio-net-pci,vlan=0,id=net0,mac=00:11:22:33:44:11,bus=pci.0,addr=0x3 \
|
|
-net user,vlan=0,name=hostnet0 \
|
|
-device virtio-net-pci,vlan=1,id=net1,mac=00:11:22:33:44:22,bus=pci.0,addr=0x4 \
|
|
-net user,vlan=1,name=hostnet1 \
|
|
-usb
|