External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-31 14:07:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
4e9953a426
libvirt/tests
History
Laine Stump 177db08775 qemu: add new disk device='lun' for bus='virtio' & type='block' 
In the past, generic SCSI commands issued from a guest to a virtio
disk were always passed through to the underlying disk by qemu, and
the kernel would also pass them on.

As a result of CVE-2011-4127 (see:
http://seclists.org/oss-sec/2011/q4/536), qemu now honors its
scsi=on|off device option for virtio-blk-pci (which enables/disables
passthrough of generic SCSI commands), and the kernel will only allow
the commands for physical devices (not for partitions or logical
volumes). The default behavior of qemu is still to allow sending
generic SCSI commands to physical disks that are presented to a guest
as virtio-blk-pci devices, but libvirt prefers to disable those
commands in the standard virtio block devices, enabling it only when
specifically requested (hopefully indicating that the requester
understands what they're asking for). For this purpose, a new libvirt
disk device type (device='lun') has been created.

device='lun' is identical to the default device='disk', except that:

1) It is only allowed if bus='virtio', type='block', and the qemu
   version is "new enough" to support it ("new enough" == qemu 0.11 or
   better), otherwise the domain will fail to start and a
   CONFIG_UNSUPPORTED error will be logged).

2) The option "scsi=on" will be added to the -device arg to allow
   SG_IO commands (if device !='lun', "scsi=off" will be added to the
   -device arg so that SG_IO commands are specifically forbidden).

Guests which continue to use disk device='disk' (the default) will no
longer be able to use SG_IO commands on the disk; those that have
their disk device changed to device='lun' will still be able to use SG_IO
commands.

*docs/formatdomain.html.in - document the new device attribute value.
*docs/schemas/domaincommon.rng - allow it in the RNG
*tests/* - update the args of several existing tests to add scsi=off, and
 add one new test that will test scsi=on.
*src/conf/domain_conf.c - update domain XML parser and formatter

*src/qemu/qemu_(command|driver|hotplug).c - treat
 VIR_DOMAIN_DISK_DEVICE_LUN *almost* identically to
 VIR_DOMAIN_DISK_DEVICE_DISK, except as indicated above.

Note that no support for this new device value was added to any
hypervisor drivers other than qemu, because it's unclear what it might
mean (if anything) to those drivers.
2012-01-09 10:55:53 -05:00
..
capabilityschemadata microblaze: Add architecture support 2011-07-07 17:49:21 -06:00
commanddata command: handle empty buffer argument correctly 2011-12-03 15:55:46 -07:00
confdata maint: improve tests distribution 2010-12-17 11:57:11 -07:00
cputestdata tests: Add unit tests for internal CPU APIs 2010-12-01 14:12:54 +01:00
domainschemadata schema: Move timer element inside clock 2010-11-09 15:35:43 +01:00
domainsnapshotxml2xmlin snapshot: also support disks by path 2011-09-05 07:03:04 -06:00
domainsnapshotxml2xmlout snapshot: test domainsnapshot indentation 2011-10-20 16:02:16 -06:00
interfaceschemadata Update interface.rng and xml test files to match netcf 0.1.5 2010-01-19 21:13:03 +01:00
networkxml2argvdata Implement DNS SRV record into the bridge driver 2012-01-02 23:05:55 +08:00
networkxml2xmlin Implement DNS SRV record into the bridge driver 2012-01-02 23:05:55 +08:00
networkxml2xmlout Implement DNS SRV record into the bridge driver 2012-01-02 23:05:55 +08:00
nodedevschemadata nodedev: Add removable storage 'media_label' prop 2009-12-14 14:58:23 +01:00
nodeinfodata Modify the tests/nodeinfotest.c to use sysfs in addition 2011-12-08 08:39:26 -05:00
nwfilterxml2xmlin Add test cases for STP traffic filtering 2011-11-22 15:12:03 -05:00
nwfilterxml2xmlout Add test cases for STP traffic filtering 2011-11-22 15:12:03 -05:00
qemuhelpdata Add support for QEMU 1.0 2011-12-05 13:02:54 +01:00
qemuxml2argvdata qemu: add new disk device='lun' for bus='virtio' & type='block' 2012-01-09 10:55:53 -05:00
qemuxml2xmloutdata conf: Introduce optional startupPolicy attribute for cdrom and floppy 2011-10-25 09:22:42 +02:00
qemuxmlnsdata qemu: Test name-space handling 2011-10-19 07:59:59 -06:00
sexpr2xmldata xen_xs: Guard against set but empty kernel argument 2011-10-10 22:58:04 +02:00
storagepoolxml2xmlin storage: add support for Vendor and Model in XML 2010-08-19 15:58:43 -06:00
storagepoolxml2xmlout storage: add support for Vendor and Model in XML 2010-08-19 15:58:43 -06:00
storagevolxml2xmlin tests: Add storage volume XML 2 XML tests. 2009-10-16 10:52:27 -04:00
storagevolxml2xmlout tests: Add storage volume XML 2 XML tests. 2009-10-16 10:52:27 -04:00
vmx2xmldata esx: Fix regression in absolute file name handling 2011-05-26 23:32:44 +02:00
xencapsdata Add suspend info to Xen, LXC and UML hypervisor capabilities 2011-11-30 10:12:30 +00:00
xmconfigdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
xml2sexprdata Do not drop kernel cmdline for xen pv domains 2011-07-11 09:11:15 -06:00
xml2vmxdata esx: Fix regression in absolute file name handling 2011-05-26 23:32:44 +02:00
.gitignore Add internal APIs for dealing with time 2011-11-30 11:43:49 +00:00
.valgrind.supp tests: suppress more valgrind situations 2011-05-03 08:03:39 -06:00
capabilityschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
commandhelper.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
commandtest.c tests: avoid test failure on rawhide gnutls 2012-01-06 14:24:32 -07:00
conftest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
cpuset tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
cputest.c snapshot: simplify indentation of cpu features 2011-10-20 16:56:28 -06:00
daemon-conf tests: fix daemon-conf testing failure 2010-11-03 11:43:11 +01:00
define-dev-segfault Add domain type checking 2011-07-11 19:38:51 +02:00
domainschematest tests: Test qemuxml2xml when expected xml changes 2010-07-28 16:47:56 -04:00
domainsnapshotschematest Domain snapshot RNG and tests. 2010-05-20 13:50:03 -04:00
domainsnapshotxml2xmltest.c build: properly skip tests 2011-12-01 13:49:20 -07:00
esxutilstest.c build: properly skip tests 2011-12-01 13:49:20 -07:00
eventtest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
hashdata.h tests: More unit tests for internal hash APIs 2011-04-27 15:32:30 +02:00
hashtest.c tests: test recent hash addition 2011-11-18 10:32:49 -07:00
int-overflow tests: Don't use bash if we don't have to 2011-07-29 17:17:21 +02:00
interfaceschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
interfacexml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
jsontest.c Add test case for parsing JSON docs 2011-06-30 18:04:02 +01:00
libvirtd-fail Fix up "make check" 2009-10-07 12:18:13 +02:00
libvirtd-pool Fix up "make check" 2009-10-07 12:18:13 +02:00
Makefile.am Add internal APIs for dealing with time 2011-11-30 11:43:49 +00:00
networkschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
networkxml2argvtest.c Implement DNS SRV record into the bridge driver 2012-01-02 23:05:55 +08:00
networkxml2xmltest.c bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
nodedevschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
nodedevxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
nodeinfotest.c tests: plug memory leak on linuxTestNodeInfo 2011-12-13 10:03:01 +01:00
nwfilterschematest nwfilter: Add filter schema for nwfilter XML, extend domain XML schema 2010-04-06 11:09:46 -04:00
nwfilterxml2xmltest.c Add test cases for STP traffic filtering 2011-11-22 15:12:03 -05:00
object-locking.ml maint: typo fixes 2011-06-24 08:01:10 -06:00
oomtrace.pl maint: mark more perl scripts executable 2011-05-16 10:12:21 -06:00
openvzutilstest.c build: properly skip tests 2011-12-01 13:49:20 -07:00
openvzutilstest.conf openvz: Add simple test for openvzReadNetworkConf 2011-06-01 11:58:15 +02:00
pkix_asn1_tab.c Add a test case for certificate validation 2011-07-22 15:18:32 +01:00
qemuargv2xmltest.c build: properly skip tests 2011-12-01 13:49:20 -07:00
qemuhelptest.c qemu: add new disk device='lun' for bus='virtio' & type='block' 2012-01-09 10:55:53 -05:00
qemuxml2argvtest.c qemu: add new disk device='lun' for bus='virtio' & type='block' 2012-01-09 10:55:53 -05:00
qemuxml2xmltest.c qemu: add new disk device='lun' for bus='virtio' & type='block' 2012-01-09 10:55:53 -05:00
qemuxmlnstest.c qemu: Add a capability flag for -no-acpi 2011-12-20 12:33:55 -07:00
qparamtest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
read-bufsiz build: use portable sed expressions 2010-09-14 08:42:10 -06:00
read-non-seekable tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
reconnect.c tests: avoid xend ABRT crash report 2011-11-18 15:00:18 -07:00
schematestutils.sh tests: fix schema checks sorting 2011-12-22 13:01:09 -07:00
seclabeltest.c Refactor the security drivers to simplify usage 2011-01-10 18:10:52 +00:00
sexpr2xmltest.c xen_xs: Guard against set but empty kernel argument 2011-10-10 22:58:04 +02:00
shunloadhelper.c Prevent crash from dlclose() of libvirt.so 2011-09-16 15:51:31 -06:00
shunloadtest.c build: properly skip tests 2011-12-01 13:49:20 -07:00
sockettest.c Split src/util/network.{c,h} into 5 pieces 2011-11-15 10:27:54 +00:00
ssh.c Introduce a generic object for using network sockets 2011-06-24 11:48:18 +01:00
start tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
statstest.c tests: avoid xend ABRT crash report 2011-11-18 15:00:18 -07:00
storagepoolschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
storagepoolxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
storagevolschematest Make test suite output less verbose 2010-01-15 16:28:05 +00:00
storagevolxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
test_conf.sh Make test suite output less verbose 2010-01-15 16:28:05 +00:00
test-lib.sh tests: simplify formatting 2011-07-11 09:21:37 -06:00
testutils.c waitpid: improve safety 2011-10-24 15:42:52 -06:00
testutils.h Provide a simple object for encoding/decoding RPC messages 2011-06-24 11:48:14 +01:00
testutilsqemu.c tests: Add fake PPC64 emulator for QEMU testing 2011-12-20 16:14:09 -07:00
testutilsqemu.h remove all trailing blank lines 2009-07-16 15:06:42 +02:00
testutilsxen.c Fix default console type setting 2011-11-03 12:01:48 +00:00
testutilsxen.h remove all trailing blank lines 2009-07-16 15:06:42 +02:00
undefine virsh: properly interleave shared stdout and stderr 2011-08-19 09:22:22 -06:00
utiltest.c build: avoid 'make syntax-check' failure 2011-07-01 16:46:20 -06:00
vcpupin tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virbuftest.c virbuf: add auto-indentation support 2011-10-20 16:02:16 -06:00
virnetmessagetest.c tests: Fix memory leak in virnetmessagetest 2011-06-29 10:47:54 +08:00
virnetsockettest.c Santize naming of socket address APIs 2011-11-09 17:10:23 +00:00
virnettlscontexttest.c Split src/util/network.{c,h} into 5 pieces 2011-11-15 10:27:54 +00:00
virsh-all tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virsh-optparse build: update to latest gnulib 2011-12-01 14:12:59 -07:00
virsh-schedinfo build: update to latest gnulib 2011-12-01 14:12:59 -07:00
virsh-synopsis tests: use GPLv2+, not GPLv3 2010-05-12 08:41:10 +02:00
virshtest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
virt-aa-helper-test fix AppArmor driver for pipe character devices 2011-09-28 15:43:39 +08:00
virtimetest.c Add internal APIs for dealing with time 2011-11-30 11:43:49 +00:00
vmx2xmltest.c build: properly skip tests 2011-12-01 13:49:20 -07:00
xencapstest.c Xen: Fake versions in xencapstest 2011-10-14 09:42:38 -06:00
xmconfigtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
xml2sexprtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
xml2vmxtest.c build: properly skip tests 2011-12-01 13:49:20 -07:00