libvirt/docs
Laine Stump 177db08775 qemu: add new disk device='lun' for bus='virtio' & type='block'
In the past, generic SCSI commands issued from a guest to a virtio
disk were always passed through to the underlying disk by qemu, and
the kernel would also pass them on.

As a result of CVE-2011-4127 (see:
http://seclists.org/oss-sec/2011/q4/536), qemu now honors its
scsi=on|off device option for virtio-blk-pci (which enables/disables
passthrough of generic SCSI commands), and the kernel will only allow
the commands for physical devices (not for partitions or logical
volumes). The default behavior of qemu is still to allow sending
generic SCSI commands to physical disks that are presented to a guest
as virtio-blk-pci devices, but libvirt prefers to disable those
commands in the standard virtio block devices, enabling it only when
specifically requested (hopefully indicating that the requester
understands what they're asking for). For this purpose, a new libvirt
disk device type (device='lun') has been created.

device='lun' is identical to the default device='disk', except that:

1) It is only allowed if bus='virtio', type='block', and the qemu
   version is "new enough" to support it ("new enough" == qemu 0.11 or
   better), otherwise the domain will fail to start and a
   CONFIG_UNSUPPORTED error will be logged).

2) The option "scsi=on" will be added to the -device arg to allow
   SG_IO commands (if device !='lun', "scsi=off" will be added to the
   -device arg so that SG_IO commands are specifically forbidden).

Guests which continue to use disk device='disk' (the default) will no
longer be able to use SG_IO commands on the disk; those that have
their disk device changed to device='lun' will still be able to use SG_IO
commands.

*docs/formatdomain.html.in - document the new device attribute value.
*docs/schemas/domaincommon.rng - allow it in the RNG
*tests/* - update the args of several existing tests to add scsi=off, and
 add one new test that will test scsi=on.
*src/conf/domain_conf.c - update domain XML parser and formatter

*src/qemu/qemu_(command|driver|hotplug).c - treat
 VIR_DOMAIN_DISK_DEVICE_LUN *almost* identically to
 VIR_DOMAIN_DISK_DEVICE_DISK, except as indicated above.

Note that no support for this new device value was added to any
hypervisor drivers other than qemu, because it's unclear what it might
mean (if anything) to those drivers.
2012-01-09 10:55:53 -05:00
..
api_extension maint: rename virBufferVSprintf to virBufferAsprintf 2011-05-05 13:47:40 -06:00
devhelp build: Fix API docs generation in VPATH build 2011-02-21 14:46:23 +01:00
html Remove all generated docs from source control 2009-09-21 14:41:47 +01:00
internals Extend RPC protocol to allow FD passing 2011-10-28 10:27:15 +01:00
schemas qemu: add new disk device='lun' for bus='virtio' & type='block' 2012-01-09 10:55:53 -05:00
.gitignore Add automatic generation of a todo item page 2010-10-12 11:26:52 +01:00
32favicon.png * docs/site.xsl docs/*.png docs/*.html: update the images from Diana, 2006-01-23 22:55:41 +00:00
api_extension.html.in build: use shorter file names for 'make dist' 2010-10-27 16:29:25 -06:00
api.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
apibuild.py qemu_api: Modify apibuild.py to generate docs for QEMU APIs 2011-09-14 11:36:10 +08:00
apps.html.in docs: mention EMOTIVE as a libvirt-using app 2011-07-14 15:34:37 -06:00
archdomain.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
architecture.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
architecture.gif * docs/architecture.* docs/*: added a section on the architecture 2005-12-21 16:59:34 +00:00
architecture.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
archnetwork.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
archnode.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
archstorage.html.in Cleanup whitespace in docs 2009-11-06 16:05:18 +01:00
auth.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
bindings.html.in docs: Add information about libvirt-php new location 2011-02-09 12:29:29 -07:00
bugs.html.in Augment bug reporting documentation 2010-11-10 13:16:37 +01:00
compiling.html.in docs: added compiling page and significantly expanded windows page 2010-12-21 20:55:10 +11:00
contact.html.in docs: added libvirt-announce to contact page 2011-01-05 18:07:30 +11:00
csharp.html.in docs: updated c# bindings with arnauds latest changes 2010-11-30 02:22:38 +11:00
deployment.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
devguide.html.in docs: added a table of contents to the first 11 docs files 2010-10-27 15:01:45 +11:00
docs.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
downloads.html.in docs: added compiling page and significantly expanded windows page 2010-12-21 20:55:10 +11:00
drivers.html.in hyperv: Add basic documentation 2011-08-26 17:52:55 +02:00
drvesx.html.in esx: Support folders in the path of vpx:// connection URIs 2011-11-01 18:45:42 +01:00
drvhyperv.html.in hyperv: Add basic documentation 2011-08-26 17:52:55 +02:00
drvlxc.html.in Allow passing of command line args to LXC container 2011-10-04 14:15:09 +01:00
drvopenvz.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
drvqemu.html.in docs: document <qemu:commandline> xml 2011-12-19 14:19:12 -07:00
drvremote.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
drvtest.html.in Whitespace cleanup for pre-tags on the website 2009-11-16 22:42:13 +01:00
drvuml.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
drvvbox.html.in vbox: Support shared folders 2011-10-29 19:50:48 +02:00
drvvmware.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
drvxen.html.in website: Point main page links to libvirt driver pages 2011-07-15 13:19:41 -06:00
errors.html.in Fix a number of small typos 2009-09-22 12:55:39 +02:00
et.png * docs/Makefile.am docs/et.png docs/libvirt.css docs/page.xsl 2008-04-28 08:29:35 +00:00
firewall.html.in html docs: added firewall explanation page by daniel berrange 2010-07-10 22:47:00 +10:00
footer_corner.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
footer_pattern.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
format.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
formatcaps.html.in Remove powerMgmt_valid field from capabilities struct 2011-11-30 10:12:30 +00:00
formatdomain.html.in qemu: add new disk device='lun' for bus='virtio' & type='block' 2012-01-09 10:55:53 -05:00
formatnetwork.html.in Implement DNS SRV record into the bridge driver 2012-01-02 23:05:55 +08:00
formatnode.html.in npiv: Expose fabric_name outside 2011-12-07 18:42:08 +08:00
formatnwfilter.html.in Add documentation for STP filtering support 2011-11-22 15:12:03 -05:00
formatsecret.html.in secret: add Ceph secret type 2011-10-28 11:34:17 -06:00
formatsnapshot.html.in snapshot: also support disks by path 2011-09-05 07:03:04 -06:00
formatstorage.html.in Fix typo in storage pool documentation 2011-12-19 16:33:42 +01:00
formatstorageencryption.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
generic.css Fix missing background color 2009-12-03 15:27:24 +01:00
goals.html.in Update on the goal page 2011-03-28 10:40:24 +08:00
hacking1.xsl Generate HACKING from docs/hacking.html.in 2010-11-12 19:47:20 +01:00
hacking2.xsl Generate HACKING from docs/hacking.html.in 2010-11-12 19:47:20 +01:00
hacking.html.in Document STREQ_NULLABLE and STRNEQ_NULLABLE 2011-10-06 16:50:38 +02:00
hooks.html.in Fix several formatting mistakes in doc 2011-03-31 14:36:19 -06:00
hvsupport.pl docs: Make hvsupport.pl pick up the host device drivers 2011-06-06 10:45:59 +02:00
index.html.in hyperv: Add basic documentation 2011-08-26 17:52:55 +02:00
index.py maint: Expand tabs in python code 2011-02-18 08:59:51 +01:00
internals.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
intro.html.in * docs/*: start cleanup/revamp of architecture docs 2009-04-02 12:01:11 +00:00
java.html.in Fix a number of small typos 2009-09-22 12:55:39 +02:00
library.xen remove all trailing blank lines 2009-07-16 15:06:42 +02:00
libvirt-daemon-arch.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-daemon-arch.png Api documentation 2009-04-15 20:42:50 +00:00
libvirt-driver-arch.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-driver-arch.png Api documentation 2009-04-15 20:42:50 +00:00
libvirt-header-bg.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-header-logo.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-net-logical.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-net-logical.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-net-physical.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-net-physical.png Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
libvirt-object-model.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
libvirt-object-model.png Api documentation 2009-04-15 20:42:50 +00:00
libvirt.css Add documentation about migration. 2011-10-28 10:07:45 +01:00
libvirtLogo.png * //* : renamed the project libvirt , this affects all makefiles, 2006-02-09 17:45:11 +00:00
locking.html.in Add documentation for configuration lock managers 2011-06-28 18:19:00 +01:00
logging.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
madeWith.png * //* : renamed the project libvirt , this affects all makefiles, 2006-02-09 17:45:11 +00:00
main.css Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
Makefile.am Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-managed-direct.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-managed-direct.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-managed-p2p.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-managed-p2p.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-native.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-native.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-tunnel.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-tunnel.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration-unmanaged-direct.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
migration-unmanaged-direct.png Add documentation about migration. 2011-10-28 10:07:45 +01:00
migration.html.in Add documentation about migration. 2011-10-28 10:07:45 +01:00
newapi.xsl Improve tokenizing of linkable terms 2011-08-12 07:35:19 -06:00
news.html.in Release of libvirt-0.9.9 2012-01-07 12:18:06 +08:00
news.xsl Convert NEWS to UTF-8 2009-07-29 09:04:21 +01:00
node.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
node.gif * doc/*: augment and try to complete the doc in its current state 2006-01-23 13:24:07 +00:00
page.xsl docs: replace CRLF with LF 2011-01-28 08:44:05 -07:00
php.html.in docs: Add information about libvirt-php new location 2011-02-09 12:29:29 -07:00
python.html.in Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00
relatedlinks.html.in Cleanup whitespace in docs 2009-11-06 16:05:18 +01:00
remote.html.in Add some docs about the RPC protocol and APIs 2011-08-12 13:54:10 +01:00
search.php A couple of fixes for the search PHP code 2011-01-17 16:55:41 +08:00
site.xsl Change generated HTML to UTF-8 encoding 2009-12-08 16:09:33 +01:00
sitemap.html.in Add documentation about migration. 2011-10-28 10:07:45 +01:00
storage.html.in docs: fix the xml validity errors regarding name and id 2010-09-17 00:41:08 +10:00
structures.fig Remove trailing whitespace from all xfig files 2011-10-28 10:11:16 +01:00
subsite.xsl virCommand: docs for usage of new command APIs 2010-12-02 16:00:47 -07:00
testapi.html.in Add documentation about test suites 2011-05-11 19:18:38 +08:00
testsuites.html.in docs: avoid double 'the' 2011-05-11 08:18:04 -06:00
testtck.html.in Add documentation about test suites 2011-05-11 19:18:38 +08:00
todo.cfg-example Add automatic generation of a todo item page 2010-10-12 11:26:52 +01:00
todo.pl Skip bugs which are CLOSED in todo list 2011-07-12 17:10:33 +01:00
uri.html.in Allow for URI aliases when connecting to libvirt 2011-10-19 09:14:34 +01:00
virshcmdref.html.in docs: updated memtune info again in virsh command reference 2011-01-11 07:33:15 +11:00
windows.html.in docs: correct invalid xml 2011-04-01 16:03:11 -06:00
wrapstring.xsl Generate HACKING from docs/hacking.html.in 2010-11-12 19:47:20 +01:00