-
由 Eric Blake 提交于
While investigating https://bugzilla.redhat.com/show_bug.cgi?id=1061827 I noticed that we pass user input unscathed for block-pull, but always pass a canonical absolute name through for block-commit. [Note that we probably _ought_ to validate that the user's request for block-pull actually matches the backing chain, the way we already do for block-commit - but that's a separate issue. Further note that the ability to pass user input through unscathed allows backdoors such as specifying a backing image that is a network URI such as a gluster disk, instead of forcing things to the local file system; which is an area still under active investigation on whether libvirt needs to behave differently for network disks.] Since qemu may write the name that the user passed in as the backing file, a user may have a reason to want a relative file name passed through to qemu, and always munging things to absolute prevents that. Put another way, if you have the backing chain: [A] <- [B(back=./A)] <- [C(back=./B)] and commit B into A (virsh blockcommit $dom vda --base A --top B), the metadata of C will have to be re-written. But should it be rewritten as [C(back=./A)] or as [C(back=/path/to/A)]? Still up in the air is whether qemu's decision should be based on whether B and/or C had relative paths, or on whether the --base and/or --top arguments to the command were relative paths; but if we always pass a canonical name, we've prevented the spelling of the command arguments from being part of the hueristics that qemu uses. I also audited the code, and verified that we never call qemuMonitorBlockCommit() with a NULL base, either before or after the change to qemu_driver.c. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Preserve user's spelling, since absolute vs. relative matters to qemu. * src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): Base is never null. * src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Likewise. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit): Likewise. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
359f4b11