qemu: capabilities: Introduce QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED

Historically the 'scsi' passthrough feature of virtio-blk-pci was enabled by default. Libvirt was disabling it due to security implications outlined in libvirt commit v0.9.9-4-g177db087 if it was not explicitly requested. In qemu commit v2.4.0-1566-ged65fd1a27 the default value was changed to disabled in preparation for virtio-1. Starting from QEMU-5.0 the 'scsi' property was also deprecated. There replacement for the functionality is to use 'virtio-scsi' for the purpose. This isn't a direct replacement though. Add capability named QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED which allows us to stop formatting the 'scsi=' property if it's disabled by default and not requested so that we don't use deprecated features. Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Michal Privoznik <mprivozn@redhat.com>

qemu: capabilities: Introduce QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED
Historically the 'scsi' passthrough feature of virtio-blk-pci was enabled by default. Libvirt was disabling it due to security implications outlined in libvirt commit v0.9.9-4-g177db087 if it was not explicitly requested. In qemu commit v2.4.0-1566-ged65fd1a27 the default value was changed to disabled in preparation for virtio-1. Starting from QEMU-5.0 the 'scsi' property was also deprecated. There replacement for the functionality is to use 'virtio-scsi' for the purpose. This isn't a direct replacement though. Add capability named QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED which allows us to stop formatting the 'scsi=' property if it's disabled by default and not requested so that we don't use deprecated features. Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Michal Privoznik <mprivozn@redhat.com>
3b7ca6d4 · Peter Krempa · 4b8ad7fc · 3b7ca6d4 · 3b7ca6d4 · 3b7ca6d4
7 changed file
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -580,6 +580,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
              "machine.pseries.cap-sbbc",
              "machine.pseries.cap-ibs",
              "tcg",
+              "virtio-blk-pci.scsi.default.disabled",
    );


@@ -1319,10 +1320,27 @@ static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioBalloon[]
    { "packed", QEMU_CAPS_VIRTIO_PACKED_QUEUES, NULL },
 };

+
+static int
+virQEMUCapsDevicePropsVirtioBlkSCSIDefault(virJSONValuePtr props,
+                                           virQEMUCapsPtr qemuCaps)
+{
+    bool def = false;
+
+    if (virJSONValueObjectGetBoolean(props, "default-value", &def) < 0)
+        return 0;
+
+    if (def == false)
+        virQEMUCapsSet(qemuCaps, QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED);
+
+    return 0;
+}
+
+
 static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioBlk[] = {
    { "ioeventfd", QEMU_CAPS_VIRTIO_IOEVENTFD, NULL },
    { "event_idx", QEMU_CAPS_VIRTIO_BLK_EVENT_IDX, NULL },
-    { "scsi", QEMU_CAPS_VIRTIO_BLK_SCSI, NULL },
+    { "scsi", QEMU_CAPS_VIRTIO_BLK_SCSI, virQEMUCapsDevicePropsVirtioBlkSCSIDefault },
    { "logical_block_size", QEMU_CAPS_BLOCKIO, NULL },
    { "num-queues", QEMU_CAPS_VIRTIO_BLK_NUM_QUEUES, NULL },
    { "share-rw", QEMU_CAPS_DISK_SHARE_RW, NULL },

--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -561,6 +561,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
    QEMU_CAPS_MACHINE_PSERIES_CAP_SBBC, /* -machine pseries.cap-sbbc */
    QEMU_CAPS_MACHINE_PSERIES_CAP_IBS, /* -machine pseries.cap-ibs */
    QEMU_CAPS_TCG, /* QEMU does support TCG */
+    QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED, /* virtio-blk-pci.scsi disabled by default */

    QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;

--- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
@@ -191,6 +191,7 @@
  <flag name='virtio.packed'/>
  <flag name='pcie-root-port.hotplug'/>
  <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
  <version>5000000</version>
  <kvmVersion>0</kvmVersion>
  <microcodeVersion>61700241</microcodeVersion>

--- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
@@ -199,6 +199,7 @@
  <flag name='machine.pseries.cap-sbbc'/>
  <flag name='machine.pseries.cap-ibs'/>
  <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
  <version>5000000</version>
  <kvmVersion>0</kvmVersion>
  <microcodeVersion>42900241</microcodeVersion>

--- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
@@ -187,6 +187,7 @@
  <flag name='pcie-root-port.hotplug'/>
  <flag name='aio.io_uring'/>
  <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
  <version>5000000</version>
  <kvmVersion>0</kvmVersion>
  <microcodeVersion>0</microcodeVersion>

--- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
@@ -232,6 +232,7 @@
  <flag name='pcie-root-port.hotplug'/>
  <flag name='aio.io_uring'/>
  <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
  <version>5000000</version>
  <kvmVersion>0</kvmVersion>
  <microcodeVersion>43100241</microcodeVersion>

--- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
@@ -232,6 +232,7 @@
  <flag name='pcie-root-port.hotplug'/>
  <flag name='aio.io_uring'/>
  <flag name='tcg'/>
+  <flag name='virtio-blk-pci.scsi.default.disabled'/>
  <version>5000050</version>
  <kvmVersion>0</kvmVersion>
  <microcodeVersion>43100242</microcodeVersion>