[Libguestfs] [PATCH] lib: direct: Remove support for virtio-blk as the default.
Pino Toscano
ptoscano at redhat.com
Thu Apr 20 12:27:45 UTC 2017
On Wednesday, 19 April 2017 12:00:17 CEST Richard W.M. Jones wrote:
> virtio-scsi has been supported in qemu since 2012, and it is superior
> in every respect to virtio-blk. There's no reason to still be using
> virtio-blk.
>
> virtio-scsi support was initially added in 2012
> (commit 0c0a7d0d868d153adf0600189f771459e1068b0a).
>
> You can still use virtio-blk using the (deprecated) iface parameter,
> but don't do that in new code.
> ---
LGTM, just one note below.
> /* CVE-2011-4127 mitigation: Disable SCSI ioctls on virtio-blk
> - * devices. The -global option must exist, but you can pass any
> - * strings to it so we don't need to check for the specific virtio
> - * feature.
> + * devices.
> */
> - if (guestfs_int_qemu_supports (g, data->qemu_data, "-global")) {
> - ADD_CMDLINE ("-global");
> - ADD_CMDLINE (VIRTIO_BLK ".scsi=off");
> - }
> + ADD_CMDLINE ("-global");
> + ADD_CMDLINE (VIRTIO_BLK ".scsi=off");
Before them, a "safety" check like the (untested) following could be
added:
if (guestfs_int_qemu_supports_device (g, data, VIRTIO_SCSI) != 1) {
error (g, _("QEMU with virtio-scsi support is required"));
goto cleanup0;
}
--
Pino Toscano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20170420/e5f58643/attachment.sig>
More information about the Libguestfs
mailing list