[PATCH] qemu: Audit VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE flag usage
pkrempa at redhat.com
Mon Jan 31 10:01:26 UTC 2022
On Mon, Jan 31, 2022 at 10:42:28 +0100, Michal Privoznik wrote:
> There is plenty of places where a domain XML is parsed using
> VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE flag, but not all are
> warranted. The flag usage is okay when parsing an XML produced by
> us (e.g. when copying virDomainDef). In the rest of places
> (especially when the XML might come from user) we need to
> validate the XML, otherwise we may start QEMU assuming it has
> certain capabilities while in fact it doesn't. For instance, in
> this specific case when migrating a guest with virtio-mem to a
> QEMU that has virtio-mem disabled, loading migration fails with:
> qemu-kvm: ... 'virtio-mem-pci' is not a valid device model name
> This bug is more visible the more we transfer validation from
> qemu_command.c into qemu_validate.c.
This is weird, because the validation should be done on the destination
when starting the qemu process with the already parsed definition.
In case we skipt that for migration for any reason that would be the
place to fix it rather than messing with the parsing step.
The handling should be equivalent to what happens when you have an
un-validated XML already defined and attempt to start the VM from such
More information about the libvir-list