[PATCH] qemu: Audit VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE flag usage
Michal Prívozník
mprivozn at redhat.com
Mon Jan 31 10:13:38 UTC 2022
On 1/31/22 11:01, Peter Krempa wrote:
> On Mon, Jan 31, 2022 at 10:42:28 +0100, Michal Privoznik wrote:
>> There is plenty of places where a domain XML is parsed using
>> VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE flag, but not all are
>> warranted. The flag usage is okay when parsing an XML produced by
>> us (e.g. when copying virDomainDef). In the rest of places
>> (especially when the XML might come from user) we need to
>> validate the XML, otherwise we may start QEMU assuming it has
>> certain capabilities while in fact it doesn't. For instance, in
>> this specific case when migrating a guest with virtio-mem to a
>> QEMU that has virtio-mem disabled, loading migration fails with:
>>
>> qemu-kvm: ... 'virtio-mem-pci' is not a valid device model name
>>
>> This bug is more visible the more we transfer validation from
>> qemu_command.c into qemu_validate.c.
>
> This is weird, because the validation should be done on the destination
> when starting the qemu process with the already parsed definition.
I think my patch does exactly that. I mean, the places I'm fixing are
run on the destination. And running the validation on the source - well,
we are running ABI stability check anyway so why not run validator?
>
> In case we skipt that for migration for any reason that would be the
> place to fix it rather than messing with the parsing step.
>
> The handling should be equivalent to what happens when you have an
> un-validated XML already defined and attempt to start the VM from such
> definition.
>
Fair enough, so in that case we need to remove the check from
qemuProcessStartValidate().
Michal
More information about the libvir-list
mailing list