Re: [Libguestfs] [PATCH] lib: direct: Remove support for virtio-blk as the default.
On Wednesday, 19 April 2017 12:00:17 CEST Richard W.M. Jones wrote:
virtio-scsi has been supported in qemu since 2012, and it is
superior
in every respect to virtio-blk. There's no reason to still be using
virtio-blk.
virtio-scsi support was initially added in 2012
(commit 0c0a7d0d868d153adf0600189f771459e1068b0a).
You can still use virtio-blk using the (deprecated) iface parameter,
but don't do that in new code.
---
LGTM, just one note below.
/* CVE-2011-4127 mitigation: Disable SCSI ioctls on virtio-blk
- * devices. The -global option must exist, but you can pass any
- * strings to it so we don't need to check for the specific virtio
- * feature.
+ * devices.
*/
- if (guestfs_int_qemu_supports (g, data->qemu_data, "-global")) {
- ADD_CMDLINE ("-global");
- ADD_CMDLINE (VIRTIO_BLK ".scsi=off");
- }
+ ADD_CMDLINE ("-global");
+ ADD_CMDLINE (VIRTIO_BLK ".scsi=off");
Before them, a "safety" check like the (untested) following could be
added:
if (guestfs_int_qemu_supports_device (g, data, VIRTIO_SCSI) != 1) {
error (g, _("QEMU with virtio-scsi support is required"));
goto cleanup0;
}
--
Pino Toscano
Attachments:
- signature.asc (application/pgp-signature — 819 bytes)