commit libvirt for openSUSE:Leap:15.2

Fri, 13 Mar 2020 02:57:01 -0700 

Hello community,

here is the log from the commit of package libvirt for openSUSE:Leap:15.2 
checked in at 2020-03-13 10:56:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/libvirt (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.libvirt.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libvirt"

Fri Mar 13 10:56:24 2020 rev:111 rq:782180 version:6.0.0

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/libvirt/libvirt.changes        2020-02-16 
18:25:54.322642139 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.libvirt.new.3160/libvirt.changes      
2020-03-13 10:56:29.324396757 +0100
@@ -1,0 +2,7 @@
+Tue Mar  3 23:22:42 UTC 2020 - James Fehlig <[email protected]>
+
+- qemu: Allow format probing under special circumstances
+  ae9e6c2a-qemu-allow-cond-format-probe.patch
+  bsc#1165588
+
+-------------------------------------------------------------------

New:
----
  ae9e6c2a-qemu-allow-cond-format-probe.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.5SLKLy/_old  2020-03-13 10:56:30.360397496 +0100
+++ /var/tmp/diff_new_pack.5SLKLy/_new  2020-03-13 10:56:30.360397496 +0100
@@ -342,6 +342,7 @@
 Patch1:         849052ec-libxl-support-credit2.patch
 Patch2:         72ed254b-drop-exec-perms-bashcompletion.patch
 Patch3:         e092daac-prohib-parallel-tunneled-mig.patch
+Patch4:         ae9e6c2a-qemu-allow-cond-format-probe.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -879,6 +880,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1

++++++ ae9e6c2a-qemu-allow-cond-format-probe.patch ++++++
commit ae9e6c2a2b75d958995c661f7bb64ed4353a6404
Author: Peter Krempa <[email protected]>
Date:   Mon Feb 17 10:08:25 2020 +0100

    virStorageFileGetMetadataRecurse: Allow format probing under special 
circumstances
    
    Allow format probing to work around lazy clients which did not specify
    their format in the overlay. Format probing will be allowed only, if we
    are able to probe the image, the probing result was successful and the
    probed image does not have any backing or data file.
    
    This relaxes the restrictions which were imposed in commit 3615e8b39bad
    in cases when we know that the image probing will not result in security
    issues or data corruption.
    
    We perform the image format detection and in the case that we were able
    to probe the format and the format does not specify a backing store (or
    doesn't support backing store) we can use this format.
    
    With pre-blockdev configurations this will restore the previous
    behaviour for the images mentioned above as qemu would probe the format
    anyways. It also improves error reporting compared to the old state as
    we now report that the backing chain will be broken in case when there
    is a backing file.
    
    In blockdev configurations this ensures that libvirt will not cause data
    corruption by ending the chain prematurely without notifying the user,
    but still allows the old semantics when the users forgot to specify the
    format.
    
    Users thus don't have to re-invent when image format detection is safe
    to do.
    
    The price for this is that libvirt will need to keep the image format
    detector still current and working or replace it by invocation of
    qemu-img.
    
    Signed-off-by: Peter Krempa <[email protected]>
    Reviewed-by: Daniel P. BerrangĂ© <[email protected]>

Index: libvirt-6.0.0/src/util/virstoragefile.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virstoragefile.c
+++ libvirt-6.0.0/src/util/virstoragefile.c
@@ -4907,6 +4907,7 @@ virStorageFileGetMetadataRecurse(virStor
                                  virHashTablePtr cycle,
                                  unsigned int depth)
 {
+    virStorageFileFormat orig_format = src->format;
     int ret = -1;
     const char *uniqueName;
     ssize_t headerLen;
@@ -4919,10 +4920,17 @@ virStorageFileGetMetadataRecurse(virStor
               src->path, src->format,
               (unsigned int)uid, (unsigned int)gid);
 
+    if (src->format == VIR_STORAGE_FILE_AUTO_SAFE)
+        src->format = VIR_STORAGE_FILE_AUTO;
+
     /* exit if we can't load information about the current image */
     rv = virStorageFileSupportsBackingChainTraversal(src);
-    if (rv <= 0)
+    if (rv <= 0) {
+        if (orig_format == VIR_STORAGE_FILE_AUTO)
+            return -2;
+
         return rv;
+    }
 
     if (virStorageFileInitAs(src, uid, gid) < 0)
         return -1;
@@ -4960,6 +4968,18 @@ virStorageFileGetMetadataRecurse(virStor
                                           &backingFormat) < 0)
         goto cleanup;
 
+    /* If we probed the format we MUST ensure that nothing else than the 
current
+     * image (this includes both backing files and external data store) is
+     * considered for security labelling and/or recursion. */
+    if (orig_format == VIR_STORAGE_FILE_AUTO) {
+        if (src->backingStoreRaw || src->externalDataStoreRaw) {
+            src->format = VIR_STORAGE_FILE_RAW;
+            VIR_FREE(src->backingStoreRaw);
+            VIR_FREE(src->externalDataStoreRaw);
+            return -2;
+        }
+    }
+
     if (src->backingStoreRaw) {
         if ((rv = virStorageSourceNewFromBacking(src, &backingStore)) < 0)
             goto cleanup;
@@ -4972,36 +4992,21 @@ virStorageFileGetMetadataRecurse(virStor
 
         backingStore->format = backingFormat;
 
-        if (backingStore->format == VIR_STORAGE_FILE_AUTO) {
-            /* Assuming the backing store to be raw can lead to failures. We do
-             * it only when we must not report an error to prevent losing VMs.
-             * Otherwise report an error.
-             */
-            if (report_broken) {
+        if ((rv = virStorageFileGetMetadataRecurse(backingStore, parent,
+                                                   uid, gid,
+                                                   report_broken,
+                                                   cycle, depth + 1)) < 0) {
+            if (!report_broken)
+                return 0;
+
+            if (rv == -2) {
                 virReportError(VIR_ERR_OPERATION_INVALID,
                                _("format of backing image '%s' of image '%s' 
was not specified in the image metadata "
                                  "(See 
https://libvirt.org/kbase/backing_chains.html for troubleshooting)"),
                                src->backingStoreRaw, NULLSTR(src->path));
-                return -1;
             }
 
-            backingStore->format = VIR_STORAGE_FILE_RAW;
-        }
-
-        if (backingStore->format == VIR_STORAGE_FILE_AUTO_SAFE)
-            backingStore->format = VIR_STORAGE_FILE_AUTO;
-
-        if ((ret = virStorageFileGetMetadataRecurse(backingStore, parent,
-                                                    uid, gid,
-                                                    report_broken,
-                                                    cycle, depth + 1)) < 0) {
-            if (report_broken)
-                goto cleanup;
-
-            /* if we fail somewhere midway, just accept and return a
-             * broken chain */
-            ret = 0;
-            goto cleanup;
+            return -1;
         }
     } else {
         /* add terminator */

Reply via email to