Eric Blake b66ff2c298 iotests: Specify explicit backing format where sensible
There are many existing qcow2 images that specify a backing file but
no format.  This has been the source of CVEs in the past, but has
become more prominent of a problem now that libvirt has switched to
-blockdev.  With older -drive, at least the probing was always done by
qemu (so the only risk of a changed format between successive boots of
a guest was if qemu was upgraded and probed differently).  But with
newer -blockdev, libvirt must specify a format; if libvirt guesses raw
where the image was formatted, this results in data corruption visible
to the guest; conversely, if libvirt guesses qcow2 where qemu was
using raw, this can result in potential security holes, so modern
libvirt instead refuses to use images without explicit backing format.

The change in libvirt to reject images without explicit backing format
has pointed out that a number of tools have been far too reliant on
probing in the past.  It's time to set a better example in our own
iotests of properly setting this parameter.

iotest calls to create, rebase, and convert are all impacted to some
degree.  It's a bit annoying that we are inconsistent on command line
- while all of those accept -o backing_file=...,backing_fmt=..., the
shortcuts are different: create and rebase have -b and -F, while
convert has -B but no -F.  (amend has no shortcuts, but the previous
patch just deprecated the use of amend to change backing chains).

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200706203954.341758-9-eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-07-14 15:18:59 +02:00

399 lines
14 KiB
Bash
Executable File

#!/usr/bin/env bash
#
# Test command line configuration of block devices and driver-specific options
#
# Copyright (C) 2013 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# creator
owner=kwolf@redhat.com
seq=`basename $0`
echo "QA output created by $seq"
status=1 # failure is the default!
_cleanup()
{
_cleanup_test_img
}
trap "_cleanup; exit \$status" 0 1 2 3 15
# get standard environment, filters and checks
. ./common.rc
. ./common.filter
_supported_fmt qcow2
_supported_proto file
# A compat=0.10 image is created in this test which does not support anything
# other than refcount_bits=16;
# it also will not support an external data file
_unsupported_imgopts 'refcount_bits=\([^1]\|.\([^6]\|$\)\)' data_file
_require_drivers nbd
do_run_qemu()
{
echo Testing: "$@"
(
if ! test -t 0; then
while read cmd; do
echo $cmd
done
fi
echo quit
) | $QEMU -nographic -monitor stdio -serial none "$@"
echo
}
run_qemu()
{
do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qemu |
_filter_generated_node_ids | _filter_hmp
}
size=128M
device_id="drive0"
_make_test_img $size
cp "$TEST_IMG" "$TEST_IMG.orig"
mv "$TEST_IMG" "$TEST_IMG.base"
_make_test_img -b "$TEST_IMG.base" -F $IMGFMT $size
echo
echo === Unknown option ===
echo
run_qemu -drive file="$TEST_IMG",format=qcow2,unknown_opt=,if=none,id=$device_id
run_qemu -drive file="$TEST_IMG",format=qcow2,unknown_opt=on,if=none,id=$device_id
run_qemu -drive file="$TEST_IMG",format=qcow2,unknown_opt=1234,if=none,id=$device_id
run_qemu -drive file="$TEST_IMG",format=qcow2,unknown_opt=foo,if=none,id=$device_id
echo
echo === Unknown protocol option ===
echo
run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=
run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=on
run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=1234
run_qemu -drive file="$TEST_IMG",format=qcow2,file.unknown_opt=foo
echo
echo === Invalid format ===
echo
run_qemu -drive file="$TEST_IMG",format=foo
run_qemu -drive file="$TEST_IMG",driver=foo
run_qemu -drive file="$TEST_IMG",driver=raw,format=qcow2
run_qemu -drive file="$TEST_IMG",driver=qcow2,format=qcow2
echo
echo === Node names ===
echo
# Maximum length: 31 characters
run_qemu -drive file="$TEST_IMG",node-name=x123456789012345678901234567890
run_qemu -drive file="$TEST_IMG",node-name=x1234567890123456789012345678901
# First character must be alphabetic
# Following characters alphanumeric or -._
run_qemu -drive file="$TEST_IMG",node-name=All-Types.of_all0wed_chars
run_qemu -drive file="$TEST_IMG",node-name=123foo
run_qemu -drive file="$TEST_IMG",node-name=_foo
run_qemu -drive file="$TEST_IMG",node-name=foo#12
echo
echo === Device without drive ===
echo
case "$QEMU_DEFAULT_MACHINE" in
s390-ccw-virtio)
virtio_scsi=virtio-scsi-ccw
;;
*)
virtio_scsi=virtio-scsi-pci
;;
esac
run_qemu -device $virtio_scsi -device scsi-hd |
sed -e "s/$virtio_scsi/VIRTIO_SCSI/"
echo
echo === Overriding backing file ===
echo
echo "info block" | run_qemu -drive file="$TEST_IMG",driver=qcow2,backing.file.filename="$TEST_IMG.orig",if=none,id=$device_id -nodefaults\
| _filter_generated_node_ids
# Drivers that don't support backing files
run_qemu -drive file="$TEST_IMG",driver=raw,backing.file.filename="$TEST_IMG.orig"
run_qemu -drive file="$TEST_IMG",file.backing.driver=file,file.backing.filename="$TEST_IMG.orig"
run_qemu -drive file="$TEST_IMG",file.backing.driver=qcow2,file.backing.file.filename="$TEST_IMG.orig"
echo
echo === Enable and disable lazy refcounting on the command line, plus some invalid values ===
echo
_make_test_img -o compat=1.1 "$size"
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=on
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=off
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=42
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=foo
echo
echo === With version 2 images enabling lazy refcounts must fail ===
echo
_make_test_img -o compat=0.10 $size
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=on
run_qemu -drive file="$TEST_IMG",format=qcow2,lazy-refcounts=off
echo
echo === No medium ===
echo
case "$QEMU_DEFAULT_MACHINE" in
pc)
run_qemu -drive if=floppy
run_qemu -drive if=ide,media=cdrom
run_qemu -drive if=ide
;;
*)
;;
esac
run_qemu -drive if=virtio
case "$QEMU_DEFAULT_MACHINE" in
pc)
run_qemu -drive if=none,id=disk -device ide-cd,drive=disk
run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-cd,drive=disk
run_qemu -drive if=none,id=disk -device ide-drive,drive=disk
run_qemu -drive if=none,id=disk -device ide-hd,drive=disk
run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-disk,drive=disk
run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-hd,drive=disk
;;
*)
;;
esac
echo
echo === Attach to node in non-default iothread ===
echo
case "$QEMU_DEFAULT_MACHINE" in
pc)
iothread="-drive file=$TEST_IMG,if=none,node-name=disk -object iothread,id=thread0 -device virtio-scsi,iothread=thread0,id=virtio-scsi0 -device scsi-hd,bus=virtio-scsi0.0,drive=disk,share-rw=on"
# Can't add a device in the main thread while virtio-scsi0 uses the node
run_qemu $iothread -device ide-hd,drive=disk,share-rw=on
run_qemu $iothread -device virtio-blk-pci,drive=disk,share-rw=on
run_qemu $iothread -device lsi53c895a,id=lsi0 -device scsi-hd,bus=lsi0.0,drive=disk,share-rw=on
run_qemu $iothread -device virtio-scsi,id=virtio-scsi1 -device scsi-hd,bus=virtio-scsi1.0,drive=disk,share-rw=on
# virtio-blk enables the iothread only when the driver initialises the
# device, so a second virtio-blk device can't be added even with the
# same iothread. virtio-scsi allows this.
run_qemu $iothread -device virtio-blk-pci,drive=disk,iohtread=iothread0,share-rw=on
run_qemu $iothread -device virtio-scsi,id=virtio-scsi1,iothread=thread0 -device scsi-hd,bus=virtio-scsi1.0,drive=disk,share-rw=on
;;
*)
;;
esac
echo
echo === Read-only ===
echo
case "$QEMU_DEFAULT_MACHINE" in
pc)
run_qemu -drive file="$TEST_IMG",if=floppy,readonly=on
run_qemu -drive file="$TEST_IMG",if=ide,media=cdrom,readonly=on
run_qemu -drive file="$TEST_IMG",if=ide,readonly=on
;;
*)
;;
esac
run_qemu -drive file="$TEST_IMG",if=virtio,readonly=on
case "$QEMU_DEFAULT_MACHINE" in
pc)
run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device ide-cd,drive=disk
run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-cd,drive=disk
run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device ide-drive,drive=disk
run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device ide-hd,drive=disk
run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-disk,drive=disk
run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-hd,drive=disk
;;
*)
;;
esac
echo
echo === Cache modes ===
echo
# Cannot use the test image because cache=none might not work on the host FS
# Use cdrom so that we won't get errors about missing media
run_qemu -drive driver=null-co,read-zeroes=on,cache=none
run_qemu -drive driver=null-co,read-zeroes=on,cache=directsync
run_qemu -drive driver=null-co,read-zeroes=on,cache=writeback
run_qemu -drive driver=null-co,read-zeroes=on,cache=writethrough
run_qemu -drive driver=null-co,read-zeroes=on,cache=unsafe
run_qemu -drive driver=null-co,cache=invalid_value
# Can't test direct=on here because O_DIRECT might not be supported on this FS
# Test 142 checks the direct=on cases
for cache in writeback writethrough unsafe invalid_value; do
printf "info block %s\n" '' file backing backing-file | \
run_qemu -drive file="$TEST_IMG",cache=$cache,backing.file.filename="$TEST_IMG.base",backing.cache.no-flush=on,backing.node-name=backing,backing.file.node-name=backing-file,file.node-name=file,if=none,id=$device_id -nodefaults
done
echo
echo === Specifying the protocol layer ===
echo
run_qemu -drive file="$TEST_IMG",file.driver=file
echo
echo === Leaving out required options ===
echo
run_qemu -drive driver=file
run_qemu -drive driver=file,filename=
run_qemu -drive driver=nbd
run_qemu -drive driver=raw
run_qemu -drive file.driver=file
run_qemu -drive file.driver=nbd
run_qemu -drive file.driver=raw
run_qemu -drive foo=bar
echo
echo === Specifying both an option and its legacy alias ===
echo
run_qemu -drive file="$TEST_IMG",iops=1234,throttling.iops-total=5678
run_qemu -drive file="$TEST_IMG",iops_rd=1234,throttling.iops-read=5678
run_qemu -drive file="$TEST_IMG",iops_wr=1234,throttling.iops-write=5678
run_qemu -drive file="$TEST_IMG",bps=1234,throttling.bps-total=5678
run_qemu -drive file="$TEST_IMG",bps_rd=1234,throttling.bps-read=5678
run_qemu -drive file="$TEST_IMG",bps_wr=1234,throttling.bps-write=5678
run_qemu -drive file="$TEST_IMG",iops_max=1234,throttling.iops-total-max=5678
run_qemu -drive file="$TEST_IMG",iops_rd_max=1234,throttling.iops-read-max=5678
run_qemu -drive file="$TEST_IMG",iops_wr_max=1234,throttling.iops-write-max=5678
run_qemu -drive file="$TEST_IMG",bps_max=1234,throttling.bps-total-max=5678
run_qemu -drive file="$TEST_IMG",bps_rd_max=1234,throttling.bps-read-max=5678
run_qemu -drive file="$TEST_IMG",bps_wr_max=1234,throttling.bps-write-max=5678
run_qemu -drive file="$TEST_IMG",iops_size=1234,throttling.iops-size=5678
run_qemu -drive file="$TEST_IMG",readonly=on,read-only=off
echo
echo === Catching negative/large throttling values ===
echo
run_qemu -drive file="$TEST_IMG",iops=-1
run_qemu -drive file="$TEST_IMG",bps=-2
run_qemu -drive file="$TEST_IMG",bps_rd=-3
run_qemu -drive file="$TEST_IMG",bps_rd_max=-3
run_qemu -drive file="$TEST_IMG",throttling.iops-total=-4
run_qemu -drive file="$TEST_IMG",throttling.bps-total=-5
# These are accepted
run_qemu -drive file="$TEST_IMG",bps=0
run_qemu -drive file="$TEST_IMG",bps=1
run_qemu -drive file="$TEST_IMG",bps=1000000000000000
# While these are not
run_qemu -drive file="$TEST_IMG",bps=1000000000000001
run_qemu -drive file="$TEST_IMG",bps=9999999999999999
echo
echo === Parsing protocol from file name ===
echo
# Protocol strings are supposed to be parsed from traditional option strings,
# but not when using driver-specific options. We can distinguish them by the
# error message for non-existing files.
run_qemu -hda foo:bar
run_qemu -drive file=foo:bar
run_qemu -drive file.filename=foo:bar
run_qemu -hda "file:$TEST_IMG"
run_qemu -drive file="file:$TEST_IMG"
run_qemu -drive file.filename="file:$TEST_IMG"
echo
echo === Snapshot mode ===
echo
$QEMU_IO -c "write -P 0x11 0 4k" "$TEST_IMG" | _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="$TEST_IMG",if=none,id=$device_id -snapshot | _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="$TEST_IMG",snapshot=on,if=none,id=$device_id | _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file.filename="$TEST_IMG",driver=qcow2,snapshot=on,if=none,id=$device_id\
| _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file.filename="$TEST_IMG",driver=qcow2,if=none,id=$device_id -snapshot\
| _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="file:$TEST_IMG",if=none,id=$device_id -snapshot | _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="file:$TEST_IMG",snapshot=on,if=none,id=$device_id | _filter_qemu_io
# Opening a read-only file r/w with snapshot=on
chmod u-w "$TEST_IMG"
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="$TEST_IMG",if=none,id=$device_id -snapshot | _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="$TEST_IMG",snapshot=on,if=none,id=$device_id | _filter_qemu_io
chmod u+w "$TEST_IMG"
$QEMU_IO -c "read -P 0x11 0 4k" "$TEST_IMG" | _filter_qemu_io
echo "qemu-io $device_id \"write -P 0x22 0 4k\"" | run_qemu -drive file="$TEST_IMG",snapshot=off,if=none,id=$device_id | _filter_qemu_io
$QEMU_IO -c "read -P 0x22 0 4k" "$TEST_IMG" | _filter_qemu_io
printf %b "qemu-io $device_id \"write -P 0x33 0 4k\"\ncommit $device_id\n" |
run_qemu -drive file="$TEST_IMG",snapshot=on,if=none,id=$device_id |
_filter_qemu_io
$QEMU_IO -c "read -P 0x33 0 4k" "$TEST_IMG" | _filter_qemu_io
# Using snapshot=on with a non-existent TMPDIR
if [ "${VALGRIND_QEMU_VM}" == "y" ]; then
_casenotrun "Valgrind needs a valid TMPDIR for itself"
fi
VALGRIND_QEMU_VM= \
TMPDIR=/nonexistent run_qemu -drive driver=null-co,snapshot=on
# Using snapshot=on together with read-only=on
echo "info block" |
run_qemu -drive file="$TEST_IMG",snapshot=on,read-only=on,if=none,id=$device_id |
_filter_qemu_io |
sed -e 's#"[^"]*/vl\.[A-Za-z0-9]\{6\}"#SNAPSHOT_PATH#g'
# success, all done
echo "*** done"
rm -f $seq.full
status=0