Bug 976387 - taint domain if it uses host CD-ROM passthrough
taint domain if it uses host CD-ROM passthrough
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: John Ferlan
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-20 09:20 EDT by Paolo Bonzini
Modified: 2016-04-26 09:58 EDT (History)
10 users (show)

See Also:
Fixed In Version: libvirt-1.2.16-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 00:43:16 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paolo Bonzini 2013-06-20 09:20:48 EDT
A domain that uses a device as the source of a virtual CD-ROM drive will often encounter problems as both the guest and host try to control the tray.  It would be nice if such a domain could be tainted.

How to reproduce:

1. create a domain with

    <disk type='block' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/sr0'/>
      <target dev='hdc' bus='ide'>
      <readonly/>
    </disk>

2. The per-domain logfile should show something like "Domain id=3 is tainted: cdrom-passthrough".
Comment 5 Jiri Denemark 2014-04-04 17:37:45 EDT
This bug was not selected to be addressed in Red Hat Enterprise Linux 6. We will look at it again within the Red Hat Enterprise Linux 7 product.
Comment 8 John Ferlan 2015-05-12 16:04:01 EDT
Posted patches upstream:

http://www.redhat.com/archives/libvir-list/2015-May/msg00380.html
Comment 9 John Ferlan 2015-05-20 07:52:13 EDT
Patch pushed upstream:

commit 99a2d6af2b30bbb6cd87986b65129cfa9257e5ff
Author: John Ferlan <jferlan@redhat.com>
Date:   Tue May 12 15:58:31 2015 -0400

    Taint domains using cdrom-passthrough
    
    https://bugzilla.redhat.com/show_bug.cgi?id=976387
    
    For a domain configured using the host cdrom, we should taint the domain
    due to problems encountered when the host and guest try to control the tray.


$ git describe 99a2d6af2b30bbb6cd87986b65129cfa9257e5ff
v1.2.15-116-g99a2d6a
$
Comment 11 yisun 2015-09-17 07:52:28 EDT
cdrom passthrough is disabled by qemu-kvm as bz https://bugzilla.redhat.com/show_bug.cgi?id=760885

Downgrade qemu-kvm and libvirt cause a lot of other problems with current 7.2 kernel. Will find an available host with cd-rom and test this with rhel7.0 later.
Comment 12 yisun 2015-10-12 04:46:05 EDT
verified on:
libvirt-1.2.17-13.el7.x86_64
qemu-kvm-rhev-2.3.0-26.el7.x86_64

since the qemu has disabled the host cd-rom pass-through. So the verification will just execute some sanity check.
1. check the code merged in latest libvirt
2. check the cd-rom pass-through is really disabled with libvirt.


Scenario 1: code check
1. download and install libvirt-1.2.17-13.el7.src.rpm
2. check code with patch instruction.
vim src/conf/domain_conf.c +96
VIR_ENUM_IMPL(virDomainTaint, VIR_DOMAIN_TAINT_LAST,
              "custom-argv",
              "custom-monitor",
              "high-privileges",
              "shell-scripts",
              "disk-probing",
              "external-launch",
              "host-cpu",
              "hook-script",
              "cdrom-passthrough",
              "custom-dtb");
========
vim src/conf/domain_conf.h +2313
typedef enum {
...
    VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH,/* CDROM passthrough */ 
...
} virDomainTaintFlags;

========

vim src/qemu/qemu_domain.c +2191
    if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
        virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_BLOCK &&
        disk->src->path)
        qemuDomainObjTaint(driver, obj, VIR_DOM/qemu/qemu_domain.cAIN_TAINT_CDROM_PASSTHROUGH,
                           logFD);

    virObjectUnref(cfg); 


Scenario 2: check host cd-rom pass-through is really disabled. 
1. prepare a disk xml
#cat disk.xml
    <disk type='block' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/sr0'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
    </disk>

2. hotplug the disk
# virsh attach-device ys1 disk.xml 
error: Failed to attach device from disk.xml
error: internal error: No device with bus 'ide' and target 'hdc'. cdrom and floppy device hotplug isn't supported by libvirt

# virsh attach-disk ys1 /dev/sr0 sdc
error: Failed to attach disk
error: internal error: unable to execute QEMU command '__com.redhat_drive_add': Device 'drive-scsi0-0-0-2' could not be initialized


3. cold plug the disk
#virsh edit ys1
(add following)
    <disk type='block' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/sr0'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
    </disk>

# virsh start ys1
error: Failed to start domain ys1
error: internal error: process exited while connecting to monitor: 2015-10-12T08:26:10.000070Z qemu-kvm: -drive file=/dev/sr0,if=none,id=drive-ide0-1-0,readonly=on,format=raw: Driver 'host_cdrom' is not whitelisted
Comment 14 errata-xmlrpc 2015-11-19 00:43:16 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html

Note You need to log in before you can comment on or make changes to this bug.