[xen master] libxl: restore passing "readonly=" to qemu for SCSI disks

commit dd64d3c41a2d15139c3a35d22d4cb6b78f4c5c59
Author:     Ian Jackson <[hidden email]>
AuthorDate: Wed Jun 13 15:54:53 2018 +0100
Commit:     Jan Beulich <[hidden email]>
CommitDate: Thu Jun 28 09:05:06 2018 +0200

    libxl: restore passing "readonly=" to qemu for SCSI disks
    A read-only check was introduced for XSA-142, commit ef6cb76026 ("libxl:
    relax readonly check introduced by XSA-142 fix") added the passing of
    the extra setting, but commit dab0539568 ("Introduce COLO mode and
    refactor relevant function") dropped the passing of the setting again,
    quite likely due to improper re-basing.
    Restore the readonly= parameter to SCSI disks.  For IDE disks this is
    supposed to be rejected; add an assert.  And there is a bare ad-hoc
    disk drive string in libxl__build_device_model_args_new, which we also
    This is XSA-266.
    Reported-by: Andrew Reimers <[hidden email]>
    Signed-off-by: Jan Beulich <[hidden email]>
    Signed-off-by: Ian Jackson <[hidden email]>
 tools/libxl/libxl_dm.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index deab371b71..bad3ef5b67 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -798,7 +798,8 @@ static char *qemu_disk_scsi_drive_string(libxl__gc *gc, const char *target_path,
                                          int colo_mode, const char **id_ptr)
     char *drive = NULL;
-    char *common = GCSPRINTF("if=none,cache=writeback");
+    char *common = GCSPRINTF("if=none,readonly=%s,cache=writeback",
+                             disk->readwrite ? "off" : "on");
     const char *exportname = disk->colo_export;
     const char *active_disk = disk->active_disk;
     const char *hidden_disk = disk->hidden_disk;
@@ -852,6 +853,8 @@ static char *qemu_disk_ide_drive_string(libxl__gc *gc, const char *target_path,
     const char *active_disk = disk->active_disk;
     const char *hidden_disk = disk->hidden_disk;
+    assert(disk->readwrite); /* should have been checked earlier */
     switch (colo_mode) {
     case LIBXL__COLO_NONE:
         drive = GCSPRINTF
@@ -1574,8 +1577,9 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
                     const char *drive_id;
                     if (colo_mode == LIBXL__COLO_SECONDARY) {
                         drive = libxl__sprintf
-                            (gc, "if=none,driver=%s,file=%s,id=%s",
-                             format, target_path, disks[i].colo_export);
+                            (gc, "if=none,driver=%s,file=%s,id=%s,readonly=%s",
+                             format, target_path, disks[i].colo_export,
+                             disks[i].readwrite ? "off" : "on");
                         flexarray_append(dm_args, "-drive");
                         flexarray_append(dm_args, drive);
generated by git-patchbot for /home/xen/git/xen.git#master

