1#!/usr/bin/env python3
2# group: migration
3#
4# Copyright (C) 2021 Red Hat, Inc.
5#
6# This program is free software; you can redistribute it and/or modify
7# it under the terms of the GNU General Public License as published by
8# the Free Software Foundation; either version 2 of the License, or
9# (at your option) any later version.
10#
11# This program is distributed in the hope that it will be useful,
12# but WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14# GNU General Public License for more details.
15#
16# You should have received a copy of the GNU General Public License
17# along with this program.  If not, see <http://www.gnu.org/licenses/>.
18#
19
20import os
21from subprocess import CalledProcessError
22
23import iotests
24from iotests import imgfmt, qemu_img_create, qemu_io
25
26
27test_img = os.path.join(iotests.test_dir, 'test.img')
28mig_sock = os.path.join(iotests.sock_dir, 'mig.sock')
29
30
31class TestMigrationPermissions(iotests.QMPTestCase):
32    def setUp(self):
33        qemu_img_create('-f', imgfmt, test_img, '1M')
34
35        # Set up two VMs (source and destination) accessing the same raw
36        # image file with a virtio-blk device; prepare the destination for
37        # migration with .add_incoming() and enable migration events
38        vms = [None, None]
39        for i in range(2):
40            vms[i] = iotests.VM(path_suffix=f'{i}')
41            vms[i].add_blockdev(f'file,node-name=prot,filename={test_img}')
42            vms[i].add_blockdev(f'{imgfmt},node-name=fmt,file=prot')
43            vms[i].add_device('virtio-blk,drive=fmt')
44
45            if i == 1:
46                vms[i].add_incoming(f'unix:{mig_sock}')
47
48            vms[i].launch()
49
50            result = vms[i].qmp('migrate-set-capabilities',
51                                capabilities=[
52                                    {'capability': 'events', 'state': True}
53                                ])
54            self.assert_qmp(result, 'return', {})
55
56        self.vm_s = vms[0]
57        self.vm_d = vms[1]
58
59    def tearDown(self):
60        self.vm_s.shutdown()
61        self.vm_d.shutdown()
62        try:
63            os.remove(mig_sock)
64        except FileNotFoundError:
65            pass
66        os.remove(test_img)
67
68    # Migrate an image in use by a virtio-blk device to another VM and
69    # verify that the WRITE permission is unshared both before and after
70    # migration
71    def test_post_migration_permissions(self):
72        # Try to access the image R/W, which should fail because virtio-blk
73        # has not been configured with share-rw=on
74        emsg = ('ERROR (pre-migration): qemu-io should not be able to '
75                'access this image, but it reported no error')
76        with self.assertRaises(CalledProcessError, msg=emsg) as ctx:
77            qemu_io('-f', imgfmt, '-c', 'quit', test_img)
78        if 'Is another process using the image' not in ctx.exception.stdout:
79            raise ctx.exception
80
81        # Now migrate the VM
82        self.vm_s.qmp('migrate', uri=f'unix:{mig_sock}')
83        assert self.vm_s.wait_migration(None)
84        assert self.vm_d.wait_migration(None)
85
86        # Try the same qemu-io access again, verifying that the WRITE
87        # permission remains unshared
88        emsg = ('ERROR (post-migration): qemu-io should not be able to '
89                'access this image, but it reported no error')
90        with self.assertRaises(CalledProcessError, msg=emsg) as ctx:
91            qemu_io('-f', imgfmt, '-c', 'quit', test_img)
92        if 'Is another process using the image' not in ctx.exception.stdout:
93            raise ctx.exception
94
95
96if __name__ == '__main__':
97    # Only works with raw images because we are testing the
98    # BlockBackend permissions; image format drivers may additionally
99    # unshare permissions and thus tamper with the result
100    iotests.main(supported_fmts=['raw'],
101                 supported_protocols=['file'])
102