Ensure that the new fields are allowed only when -blockdev is used or
when they are in the detected part of the backing chain where qemu will
handle them internally.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_domain.c | 55 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1d551f248f..e7aaded4d5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6881,6 +6881,61 @@ qemuDomainValidateStorageSource(virStorageSourcePtr src,
         }
     }

+    if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) {
+        if (actualType != VIR_STORAGE_TYPE_NETWORK ||
+            (src->protocol != VIR_STORAGE_NET_PROTOCOL_HTTPS &&
+             src->protocol != VIR_STORAGE_NET_PROTOCOL_FTPS)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("ssl verification is supported only with HTTPS/FTPS protocol"));
+            return -1;
+        }
+
+        if (!src->detected &&
+            !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("ssl verification setting is not supported by this QEMU binary"));
+            return -1;
+        }
+    }
+
+    if (src->ncookies > 0) {
+        if (actualType != VIR_STORAGE_TYPE_NETWORK ||
+            (src->protocol != VIR_STORAGE_NET_PROTOCOL_HTTPS &&
+             src->protocol != VIR_STORAGE_NET_PROTOCOL_HTTP)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("http cookies are supported only with HTTP(S) protocol"));
+            return -1;
+        }
+
+        if (!src->detected &&
+            !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("http cookies are not supported by this QEMU binary"));
+            return -1;
+        }
+
+        if (virStorageSourceNetCookiesValidate(src) < 0)
+            return -1;
+    }
+
+    if (src->readahead > 0) {
+        if (!src->detected &&
+            !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("readahead setting is not supported by this QEMU binary"));
+            return -1;
+        }
+    }
+
+    if (src->timeout > 0) {
+        if (!src->detected &&
+            !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("timeout setting is not supported by this QEMU binary"));
+            return -1;
+        }
+    }
+
     return 0;
 }

-- 
2.24.1

On a Monday in 2020, Peter Krempa wrote:
>Ensure that the new fields are allowed only when -blockdev is used or
>when they are in the detected part of the backing chain where qemu will
>handle them internally.
>
>Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>---
> src/qemu/qemu_domain.c | 55 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 55 insertions(+)
>
>diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>index 1d551f248f..e7aaded4d5 100644
>--- a/src/qemu/qemu_domain.c
>+++ b/src/qemu/qemu_domain.c
>+
>+    if (src->readahead > 0) {
>+        if (!src->detected &&

Is this supported for non-network sources?

>+            !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) {
>+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>+                           _("readahead setting is not supported by this QEMU binary"));

Either way - readahead in QEMU's curl backend seems to be there for a
long time now. "supported with this QEMU binary" would be more accurate phrasing

>+            return -1;
>+        }

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano