Hi All,

Apologies for only noticing the fix for XSA-142 as it starting flowing to our
various downstreams. The current fix seems like quite a big hammer IMO. qemu
doesn't support readonly IDE/SATA disks

# /usr/lib/xen/bin/qemu-system-i386 -drive
file=/tmp/disk.raw,if=ide,media=disk,format=raw,readonly=on
qemu-system-i386: Can't use a read-only drive

But it does support readonly SCSI disks

# /usr/lib/xen/bin/qemu-system-i386 -drive
file=/tmp/disk.raw,if=scsi,media=disk,format=raw,readonly=on
[ok]

Inside a guest using such a disk, the SCSI kernel driver sees write protect on

[   7.339232] sd 2:0:1:0: [sdb] Write Protect is on

Also, PV drivers support readonly, but the patch rejects such configuration even
when PV drivers (vdev=xvd*) have been explicitly specified and creation of an
emulated twin is skipped.

The attached follow-up loosens the restriction to reject readonly when creating
and emulated IDE disk, but allows it when the backend is known to support readonly.

Regards,
Jim