From nobody Wed Dec 17 06:00:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1506456810316647.486377787109; Tue, 26 Sep 2017 13:13:30 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 42B8F8047F; Tue, 26 Sep 2017 20:13:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1193F71C34; Tue, 26 Sep 2017 20:13:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CC1BF1855946; Tue, 26 Sep 2017 20:13:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8QJdGEx010031 for ; Tue, 26 Sep 2017 15:39:16 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6130969705; Tue, 26 Sep 2017 19:39:16 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-1.phx2.redhat.com [10.3.117.1]) by smtp.corp.redhat.com (Postfix) with ESMTP id 25A465C550 for ; Tue, 26 Sep 2017 19:39:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 42B8F8047F Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Tue, 26 Sep 2017 15:38:53 -0400 Message-Id: <20170926193901.4770-8-jferlan@redhat.com> In-Reply-To: <20170926193901.4770-1-jferlan@redhat.com> References: <20170926193901.4770-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 07/15] conf: Add/Allow parsing the encryption in the disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 26 Sep 2017 20:13:29 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the virStorageEncryptionPtr encryption; is a member of _virStorageSource it really should be allowed to be a subelement of the disk for various disk formats: Source{File|Dir|Block|Volume} SourceProtocol{RBD|ISCSI|NBD|Gluster|Simple|HTTP} NB: Simple includes sheepdog, ftp, ftps, tftp That way we can set up to allow the element to be formatted within the disk source, but we still need to be wary from whence the element was read - see keep track and when it comes to format the data, ensure it's written in the correct place. Modify the qemuxml2argvtest to add a parse failure when there is an as a child of *and* an as a child of . The virschematest will read the new test files and validate from a RNG viewpoint things are fine. Signed-off-by: John Ferlan --- docs/formatdomain.html.in | 15 +++- docs/schemas/domaincommon.rng | 30 ++++++++ src/conf/domain_conf.c | 68 ++++++++++++++++-- src/util/virstoragefile.h | 1 + .../qemuxml2argv-luks-disks-source-both.xml | 40 +++++++++++ .../qemuxml2argv-luks-disks-source.args | 62 ++++++++++++++++ .../qemuxml2argv-luks-disks-source.xml | 81 ++++++++++++++++++= +++ tests/qemuxml2argvtest.c | 2 + .../qemuxml2xmlout-luks-disks-source.xml | 84 ++++++++++++++++++= ++++ .../qemuxml2xmlout-luks-disks.xml | 46 +++++++++++- tests/qemuxml2xmltest.c | 1 + 11 files changed, 420 insertions(+), 10 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-b= oth.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.a= rgs create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.x= ml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-sour= ce.xml mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luk= s-disks.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index e773b2939..c8de9ba2a 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2681,6 +2681,14 @@ attribute matching the key that was specified in the secret object. +
Since libvirt 3.8.0, the + encryption can be a sub-element of the + source element for encrypted storage sources. + If present, specifies how the storage source is encrypted + See the + Storage Encryption + page for more information. +
=20

@@ -3082,8 +3090,11 @@ Since 0.8.8

encryption
-
If present, specifies how the volume is encrypted. See - the Storage Encryption page +
Starting with libvirt 3.8.0 the + encryption element is preferred to be a sub-element + of the source element. If present, specifies how the + volume is encrypted using "qcow". See the + Storage Encryption pa= ge for more information.
readonly
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 0f8c0ab8f..f727f1490 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1469,6 +1469,9 @@ + + + @@ -1490,6 +1493,9 @@ + + + @@ -1509,6 +1515,9 @@ + + + @@ -1581,6 +1590,9 @@ + + + @@ -1596,6 +1608,9 @@ + + + =20 @@ -1609,6 +1624,9 @@ + + + =20 @@ -1624,6 +1642,9 @@ + + + =20 @@ -1636,6 +1657,9 @@ + + + =20 @@ -1648,6 +1672,9 @@ + + + =20 @@ -1701,6 +1728,9 @@ + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 73fd07d68..db52b060a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8150,6 +8150,29 @@ virDomainDiskSourceAuthParse(xmlNodePtr node, } =20 =20 +static int +virDomainDiskSourceEncryptionParse(xmlNodePtr node, + virStorageEncryptionPtr *encryptionsrc) +{ + xmlNodePtr child; + virStorageEncryptionPtr encryption =3D NULL; + + for (child =3D node->children; child; child =3D child->next) { + if (child->type =3D=3D XML_ELEMENT_NODE && + virXMLNodeNameEqual(child, "encryption")) { + + if (!(encryption =3D virStorageEncryptionParseNode(node->doc, = child))) + return -1; + + *encryptionsrc =3D encryption; + return 0; + } + } + + return 0; +} + + int virDomainDiskSourceParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -8239,6 +8262,9 @@ virDomainDiskSourceParse(xmlNodePtr node, if (virDomainDiskSourceAuthParse(node, &src->auth) < 0) goto cleanup; =20 + if (virDomainDiskSourceEncryptionParse(node, &src->encryption) < 0) + goto cleanup; + /* People sometimes pass a bogus '' source path when they mean to omit= the * source element completely (e.g. CDROM without media). This is just a * little compatibility check to help those broken apps */ @@ -8880,6 +8906,18 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlop= t, if (def->src->auth) def->src->authDefined =3D true; =20 + /* Similarly for - it's a child of too + * and we cannot find in both places */ + if (encryption && def->src->encryption) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found= for " + "the definition")); + goto error; + } + + if (def->src->encryption) + def->src->encryptionDefined =3D true; + source =3D true; =20 startupPolicy =3D virXMLPropString(cur, "startupPolicy"); @@ -8961,11 +8999,18 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlo= pt, virXMLNodeNameEqual(cur, "state")) { /* Legacy back-compat. Don't add any more attributes here */ devaddr =3D virXMLPropString(cur, "devaddr"); - } else if (encryption =3D=3D NULL && + } else if (!encryption && virXMLNodeNameEqual(cur, "encryption")) { - encryption =3D virStorageEncryptionParseNode(node->doc, - cur); - if (encryption =3D=3D NULL) + /* If we've already parsed and found an = child, + * then generate an error to avoid ambiguity */ + if (def->src->encryptionDefined) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found= for " + "disk source")); + goto error; + } + + if (!(encryption =3D virStorageEncryptionParseNode(node->doc, = cur))) goto error; } else if (!serial && virXMLNodeNameEqual(cur, "serial")) { @@ -9183,8 +9228,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, target =3D NULL; if (authdef) VIR_STEAL_PTR(def->src->auth, authdef); - def->src->encryption =3D encryption; - encryption =3D NULL; + if (encryption) + VIR_STEAL_PTR(def->src->encryption, encryption); def->domain_name =3D domain_name; domain_name =3D NULL; def->serial =3D serial; @@ -21882,6 +21927,12 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf, goto error; } =20 + /* If we found encryption as a child of , then format it + * as we found it. */ + if (src->encryption && src->encryptionDefined && + virStorageEncryptionFormat(&childBuf, src->encryption) < 0) + return -1; + if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0) goto error; } @@ -22208,7 +22259,10 @@ virDomainDiskDefFormat(virBufferPtr buf, virBufferEscapeString(buf, "%s\n", def->wwn); virBufferEscapeString(buf, "%s\n", def->vendor); virBufferEscapeString(buf, "%s\n", def->product); - if (def->src->encryption && + + /* If originally found as a child of , then format thusly; + * otherwise, will be formatted as child of */ + if (def->src->encryption && !def->src->encryptionDefined && virStorageEncryptionFormat(buf, def->src->encryption) < 0) return -1; virDomainDeviceInfoFormat(buf, &def->info, diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index d31517fbc..45fff7f8d 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -241,6 +241,7 @@ struct _virStorageSource { virStorageAuthDefPtr auth; bool authDefined; virStorageEncryptionPtr encryption; + bool encryptionDefined; =20 virObjectPtr privateData; /* Usable to store hypervisor specific data = */ =20 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml= b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml new file mode 100644 index 000000000..c4b762a1e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml @@ -0,0 +1,40 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args b/t= ests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args new file mode 100644 index 000000000..fec46945c --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args @@ -0,0 +1,62 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name encryptdisk \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ +-M pc-i440fx-2.1 \ +-m 1024 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,\ +path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,\ +key-secret=3Dvirtio-disk0-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object secret,id=3Dvirtio-disk1-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk2,\ +key-secret=3Dvirtio-disk1-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 \ +-object secret,id=3Dvirtio-disk2-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@exampl= e.org:\ +6000/iqn.1992-01.com.example%3Astorage/1,key-secret=3Dvirtio-disk2-luks-se= cret0,\ +format=3Dluks,if=3Dnone,id=3Ddrive-virtio-disk2 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\ +id=3Dvirtio-disk2 \ +-object secret,id=3Dvirtio-disk3-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://iscsi.example.com:3260/demo-target/3,\ +key-secret=3Dvirtio-disk3-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk3 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x7,drive=3Ddrive-virtio-disk3,\ +id=3Dvirtio-disk3 \ +-object secret,id=3Dvirtio-disk4-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive 'file=3Drbd:pool/image:auth_supported=3Dnone:mon_host=3Dmon1.exampl= e.org\:\ +6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\ +key-secret=3Dvirtio-disk4-luks-secret0,format=3Dluks,if=3Dnone,\ +id=3Ddrive-virtio-disk4' \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x8,drive=3Ddrive-virtio-disk4,\ +id=3Dvirtio-disk4 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml b/te= sts/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml new file mode 100644 index 000000000..293877df9 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml @@ -0,0 +1,81 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index a240a21a6..12eab0b89 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1656,10 +1656,12 @@ mymain(void) DO_TEST("encrypted-disk-usage", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); + DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); # else DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET); # endif DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE); + DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET); =20 DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml = b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml new file mode 100644 index 000000000..1cad3af7a --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml @@ -0,0 +1,84 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests= /qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml deleted file mode 120000 index b59dc672f..000000000 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml +++ /dev/null @@ -1 +0,0 @@ -../qemuxml2argvdata/qemuxml2argv-luks-disks.xml \ No newline at end of file diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests= /qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml new file mode 100644 index 000000000..c84af442a --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml @@ -0,0 +1,45 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + +
+ + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index f733953e5..b8fc2718f 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -577,6 +577,7 @@ mymain(void) DO_TEST("encrypted-disk", NONE); DO_TEST("encrypted-disk-usage", NONE); DO_TEST("luks-disks", NONE); + DO_TEST("luks-disks-source", NONE); DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); DO_TEST("blkiotune", NONE); --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list