From nobody Thu May 15 11:32:03 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1507212624691563.4025714824126; Thu, 5 Oct 2017 07:10:24 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3F0CFC047B86; Thu, 5 Oct 2017 14:10:23 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 17A06600C0; Thu, 5 Oct 2017 14:10:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CEC1A18355C7; Thu, 5 Oct 2017 14:10:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v95DMto2006165 for ; Thu, 5 Oct 2017 09:22:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2855A63653; Thu, 5 Oct 2017 13:22:55 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-80.phx2.redhat.com [10.3.117.80]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6500363633 for ; Thu, 5 Oct 2017 13:22:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3F0CFC047B86 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Thu, 5 Oct 2017 09:22:14 -0400 Message-Id: <20171005132223.6751-8-jferlan@redhat.com> In-Reply-To: <20171005132223.6751-1-jferlan@redhat.com> References: <20171005132223.6751-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v5 07/16] conf: Add/Allow parsing the encryption in the disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 05 Oct 2017 14:10:23 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the virStorageEncryptionPtr encryption; is a member of _virStorageSource it really should be allowed to be a subelement of the disk for various disk formats: Source{File|Dir|Block|Volume} SourceProtocol{RBD|ISCSI|NBD|Gluster|Simple|HTTP} NB: Simple includes sheepdog, ftp, ftps, tftp That way we can set up to allow the element to be formatted within the disk source, but we still need to be wary from whence the element was read - see keep track and when it comes to format the data, ensure it's written in the correct place. Modify the qemuxml2argvtest to add a parse failure when there is an as a child of *and* an as a child of . The virschematest will read the new test files and validate from a RNG viewpoint things are fine. Signed-off-by: John Ferlan --- docs/formatdomain.html.in | 15 +++- docs/schemas/domaincommon.rng | 30 ++++++++ src/conf/domain_conf.c | 68 ++++++++++++++++-- src/util/virstoragefile.h | 1 + .../qemuxml2argv-luks-disks-source-both.xml | 40 +++++++++++ .../qemuxml2argv-luks-disks-source.args | 62 ++++++++++++++++ .../qemuxml2argv-luks-disks-source.xml | 81 ++++++++++++++++++= +++ tests/qemuxml2argvtest.c | 2 + .../qemuxml2xmlout-luks-disks-source.xml | 84 ++++++++++++++++++= ++++ .../qemuxml2xmlout-luks-disks.xml | 46 +++++++++++- tests/qemuxml2xmltest.c | 1 + 11 files changed, 420 insertions(+), 10 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-b= oth.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.a= rgs create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.x= ml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-sour= ce.xml mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luk= s-disks.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 74f2090d06..e594d35524 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2705,6 +2705,14 @@ attribute matching the key that was specified in the secret object. +
Since libvirt 3.9.0, the + encryption can be a sub-element of the + source element for encrypted storage sources. + If present, specifies how the storage source is encrypted + See the + Storage Encryption + page for more information. +
=20

@@ -3110,8 +3118,11 @@ Since 0.8.8

encryption
-
If present, specifies how the volume is encrypted. See - the Storage Encryption page +
Starting with libvirt 3.9.0 the + encryption element is preferred to be a sub-element + of the source element. If present, specifies how the + volume is encrypted using "qcow". See the + Storage Encryption pa= ge for more information.
readonly
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 895af55da1..b3b08862c3 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1469,6 +1469,9 @@ + + + @@ -1490,6 +1493,9 @@ + + + @@ -1509,6 +1515,9 @@ + + + @@ -1581,6 +1590,9 @@ + + + @@ -1596,6 +1608,9 @@ + + + =20 @@ -1609,6 +1624,9 @@ + + + =20 @@ -1624,6 +1642,9 @@ + + + =20 @@ -1636,6 +1657,9 @@ + + + =20 @@ -1648,6 +1672,9 @@ + + + =20 @@ -1706,6 +1733,9 @@ + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 65223fe85a..c2be9b7155 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8252,6 +8252,29 @@ virDomainDiskSourceAuthParse(xmlNodePtr node, } =20 =20 +static int +virDomainDiskSourceEncryptionParse(xmlNodePtr node, + virStorageEncryptionPtr *encryptionsrc) +{ + xmlNodePtr child; + virStorageEncryptionPtr encryption =3D NULL; + + for (child =3D node->children; child; child =3D child->next) { + if (child->type =3D=3D XML_ELEMENT_NODE && + virXMLNodeNameEqual(child, "encryption")) { + + if (!(encryption =3D virStorageEncryptionParseNode(node->doc, = child))) + return -1; + + *encryptionsrc =3D encryption; + return 0; + } + } + + return 0; +} + + int virDomainDiskSourceParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -8292,6 +8315,9 @@ virDomainDiskSourceParse(xmlNodePtr node, if (virDomainDiskSourceAuthParse(node, &src->auth) < 0) goto cleanup; =20 + if (virDomainDiskSourceEncryptionParse(node, &src->encryption) < 0) + goto cleanup; + /* People sometimes pass a bogus '' source path when they mean to omit= the * source element completely (e.g. CDROM without media). This is just a * little compatibility check to help those broken apps */ @@ -8943,6 +8969,18 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlop= t, if (def->src->auth) def->src->authDefined =3D true; =20 + /* Similarly for - it's a child of too + * and we cannot find in both places */ + if (encryption && def->src->encryption) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found= for " + "the definition")); + goto error; + } + + if (def->src->encryption) + def->src->encryptionDefined =3D true; + source =3D true; =20 startupPolicy =3D virXMLPropString(cur, "startupPolicy"); @@ -9024,11 +9062,18 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlo= pt, virXMLNodeNameEqual(cur, "state")) { /* Legacy back-compat. Don't add any more attributes here */ devaddr =3D virXMLPropString(cur, "devaddr"); - } else if (encryption =3D=3D NULL && + } else if (!encryption && virXMLNodeNameEqual(cur, "encryption")) { - encryption =3D virStorageEncryptionParseNode(node->doc, - cur); - if (encryption =3D=3D NULL) + /* If we've already parsed and found an = child, + * then generate an error to avoid ambiguity */ + if (def->src->encryptionDefined) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found= for " + "disk source")); + goto error; + } + + if (!(encryption =3D virStorageEncryptionParseNode(node->doc, = cur))) goto error; } else if (!serial && virXMLNodeNameEqual(cur, "serial")) { @@ -9246,8 +9291,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, target =3D NULL; if (authdef) VIR_STEAL_PTR(def->src->auth, authdef); - def->src->encryption =3D encryption; - encryption =3D NULL; + if (encryption) + VIR_STEAL_PTR(def->src->encryption, encryption); def->domain_name =3D domain_name; domain_name =3D NULL; def->serial =3D serial; @@ -21955,6 +22000,12 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf, goto error; } =20 + /* If we found encryption as a child of , then format it + * as we found it. */ + if (src->encryption && src->encryptionDefined && + virStorageEncryptionFormat(&childBuf, src->encryption) < 0) + return -1; + if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0) goto error; } @@ -22283,7 +22334,10 @@ virDomainDiskDefFormat(virBufferPtr buf, virBufferEscapeString(buf, "%s\n", def->wwn); virBufferEscapeString(buf, "%s\n", def->vendor); virBufferEscapeString(buf, "%s\n", def->product); - if (def->src->encryption && + + /* If originally found as a child of , then format thusly; + * otherwise, will be formatted as child of */ + if (def->src->encryption && !def->src->encryptionDefined && virStorageEncryptionFormat(buf, def->src->encryption) < 0) return -1; virDomainDeviceInfoFormat(buf, &def->info, diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 5673a3f77d..845a2efc71 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -241,6 +241,7 @@ struct _virStorageSource { virStorageAuthDefPtr auth; bool authDefined; virStorageEncryptionPtr encryption; + bool encryptionDefined; =20 virObjectPtr privateData; /* Usable to store hypervisor specific data = */ =20 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml= b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml new file mode 100644 index 0000000000..c4b762a1ed --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml @@ -0,0 +1,40 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args b/t= ests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args new file mode 100644 index 0000000000..fec46945ce --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args @@ -0,0 +1,62 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name encryptdisk \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ +-M pc-i440fx-2.1 \ +-m 1024 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,\ +path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,\ +key-secret=3Dvirtio-disk0-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object secret,id=3Dvirtio-disk1-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk2,\ +key-secret=3Dvirtio-disk1-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 \ +-object secret,id=3Dvirtio-disk2-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@exampl= e.org:\ +6000/iqn.1992-01.com.example%3Astorage/1,key-secret=3Dvirtio-disk2-luks-se= cret0,\ +format=3Dluks,if=3Dnone,id=3Ddrive-virtio-disk2 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\ +id=3Dvirtio-disk2 \ +-object secret,id=3Dvirtio-disk3-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://iscsi.example.com:3260/demo-target/3,\ +key-secret=3Dvirtio-disk3-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk3 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x7,drive=3Ddrive-virtio-disk3,\ +id=3Dvirtio-disk3 \ +-object secret,id=3Dvirtio-disk4-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive 'file=3Drbd:pool/image:auth_supported=3Dnone:mon_host=3Dmon1.exampl= e.org\:\ +6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\ +key-secret=3Dvirtio-disk4-luks-secret0,format=3Dluks,if=3Dnone,\ +id=3Ddrive-virtio-disk4' \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x8,drive=3Ddrive-virtio-disk4,\ +id=3Dvirtio-disk4 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml b/te= sts/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml new file mode 100644 index 0000000000..293877df9e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml @@ -0,0 +1,81 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index a4ff7b80c1..f326bffa16 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1666,10 +1666,12 @@ mymain(void) DO_TEST("encrypted-disk-usage", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); + DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); # else DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET); # endif DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE); + DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET); =20 DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml = b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml new file mode 100644 index 0000000000..1cad3af7a6 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml @@ -0,0 +1,84 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests= /qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml deleted file mode 120000 index b59dc672fc..0000000000 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml +++ /dev/null @@ -1 +0,0 @@ -../qemuxml2argvdata/qemuxml2argv-luks-disks.xml \ No newline at end of file diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests= /qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml new file mode 100644 index 0000000000..c84af442a6 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml @@ -0,0 +1,45 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + +
+ + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index c484d8d17c..f2e4244a23 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -580,6 +580,7 @@ mymain(void) DO_TEST("encrypted-disk", NONE); DO_TEST("encrypted-disk-usage", NONE); DO_TEST("luks-disks", NONE); + DO_TEST("luks-disks-source", NONE); DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); DO_TEST("blkiotune", NONE); --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list