From nobody Thu May 15 07:17:01 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527684204253230.87117077221797;
 Wed, 30 May 2018 05:43:24 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
 [10.5.11.27])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C799F30C7556;
	Wed, 30 May 2018 12:43:22 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 609EF9A41A;
	Wed, 30 May 2018 12:43:22 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id F126C1800FD8;
	Wed, 30 May 2018 12:43:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4UCg7qK027668 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 30 May 2018 08:42:07 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 99C59217B40A; Wed, 30 May 2018 12:42:07 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3E9F6217B409
	for <libvir-list@redhat.com>; Wed, 30 May 2018 12:42:07 +0000 (UTC)
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Wed, 30 May 2018 14:41:28 +0200
Message-Id: 
 <2f3df0d779d873e853307bd0897a73d062f7d409.1527683836.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527683835.git.pkrempa@redhat.com>
References: <cover.1527683835.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527683835.git.pkrempa@redhat.com>
References: <cover.1527683835.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 32/38] qemu: migration: Don't pass around secAlias
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]);
 Wed, 30 May 2018 12:43:23 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The alias of the secret for decrypting the TLS passphrase is useless
besides for TLS setup. Stop passing it around.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: J=EF=BF=BDn Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_migration.c        |  8 ++------
 src/qemu/qemu_migration_params.c | 21 +++++++++++----------
 src/qemu/qemu_migration_params.h |  1 -
 3 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 68663eac47..5cf9be56b4 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2296,7 +2296,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
     bool relabel =3D false;
     int rv;
     char *tlsAlias =3D NULL;
-    char *secAlias =3D NULL;

     virNWFilterReadLockFilterUpdates();

@@ -2505,7 +2504,7 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
     if (flags & VIR_MIGRATE_TLS) {
         if (qemuMigrationParamsEnableTLS(driver, vm, true,
                                          QEMU_ASYNC_JOB_MIGRATION_IN,
-                                         &tlsAlias, &secAlias, NULL,
+                                         &tlsAlias, NULL,
                                          migParams) < 0)
             goto stopjob;
     } else {
@@ -2596,7 +2595,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,

  cleanup:
     VIR_FREE(tlsAlias);
-    VIR_FREE(secAlias);
     qemuProcessIncomingDefFree(incoming);
     VIR_FREE(xmlout);
     VIR_FORCE_CLOSE(dataFD[0]);
@@ -3371,7 +3369,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     qemuMigrationCookiePtr mig =3D NULL;
     char *tlsAlias =3D NULL;
-    char *secAlias =3D NULL;
     qemuMigrationIOThreadPtr iothread =3D NULL;
     int fd =3D -1;
     unsigned long migrate_speed =3D resource ? resource : priv->migMaxBand=
width;
@@ -3455,7 +3452,7 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,

         if (qemuMigrationParamsEnableTLS(driver, vm, false,
                                          QEMU_ASYNC_JOB_MIGRATION_OUT,
-                                         &tlsAlias, &secAlias, hostname,
+                                         &tlsAlias, hostname,
                                          migParams) < 0)
             goto error;
     } else {
@@ -3675,7 +3672,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,

  cleanup:
     VIR_FREE(tlsAlias);
-    VIR_FREE(secAlias);
     VIR_FORCE_CLOSE(fd);
     virDomainDefFree(persistDef);
     qemuMigrationCookieFree(mig);
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_par=
ams.c
index 578cd6671f..f3c62f26f0 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -809,7 +809,6 @@ qemuMigrationParamsSetString(qemuMigrationParamsPtr mig=
Params,
  * @tlsListen: server or client
  * @asyncJob: Migration job to join
  * @tlsAlias: alias to be generated for TLS object
- * @secAlias: alias to be generated for a secinfo object
  * @hostname: hostname of the migration destination
  * @migParams: migration parameters to set
  *
@@ -825,7 +824,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                              bool tlsListen,
                              int asyncJob,
                              char **tlsAlias,
-                             char **secAlias,
                              const char *hostname,
                              qemuMigrationParamsPtr migParams)
 {
@@ -833,6 +831,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
     virJSONValuePtr tlsProps =3D NULL;
     virJSONValuePtr secProps =3D NULL;
     virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
+    const char *secAlias =3D NULL;
     int ret =3D -1;

     if (!cfg->migrateTLSx509certdir) {
@@ -849,26 +848,28 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
     }

     /* If there's a secret, then grab/store it now using the connection */
-    if (cfg->migrateTLSx509secretUUID &&
-        !(priv->migSecinfo =3D
-          qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
-                                     cfg->migrateTLSx509secretUUID)))
-        goto error;
+    if (cfg->migrateTLSx509secretUUID) {
+        if (!(priv->migSecinfo =3D
+              qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BA=
SE,
+                                         cfg->migrateTLSx509secretUUID)))
+            goto error;
+        secAlias =3D priv->migSecinfo->s.aes.alias;
+    }

     if (qemuDomainGetTLSObjects(priv->qemuCaps, priv->migSecinfo,
                                 cfg->migrateTLSx509certdir, tlsListen,
                                 cfg->migrateTLSx509verify,
                                 QEMU_MIGRATION_TLS_ALIAS_BASE,
-                                &tlsProps, tlsAlias, &secProps, secAlias) =
< 0)
+                                &tlsProps, tlsAlias, &secProps, NULL) < 0)
         goto error;

     /* Ensure the domain doesn't already have the TLS objects defined...
      * This should prevent any issues just in case some cleanup wasn't
      * properly completed (both src and dst use the same alias) or
      * some other error path between now and perform . */
-    qemuDomainDelTLSObjects(driver, vm, asyncJob, *secAlias, *tlsAlias);
+    qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, *tlsAlias);

-    if (qemuDomainAddTLSObjects(driver, vm, asyncJob, *secAlias, &secProps,
+    if (qemuDomainAddTLSObjects(driver, vm, asyncJob, secAlias, &secProps,
                                 *tlsAlias, &tlsProps) < 0)
         goto error;

diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_par=
ams.h
index 9a865b19f3..da4c734e3a 100644
--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@@ -98,7 +98,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                              bool tlsListen,
                              int asyncJob,
                              char **tlsAlias,
-                             char **secAlias,
                              const char *hostname,
                              qemuMigrationParamsPtr migParams);

--=20
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list