From nobody Wed May 14 07:18:51 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527684140904367.94175586472204;
 Wed, 30 May 2018 05:42:20 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
 [10.5.11.26])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 5C17B3858;
	Wed, 30 May 2018 12:42:19 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 28D9730012C7;
	Wed, 30 May 2018 12:42:19 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id D08D51800FC2;
	Wed, 30 May 2018 12:42:18 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4UCftE8027514 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 30 May 2018 08:41:55 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E49B1217B40B; Wed, 30 May 2018 12:41:54 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 8948B217B409
	for <libvir-list@redhat.com>; Wed, 30 May 2018 12:41:54 +0000 (UTC)
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Wed, 30 May 2018 14:41:08 +0200
Message-Id: 
 <3791843e26a2d401a1e6190cbda1d40178318f66.1527683836.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527683835.git.pkrempa@redhat.com>
References: <cover.1527683835.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527683835.git.pkrempa@redhat.com>
References: <cover.1527683835.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 12/38] qemu: domain: Regenerate auth/enc secret
	aliases when restoring status XML
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Wed, 30 May 2018 12:42:19 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Previously we did not store the aliases but rather re-generated them
when unplug was necessary. This is very cumbersome since the knowledge
when and which alias to use needs to be stored in the hotplug code as
well.

While this patch will not strictly improve this situation since there
still will be two places containing this code it at least will allow to
remove the mess from the disk-unplug code and will prevent introducing
more mess when adding blockdev support.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: J=EF=BF=BDn Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_domain.c                             | 90 ++++++++++++++++++=
+++-
 .../disk-secinfo-upgrade-out.xml                   | 16 ++++
 2 files changed, 105 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a6494ff5fc..d070c013a1 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5838,8 +5838,91 @@ qemuDomainChrDefPostParse(virDomainChrDefPtr chr,
 }


+/**
+ * qemuDomainDeviceDiskDefPostParseRestoreSecAlias:
+ *
+ * Re-generate aliases for objects related to the storage source if they
+ * were not stored in the status XML by an older libvirt.
+ *
+ * Note that qemuCaps should be always present for a status XML.
+ */
+static int
+qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDefPtr disk,
+                                                virQEMUCapsPtr qemuCaps,
+                                                unsigned int parseFlags)
+{
+    qemuDomainStorageSourcePrivatePtr priv =3D QEMU_DOMAIN_STORAGE_SOURCE_=
PRIVATE(disk->src);
+    bool restoreAuthSecret =3D false;
+    bool restoreEncSecret =3D false;
+    char *authalias =3D NULL;
+    char *encalias =3D NULL;
+    int ret =3D -1;
+
+    if (!(parseFlags & VIR_DOMAIN_DEF_PARSE_STATUS) ||
+        !qemuCaps ||
+        virStorageSourceIsEmpty(disk->src) ||
+        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_SECRET))
+        return 0;
+
+    /* network storage authentication secret */
+    if (disk->src->auth &&
+        (!priv || !priv->secinfo)) {
+
+        /* only RBD and iSCSI (with capability) were supporting authentica=
tion
+         * using secret object at the time we did not format the alias int=
o the
+         * status XML */
+        if (virStorageSourceGetActualType(disk->src) =3D=3D VIR_STORAGE_TY=
PE_NETWORK &&
+            (disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD ||
+             (disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_ISCSI &&
+              virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))))
+            restoreAuthSecret =3D true;
+    }
+
+    /* disk encryption secret */
+    if (disk->src->encryption &&
+        disk->src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT=
_LUKS &&
+        (!priv || !priv->encinfo))
+        restoreEncSecret =3D true;
+
+    if (!restoreAuthSecret && !restoreEncSecret)
+        return 0;
+
+    if (!priv) {
+        if (!(disk->src->privateData =3D qemuDomainStorageSourcePrivateNew=
()))
+            return -1;
+
+        priv =3D QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
+    }
+
+    if (restoreAuthSecret) {
+        if (!(authalias =3D qemuDomainGetSecretAESAlias(disk->info.alias, =
false)))
+            goto cleanup;
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &aut=
halias) < 0)
+            goto cleanup;
+    }
+
+    if (restoreEncSecret) {
+        if (!(encalias =3D qemuDomainGetSecretAESAlias(disk->info.alias, t=
rue)))
+            goto cleanup;
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &enc=
alias) < 0)
+            goto cleanup;
+    }
+
+    ret =3D 0;
+
+ cleanup:
+    VIR_FREE(authalias);
+    VIR_FREE(encalias);
+    return ret;
+}
+
+
 static int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDefPtr disk,
+                                 virQEMUCapsPtr qemuCaps,
+                                 unsigned int parseFlags,
                                  virQEMUDriverConfigPtr cfg)
 {
     /* set default disk types and drivers */
@@ -5873,6 +5956,10 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDefPtr=
 disk,
             disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
     }

+    if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
+                                                        parseFlags) < 0)
+        return -1;
+
     return 0;
 }

@@ -5964,7 +6051,8 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr de=
v,
         break;

     case VIR_DOMAIN_DEVICE_DISK:
-        ret =3D qemuDomainDeviceDiskDefPostParse(dev->data.disk, cfg);
+        ret =3D qemuDomainDeviceDiskDefPostParse(dev->data.disk, qemuCaps,
+                                               parseFlags, cfg);
         break;

     case VIR_DOMAIN_DEVICE_VIDEO:
diff --git a/tests/qemustatusxml2xmldata/disk-secinfo-upgrade-out.xml b/tes=
ts/qemustatusxml2xmldata/disk-secinfo-upgrade-out.xml
index d364fc7644..a554bca99c 100644
--- a/tests/qemustatusxml2xmldata/disk-secinfo-upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/disk-secinfo-upgrade-out.xml
@@ -317,6 +317,11 @@
           <encryption format=3D'luks'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
+          <privateData>
+            <objects>
+              <secret type=3D'encryption' alias=3D'virtio-disk1-luks-secre=
t0'/>
+            </objects>
+          </privateData>
         </source>
         <backingStore/>
         <target dev=3D'vdb' bus=3D'virtio'/>
@@ -350,6 +355,12 @@
           <encryption format=3D'luks'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
+          <privateData>
+            <objects>
+              <secret type=3D'auth' alias=3D'virtio-disk3-secret0'/>
+              <secret type=3D'encryption' alias=3D'virtio-disk3-luks-secre=
t0'/>
+            </objects>
+          </privateData>
         </source>
         <backingStore/>
         <target dev=3D'vdd' bus=3D'virtio'/>
@@ -381,6 +392,11 @@
           <auth username=3D'testuser-rbd'>
             <secret type=3D'ceph' usage=3D'testuser-rbd-secret'/>
           </auth>
+          <privateData>
+            <objects>
+              <secret type=3D'auth' alias=3D'virtio-disk5-secret0'/>
+            </objects>
+          </privateData>
         </source>
         <backingStore/>
         <target dev=3D'vdf' bus=3D'virtio'/>
--=20
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list