[libvirt] [PATCH v3 08/10] qemu: Add secinfo for hotplug virtio disk
Ján Tomko
jtomko at redhat.com
Sat Jun 25 06:43:19 UTC 2016
On Fri, Jun 24, 2016 at 04:53:37PM -0400, John Ferlan wrote:
>Commit id 'a1344f70a' added AES secret processing for RBD when starting
>up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare
>an AES secret could be added to the disk about to be hotplugged. If an AES
>secret was added, then the hotplug code would need to generate the secret
>object because qemuBuildDriveStr would add the "password-secret=" to the
>returned 'driveStr' rather than the base64 encoded password.
>
>Signed-off-by: John Ferlan <jferlan at redhat.com>
>---
> src/qemu/qemu_hotplug.c | 42 +++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 41 insertions(+), 1 deletion(-)
>
ACK, terms and conditions apply.
>diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
>index f695903..fbe3cb8 100644
>--- a/src/qemu/qemu_hotplug.c
>+++ b/src/qemu/qemu_hotplug.c
>@@ -310,6 +310,9 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> bool releaseaddr = false;
> virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
> const char *src = virDomainDiskGetSource(disk);
>+ virJSONValuePtr secobjProps = NULL;
>+ qemuDomainDiskPrivatePtr diskPriv;
>+ qemuDomainSecretInfoPtr secinfo;
>
> if (!disk->info.type) {
> if (qemuDomainMachineIsS390CCW(vm->def) &&
>@@ -342,6 +345,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> if (qemuDomainSecretDiskPrepare(conn, priv, disk) < 0)
> goto error;
>
>+ diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>+ secinfo = diskPriv->secinfo;
This seems to be the only usage of diskPriv.
You can do QEMU_DOMAIN_DISK_PRIVATE(disk)->secinfo directly.
>+ if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
>+ if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0)
>+ goto error;
>+ }
>+
> if (!(drivestr = qemuBuildDriveStr(disk, false, priv->qemuCaps)))
> goto error;
>
>@@ -354,9 +364,15 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0)
> goto error;
>
>- /* Attach the device - 2 step process */
>+ /* Attach the device - possible 3 step process */
> qemuDomainObjEnterMonitor(driver, vm);
>
>+ if (secobjProps && qemuMonitorAddObject(priv->mon, "secret",
>+ secinfo->s.aes.alias,
>+ secobjProps) < 0)
It would be nice to set secobjProps to NULL here right after it's
invalid.
>+ goto failaddobjsecret;
s/failaddobjsecret/exit_monitor/
>+ secobjProps = NULL;
>+
> if (qemuMonitorAddDrive(priv->mon, drivestr) < 0)
> goto failadddrive;
>
>@@ -374,6 +390,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> ret = 0;
>
> cleanup:
>+ virJSONValueFree(secobjProps);
> qemuDomainSecretDiskDestroy(disk);
> VIR_FREE(devstr);
> VIR_FREE(drivestr);
>@@ -393,8 +410,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> }
>
> failadddrive:
>+ if (secobjProps)
>+ ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias));
This can be done if (secinfo) then. Also, the error should be saved
since qemuMonitorDelObject can overwrite it.
>+
>+ failaddobjsecret:
> if (qemuDomainObjExitMonitor(driver, vm) < 0)
> releaseaddr = false;
>+ secobjProps = NULL; /* qemuMonitorAddObject consumes props on failure too */
>
> failexitmonitor:
> virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>@@ -2791,6 +2813,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
> const char *src = virDomainDiskGetSource(disk);
> qemuDomainObjPrivatePtr priv = vm->privateData;
> char *drivestr;
>+ char *objAlias = NULL;
>
> VIR_DEBUG("Removing disk %s from domain %p %s",
> disk->info.alias, vm, vm->def->name);
>@@ -2801,7 +2824,24 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
> QEMU_DRIVE_HOST_PREFIX, disk->info.alias) < 0)
> return -1;
>
>+ /* Let's look for some markers for a secret object and create an alias
>+ * object to be used to attempt to delete the object that was created */
>+ if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
>+ qemuDomainSecretDiskCapable(disk->src)) {
>+
Do we still have QEMU_DOMAIN_DISK_PRIVATE to check secinfo, just like we
did when adding the secret?
Jan
>+ if (!(objAlias = qemuDomainGetSecretAESAlias(disk->info.alias))) {
>+ VIR_FREE(drivestr);
>+ return -1;
>+ }
>+ }
>+
> qemuDomainObjEnterMonitor(driver, vm);
>+
>+ /* If it fails, then so be it - it was a best shot */
>+ if (objAlias)
>+ ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
>+ VIR_FREE(objAlias);
>+
> qemuMonitorDriveDel(priv->mon, drivestr);
> VIR_FREE(drivestr);
> if (qemuDomainObjExitMonitor(driver, vm) < 0)
>--
>2.5.5
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list