[libvirt] [PATCH v2 02/12] qemu: Introduce qemuDomainSecretPrepare and Destroy
John Ferlan
jferlan at redhat.com
Mon May 2 12:48:02 UTC 2016
On 05/02/2016 07:38 AM, Ján Tomko wrote:
> On Sat, Apr 16, 2016 at 10:17:35AM -0400, John Ferlan wrote:
>> Rather than needing to pass the conn parameter to various command
>> line building API's, add qemuDomainSecretPrepare just prior to the
>> qemuProcessLaunch which calls qemuBuilCommandLine. The function
>> must be called after qemuProcessPrepareHost since it's expected
>> to eventually need the domain masterKey generated during the prepare
>> host call. Additionally, future patches may require device aliases
>> (assigned during the prepare domain call) in order to associate
>> the secret objects.
>>
>> The qemuDomainSecretDestroy is called after the qemuProcessLaunch
>> finishes in order to clear and free memory used by the secrets
>> that were recently prepared, so they are not kept around in memory
>> too long.
>>
>> Placing the setup here is beneficial for future patches which will
>> need the domain masterKey in order to generate an encrypted secret
>> along with an initialization vector to be saved and passed (since
>> the masterKey shouldn't be passed around).
>>
>> Finally, since the secret is not added during command line build,
>> the hotplug code will need to get the secret into the private disk data.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>> src/qemu/qemu_command.c | 45 ++++-----------
>> src/qemu/qemu_command.h | 5 +-
>> src/qemu/qemu_domain.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++--
>> src/qemu/qemu_domain.h | 15 ++++-
>> src/qemu/qemu_driver.c | 10 ++--
>> src/qemu/qemu_hotplug.c | 26 +++++----
>> src/qemu/qemu_hotplug.h | 1 -
>> src/qemu/qemu_process.c | 8 +++
>> 8 files changed, 202 insertions(+), 58 deletions(-)
>>
>
>> @@ -1033,8 +1012,7 @@ qemuCheckFips(void)
>>
>>
>> char *
>> -qemuBuildDriveStr(virConnectPtr conn,
>> - virDomainDiskDefPtr disk,
>
> It's really nice to see the 'conn' go.
>
>> +qemuBuildDriveStr(virDomainDiskDefPtr disk,
>> bool bootable,
>> virQEMUCapsPtr qemuCaps)
>> {
>
>> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
>> index 81d86c2..c9f43fa 100644
>> --- a/src/qemu/qemu_process.c
>> +++ b/src/qemu/qemu_process.c
>> @@ -5640,6 +5640,9 @@ qemuProcessStart(virConnectPtr conn,
>> if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0)
>> goto stop;
>>
>> + if (qemuDomainSecretPrepare(conn, vm) < 0)
>> + goto cleanup;
>> +
>
> The call fits better in qemuProcessPrepareDomain,
> that way it will be called even for incoming migration.
>
Understood; however, PrepareDomain doesn't have everything that will be
needed. The qemuProcessPrepareHost must run first in order to create
"priv->libDir" in order to write the domain master key secret that will
be used in "future patches" (11/12 of this series) in order to generate
an Initialization Vector secret.
I think it's possible to move the call into qemuProcessPrepareHost if
you think that works better/fine. The qemuProcessCreatePretendCmd
already calls qemuDomainSecretPrepare, so that "should" cover the
testing scenario...
John
More information about the libvir-list
mailing list