[libvirt] [PATCH v2 02/12] qemu: Introduce qemuDomainSecretPrepare and Destroy
Ján Tomko
jtomko at redhat.com
Mon May 2 11:38:41 UTC 2016
On Sat, Apr 16, 2016 at 10:17:35AM -0400, John Ferlan wrote:
> Rather than needing to pass the conn parameter to various command
> line building API's, add qemuDomainSecretPrepare just prior to the
> qemuProcessLaunch which calls qemuBuilCommandLine. The function
> must be called after qemuProcessPrepareHost since it's expected
> to eventually need the domain masterKey generated during the prepare
> host call. Additionally, future patches may require device aliases
> (assigned during the prepare domain call) in order to associate
> the secret objects.
>
> The qemuDomainSecretDestroy is called after the qemuProcessLaunch
> finishes in order to clear and free memory used by the secrets
> that were recently prepared, so they are not kept around in memory
> too long.
>
> Placing the setup here is beneficial for future patches which will
> need the domain masterKey in order to generate an encrypted secret
> along with an initialization vector to be saved and passed (since
> the masterKey shouldn't be passed around).
>
> Finally, since the secret is not added during command line build,
> the hotplug code will need to get the secret into the private disk data.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/qemu_command.c | 45 ++++-----------
> src/qemu/qemu_command.h | 5 +-
> src/qemu/qemu_domain.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++--
> src/qemu/qemu_domain.h | 15 ++++-
> src/qemu/qemu_driver.c | 10 ++--
> src/qemu/qemu_hotplug.c | 26 +++++----
> src/qemu/qemu_hotplug.h | 1 -
> src/qemu/qemu_process.c | 8 +++
> 8 files changed, 202 insertions(+), 58 deletions(-)
>
> @@ -1033,8 +1012,7 @@ qemuCheckFips(void)
>
>
> char *
> -qemuBuildDriveStr(virConnectPtr conn,
> - virDomainDiskDefPtr disk,
It's really nice to see the 'conn' go.
> +qemuBuildDriveStr(virDomainDiskDefPtr disk,
> bool bootable,
> virQEMUCapsPtr qemuCaps)
> {
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 81d86c2..c9f43fa 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -5640,6 +5640,9 @@ qemuProcessStart(virConnectPtr conn,
> if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0)
> goto stop;
>
> + if (qemuDomainSecretPrepare(conn, vm) < 0)
> + goto cleanup;
> +
The call fits better in qemuProcessPrepareDomain,
that way it will be called even for incoming migration.
Jan
More information about the libvir-list
mailing list