[PATCH v1 7/7] qemu: add support for librbd layered encryption
Or Ozeri
ORO at il.ibm.com
Sun Mar 12 11:46:36 UTC 2023
> -----Original Message-----
> From: Peter Krempa <pkrempa at redhat.com>
> Sent: Friday, 10 March 2023 11:47
> To: Or Ozeri <ORO at il.ibm.com>
> Cc: libvir-list at redhat.com; idryomov at gmail.com; Danny Harnik
> <DANNYH at il.ibm.com>
> Subject: [EXTERNAL] Re: [PATCH v1 7/7] qemu: add support for librbd layered
> encryption
>
> > @@ -5210,6 +5216,14 @@
> qemuDomainValidateStorageSource(virStorageSource *src,
> > _("librbd encryption is supported only with RBD backed
> disks"));
> > return -1;
> > }
> > +
> > + if (src->encryption->nsecrets > 1) {
> > + if (!virQEMUCapsGet(qemuCaps,
> QEMU_CAPS_RBD_ENCRYPTION_LAYERING)) {
> > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> > + _("librbd encryption layering is not supported by this
> QEMU binary"));
> > + return -1;
> > + }
>
> As noted in previous patch you must here validate that also the disk is not an
> SD card.
>
I tried searching the code to understand these questions:
1. How to tell that a disk is an SD card?
2. Why should using multiple secrets be prevented on an SD card disk? And why is a single secret OK?
I could not find an answer to question 2. But I count on your expertise so we can ignore this question.
The first question however must be answered in order to implement the check you talked about.
My guess is the answer is (disk->bus == VIR_DOMAIN_DISK_BUS_SD). Is this correct?
But then, you said the check is to be placed inside qemuDomainValidateStorageSource, which has the virStorageSource, but not the parent virDomainDiskDef.
Do you suggest to extend the signature of qemuDomainValidateStorageSource with an additional "bool isSdDisk"?
More information about the libvir-list
mailing list