[libvirt] [PATCH] qemu: Don't assume secret provided for LUKS encryption
John Ferlan
jferlan at redhat.com
Thu Dec 22 14:12:43 UTC 2016
https://bugzilla.redhat.com/show_bug.cgi?id=1405269
If a secret was not provided for what was determined to be a LUKS
encrypted disk (during virStorageFileGetMetadata processing when
called from qemuDomainDetermineDiskChain as a result of hotplug
attach qemuDomainAttachDeviceDiskLive), then do not attempt to
look it up (avoiding a libvirtd crash) and do not alter the format
to "luks" when adding the disk; otherwise, the device_add would
fail with a message such as:
"unable to execute QEMU command 'device_add': Property 'scsi-hd.drive'
can't find value 'drive-scsi0-0-0-0'"
because of assumptions that when the format=luks that libvirt would have
provided the secret to decrypt the volume.
Access to unlock the volume will thus be left to the application.
Signed-off-by: John Ferlan <jferlan at redhat.com>
---
I could have spread things over 2 patches (one to create the helper
and one to add the extra check for nsecrets > 0), but just going with
one to fix the issue just felt cleaner (besides makes any possible
backports a bit simpler).
NB: The "extra" !virStorageSourceIsEmpty check for the qemu_command
path is a no-op essentially.
src/qemu/qemu_command.c | 3 +--
src/qemu/qemu_domain.c | 15 +++++++++++++--
src/qemu/qemu_domain.h | 3 +++
src/qemu/qemu_hotplug.c | 3 ++-
4 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f8e48d2..28d8146 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1442,8 +1442,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
if (disk->src->format > 0 &&
disk->src->type != VIR_STORAGE_TYPE_DIR) {
const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format);
- if (disk->src->encryption &&
- disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
+ if (qemuDomainDiskHasEncryptionSecret(disk->src))
qemuformat = "luks";
virBufferAsprintf(buf, "format=%s,", qemuformat);
}
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index acfa695..25cb4ad 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1174,6 +1174,18 @@ qemuDomainSecretDiskCapable(virStorageSourcePtr src)
}
+bool
+qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
+{
+ if (!virStorageSourceIsEmpty(src) && src->encryption &&
+ src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+ src->encryption->nsecrets > 0)
+ return true;
+
+ return false;
+}
+
+
/* qemuDomainSecretDiskPrepare:
* @conn: Pointer to connection
* @priv: pointer to domain private object
@@ -1209,8 +1221,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
diskPriv->secinfo = secinfo;
}
- if (!virStorageSourceIsEmpty(src) && src->encryption &&
- src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+ if (qemuDomainDiskHasEncryptionSecret(src)) {
if (VIR_ALLOC(secinfo) < 0)
return -1;
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index b2db45e..cce879f 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -734,6 +734,9 @@ void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
bool qemuDomainSecretDiskCapable(virStorageSourcePtr src)
ATTRIBUTE_NONNULL(1);
+bool qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
+ ATTRIBUTE_NONNULL(1);
+
int qemuDomainSecretDiskPrepare(virConnectPtr conn,
qemuDomainObjPrivatePtr priv,
virDomainDiskDefPtr disk)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 92a2e73..6b10e63 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3584,7 +3584,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
* can remove the luks object password too
*/
if (!virStorageSourceIsEmpty(disk->src) && disk->src->encryption &&
- disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+ disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+ disk->src->encryption->nsecrets > 0) {
if (!(encAlias =
qemuDomainGetSecretAESAlias(disk->info.alias, true))) {
--
2.7.4
More information about the libvir-list
mailing list