[libvirt] [PATCH 3/3] qemu: Add secinfo for hotplug virtio disk
Peter Krempa
pkrempa at redhat.com
Fri Jun 24 10:54:54 UTC 2016
On Wed, Jun 22, 2016 at 07:46:33 -0400, John Ferlan wrote:
> Commit id 'a1344f70a' added AES secret processing for RBD when starting
> up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare
> an AES secret could be added to the disk about to be hotplugged. If an AES
> secret was added, then the hotplug code would need to generate the secret
> object because qemuBuildDriveStr would add the "password-secret=" to the
> returned 'driveStr' rather than the base64 encoded password.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/qemu_hotplug.c | 44 ++++++++++++++++++++++++++++++++++++++------
> 1 file changed, 38 insertions(+), 6 deletions(-)
>
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index f695903..a85467f 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
[...]
> @@ -3422,12 +3446,14 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
> qemuDomainMarkDeviceForRemoval(vm, &detach->info);
>
> qemuDomainObjEnterMonitor(driver, vm);
> - if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
> - if (qemuDomainObjExitMonitor(driver, vm) < 0)
> - goto cleanup;
> - virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
> - goto cleanup;
> + if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
This won't be initialized if you restart the daemon and thus the secret
object would not be deleted in such case.
To make it a bit worse, you can't call qemuDomainSecretPrepare since the
secrets may be missing and are not really needed at this point. You need
though generate the correct alias and use it in such case.
> + if (qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias) < 0)
> + goto faildel;
> }
> +
> + if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0)
> + goto faildel;
> +
> if (qemuDomainObjExitMonitor(driver, vm) < 0)
> goto cleanup;
>
Peter
More information about the libvir-list
mailing list