External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 19:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu_blockjob: Remove secdriver metadata more frequently

Browse Source 
If a block job reaches failed/cancelled state, or is completed
without pivot then we must remove security driver metadata
associated to the backing chain so that we don't leave any
metadata behind.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741456

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Michal Privoznik 2019-08-30 14:34:12 +02:00
parent 7f99d8a739
commit 16fb3c8b83
1 changed files with 54 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/qemu/qemu_blockjob.c
View File

@ -659,7 +659,23 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
disk->src = disk->mirror; disk->src = disk->mirror;
} else { } else {
if (disk->mirror) { if (disk->mirror) {
virStorageSourcePtr n;
virDomainLockImageDetach(driver->lockManager, vm, disk->mirror); virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
/* Ideally, we would restore seclabels on the backing chain here
* but we don't know if somebody else is not using parts of it.
* Remove security driver metadata so that they are not leaked. */
for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
VIR_WARN("Unable to remove disk metadata on "
"vm %s from %s (disk target %s)",
vm->def->name,
NULLSTR(disk->src->path),
disk->dst);
}
}
virObjectUnref(disk->mirror); virObjectUnref(disk->mirror);
} }
} }
@ -728,7 +744,23 @@ qemuBlockJobEventProcessLegacy(virQEMUDriverPtr driver,
case VIR_DOMAIN_BLOCK_JOB_FAILED: case VIR_DOMAIN_BLOCK_JOB_FAILED:
case VIR_DOMAIN_BLOCK_JOB_CANCELED: case VIR_DOMAIN_BLOCK_JOB_CANCELED:
if (disk->mirror) { if (disk->mirror) {
virStorageSourcePtr n;
virDomainLockImageDetach(driver->lockManager, vm, disk->mirror); virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
/* Ideally, we would restore seclabels on the backing chain here
* but we don't know if somebody else is not using parts of it.
* Remove security driver metadata so that they are not leaked. */
for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
VIR_WARN("Unable to remove disk metadata on "
"vm %s from %s (disk target %s)",
vm->def->name,
NULLSTR(disk->src->path),
disk->dst);
}
}
virObjectUnref(disk->mirror); virObjectUnref(disk->mirror);
disk->mirror = NULL; disk->mirror = NULL;
} }
@ -1128,16 +1160,33 @@ qemuBlockJobProcessEventConcludedCopyAbort(virQEMUDriverPtr driver,
static void static void
qemuBlockJobProcessEventFailedActiveCommit(virDomainObjPtr vm, qemuBlockJobProcessEventFailedActiveCommit(virQEMUDriverPtr driver,
virDomainObjPtr vm,
qemuBlockJobDataPtr job) qemuBlockJobDataPtr job)
{ {
virDomainDiskDefPtr disk = job->disk;
virStorageSourcePtr n;
VIR_DEBUG("active commit job '%s' on VM '%s' failed", job->name, vm->def->name); VIR_DEBUG("active commit job '%s' on VM '%s' failed", job->name, vm->def->name);
if (!job->disk) if (!disk)
return; return;
virObjectUnref(job->disk->mirror); /* Ideally, we would make the backing chain read only again (yes, SELinux
job->disk->mirror = NULL; * can do that using different labels). But that is not implemented yet and
* not leaking security driver metadata is more important. */
for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
VIR_WARN("Unable to remove disk metadata on "
"vm %s from %s (disk target %s)",
vm->def->name,
NULLSTR(disk->src->path),
disk->dst);
}
}
virObjectUnref(disk->mirror);
disk->mirror = NULL;
} }
@ -1231,7 +1280,7 @@ qemuBlockJobEventProcessConcludedTransition(qemuBlockJobDataPtr job,
break; break;
case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT: case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT:
qemuBlockJobProcessEventFailedActiveCommit(vm, job); qemuBlockJobProcessEventFailedActiveCommit(driver, vm, job);
break; break;
case QEMU_BLOCKJOB_TYPE_CREATE: case QEMU_BLOCKJOB_TYPE_CREATE: