From 5c84e6fcdd1db7d3b0328e8cacff11236f7909f1 Mon Sep 17 00:00:00 2001 From: Or Ozeri Date: Mon, 13 Mar 2023 04:50:19 -0500 Subject: [PATCH] qemu: add multi-secret support in qemuBlockStorageSourceAttachData This commit changes the qemuBlockStorageSourceAttachData struct to support multiple secrets (instead of a single one before this commit). This will useful for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri Reviewed-by: Peter Krempa --- src/qemu/qemu_block.c | 32 +++++++++++++++++++++++--------- src/qemu/qemu_block.h | 5 +++-- src/qemu/qemu_blockjob.c | 6 ++++++ src/qemu/qemu_command.c | 19 +++++++++++++++---- 4 files changed, 47 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 8fcebd8992..9e1ecf68f9 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1311,6 +1311,7 @@ qemuBlockStorageSourceGetBlockdevStorageSliceProps(virStorageSource *src) void qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachData *data) { + size_t i; if (!data) return; @@ -1320,12 +1321,16 @@ qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachData *data) virJSONValueFree(data->prmgrProps); virJSONValueFree(data->authsecretProps); virJSONValueFree(data->httpcookiesecretProps); - virJSONValueFree(data->encryptsecretProps); + for (i = 0; i < data->encryptsecretCount; ++i) { + virJSONValueFree(data->encryptsecretProps[i]); + g_free(data->encryptsecretAlias[i]); + } virJSONValueFree(data->tlsProps); virJSONValueFree(data->tlsKeySecretProps); g_free(data->tlsAlias); g_free(data->tlsKeySecretAlias); g_free(data->authsecretAlias); + g_free(data->encryptsecretProps); g_free(data->encryptsecretAlias); g_free(data->httpcookiesecretAlias); g_free(data->driveCmd); @@ -1436,10 +1441,12 @@ static int qemuBlockStorageSourceAttachApplyFormatDeps(qemuMonitor *mon, qemuBlockStorageSourceAttachData *data) { - if (data->encryptsecretProps && - qemuMonitorAddObject(mon, &data->encryptsecretProps, - &data->encryptsecretAlias) < 0) - return -1; + size_t i; + for (i = 0; i < data->encryptsecretCount; ++i) { + if (qemuMonitorAddObject(mon, &data->encryptsecretProps[i], + &data->encryptsecretAlias[i]) < 0) + return -1; + } return 0; } @@ -1525,6 +1532,7 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mon, qemuBlockStorageSourceAttachData *data) { virErrorPtr orig_err; + size_t i; virErrorPreserveLast(&orig_err); @@ -1550,8 +1558,10 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mon, if (data->authsecretAlias) ignore_value(qemuMonitorDelObject(mon, data->authsecretAlias, false)); - if (data->encryptsecretAlias) - ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlias, false)); + for (i = 0; i < data->encryptsecretCount; ++i) { + if (data->encryptsecretAlias[i]) + ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlias[i], false)); + } if (data->httpcookiesecretAlias) ignore_value(qemuMonitorDelObject(mon, data->httpcookiesecretAlias, false)); @@ -1606,8 +1616,12 @@ qemuBlockStorageSourceDetachPrepare(virStorageSource *src) if (srcpriv->secinfo) data->authsecretAlias = g_strdup(srcpriv->secinfo->alias); - if (srcpriv->encinfo) - data->encryptsecretAlias = g_strdup(srcpriv->encinfo->alias); + if (srcpriv->encinfo) { + data->encryptsecretCount = 1; + data->encryptsecretProps = g_new0(virJSONValue *, 1); + data->encryptsecretAlias = g_new0(char *, 1); + data->encryptsecretAlias[0] = g_strdup(srcpriv->encinfo->alias); + } if (srcpriv->httpcookie) data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->alias); diff --git a/src/qemu/qemu_block.h b/src/qemu/qemu_block.h index 5a61a19da2..530d88d28e 100644 --- a/src/qemu/qemu_block.h +++ b/src/qemu/qemu_block.h @@ -89,8 +89,9 @@ struct qemuBlockStorageSourceAttachData { virJSONValue *authsecretProps; char *authsecretAlias; - virJSONValue *encryptsecretProps; - char *encryptsecretAlias; + size_t encryptsecretCount; + virJSONValue **encryptsecretProps; + char **encryptsecretAlias; virJSONValue *httpcookiesecretProps; char *httpcookiesecretAlias; diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index a20cf1db62..818e90022c 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -1336,9 +1336,15 @@ qemuBlockJobProcessEventConcludedCreate(virQEMUDriver *driver, /* the format node part was not attached yet, so we don't need to detach it */ backend->formatAttached = false; if (job->data.create.storage) { + size_t i; + backend->storageAttached = false; backend->storageSliceAttached = false; + for (i = 0; i < backend->encryptsecretCount; ++i) { + VIR_FREE(backend->encryptsecretAlias[i]); + } VIR_FREE(backend->encryptsecretAlias); + VIR_FREE(backend->encryptsecretProps); } if (qemuDomainObjEnterMonitorAsync(vm, asyncJob) < 0) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 7027da3294..9380c4f00b 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -2108,15 +2108,21 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virCommand *cmd, virQEMUCaps *qemuCaps) { char *tmp; + size_t i; if (qemuBuildObjectCommandline(cmd, data->prmgrProps, qemuCaps) < 0 || qemuBuildObjectCommandline(cmd, data->authsecretProps, qemuCaps) < 0 || - qemuBuildObjectCommandline(cmd, data->encryptsecretProps, qemuCaps) < 0 || qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps, qemuCaps) < 0 || qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps, qemuCaps) < 0 || qemuBuildObjectCommandline(cmd, data->tlsProps, qemuCaps) < 0) return -1; + for (i = 0; i < data->encryptsecretCount; ++i) { + if (qemuBuildObjectCommandline(cmd, data->encryptsecretProps[i], qemuCaps) < 0) { + return -1; + } + } + if (data->driveCmd) virCommandAddArgList(cmd, "-drive", data->driveCmd, NULL); @@ -10770,9 +10776,14 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src, qemuBuildSecretInfoProps(srcpriv->secinfo, &data->authsecretProps) < 0) return -1; - if (srcpriv->encinfo && - qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptsecretProps) < 0) - return -1; + if (srcpriv->encinfo) { + data->encryptsecretCount = 1; + data->encryptsecretProps = g_new0(virJSONValue *, 1); + data->encryptsecretAlias = g_new0(char *, 1); + + if (qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptsecretProps[0]) < 0) + return -1; + } if (srcpriv->httpcookie && qemuBuildSecretInfoProps(srcpriv->httpcookie, &data->httpcookiesecretProps) < 0)