External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

qemu: Use qemuBlockStorageSourceIsLUKS/qemuBlockStorageSourceIsRaw

Browse Source 
Refactor code checking whether image is raw. This fixes multiple places
where a LUKS encrypted disk could be mistreated.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2023-12-12 17:16:25 +01:00
parent 04b94593d1
commit b600b69f82
3 changed files with 15 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/qemu/qemu_block.c
View File

@ -177,7 +177,7 @@ bool
qemuBlockStorageSourceSupportsConcurrentAccess(virStorageSource *src) qemuBlockStorageSourceSupportsConcurrentAccess(virStorageSource *src)
{ {
/* no need to check in backing chain since only RAW storage supports this */ /* no need to check in backing chain since only RAW storage supports this */
return src->format == VIR_STORAGE_FILE_RAW; return qemuBlockStorageSourceIsRaw(src);
} }
@ -1336,10 +1336,12 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStorageSource *src)
case VIR_STORAGE_FILE_FAT: case VIR_STORAGE_FILE_FAT:
/* The fat layer is emulated by the storage access layer, so we need to /* The fat layer is emulated by the storage access layer, so we need to
* put a raw layer on top */ * put a raw layer on top */
if (qemuBlockStorageSourceGetFormatRawProps(src, props) < 0)
return NULL;
break;
case VIR_STORAGE_FILE_RAW: case VIR_STORAGE_FILE_RAW:
if (src->encryption && if (qemuBlockStorageSourceIsLUKS(src)) {
src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0) if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
return NULL; return NULL;
} else { } else {
@ -2080,9 +2082,7 @@ qemuBlockStorageSourceCreateAddBacking(virStorageSource *backing,
return 0; return 0;
if (format) { if (format) {
if (backing->format == VIR_STORAGE_FILE_RAW && if (qemuBlockStorageSourceIsLUKS(backing))
backing->encryption &&
backing->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
backingFormatStr = "luks"; backingFormatStr = "luks";
else else
backingFormatStr = virStorageFileFormatTypeToString(backing->format); backingFormatStr = virStorageFileFormatTypeToString(backing->format);
@ -2313,8 +2313,7 @@ qemuBlockStorageSourceCreateGetFormatProps(virStorageSource *src,
{ {
switch ((virStorageFileFormat) src->format) { switch ((virStorageFileFormat) src->format) {
case VIR_STORAGE_FILE_RAW: case VIR_STORAGE_FILE_RAW:
if (!src->encryption || if (!qemuBlockStorageSourceIsLUKS(src))
src->encryption->format != VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
return 0; return 0;
return qemuBlockStorageSourceCreateGetFormatPropsLUKS(src, props); return qemuBlockStorageSourceCreateGetFormatPropsLUKS(src, props);
@ -2584,8 +2583,8 @@ qemuBlockStorageSourceCreateFormat(virDomainObj *vm,
g_autoptr(virJSONValue) createformatprops = NULL; g_autoptr(virJSONValue) createformatprops = NULL;
int ret; int ret;
if (src->format == VIR_STORAGE_FILE_RAW && /* we don't bother creating only a true 'raw' image */
!src->encryption) if (qemuBlockStorageSourceIsRaw(src))
return 0; return 0;
if (qemuBlockStorageSourceCreateGetFormatProps(src, backingStore, if (qemuBlockStorageSourceCreateGetFormatProps(src, backingStore,
@ -2743,7 +2742,7 @@ qemuBlockStorageSourceCreateDetectSize(GHashTable *blockNamedNodeData,
} }
} }
if (src->format == VIR_STORAGE_FILE_RAW) { if (qemuBlockStorageSourceIsRaw(src)) {
src->physical = entry->capacity; src->physical = entry->capacity;
} else { } else {
src->physical = entry->physical; src->physical = entry->physical;
@ -3299,14 +3298,7 @@ qemuBlockStorageSourceNeedsStorageSliceLayer(const virStorageSource *src)
if (!src->sliceStorage) if (!src->sliceStorage)
return false; return false;
if (src->format != VIR_STORAGE_FILE_RAW) return !qemuBlockStorageSourceIsRaw(src);
return true;
if (src->encryption &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
return true;
return false;
} }

2
src/qemu/qemu_command.c
View File

@ -1631,7 +1631,7 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
virBufferAddLit(buf, ","); virBufferAddLit(buf, ",");
if (encinfo) { if (encinfo) {
if (disk->src->format == VIR_STORAGE_FILE_RAW) { if (qemuBlockStorageSourceIsLUKS(disk->src)) {
virBufferAsprintf(buf, "key-secret=%s,", encinfo[0]->alias); virBufferAsprintf(buf, "key-secret=%s,", encinfo[0]->alias);
rawluks = true; rawluks = true;
} else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 && } else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 &&

4
src/qemu/qemu_driver.c
View File

@ -10090,7 +10090,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (disk->src->format != VIR_STORAGE_FILE_RAW) { if (qemuBlockStorageSourceIsRaw(disk->src)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("peeking is only supported for disk with 'raw' format not '%1$s'"), _("peeking is only supported for disk with 'raw' format not '%1$s'"),
virStorageFileFormatTypeToString(disk->src->format)); virStorageFileFormatTypeToString(disk->src->format));
@ -10285,7 +10285,7 @@ qemuStorageLimitsRefresh(virQEMUDriverConfig *cfg,
* query the highest allocated extent from QEMU * query the highest allocated extent from QEMU
*/ */
if (virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_BLOCK && if (virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_BLOCK &&
src->format != VIR_STORAGE_FILE_RAW && !qemuBlockStorageSourceIsRaw(src) &&
S_ISBLK(sb.st_mode)) S_ISBLK(sb.st_mode))
src->allocation = 0; src->allocation = 0;