qemu: Don't assume secret provided for LUKS encryption

https://bugzilla.redhat.com/show_bug.cgi?id=1405269 If a secret was not provided for what was determined to be a LUKS encrypted disk (during virStorageFileGetMetadata processing when called from qemuDomainDetermineDiskChain as a result of hotplug attach qemuDomainAttachDeviceDiskLive), then do not attempt to look it up (avoiding a libvirtd crash) and do not alter the format to "luks" when adding the disk; otherwise, the device_add would fail with a message such as: "unable to execute QEMU command 'device_add': Property 'scsi-hd.drive' can't find value 'drive-scsi0-0-0-0'" because of assumptions that when the format=luks that libvirt would have provided the secret to decrypt the volume. Access to unlock the volume will thus be left to the application. (cherry picked from commit 7f7d99048350935a394d07b98a13d7da9c4b0502)
2025-04-01 20:05:19 +00:00 · 2016-12-22 07:12:49 -05:00 · 2016-12-22 07:12:49 -05:00 · e24ff1f38e
commit e24ff1f38e
parent 47fa3d3992
4 changed files with 18 additions and 6 deletions
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@ -1303,8 +1303,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
    if (disk->src->format > 0 &&
        disk->src->type != VIR_STORAGE_TYPE_DIR) {
        const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format);
-        if (disk->src->encryption &&
-            disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
+        if (qemuDomainDiskHasEncryptionSecret(disk->src))
            qemuformat = "luks";
        virBufferAsprintf(buf, "format=%s,", qemuformat);
    }
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -1044,6 +1044,18 @@ qemuDomainSecretDiskCapable(virStorageSourcePtr src)
 }


+bool
+qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
+{
+    if (!virStorageSourceIsEmpty(src) && src->encryption &&
+        src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+        src->encryption->nsecrets > 0)
+        return true;
+
+    return false;
+}
+
+
 /* qemuDomainSecretDiskPrepare:
 * @conn: Pointer to connection
 * @priv: pointer to domain private object
@ -1082,8 +1094,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
        diskPriv->secinfo = secinfo;
    }

-    if (!virStorageSourceIsEmpty(src) && src->encryption &&
-        src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+    if (qemuDomainDiskHasEncryptionSecret(src)) {

        if (VIR_ALLOC(secinfo) < 0)
            return -1;
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@ -696,6 +696,9 @@ void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
 bool qemuDomainSecretDiskCapable(virStorageSourcePtr src)
    ATTRIBUTE_NONNULL(1);

+bool qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
+    ATTRIBUTE_NONNULL(1);
+
 int qemuDomainSecretDiskPrepare(virConnectPtr conn,
                                qemuDomainObjPrivatePtr priv,
                                virDomainDiskDefPtr disk)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@ -2999,8 +2999,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
    /* Similarly, if this is possible a device using LUKS encryption, we
     * can remove the luks object password too
     */
-    if (!virStorageSourceIsEmpty(disk->src) && disk->src->encryption &&
-        disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+    if (qemuDomainDiskHasEncryptionSecret(disk->src)) {

        if (!(encAlias =
              qemuDomainGetSecretAESAlias(disk->info.alias, true))) {