mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
qemu: Don't assume secret provided for LUKS encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1405269
If a secret was not provided for what was determined to be a LUKS
encrypted disk (during virStorageFileGetMetadata processing when
called from qemuDomainDetermineDiskChain as a result of hotplug
attach qemuDomainAttachDeviceDiskLive), then do not attempt to
look it up (avoiding a libvirtd crash) and do not alter the format
to "luks" when adding the disk; otherwise, the device_add would
fail with a message such as:
"unable to execute QEMU command 'device_add': Property 'scsi-hd.drive'
can't find value 'drive-scsi0-0-0-0'"
because of assumptions that when the format=luks that libvirt would have
provided the secret to decrypt the volume.
Access to unlock the volume will thus be left to the application.
(cherry picked from commit 7f7d990483
)
This commit is contained in:
parent
47fa3d3992
commit
e24ff1f38e
@ -1303,8 +1303,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
|
|||||||
if (disk->src->format > 0 &&
|
if (disk->src->format > 0 &&
|
||||||
disk->src->type != VIR_STORAGE_TYPE_DIR) {
|
disk->src->type != VIR_STORAGE_TYPE_DIR) {
|
||||||
const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format);
|
const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format);
|
||||||
if (disk->src->encryption &&
|
if (qemuDomainDiskHasEncryptionSecret(disk->src))
|
||||||
disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
|
|
||||||
qemuformat = "luks";
|
qemuformat = "luks";
|
||||||
virBufferAsprintf(buf, "format=%s,", qemuformat);
|
virBufferAsprintf(buf, "format=%s,", qemuformat);
|
||||||
}
|
}
|
||||||
|
@ -1044,6 +1044,18 @@ qemuDomainSecretDiskCapable(virStorageSourcePtr src)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool
|
||||||
|
qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
|
||||||
|
{
|
||||||
|
if (!virStorageSourceIsEmpty(src) && src->encryption &&
|
||||||
|
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
|
||||||
|
src->encryption->nsecrets > 0)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* qemuDomainSecretDiskPrepare:
|
/* qemuDomainSecretDiskPrepare:
|
||||||
* @conn: Pointer to connection
|
* @conn: Pointer to connection
|
||||||
* @priv: pointer to domain private object
|
* @priv: pointer to domain private object
|
||||||
@ -1082,8 +1094,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
|
|||||||
diskPriv->secinfo = secinfo;
|
diskPriv->secinfo = secinfo;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!virStorageSourceIsEmpty(src) && src->encryption &&
|
if (qemuDomainDiskHasEncryptionSecret(src)) {
|
||||||
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
|
|
||||||
|
|
||||||
if (VIR_ALLOC(secinfo) < 0)
|
if (VIR_ALLOC(secinfo) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -696,6 +696,9 @@ void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
|
|||||||
bool qemuDomainSecretDiskCapable(virStorageSourcePtr src)
|
bool qemuDomainSecretDiskCapable(virStorageSourcePtr src)
|
||||||
ATTRIBUTE_NONNULL(1);
|
ATTRIBUTE_NONNULL(1);
|
||||||
|
|
||||||
|
bool qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
|
||||||
|
ATTRIBUTE_NONNULL(1);
|
||||||
|
|
||||||
int qemuDomainSecretDiskPrepare(virConnectPtr conn,
|
int qemuDomainSecretDiskPrepare(virConnectPtr conn,
|
||||||
qemuDomainObjPrivatePtr priv,
|
qemuDomainObjPrivatePtr priv,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
|
@ -2999,8 +2999,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
|
|||||||
/* Similarly, if this is possible a device using LUKS encryption, we
|
/* Similarly, if this is possible a device using LUKS encryption, we
|
||||||
* can remove the luks object password too
|
* can remove the luks object password too
|
||||||
*/
|
*/
|
||||||
if (!virStorageSourceIsEmpty(disk->src) && disk->src->encryption &&
|
if (qemuDomainDiskHasEncryptionSecret(disk->src)) {
|
||||||
disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
|
|
||||||
|
|
||||||
if (!(encAlias =
|
if (!(encAlias =
|
||||||
qemuDomainGetSecretAESAlias(disk->info.alias, true))) {
|
qemuDomainGetSecretAESAlias(disk->info.alias, true))) {
|
||||||
|
Loading…
Reference in New Issue
Block a user