Attach encryption information to virDomainDiskDef.

The XML allows <encryption format='unencrypted'/>, this implementation canonicalizes the internal representation so that "disk->encryption" is non-NULL iff encryption information is available. A domain with partial encryption information can be defined, completeness of the information is not verified. The domain won't start until the remaining information is added, of course. * docs/formatdomain.html, docs/formatdomain.html.in: Document new encryption options for disks * docs/schemas/domain.rng: Pull in storage encryption schema rules * src/domain_conf.h, src/domain_conf.c: Wire up storage encryption XML parsing/formatting APIs
2025-01-22 04:25:18 +00:00 · 2009-07-21 07:23:03 +02:00 · 2009-07-21 07:23:03 +02:00 · f340964dc9
commit f340964dc9
parent 46acb0f2b7
5 changed files with 35 additions and 0 deletions
--- a/docs/formatdomain.html
+++ b/docs/formatdomain.html
@ -453,6 +453,9 @@
 	    &lt;driver name="tap" type="aio"&gt;
 	    &lt;source file='/var/lib/xen/images/fv0'/&gt;
 	    &lt;target dev='hda' bus='ide'/&gt;
+            &lt;encryption type='...'&gt;
+              ...
+            &lt;/encryption&gt;
 	  &lt;/disk&gt;
 	  ...</pre>
        <dl><dt><code>disk</code></dt><dd>The <code>disk</code> element is the main container for describing
@ -478,6 +481,9 @@
 	<code>driver</code> element allows them to be selected. The <code>name</code>
 	attribute is the primary backend driver name, while the optional <code>type</code>
 	attribute provides the sub-type. <span class="since">Since 0.1.8</span>
+      </dd><dt><code>encryption</code></dt><dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
      </dd></dl>
        <h4>
          <a name="elementsUSB" id="elementsUSB">USB and PCI devices</a>
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@ -338,6 +338,9 @@
 	    &lt;driver name="tap" type="aio"&gt;
 	    &lt;source file='/var/lib/xen/images/fv0'/&gt;
 	    &lt;target dev='hda' bus='ide'/&gt;
+            &lt;encryption type='...'&gt;
+              ...
+            &lt;/encryption&gt;
 	  &lt;/disk&gt;
 	  ...</pre>

@ -373,6 +376,11 @@
 	attribute is the primary backend driver name, while the optional <code>type</code>
 	attribute provides the sub-type. <span class="since">Since 0.1.8</span>
      </dd>
+      <dt><code>encryption</code></dt>
+      <dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
+      </dd>
    </dl>

    <h4><a name="elementsUSB">USB and PCI devices</a></h4>
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@ -4,6 +4,8 @@
  <start>
    <ref name="domain"/>
  </start>
+
+  <include href='storageencryption.rng'/>
  <!--
      We handle only document defining a domain
    -->
@ -336,6 +338,9 @@
        <empty/>
      </element>
    </optional>
+    <optional>
+      <ref name="encryption"/>
+    </optional>
  </define>
  <!--
      A disk description can be either of type file or block
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@ -288,6 +288,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
    VIR_FREE(def->dst);
    VIR_FREE(def->driverName);
    VIR_FREE(def->driverType);
+    virStorageEncryptionFree(def->encryption);

    VIR_FREE(def);
 }
@ -661,6 +662,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
    char *bus = NULL;
    char *cachetag = NULL;
    char *devaddr = NULL;
+    virStorageEncryptionPtr encryption = NULL;

    if (VIR_ALLOC(def) < 0) {
        virReportOOMError(conn);
@ -718,6 +720,12 @@ virDomainDiskDefParseXML(virConnectPtr conn,
            } else if ((flags & VIR_DOMAIN_XML_INTERNAL_STATUS) &&
                       xmlStrEqual(cur->name, BAD_CAST "state")) {
                devaddr = virXMLPropString(cur, "devaddr");
+            } else if (encryption == NULL &&
+                       xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+                encryption = virStorageEncryptionParseNode(conn, node->doc,
+                                                           cur);
+                if (encryption == NULL)
+                    goto error;
            }
        }
        cur = cur->next;
@ -836,6 +844,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
    driverName = NULL;
    def->driverType = driverType;
    driverType = NULL;
+    def->encryption = encryption;
+    encryption = NULL;

 cleanup:
    VIR_FREE(bus);
@ -847,6 +857,7 @@ cleanup:
    VIR_FREE(driverName);
    VIR_FREE(cachetag);
    VIR_FREE(devaddr);
+    virStorageEncryptionFree(encryption);

    return def;

@ -3519,6 +3530,9 @@ virDomainDiskDefFormat(virConnectPtr conn,
        virBufferAddLit(buf, "      <readonly/>\n");
    if (def->shared)
        virBufferAddLit(buf, "      <shareable/>\n");
+    if (def->encryption != NULL &&
+        virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+        return -1;

    if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS) {
        virBufferAddLit(buf, "      <state");
--- a/src/domain_conf.h
+++ b/src/domain_conf.h
@ -30,6 +30,7 @@

 #include "internal.h"
 #include "capabilities.h"
+#include "storage_encryption_conf.h"
 #include "util.h"
 #include "threads.h"

@ -117,6 +118,7 @@ struct _virDomainDiskDef {
        unsigned bus;
        unsigned slot;
    } pci_addr;
+    virStorageEncryptionPtr encryption;
 };

 static inline int