Re: [libvirt] [PATCH v2 02/12] qemu: Introduce qemuDomainSecretPrepare and Destroy

On Sat, Apr 16, 2016 at 10:17:35AM -0400, John Ferlan wrote: > Rather than needing to pass the conn parameter to various command > line building API's, add qemuDomainSecretPrepare just prior to the > qemuProcessLaunch which calls qemuBuilCommandLine. The function > must be called after qemuProcessPrepareHost since it's expected > to eventually need the domain masterKey generated during the prepare > host call. Additionally, future patches may require device aliases > (assigned during the prepare domain call) in order to associate > the secret objects. > > The qemuDomainSecretDestroy is called after the qemuProcessLaunch > finishes in order to clear and free memory used by the secrets > that were recently prepared, so they are not kept around in memory > too long. > > Placing the setup here is beneficial for future patches which will > need the domain masterKey in order to generate an encrypted secret > along with an initialization vector to be saved and passed (since > the masterKey shouldn't be passed around). > > Finally, since the secret is not added during command line build, > the hotplug code will need to get the secret into the private disk data. > > Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt; > --- > src/qemu/qemu_command.c | 45 ++++----------- > src/qemu/qemu_command.h | 5 +- > src/qemu/qemu_domain.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++-- > src/qemu/qemu_domain.h | 15 ++++- > src/qemu/qemu_driver.c | 10 ++-- > src/qemu/qemu_hotplug.c | 26 +++++---- > src/qemu/qemu_hotplug.h | 1 - > src/qemu/qemu_process.c | 8 +++ > 8 files changed, 202 insertions(+), 58 deletions(-) > > @@ -1033,8 +1012,7 @@ qemuCheckFips(void) > > > char * > -qemuBuildDriveStr(virConnectPtr conn, > - virDomainDiskDefPtr disk, It's really nice to see the 'conn' go. > +qemuBuildDriveStr(virDomainDiskDefPtr disk, > bool bootable, > virQEMUCapsPtr qemuCaps) > { > diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c > index 81d86c2..c9f43fa 100644 > --- a/src/qemu/qemu_process.c > +++ b/src/qemu/qemu_process.c > @@ -5640,6 +5640,9 @@ qemuProcessStart(virConnectPtr conn, > if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0) > goto stop; > > + if (qemuDomainSecretPrepare(conn, vm) < 0) > + goto cleanup; > + The call fits better in qemuProcessPrepareDomain, that way it will be called even for incoming migration.