On 05/02/2016 07:38 AM, Ján Tomko wrote:
On Sat, Apr 16, 2016 at 10:17:35AM -0400, John Ferlan wrote:
Rather than needing to pass the conn parameter to various command line building API's, add qemuDomainSecretPrepare just prior to the qemuProcessLaunch which calls qemuBuilCommandLine. The function must be called after qemuProcessPrepareHost since it's expected to eventually need the domain masterKey generated during the prepare host call. Additionally, future patches may require device aliases (assigned during the prepare domain call) in order to associate the secret objects.
The qemuDomainSecretDestroy is called after the qemuProcessLaunch finishes in order to clear and free memory used by the secrets that were recently prepared, so they are not kept around in memory too long.
Placing the setup here is beneficial for future patches which will need the domain masterKey in order to generate an encrypted secret along with an initialization vector to be saved and passed (since the masterKey shouldn't be passed around).
Finally, since the secret is not added during command line build, the hotplug code will need to get the secret into the private disk data.
Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/qemu/qemu_command.c | 45 ++++----------- src/qemu/qemu_command.h | 5 +- src/qemu/qemu_domain.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++-- src/qemu/qemu_domain.h | 15 ++++- src/qemu/qemu_driver.c | 10 ++-- src/qemu/qemu_hotplug.c | 26 +++++---- src/qemu/qemu_hotplug.h | 1 - src/qemu/qemu_process.c | 8 +++ 8 files changed, 202 insertions(+), 58 deletions(-)
@@ -1033,8 +1012,7 @@ qemuCheckFips(void)
char * -qemuBuildDriveStr(virConnectPtr conn, - virDomainDiskDefPtr disk,
It's really nice to see the 'conn' go.
+qemuBuildDriveStr(virDomainDiskDefPtr disk, bool bootable, virQEMUCapsPtr qemuCaps) {
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 81d86c2..c9f43fa 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5640,6 +5640,9 @@ qemuProcessStart(virConnectPtr conn, if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0) goto stop;
+ if (qemuDomainSecretPrepare(conn, vm) < 0) + goto cleanup; +
The call fits better in qemuProcessPrepareDomain, that way it will be called even for incoming migration.
Understood; however, PrepareDomain doesn't have everything that will be needed. The qemuProcessPrepareHost must run first in order to create "priv->libDir" in order to write the domain master key secret that will be used in "future patches" (11/12 of this series) in order to generate an Initialization Vector secret. I think it's possible to move the call into qemuProcessPrepareHost if you think that works better/fine. The qemuProcessCreatePretendCmd already calls qemuDomainSecretPrepare, so that "should" cover the testing scenario... John