[PATCH 02/10] qemu: Use qemuBlockStorageSourceIsQEMULuks/qemuBlockStorageSourceIsRaw

Thursday, 14 December 2023

Refactor code checking whether image is raw. This fixes multiple places
where a LUKS encrypted disk could be mistreated.

Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt;
---
 src/qemu/qemu_block.c   | 32 ++++++++++++--------------------
 src/qemu/qemu_command.c |  2 +-
 src/qemu/qemu_driver.c  |  4 ++--
 3 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 845b273b27..83954690d6 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -177,7 +177,7 @@ bool
 qemuBlockStorageSourceSupportsConcurrentAccess(virStorageSource *src)
 {
     /* no need to check in backing chain since only RAW storage supports this */
-    return src->format == VIR_STORAGE_FILE_RAW;
+    return qemuBlockStorageSourceIsRaw(src);
 }


@@ -1336,10 +1336,12 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStorageSource
*src)
     case VIR_STORAGE_FILE_FAT:
         /* The fat layer is emulated by the storage access layer, so we need to
          * put a raw layer on top */
+        if (qemuBlockStorageSourceGetFormatRawProps(src, props) < 0)
+            return NULL;
+        break;
+
     case VIR_STORAGE_FILE_RAW:
-        if (src->encryption &&
-            src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU
&&
-            src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+        if (qemuBlockStorageSourceIsQEMULuks(src)) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
         } else {
@@ -2080,9 +2082,7 @@ qemuBlockStorageSourceCreateAddBacking(virStorageSource *backing,
         return 0;

     if (format) {
-        if (backing->format == VIR_STORAGE_FILE_RAW &&
-            backing->encryption &&
-            backing->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
+        if (qemuBlockStorageSourceIsQEMULuks(backing))
             backingFormatStr = "luks";
         else
             backingFormatStr = virStorageFileFormatTypeToString(backing->format);
@@ -2313,8 +2313,7 @@ qemuBlockStorageSourceCreateGetFormatProps(virStorageSource *src,
 {
     switch ((virStorageFileFormat) src->format) {
     case VIR_STORAGE_FILE_RAW:
-        if (!src->encryption ||
-            src->encryption->format != VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
+        if (!qemuBlockStorageSourceIsQEMULuks(src))
             return 0;

         return qemuBlockStorageSourceCreateGetFormatPropsLUKS(src, props);
@@ -2584,8 +2583,8 @@ qemuBlockStorageSourceCreateFormat(virDomainObj *vm,
     g_autoptr(virJSONValue) createformatprops = NULL;
     int ret;

-    if (src->format == VIR_STORAGE_FILE_RAW &&
-        !src->encryption)
+    /* we don't bother creating only a true 'raw' image */
+    if (qemuBlockStorageSourceIsRaw(src))
         return 0;

     if (qemuBlockStorageSourceCreateGetFormatProps(src, backingStore,
@@ -2743,7 +2742,7 @@ qemuBlockStorageSourceCreateDetectSize(GHashTable
*blockNamedNodeData,
         }
     }

-    if (src->format == VIR_STORAGE_FILE_RAW) {
+    if (qemuBlockStorageSourceIsRaw(src)) {
         src->physical = entry->capacity;
     } else {
         src->physical = entry->physical;
@@ -3299,14 +3298,7 @@ qemuBlockStorageSourceNeedsStorageSliceLayer(const virStorageSource
*src)
     if (!src->sliceStorage)
         return false;

-    if (src->format != VIR_STORAGE_FILE_RAW)
-        return true;
-
-    if (src->encryption &&
-        src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
-        return true;
-
-    return false;
+    return !qemuBlockStorageSourceIsRaw(src);
 }


diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 23909dbbab..47b18923c0 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1631,7 +1631,7 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
     virBufferAddLit(buf, ",");

     if (encinfo) {
-        if (disk->src->format == VIR_STORAGE_FILE_RAW) {
+        if (qemuBlockStorageSourceIsQEMULuks(disk->src)) {
             virBufferAsprintf(buf, "key-secret=%s,", encinfo[0]->alias);
             rawluks = true;
         } else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 &&
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 9331369d4d..4a21e5af9c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10090,7 +10090,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
         goto cleanup;
     }

-    if (disk->src->format != VIR_STORAGE_FILE_RAW) {
+    if (qemuBlockStorageSourceIsRaw(disk->src)) {
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("peeking is only supported for disk with 'raw'
format not '%1$s'"),
                        virStorageFileFormatTypeToString(disk->src->format));
@@ -10285,7 +10285,7 @@ qemuStorageLimitsRefresh(virQEMUDriverConfig *cfg,
      * query the highest allocated extent from QEMU
      */
     if (virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_BLOCK &&
-        src->format != VIR_STORAGE_FILE_RAW &&
+        !qemuBlockStorageSourceIsRaw(src) &&
         S_ISBLK(sb.st_mode))
         src->allocation = 0;

-- 
2.43.0

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 02/10] qemu: Use qemuBlockStorageSourceIsQEMULuks/qemuBlockStorageSourceIsRaw