RE: [PATCH v1 7/7] qemu: add support for librbd layered encryption
-----Original Message-----
From: Peter Krempa <pkrempa(a)redhat.com>
Sent: Friday, 10 March 2023 11:47
To: Or Ozeri <ORO(a)il.ibm.com>
Cc: libvir-list(a)redhat.com; idryomov(a)gmail.com; Danny Harnik
<DANNYH(a)il.ibm.com>
Subject: [EXTERNAL] Re: [PATCH v1 7/7] qemu: add support for librbd layered
encryption
> @@ -5210,6 +5216,14 @@
qemuDomainValidateStorageSource(virStorageSource *src,
> _("librbd encryption is supported only with
RBD backed
disks"));
> return -1;
> }
> +
> + if (src->encryption->nsecrets > 1) {
> + if (!virQEMUCapsGet(qemuCaps,
QEMU_CAPS_RBD_ENCRYPTION_LAYERING)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s",
> + _("librbd encryption layering is not
supported by this
QEMU binary"));
> + return -1;
> + }
As noted in previous patch you must here validate that also the disk is not an
SD card.
I tried searching the code to understand these questions:
1. How to tell that a disk is an SD card?
2. Why should using multiple secrets be prevented on an SD card disk? And why is a single
secret OK?
I could not find an answer to question 2. But I count on your expertise so we can ignore
this question.
The first question however must be answered in order to implement the check you talked
about.
My guess is the answer is (disk->bus == VIR_DOMAIN_DISK_BUS_SD). Is this correct?
But then, you said the check is to be placed inside qemuDomainValidateStorageSource, which
has the virStorageSource, but not the parent virDomainDiskDef.
Do you suggest to extend the signature of qemuDomainValidateStorageSource with an
additional "bool isSdDisk"?