[PATCH v2 3/7] qemu: add multi-secret support in qemuBlockStorageSourceAttachData

Monday, 13 March 2023

This commit changes the qemuBlockStorageSourceAttachData struct
to support multiple secrets (instead of a single one before this commit).
This will useful for storage encryption requiring more than a single secret.

Signed-off-by: Or Ozeri <oro(a)il.ibm.com&gt;
---
 src/qemu/qemu_block.c    | 32 +++++++++++++++++++++++---------
 src/qemu/qemu_block.h    |  5 +++--
 src/qemu/qemu_blockjob.c |  6 ++++++
 src/qemu/qemu_command.c  | 19 +++++++++++++++----
 4 files changed, 47 insertions(+), 15 deletions(-)

diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 8fcebd8992..9e1ecf68f9 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1311,6 +1311,7 @@ qemuBlockStorageSourceGetBlockdevStorageSliceProps(virStorageSource
*src)
 void
 qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachData *data)
 {
+    size_t i;
     if (!data)
         return;
 
@@ -1320,12 +1321,16 @@
qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachData *data)
     virJSONValueFree(data->prmgrProps);
     virJSONValueFree(data->authsecretProps);
     virJSONValueFree(data->httpcookiesecretProps);
-    virJSONValueFree(data->encryptsecretProps);
+    for (i = 0; i < data->encryptsecretCount; ++i) {
+        virJSONValueFree(data->encryptsecretProps[i]);
+        g_free(data->encryptsecretAlias[i]);
+    }
     virJSONValueFree(data->tlsProps);
     virJSONValueFree(data->tlsKeySecretProps);
     g_free(data->tlsAlias);
     g_free(data->tlsKeySecretAlias);
     g_free(data->authsecretAlias);
+    g_free(data->encryptsecretProps);
     g_free(data->encryptsecretAlias);
     g_free(data->httpcookiesecretAlias);
     g_free(data->driveCmd);
@@ -1436,10 +1441,12 @@ static int
 qemuBlockStorageSourceAttachApplyFormatDeps(qemuMonitor *mon,
                                             qemuBlockStorageSourceAttachData *data)
 {
-    if (data->encryptsecretProps &&
-        qemuMonitorAddObject(mon, &data->encryptsecretProps,
-                             &data->encryptsecretAlias) < 0)
-        return -1;
+    size_t i;
+    for (i = 0; i < data->encryptsecretCount; ++i) {
+        if (qemuMonitorAddObject(mon, &data->encryptsecretProps[i],
+                                 &data->encryptsecretAlias[i]) < 0)
+            return -1;
+    }
 
     return 0;
 }
@@ -1525,6 +1532,7 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mon,
                                      qemuBlockStorageSourceAttachData *data)
 {
     virErrorPtr orig_err;
+    size_t i;
 
     virErrorPreserveLast(&orig_err);
 
@@ -1550,8 +1558,10 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mon,
     if (data->authsecretAlias)
         ignore_value(qemuMonitorDelObject(mon, data->authsecretAlias, false));
 
-    if (data->encryptsecretAlias)
-        ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlias, false));
+    for (i = 0; i < data->encryptsecretCount; ++i) {
+        if (data->encryptsecretAlias[i])
+            ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlias[i],
false));
+    }
 
     if (data->httpcookiesecretAlias)
         ignore_value(qemuMonitorDelObject(mon, data->httpcookiesecretAlias, false));
@@ -1606,8 +1616,12 @@ qemuBlockStorageSourceDetachPrepare(virStorageSource *src)
         if (srcpriv->secinfo)
             data->authsecretAlias = g_strdup(srcpriv->secinfo->alias);
 
-        if (srcpriv->encinfo)
-            data->encryptsecretAlias = g_strdup(srcpriv->encinfo->alias);
+        if (srcpriv->encinfo) {
+            data->encryptsecretCount = 1;
+            data->encryptsecretProps = g_new0(virJSONValue *, 1);
+            data->encryptsecretAlias = g_new0(char *, 1);
+            data->encryptsecretAlias[0] = g_strdup(srcpriv->encinfo->alias);
+        }
 
         if (srcpriv->httpcookie)
             data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->alias);
diff --git a/src/qemu/qemu_block.h b/src/qemu/qemu_block.h
index 5a61a19da2..530d88d28e 100644
--- a/src/qemu/qemu_block.h
+++ b/src/qemu/qemu_block.h
@@ -89,8 +89,9 @@ struct qemuBlockStorageSourceAttachData {
     virJSONValue *authsecretProps;
     char *authsecretAlias;
 
-    virJSONValue *encryptsecretProps;
-    char *encryptsecretAlias;
+    size_t encryptsecretCount;
+    virJSONValue **encryptsecretProps;
+    char **encryptsecretAlias;
 
     virJSONValue *httpcookiesecretProps;
     char *httpcookiesecretAlias;
diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
index a20cf1db62..818e90022c 100644
--- a/src/qemu/qemu_blockjob.c
+++ b/src/qemu/qemu_blockjob.c
@@ -1336,9 +1336,15 @@ qemuBlockJobProcessEventConcludedCreate(virQEMUDriver *driver,
     /* the format node part was not attached yet, so we don't need to detach it */
     backend->formatAttached = false;
     if (job->data.create.storage) {
+        size_t i;
+
         backend->storageAttached = false;
         backend->storageSliceAttached = false;
+        for (i = 0; i < backend->encryptsecretCount; ++i) {
+            VIR_FREE(backend->encryptsecretAlias[i]);
+        }
         VIR_FREE(backend->encryptsecretAlias);
+        VIR_FREE(backend->encryptsecretProps);
     }
 
     if (qemuDomainObjEnterMonitorAsync(vm, asyncJob) < 0)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 929bcc0be1..f166e1c891 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2108,15 +2108,21 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virCommand *cmd,
                                                  virQEMUCaps *qemuCaps)
 {
     char *tmp;
+    size_t i;
 
     if (qemuBuildObjectCommandline(cmd, data->prmgrProps, qemuCaps) < 0 ||
         qemuBuildObjectCommandline(cmd, data->authsecretProps, qemuCaps) < 0 ||
-        qemuBuildObjectCommandline(cmd, data->encryptsecretProps, qemuCaps) < 0 ||
         qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps, qemuCaps) < 0
||
         qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps, qemuCaps) < 0 ||
         qemuBuildObjectCommandline(cmd, data->tlsProps, qemuCaps) < 0)
         return -1;
 
+    for (i = 0; i < data->encryptsecretCount; ++i) {
+        if (qemuBuildObjectCommandline(cmd, data->encryptsecretProps[i], qemuCaps)
< 0) {
+            return -1;
+        }
+    }
+
     if (data->driveCmd)
         virCommandAddArgList(cmd, "-drive", data->driveCmd, NULL);
 
@@ -10739,9 +10745,14 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
             qemuBuildSecretInfoProps(srcpriv->secinfo, &data->authsecretProps)
< 0)
             return -1;
 
-        if (srcpriv->encinfo &&
-            qemuBuildSecretInfoProps(srcpriv->encinfo,
&data->encryptsecretProps) < 0)
-            return -1;
+        if (srcpriv->encinfo) {
+            data->encryptsecretCount = 1;
+            data->encryptsecretProps = g_new0(virJSONValue *, 1);
+            data->encryptsecretAlias = g_new0(char *, 1);
+
+           if (qemuBuildSecretInfoProps(srcpriv->encinfo,
&data->encryptsecretProps[0]) < 0)
+               return -1;
+        }
 
         if (srcpriv->httpcookie &&
             qemuBuildSecretInfoProps(srcpriv->httpcookie,
&data->httpcookiesecretProps) < 0)
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v2 3/7] qemu: add multi-secret support in qemuBlockStorageSourceAttachData