From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39
 as permitted sender) client-ip=209.132.183.39;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by
 mx.zohomail.com
	with SMTPS id 1487875553933592.0729286105804;
 Thu, 23 Feb 2017 10:45:53 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIgZgQ050887;
	Thu, 23 Feb 2017 13:42:35 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgXem028506 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:33 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXi7029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:33 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:03 -0500
Message-Id: <20170223184216.5158-2-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 01/14] qemu: Introduce qemuDomainSecretInfoNew
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Create a helper which will create the secinfo used for disks, hostdevs,
and chardevs.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_domain.c | 140 ++++++++++++++++++++++++++-------------------=
----
 1 file changed, 74 insertions(+), 66 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index c187214..b7594b3 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1112,6 +1112,55 @@ qemuDomainSecretSetup(virConnectPtr conn,
 }
=20
=20
+/* qemuDomainSecretInfoNew:
+ * @conn: Pointer to connection
+ * @priv: pointer to domain private object
+ * @srcAlias: Alias base to use for TLS object
+ * @lookupType: Type of secret lookup
+ * @username: username for plain secrets
+ * @looupdef: lookup def describing secret
+ * @isLuks: boolean for luks lookup
+ * @encFmt: string for error message
+ *
+ * Helper function to create a secinfo to be used for secinfo consumers
+ *
+ * Returns @secinfo on success, NULL on failure. Caller is responsible
+ * to eventually free @secinfo.
+ */
+static qemuDomainSecretInfoPtr
+qemuDomainSecretInfoNew(virConnectPtr conn,
+                        qemuDomainObjPrivatePtr priv,
+                        const char *srcAlias,
+                        virSecretLookupType lookupType,
+                        const char *username,
+                        virSecretLookupTypeDefPtr lookupDef,
+                        bool isLuks,
+                        const char *encFmt)
+{
+    qemuDomainSecretInfoPtr secinfo =3D NULL;
+
+    if (VIR_ALLOC(secinfo) < 0)
+        return NULL;
+
+    if (qemuDomainSecretSetup(conn, priv, secinfo, srcAlias, lookupType,
+                              username, lookupDef, isLuks) < 0)
+        goto error;
+
+    if (encFmt && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("%s requires encrypted secrets to be supported"),
+                       encFmt);
+        goto error;
+    }
+
+    return secinfo;
+
+ error:
+    qemuDomainSecretInfoFree(&secinfo);
+    return NULL;
+}
+
+
 /* qemuDomainSecretDiskDestroy:
  * @disk: Pointer to a disk definition
  *
@@ -1171,51 +1220,30 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
 {
     virStorageSourcePtr src =3D disk->src;
     qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk);
-    qemuDomainSecretInfoPtr secinfo =3D NULL;
=20
     if (qemuDomainSecretDiskCapable(src)) {
         virSecretUsageType secretUsageType =3D VIR_SECRET_USAGE_TYPE_ISCSI;
=20
-        if (VIR_ALLOC(secinfo) < 0)
-            return -1;
-
         if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD)
             secretUsageType =3D VIR_SECRET_USAGE_TYPE_CEPH;
=20
-        if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
-                                  secretUsageType, src->auth->username,
-                                  &src->auth->seclookupdef, false) < 0)
-            goto error;
-
-        diskPriv->secinfo =3D secinfo;
+        if (!(diskPriv->secinfo =3D
+              qemuDomainSecretInfoNew(conn, priv, disk->info.alias,
+                                      secretUsageType, src->auth->username,
+                                      &src->auth->seclookupdef, false, NUL=
L)))
+              return -1;
     }
=20
     if (qemuDomainDiskHasEncryptionSecret(src)) {
-
-        if (VIR_ALLOC(secinfo) < 0)
-            return -1;
-
-        if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
-                                  VIR_SECRET_USAGE_TYPE_VOLUME, NULL,
-                                  &src->encryption->secrets[0]->seclookupd=
ef,
-                                  true) < 0)
-            goto error;
-
-        if (secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("luks encryption requires encrypted secrets "
-                             "to be supported"));
-            goto error;
-        }
-
-        diskPriv->encinfo =3D secinfo;
+        if (!(diskPriv->encinfo =3D
+              qemuDomainSecretInfoNew(conn, priv, disk->info.alias,
+                                      VIR_SECRET_USAGE_TYPE_VOLUME, NULL,
+                                      &src->encryption->secrets[0]->secloo=
kupdef,
+                                      true, "luks encryption")))
+              return -1;
     }
=20
     return 0;
-
- error:
-    qemuDomainSecretInfoFree(&secinfo);
-    return -1;
 }
=20
=20
@@ -1251,8 +1279,6 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
                                qemuDomainObjPrivatePtr priv,
                                virDomainHostdevDefPtr hostdev)
 {
-    qemuDomainSecretInfoPtr secinfo =3D NULL;
-
     if (virHostdevIsSCSIDevice(hostdev)) {
         virDomainHostdevSubsysSCSIPtr scsisrc =3D &hostdev->source.subsys.=
u.scsi;
         virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D &scsisrc->u.iscsi;
@@ -1263,24 +1289,17 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
             qemuDomainHostdevPrivatePtr hostdevPriv =3D
                 QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev);
=20
-            if (VIR_ALLOC(secinfo) < 0)
+            if (!(hostdevPriv->secinfo =3D
+                  qemuDomainSecretInfoNew(conn, priv, hostdev->info->alias,
+                                          VIR_SECRET_USAGE_TYPE_ISCSI,
+                                          iscsisrc->auth->username,
+                                          &iscsisrc->auth->seclookupdef,
+                                          false, NULL)))
                 return -1;
-
-            if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->=
alias,
-                                      VIR_SECRET_USAGE_TYPE_ISCSI,
-                                      iscsisrc->auth->username,
-                                      &iscsisrc->auth->seclookupdef, false=
) < 0)
-                goto error;
-
-            hostdevPriv->secinfo =3D secinfo;
         }
     }
=20
     return 0;
-
- error:
-    qemuDomainSecretInfoFree(&secinfo);
-    return -1;
 }
=20
=20
@@ -1322,7 +1341,6 @@ qemuDomainSecretChardevPrepare(virConnectPtr conn,
                                virDomainChrSourceDefPtr dev)
 {
     virSecretLookupTypeDef seclookupdef =3D {0};
-    qemuDomainSecretInfoPtr secinfo =3D NULL;
     char *charAlias =3D NULL;
=20
     if (dev->type !=3D VIR_DOMAIN_CHR_TYPE_TCP)
@@ -1337,36 +1355,26 @@ qemuDomainSecretChardevPrepare(virConnectPtr conn,
                          seclookupdef.u.uuid) < 0) {
             virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                            _("malformed chardev TLS secret uuid in qemu.co=
nf"));
-            goto error;
+            return -1;
         }
         seclookupdef.type =3D VIR_SECRET_LOOKUP_TYPE_UUID;
=20
-        if (VIR_ALLOC(secinfo) < 0)
-            goto error;
-
         if (!(charAlias =3D qemuAliasChardevFromDevAlias(chrAlias)))
-            goto error;
-
-        if (qemuDomainSecretSetup(conn, priv, secinfo, charAlias,
-                                  VIR_SECRET_USAGE_TYPE_TLS, NULL,
-                                  &seclookupdef, false) < 0)
-            goto error;
+            return -1;
=20
-        if (secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("TLS X.509 requires encrypted secrets "
-                             "to be supported"));
+        if (!(chrSourcePriv->secinfo =3D
+              qemuDomainSecretInfoNew(conn, priv, charAlias,
+                                      VIR_SECRET_USAGE_TYPE_TLS, NULL,
+                                      &seclookupdef, false, "TLS X.509")))
             goto error;
-        }
=20
-        chrSourcePriv->secinfo =3D secinfo;
+        VIR_FREE(charAlias);
     }
=20
-    VIR_FREE(charAlias);
     return 0;
=20
  error:
-    qemuDomainSecretInfoFree(&secinfo);
+    VIR_FREE(charAlias);
     return -1;
 }
=20
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39
 as permitted sender) client-ip=209.132.183.39;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by
 mx.zohomail.com
	with SMTPS id 1487875593564386.9231183577816;
 Thu, 23 Feb 2017 10:46:33 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIhEaJ050923;
	Thu, 23 Feb 2017 13:43:15 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgY1O028511 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:34 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXi8029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:34 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:04 -0500
Message-Id: <20170223184216.5158-3-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 02/14] qemu: Introduce
	qemuDomainSecretMigratePrepare
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Introduce API to Prepare a qemuDomainSecretInfoPtr to be
used with a migrate or nbd TLS object

Also alter the error message in ChardevPrepare when UUIDParse fails
to be consistent with the message for MigratePrepare

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_domain.c | 48 ++++++++++++++++++++++++++--
 src/qemu/qemu_domain.h | 85 ++++++++++++++++++++++++++++------------------=
----
 2 files changed, 94 insertions(+), 39 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index b7594b3..40c9dab 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1353,8 +1353,9 @@ qemuDomainSecretChardevPrepare(virConnectPtr conn,
=20
         if (virUUIDParse(cfg->chardevTLSx509secretUUID,
                          seclookupdef.u.uuid) < 0) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("malformed chardev TLS secret uuid in qemu.co=
nf"));
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("malformed TLS secret uuid '%s' in qemu.conf"=
),
+                           cfg->chardevTLSx509secretUUID);
             return -1;
         }
         seclookupdef.type =3D VIR_SECRET_LOOKUP_TYPE_UUID;
@@ -1379,6 +1380,47 @@ qemuDomainSecretChardevPrepare(virConnectPtr conn,
 }
=20
=20
+/* qemuDomainSecretMigratePrepare
+ * @conn: Pointer to connection
+ * @priv: pointer to domain private object
+ * @srcAlias: Alias to use (either migrate or nbd)
+ * @secretUUID: UUID for the secret from the cfg (migrate or nbd)
+ *
+ * Create and prepare the qemuDomainSecretInfoPtr to be used for either
+ * a migration or nbd. Unlike other domain secret prepare functions, this
+ * is only expected to be called for a single object/instance. Theoretical=
ly
+ * the object could be reused, although that results in keeping a secret
+ * stored in memory for perhaps longer than expected or necessary.
+ *
+ * Returns 0 on success, -1 on failure
+ */
+int
+qemuDomainSecretMigratePrepare(virConnectPtr conn,
+                               qemuDomainObjPrivatePtr priv,
+                               const char *srcAlias,
+                               const char *secretUUID)
+{
+    virSecretLookupTypeDef seclookupdef =3D {0};
+
+    if (virUUIDParse(secretUUID, seclookupdef.u.uuid) < 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("malformed TLS secret uuid '%s' in qemu.conf"),
+                       secretUUID);
+        return -1;
+    }
+    seclookupdef.type =3D VIR_SECRET_LOOKUP_TYPE_UUID;
+
+    if (!(priv->migSecinfo =3D
+          qemuDomainSecretInfoNew(conn, priv, srcAlias,
+                                  VIR_SECRET_USAGE_TYPE_TLS, NULL,
+                                  &seclookupdef, false, "TLS X.509")))
+        return -1;
+
+    return 0;
+}
+
+
+
 /* qemuDomainSecretDestroy:
  * @vm: Domain object
  *
@@ -1643,6 +1685,8 @@ qemuDomainObjPrivateFree(void *data)
=20
     VIR_FREE(priv->libDir);
     VIR_FREE(priv->channelTargetDir);
+
+    qemuDomainSecretInfoFree(&priv->migSecinfo);
     qemuDomainMasterKeyFree(priv);
=20
     VIR_FREE(priv);
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 72efa33..85f7eb6 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -175,6 +175,43 @@ VIR_ENUM_DECL(qemuDomainNamespace)
 bool qemuDomainNamespaceEnabled(virDomainObjPtr vm,
                                 qemuDomainNamespace ns);
=20
+/* Type of domain secret */
+typedef enum {
+    VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN =3D 0,
+    VIR_DOMAIN_SECRET_INFO_TYPE_AES,  /* utilize GNUTLS_CIPHER_AES_256_CBC=
 */
+
+    VIR_DOMAIN_SECRET_INFO_TYPE_LAST
+} qemuDomainSecretInfoType;
+
+typedef struct _qemuDomainSecretPlain qemuDomainSecretPlain;
+typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
+struct _qemuDomainSecretPlain {
+    char *username;
+    uint8_t *secret;
+    size_t secretlen;
+};
+
+# define QEMU_DOMAIN_AES_IV_LEN 16   /* 16 bytes for 128 bit random */
+                                     /*    initialization vector */
+typedef struct _qemuDomainSecretAES qemuDomainSecretAES;
+typedef struct _qemuDomainSecretAES *qemuDomainSecretAESPtr;
+struct _qemuDomainSecretAES {
+    char *username;
+    char *alias;      /* generated alias for secret */
+    char *iv;         /* base64 encoded initialization vector */
+    char *ciphertext; /* encoded/encrypted secret */
+};
+
+typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
+typedef qemuDomainSecretInfo *qemuDomainSecretInfoPtr;
+struct _qemuDomainSecretInfo {
+    qemuDomainSecretInfoType type;
+    union {
+        qemuDomainSecretPlain plain;
+        qemuDomainSecretAES aes;
+    } s;
+};
+
 typedef struct _qemuDomainObjPrivate qemuDomainObjPrivate;
 typedef qemuDomainObjPrivate *qemuDomainObjPrivatePtr;
 struct _qemuDomainObjPrivate {
@@ -246,48 +283,15 @@ struct _qemuDomainObjPrivate {
=20
     /* note whether memory device alias does not correspond to slot number=
 */
     bool memAliasOrderMismatch;
+
+    /* for migration's using TLS with a secret (not to be saved in our */
+    /* private XML). */
+    qemuDomainSecretInfoPtr migSecinfo;
 };
=20
 # define QEMU_DOMAIN_PRIVATE(vm)	\
     ((qemuDomainObjPrivatePtr) (vm)->privateData)
=20
-/* Type of domain secret */
-typedef enum {
-    VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN =3D 0,
-    VIR_DOMAIN_SECRET_INFO_TYPE_AES,  /* utilize GNUTLS_CIPHER_AES_256_CBC=
 */
-
-    VIR_DOMAIN_SECRET_INFO_TYPE_LAST
-} qemuDomainSecretInfoType;
-
-typedef struct _qemuDomainSecretPlain qemuDomainSecretPlain;
-typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
-struct _qemuDomainSecretPlain {
-    char *username;
-    uint8_t *secret;
-    size_t secretlen;
-};
-
-# define QEMU_DOMAIN_AES_IV_LEN 16   /* 16 bytes for 128 bit random */
-                                     /*    initialization vector */
-typedef struct _qemuDomainSecretAES qemuDomainSecretAES;
-typedef struct _qemuDomainSecretAES *qemuDomainSecretAESPtr;
-struct _qemuDomainSecretAES {
-    char *username;
-    char *alias;      /* generated alias for secret */
-    char *iv;         /* base64 encoded initialization vector */
-    char *ciphertext; /* encoded/encrypted secret */
-};
-
-typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
-typedef qemuDomainSecretInfo *qemuDomainSecretInfoPtr;
-struct _qemuDomainSecretInfo {
-    qemuDomainSecretInfoType type;
-    union {
-        qemuDomainSecretPlain plain;
-        qemuDomainSecretAES aes;
-    } s;
-};
-
 # define QEMU_DOMAIN_DISK_PRIVATE(disk)	\
     ((qemuDomainDiskPrivatePtr) (disk)->privateData)
=20
@@ -763,6 +767,13 @@ int qemuDomainSecretChardevPrepare(virConnectPtr conn,
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
     ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
=20
+int qemuDomainSecretMigratePrepare(virConnectPtr conn,
+                                   qemuDomainObjPrivatePtr priv,
+                                   const char *srcAlias,
+                                   const char *secretUUID)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4);
+
 void qemuDomainSecretDestroy(virDomainObjPtr vm)
     ATTRIBUTE_NONNULL(1);
=20
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 1487875576017990.2820065518899;
 Thu, 23 Feb 2017 10:46:16 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIhF8E040765;
	Thu, 23 Feb 2017 13:43:15 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgYdO028516 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:34 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXi9029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:34 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:05 -0500
Message-Id: <20170223184216.5158-4-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 03/14] qemu: Move exit monitor calls in failure
	paths
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Since qemuDomainObjExitMonitor can also generate error messages,
let's move it inside any error message saving code on error paths
for various hotplug add activities.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_hotplug.c | 33 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 97fb272..9e2f04b 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -442,13 +442,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
         ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)=
);
     if (encobjAdded)
         ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)=
);
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        releaseaddr =3D false;
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    if (qemuDomainObjExitMonitor(driver, vm) < 0)
-        releaseaddr =3D false;
=20
     virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
=20
@@ -728,13 +728,12 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
         ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)=
);
     if (encobjAdded)
         ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)=
);
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    ignore_value(qemuDomainObjExitMonitor(driver, vm));
-
     virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
=20
  error:
@@ -822,12 +821,12 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr=
 driver,
         VIR_WARN("Unable to remove drive %s (%s) after failed "
                  "qemuMonitorAddDevice", drivealias, drivestr);
     }
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
=20
  error:
@@ -1676,11 +1675,11 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr co=
nn,
         ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
     if (secobjAdded)
         ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
-    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     goto audit;
 }
=20
@@ -1970,12 +1969,12 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
         ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
     if (secobjAdded)
         ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     goto audit;
 }
=20
@@ -2156,13 +2155,13 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
         ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
     if (secobjAdded)
         ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        releaseaddr =3D false;
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    if (qemuDomainObjExitMonitor(driver, vm) < 0)
-        releaseaddr =3D false;
     goto audit;
 }
=20
@@ -2276,14 +2275,14 @@ qemuDomainAttachMemory(virQEMUDriverPtr driver,
     orig_err =3D virSaveLastError();
     if (objAdded)
         ignore_value(qemuMonitorDelObject(priv->mon, objalias));
-    if (orig_err) {
-        virSetError(orig_err);
-        virFreeError(orig_err);
-    }
     if (qemuDomainObjExitMonitor(driver, vm) < 0) {
         mem =3D NULL;
         goto audit;
     }
+    if (orig_err) {
+        virSetError(orig_err);
+        virFreeError(orig_err);
+    }
=20
  removedef:
     if ((id =3D virDomainMemoryFindByDef(vm->def, mem)) >=3D 0)
@@ -2506,12 +2505,12 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn,
                  "qemuMonitorAddDevice",
                  drvstr, devstr);
     }
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     virDomainAuditHostdev(vm, hostdev, "attach", false);
=20
     goto cleanup;
@@ -2798,14 +2797,14 @@ qemuDomainAttachShmemDevice(virQEMUDriverPtr driver,
             ignore_value(qemuMonitorDelObject(priv->mon, memAlias));
     }
=20
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        release_address =3D false;
+
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
-    if (qemuDomainObjExitMonitor(driver, vm) < 0)
-        release_address =3D false;
-
     goto audit;
 }
=20
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 1487875561684137.12994561746416;
 Thu, 23 Feb 2017 10:46:01 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIgdVW040740;
	Thu, 23 Feb 2017 13:42:40 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgaCY028530 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:36 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiA029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:35 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:06 -0500
Message-Id: <20170223184216.5158-5-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 04/14] qemu: Refactor hotplug to introduce
	qemuDomain{Add|Del}TLSObjects
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Refactor the TLS object adding code to make two separate API's that will
handle the add/remove of the "secret" and "tls-creds-x509" objects including
the Enter/Exit monitor commands.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_hotplug.c | 165 +++++++++++++++++++++++++++-----------------=
----
 src/qemu/qemu_hotplug.h |  13 ++++
 2 files changed, 107 insertions(+), 71 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 9e2f04b..bb90a34 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1525,6 +1525,85 @@ qemuDomainAttachHostPCIDevice(virQEMUDriverPtr drive=
r,
 }
=20
=20
+void
+qemuDomainDelTLSObjects(virQEMUDriverPtr driver,
+                        virDomainObjPtr vm,
+                        const char *secAlias,
+                        const char *tlsAlias)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virErrorPtr orig_err;
+
+    if (!tlsAlias && !secAlias)
+        return;
+
+    orig_err =3D virSaveLastError();
+
+    qemuDomainObjEnterMonitor(driver, vm);
+
+    if (tlsAlias)
+        ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
+
+    if (secAlias)
+        ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
+
+    if (orig_err) {
+        virSetError(orig_err);
+        virFreeError(orig_err);
+    }
+}
+
+
+int
+qemuDomainAddTLSObjects(virQEMUDriverPtr driver,
+                        virDomainObjPtr vm,
+                        const char *secAlias,
+                        virJSONValuePtr *secProps,
+                        const char *tlsAlias,
+                        virJSONValuePtr *tlsProps)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    int rc;
+    virErrorPtr orig_err;
+
+    if (!tlsAlias && !secAlias)
+        return 0;
+
+    qemuDomainObjEnterMonitor(driver, vm);
+
+    if (secAlias) {
+        rc =3D qemuMonitorAddObject(priv->mon, "secret",
+                                  secAlias, *secProps);
+        *secProps =3D NULL; /* qemuMonitorAddObject consumes */
+        if (rc < 0)
+            goto exit_monitor;
+    }
+
+    if (tlsAlias) {
+        rc =3D qemuMonitorAddObject(priv->mon, "tls-creds-x509",
+                                  tlsAlias, *tlsProps);
+        *tlsProps =3D NULL; /* qemuMonitorAddObject consumes */
+        if (rc < 0)
+            goto exit_monitor;
+    }
+
+    return qemuDomainObjExitMonitor(driver, vm);
+
+ exit_monitor:
+    orig_err =3D virSaveLastError();
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
+    if (orig_err) {
+        virSetError(orig_err);
+        virFreeError(orig_err);
+    }
+    qemuDomainDelTLSObjects(driver, vm, secAlias, tlsAlias);
+
+    return -1;
+}
+
+
 static int
 qemuDomainGetChardevTLSObjects(virQEMUDriverConfigPtr cfg,
                                qemuDomainObjPrivatePtr priv,
@@ -1581,8 +1660,6 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
     char *charAlias =3D NULL;
     char *devstr =3D NULL;
     bool chardevAdded =3D false;
-    bool tlsobjAdded =3D false;
-    bool secobjAdded =3D false;
     virJSONValuePtr tlsProps =3D NULL;
     virJSONValuePtr secProps =3D NULL;
     char *tlsAlias =3D NULL;
@@ -1618,25 +1695,11 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr co=
nn,
                                        &secProps, &secAlias) < 0)
         goto cleanup;
=20
-    qemuDomainObjEnterMonitor(driver, vm);
-
-    if (secAlias) {
-        rc =3D qemuMonitorAddObject(priv->mon, "secret",
-                                  secAlias, secProps);
-        secProps =3D NULL;
-        if (rc < 0)
-            goto exit_monitor;
-        secobjAdded =3D true;
-    }
+    if (qemuDomainAddTLSObjects(driver, vm, secAlias, &secProps,
+                                tlsAlias, &tlsProps) < 0)
+        goto audit;
=20
-    if (tlsAlias) {
-        rc =3D qemuMonitorAddObject(priv->mon, "tls-creds-x509",
-                                  tlsAlias, tlsProps);
-        tlsProps =3D NULL; /* qemuMonitorAddObject consumes */
-        if (rc < 0)
-            goto exit_monitor;
-        tlsobjAdded =3D true;
-    }
+    qemuDomainObjEnterMonitor(driver, vm);
=20
     if (qemuMonitorAttachCharDev(priv->mon,
                                  charAlias,
@@ -1671,15 +1734,12 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr co=
nn,
     /* detach associated chardev on error */
     if (chardevAdded)
         ignore_value(qemuMonitorDetachCharDev(priv->mon, charAlias));
-    if (tlsobjAdded)
-        ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
-    if (secobjAdded)
-        ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
     ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
+    qemuDomainDelTLSObjects(driver, vm, secAlias, tlsAlias);
     goto audit;
 }
=20
@@ -1857,10 +1917,8 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
     virDomainChrSourceDefPtr dev =3D chr->source;
     char *charAlias =3D NULL;
     bool chardevAttached =3D false;
-    bool tlsobjAdded =3D false;
     bool teardowncgroup =3D false;
     bool teardowndevice =3D false;
-    bool secobjAdded =3D false;
     virJSONValuePtr tlsProps =3D NULL;
     char *tlsAlias =3D NULL;
     virJSONValuePtr secProps =3D NULL;
@@ -1907,24 +1965,11 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
                                        &secProps, &secAlias) < 0)
         goto cleanup;
=20
-    qemuDomainObjEnterMonitor(driver, vm);
-    if (secAlias) {
-        rc =3D qemuMonitorAddObject(priv->mon, "secret",
-                                  secAlias, secProps);
-        secProps =3D NULL;
-        if (rc < 0)
-            goto exit_monitor;
-        secobjAdded =3D true;
-    }
+    if (qemuDomainAddTLSObjects(driver, vm, secAlias, &secProps,
+                                tlsAlias, &tlsProps) < 0)
+        goto audit;
=20
-    if (tlsAlias) {
-        rc =3D qemuMonitorAddObject(priv->mon, "tls-creds-x509",
-                                  tlsAlias, tlsProps);
-        tlsProps =3D NULL; /* qemuMonitorAddObject consumes */
-        if (rc < 0)
-            goto exit_monitor;
-        tlsobjAdded =3D true;
-    }
+    qemuDomainObjEnterMonitor(driver, vm);
=20
     if (qemuMonitorAttachCharDev(priv->mon, charAlias, chr->source) < 0)
         goto exit_monitor;
@@ -1965,16 +2010,13 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
     /* detach associated chardev on error */
     if (chardevAttached)
         qemuMonitorDetachCharDev(priv->mon, charAlias);
-    if (tlsobjAdded)
-        ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
-    if (secobjAdded)
-        ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
     ignore_value(qemuDomainObjExitMonitor(driver, vm));
     if (orig_err) {
         virSetError(orig_err);
         virFreeError(orig_err);
     }
=20
+    qemuDomainDelTLSObjects(driver, vm, secAlias, tlsAlias);
     goto audit;
 }
=20
@@ -1999,8 +2041,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
     bool teardowndevice =3D false;
     bool chardevAdded =3D false;
     bool objAdded =3D false;
-    bool tlsobjAdded =3D false;
-    bool secobjAdded =3D false;
     virJSONValuePtr props =3D NULL;
     virJSONValuePtr tlsProps =3D NULL;
     virJSONValuePtr secProps =3D NULL;
@@ -2075,27 +2115,13 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
                                            charAlias, &tlsProps, &tlsAlias,
                                            &secProps, &secAlias) < 0)
             goto cleanup;
-    }
=20
-    qemuDomainObjEnterMonitor(driver, vm);
-
-    if (secAlias) {
-        rv =3D qemuMonitorAddObject(priv->mon, "secret",
-                                  secAlias, secProps);
-        secProps =3D NULL;
-        if (rv < 0)
-            goto exit_monitor;
-        secobjAdded =3D true;
+        if (qemuDomainAddTLSObjects(driver, vm, secAlias, &secProps,
+                                    tlsAlias, &tlsProps) < 0)
+            goto audit;
     }
=20
-    if (tlsAlias) {
-        rv =3D qemuMonitorAddObject(priv->mon, "tls-creds-x509",
-                                  tlsAlias, tlsProps);
-        tlsProps =3D NULL; /* qemuMonitorAddObject consumes */
-        if (rv < 0)
-            goto exit_monitor;
-        tlsobjAdded =3D true;
-    }
+    qemuDomainObjEnterMonitor(driver, vm);
=20
     if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_EGD &&
         qemuMonitorAttachCharDev(priv->mon, charAlias,
@@ -2151,10 +2177,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
         ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
     if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_EGD && chardevAdded)
         ignore_value(qemuMonitorDetachCharDev(priv->mon, charAlias));
-    if (tlsobjAdded)
-        ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
-    if (secobjAdded)
-        ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
     if (qemuDomainObjExitMonitor(driver, vm) < 0)
         releaseaddr =3D false;
     if (orig_err) {
@@ -2162,6 +2184,7 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
         virFreeError(orig_err);
     }
=20
+    qemuDomainDelTLSObjects(driver, vm, secAlias, tlsAlias);
     goto audit;
 }
=20
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index 0b11c1e..24cf033 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -33,6 +33,19 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driv=
er,
                                    virDomainDiskDefPtr disk,
                                    virStorageSourcePtr newsrc,
                                    bool force);
+
+void qemuDomainDelTLSObjects(virQEMUDriverPtr driver,
+                             virDomainObjPtr vm,
+                             const char *secAlias,
+                             const char *tlsAlias);
+
+int qemuDomainAddTLSObjects(virQEMUDriverPtr driver,
+                            virDomainObjPtr vm,
+                            const char *secAlias,
+                            virJSONValuePtr *secProps,
+                            const char *tlsAlias,
+                            virJSONValuePtr *tlsProps);
+
 int qemuDomainAttachControllerDevice(virQEMUDriverPtr driver,
                                      virDomainObjPtr vm,
                                      virDomainControllerDefPtr controller);
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39
 as permitted sender) client-ip=209.132.183.39;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by
 mx.zohomail.com
	with SMTPS id 1487875633382967.1690056729063;
 Thu, 23 Feb 2017 10:47:13 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIhqID050956;
	Thu, 23 Feb 2017 13:43:52 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgbYl028535 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:37 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiB029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:36 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:07 -0500
Message-Id: <20170223184216.5158-6-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 05/14] qemu: Refactor
	qemuDomainGetChardevTLSObjects to converge code
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Create a qemuDomainAddChardevTLSObjects which will encapsulate the
qemuDomainGetChardevTLSObjects and qemuDomainAddTLSObjects so that
the callers don't need to worry about the props.

Move the dev->type and haveTLS checks in to the Add function to avoid
an unnecessary call to qemuDomainAddTLSObjects

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_hotplug.c | 80 ++++++++++++++++++++++++++-------------------=
----
 1 file changed, 43 insertions(+), 37 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index bb90a34..503fb30 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1617,10 +1617,6 @@ qemuDomainGetChardevTLSObjects(virQEMUDriverConfigPt=
r cfg,
     qemuDomainChrSourcePrivatePtr chrSourcePriv =3D
         QEMU_DOMAIN_CHR_SOURCE_PRIVATE(dev);
=20
-    if (dev->type !=3D VIR_DOMAIN_CHR_TYPE_TCP ||
-        dev->data.tcp.haveTLS !=3D VIR_TRISTATE_BOOL_YES)
-        return 0;
-
     /* Add a secret object in order to access the TLS environment.
      * The secinfo will only be created for serial TCP device. */
     if (chrSourcePriv && chrSourcePriv->secinfo) {
@@ -1647,6 +1643,43 @@ qemuDomainGetChardevTLSObjects(virQEMUDriverConfigPt=
r cfg,
 }
=20
=20
+static int
+qemuDomainAddChardevTLSObjects(virQEMUDriverPtr driver,
+                               virQEMUDriverConfigPtr cfg,
+                               virDomainObjPtr vm,
+                               virDomainChrSourceDefPtr dev,
+                               char *charAlias,
+                               char **tlsAlias,
+                               char **secAlias)
+{
+    int ret =3D -1;
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virJSONValuePtr tlsProps =3D NULL;
+    virJSONValuePtr secProps =3D NULL;
+
+    if (dev->type !=3D VIR_DOMAIN_CHR_TYPE_TCP ||
+        dev->data.tcp.haveTLS !=3D VIR_TRISTATE_BOOL_YES)
+        return 0;
+
+    if (qemuDomainGetChardevTLSObjects(cfg, priv, dev, charAlias,
+                                       &tlsProps, tlsAlias,
+                                       &secProps, secAlias) < 0)
+        goto cleanup;
+
+    if (qemuDomainAddTLSObjects(driver, vm, *secAlias, &secProps,
+                                *tlsAlias, &tlsProps) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+
+ cleanup:
+    virJSONValueFree(tlsProps);
+    virJSONValueFree(secProps);
+
+    return ret;
+}
+
+
 int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
                                    virQEMUDriverPtr driver,
                                    virDomainObjPtr vm,
@@ -1660,8 +1693,6 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
     char *charAlias =3D NULL;
     char *devstr =3D NULL;
     bool chardevAdded =3D false;
-    virJSONValuePtr tlsProps =3D NULL;
-    virJSONValuePtr secProps =3D NULL;
     char *tlsAlias =3D NULL;
     char *secAlias =3D NULL;
     bool need_release =3D false;
@@ -1690,13 +1721,8 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr con=
n,
                                        redirdev->source) < 0)
         goto cleanup;
=20
-    if (qemuDomainGetChardevTLSObjects(cfg, priv, redirdev->source,
-                                       charAlias, &tlsProps, &tlsAlias,
-                                       &secProps, &secAlias) < 0)
-        goto cleanup;
-
-    if (qemuDomainAddTLSObjects(driver, vm, secAlias, &secProps,
-                                tlsAlias, &tlsProps) < 0)
+    if (qemuDomainAddChardevTLSObjects(driver, cfg, vm, redirdev->source,
+                                       charAlias, &tlsAlias, &secAlias) < =
0)
         goto audit;
=20
     qemuDomainObjEnterMonitor(driver, vm);
@@ -1721,9 +1747,7 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
     if (ret < 0 && need_release)
         qemuDomainReleaseDeviceAddress(vm, &redirdev->info, NULL);
     VIR_FREE(tlsAlias);
-    virJSONValueFree(tlsProps);
     VIR_FREE(secAlias);
-    virJSONValueFree(secProps);
     VIR_FREE(charAlias);
     VIR_FREE(devstr);
     virObjectUnref(cfg);
@@ -1919,9 +1943,7 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
     bool chardevAttached =3D false;
     bool teardowncgroup =3D false;
     bool teardowndevice =3D false;
-    virJSONValuePtr tlsProps =3D NULL;
     char *tlsAlias =3D NULL;
-    virJSONValuePtr secProps =3D NULL;
     char *secAlias =3D NULL;
     bool need_release =3D false;
=20
@@ -1960,13 +1982,8 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
                                        dev) < 0)
         goto cleanup;
=20
-    if (qemuDomainGetChardevTLSObjects(cfg, priv, dev, charAlias,
-                                       &tlsProps, &tlsAlias,
-                                       &secProps, &secAlias) < 0)
-        goto cleanup;
-
-    if (qemuDomainAddTLSObjects(driver, vm, secAlias, &secProps,
-                                tlsAlias, &tlsProps) < 0)
+    if (qemuDomainAddChardevTLSObjects(driver, cfg, vm, dev, charAlias,
+                                       &tlsAlias, &secAlias) < 0)
         goto audit;
=20
     qemuDomainObjEnterMonitor(driver, vm);
@@ -1997,9 +2014,7 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
             VIR_WARN("Unable to remove chr device from /dev");
     }
     VIR_FREE(tlsAlias);
-    virJSONValueFree(tlsProps);
     VIR_FREE(secAlias);
-    virJSONValueFree(secProps);
     VIR_FREE(charAlias);
     VIR_FREE(devstr);
     virObjectUnref(cfg);
@@ -2042,8 +2057,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
     bool chardevAdded =3D false;
     bool objAdded =3D false;
     virJSONValuePtr props =3D NULL;
-    virJSONValuePtr tlsProps =3D NULL;
-    virJSONValuePtr secProps =3D NULL;
     virDomainCCWAddressSetPtr ccwaddrs =3D NULL;
     const char *type;
     int ret =3D -1;
@@ -2111,13 +2124,8 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
                                            rng->source.chardev) < 0)
             goto cleanup;
=20
-        if (qemuDomainGetChardevTLSObjects(cfg, priv, rng->source.chardev,
-                                           charAlias, &tlsProps, &tlsAlias,
-                                           &secProps, &secAlias) < 0)
-            goto cleanup;
-
-        if (qemuDomainAddTLSObjects(driver, vm, secAlias, &secProps,
-                                    tlsAlias, &tlsProps) < 0)
+        if (qemuDomainAddChardevTLSObjects(driver, cfg, vm, rng->source.ch=
ardev,
+                                           charAlias, &tlsAlias, &secAlias=
) < 0)
             goto audit;
     }
=20
@@ -2150,8 +2158,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
  audit:
     virDomainAuditRNG(vm, NULL, rng, "attach", ret =3D=3D 0);
  cleanup:
-    virJSONValueFree(tlsProps);
-    virJSONValueFree(secProps);
     virJSONValueFree(props);
     if (ret < 0) {
         if (releaseaddr)
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.24
 as permitted sender) client-ip=209.132.183.24;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx3-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.24 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) by
 mx.zohomail.com
	with SMTPS id 148787562851742.92036941009087;
 Thu, 23 Feb 2017 10:47:08 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1NIhqc0030025;
	Thu, 23 Feb 2017 13:43:52 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgboT028540 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:37 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiC029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:37 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:08 -0500
Message-Id: <20170223184216.5158-7-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 06/14] qemu: Move
	qemuDomainSecretChardevPrepare call
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Move the call to inside the qemuDomainAddChardevTLSObjects in order to
further converge the code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_hotplug.c | 33 +++++++++++++++------------------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 503fb30..b59f3ab 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1644,10 +1644,12 @@ qemuDomainGetChardevTLSObjects(virQEMUDriverConfigP=
tr cfg,
=20
=20
 static int
-qemuDomainAddChardevTLSObjects(virQEMUDriverPtr driver,
+qemuDomainAddChardevTLSObjects(virConnectPtr conn,
+                               virQEMUDriverPtr driver,
                                virQEMUDriverConfigPtr cfg,
                                virDomainObjPtr vm,
                                virDomainChrSourceDefPtr dev,
+                               char *devAlias,
                                char *charAlias,
                                char **tlsAlias,
                                char **secAlias)
@@ -1661,6 +1663,9 @@ qemuDomainAddChardevTLSObjects(virQEMUDriverPtr drive=
r,
         dev->data.tcp.haveTLS !=3D VIR_TRISTATE_BOOL_YES)
         return 0;
=20
+    if (qemuDomainSecretChardevPrepare(conn, cfg, priv, devAlias, dev) < 0)
+        goto cleanup;
+
     if (qemuDomainGetChardevTLSObjects(cfg, priv, dev, charAlias,
                                        &tlsProps, tlsAlias,
                                        &secProps, secAlias) < 0)
@@ -1717,12 +1722,9 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr con=
n,
     if (VIR_REALLOC_N(def->redirdevs, def->nredirdevs+1) < 0)
         goto cleanup;
=20
-    if (qemuDomainSecretChardevPrepare(conn, cfg, priv, redirdev->info.ali=
as,
-                                       redirdev->source) < 0)
-        goto cleanup;
-
-    if (qemuDomainAddChardevTLSObjects(driver, cfg, vm, redirdev->source,
-                                       charAlias, &tlsAlias, &secAlias) < =
0)
+    if (qemuDomainAddChardevTLSObjects(conn, driver, cfg, vm, redirdev->so=
urce,
+                                       redirdev->info.alias, charAlias,
+                                       &tlsAlias, &secAlias) < 0)
         goto audit;
=20
     qemuDomainObjEnterMonitor(driver, vm);
@@ -1978,11 +1980,8 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
     if (qemuDomainChrPreInsert(vmdef, chr) < 0)
         goto cleanup;
=20
-    if (qemuDomainSecretChardevPrepare(conn, cfg, priv, chr->info.alias,
-                                       dev) < 0)
-        goto cleanup;
-
-    if (qemuDomainAddChardevTLSObjects(driver, cfg, vm, dev, charAlias,
+    if (qemuDomainAddChardevTLSObjects(conn, driver, cfg, vm, dev,
+                                       chr->info.alias, charAlias,
                                        &tlsAlias, &secAlias) < 0)
         goto audit;
=20
@@ -2120,12 +2119,10 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
         goto cleanup;
=20
     if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_EGD) {
-        if (qemuDomainSecretChardevPrepare(conn, cfg, priv, rng->info.alia=
s,
-                                           rng->source.chardev) < 0)
-            goto cleanup;
-
-        if (qemuDomainAddChardevTLSObjects(driver, cfg, vm, rng->source.ch=
ardev,
-                                           charAlias, &tlsAlias, &secAlias=
) < 0)
+        if (qemuDomainAddChardevTLSObjects(conn, driver, cfg, vm,
+                                           rng->source.chardev,
+                                           rng->info.alias, charAlias,
+                                           &tlsAlias, &secAlias) < 0)
             goto audit;
     }
=20
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.24
 as permitted sender) client-ip=209.132.183.24;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx3-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.24 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) by
 mx.zohomail.com
	with SMTPS id 1487875592404407.75741130099686;
 Thu, 23 Feb 2017 10:46:32 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1NIhHuM029994;
	Thu, 23 Feb 2017 13:43:17 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgbfs028545 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:37 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiD029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:37 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:09 -0500
Message-Id: <20170223184216.5158-8-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 07/14] qemu: Move
	qemuDomainPrepareChardevSourceTLS call
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Move the call to inside the qemuDomainAddChardevTLSObjects in order to
further converge the code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_hotplug.c | 31 ++++++++++++-------------------
 1 file changed, 12 insertions(+), 19 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index b59f3ab..d7a1f1f 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1646,7 +1646,6 @@ qemuDomainGetChardevTLSObjects(virQEMUDriverConfigPtr=
 cfg,
 static int
 qemuDomainAddChardevTLSObjects(virConnectPtr conn,
                                virQEMUDriverPtr driver,
-                               virQEMUDriverConfigPtr cfg,
                                virDomainObjPtr vm,
                                virDomainChrSourceDefPtr dev,
                                char *devAlias,
@@ -1655,13 +1654,19 @@ qemuDomainAddChardevTLSObjects(virConnectPtr conn,
                                char **secAlias)
 {
     int ret =3D -1;
+    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     virJSONValuePtr tlsProps =3D NULL;
     virJSONValuePtr secProps =3D NULL;
=20
+    /* NB: This may alter haveTLS based on cfg */
+    qemuDomainPrepareChardevSourceTLS(dev, cfg);
+
     if (dev->type !=3D VIR_DOMAIN_CHR_TYPE_TCP ||
-        dev->data.tcp.haveTLS !=3D VIR_TRISTATE_BOOL_YES)
-        return 0;
+        dev->data.tcp.haveTLS !=3D VIR_TRISTATE_BOOL_YES) {
+        ret =3D 0;
+        goto cleanup;
+    }
=20
     if (qemuDomainSecretChardevPrepare(conn, cfg, priv, devAlias, dev) < 0)
         goto cleanup;
@@ -1680,6 +1685,7 @@ qemuDomainAddChardevTLSObjects(virConnectPtr conn,
  cleanup:
     virJSONValueFree(tlsProps);
     virJSONValueFree(secProps);
+    virObjectUnref(cfg);
=20
     return ret;
 }
@@ -1692,7 +1698,6 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
 {
     int ret =3D -1;
     int rc;
-    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     virDomainDefPtr def =3D vm->def;
     char *charAlias =3D NULL;
@@ -1703,8 +1708,6 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
     bool need_release =3D false;
     virErrorPtr orig_err;
=20
-    qemuDomainPrepareChardevSourceTLS(redirdev->source, cfg);
-
     if (qemuAssignDeviceRedirdevAlias(def, redirdev, -1) < 0)
         goto cleanup;
=20
@@ -1722,7 +1725,7 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
     if (VIR_REALLOC_N(def->redirdevs, def->nredirdevs+1) < 0)
         goto cleanup;
=20
-    if (qemuDomainAddChardevTLSObjects(conn, driver, cfg, vm, redirdev->so=
urce,
+    if (qemuDomainAddChardevTLSObjects(conn, driver, vm, redirdev->source,
                                        redirdev->info.alias, charAlias,
                                        &tlsAlias, &secAlias) < 0)
         goto audit;
@@ -1752,7 +1755,6 @@ int qemuDomainAttachRedirdevDevice(virConnectPtr conn,
     VIR_FREE(secAlias);
     VIR_FREE(charAlias);
     VIR_FREE(devstr);
-    virObjectUnref(cfg);
     return ret;
=20
  exit_monitor:
@@ -1935,7 +1937,6 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
                               virDomainChrDefPtr chr)
 {
     int ret =3D -1, rc;
-    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     virErrorPtr orig_err;
     virDomainDefPtr vmdef =3D vm->def;
@@ -1953,8 +1954,6 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
         qemuDomainPrepareChannel(chr, priv->channelTargetDir) < 0)
         goto cleanup;
=20
-    qemuDomainPrepareChardevSourceTLS(dev, cfg);
-
     if (qemuAssignDeviceChrAlias(vmdef, chr, -1) < 0)
         goto cleanup;
=20
@@ -1980,7 +1979,7 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
     if (qemuDomainChrPreInsert(vmdef, chr) < 0)
         goto cleanup;
=20
-    if (qemuDomainAddChardevTLSObjects(conn, driver, cfg, vm, dev,
+    if (qemuDomainAddChardevTLSObjects(conn, driver, vm, dev,
                                        chr->info.alias, charAlias,
                                        &tlsAlias, &secAlias) < 0)
         goto audit;
@@ -2016,7 +2015,6 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
     VIR_FREE(secAlias);
     VIR_FREE(charAlias);
     VIR_FREE(devstr);
-    virObjectUnref(cfg);
     return ret;
=20
  exit_monitor:
@@ -2041,7 +2039,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
                           virDomainObjPtr vm,
                           virDomainRNGDefPtr rng)
 {
-    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     virDomainDeviceDef dev =3D { VIR_DOMAIN_DEVICE_RNG, { .rng =3D rng } };
     virErrorPtr orig_err;
@@ -2102,9 +2099,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
         goto cleanup;
     teardowncgroup =3D true;
=20
-    if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_EGD)
-        qemuDomainPrepareChardevSourceTLS(rng->source.chardev, cfg);
-
     /* build required metadata */
     if (!(devstr =3D qemuBuildRNGDevStr(vm->def, rng, priv->qemuCaps)))
         goto cleanup;
@@ -2119,7 +2113,7 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
         goto cleanup;
=20
     if (rng->backend =3D=3D VIR_DOMAIN_RNG_BACKEND_EGD) {
-        if (qemuDomainAddChardevTLSObjects(conn, driver, cfg, vm,
+        if (qemuDomainAddChardevTLSObjects(conn, driver, vm,
                                            rng->source.chardev,
                                            rng->info.alias, charAlias,
                                            &tlsAlias, &secAlias) < 0)
@@ -2171,7 +2165,6 @@ qemuDomainAttachRNGDevice(virConnectPtr conn,
     VIR_FREE(objAlias);
     VIR_FREE(devstr);
     virDomainCCWAddressSetFree(ccwaddrs);
-    virObjectUnref(cfg);
     return ret;
=20
  exit_monitor:
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.25
 as permitted sender) client-ip=209.132.183.25;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx4-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.25 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) by
 mx.zohomail.com
	with SMTPS id 1487875690070823.1739230490746;
 Thu, 23 Feb 2017 10:48:10 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1NIiVx6003926;
	Thu, 23 Feb 2017 13:44:31 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgcqc028552 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:38 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiE029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:37 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:10 -0500
Message-Id: <20170223184216.5158-9-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 08/14] qemu: Introduce qemuDomainGetTLSObjects
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Split apart and rename qemuDomainGetChardevTLSObjects in order to make a
more generic API that can create the TLS JSON prop objects (secret and
tls-creds-x509) to be used to create the objects

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_hotplug.c | 55 ++++++++++++++++++++++++++-------------------=
----
 src/qemu/qemu_hotplug.h | 11 ++++++++++
 2 files changed, 40 insertions(+), 26 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index d7a1f1f..9728b43 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1604,40 +1604,34 @@ qemuDomainAddTLSObjects(virQEMUDriverPtr driver,
 }
=20
=20
-static int
-qemuDomainGetChardevTLSObjects(virQEMUDriverConfigPtr cfg,
-                               qemuDomainObjPrivatePtr priv,
-                               virDomainChrSourceDefPtr dev,
-                               char *charAlias,
-                               virJSONValuePtr *tlsProps,
-                               char **tlsAlias,
-                               virJSONValuePtr *secProps,
-                               char **secAlias)
+int
+qemuDomainGetTLSObjects(virQEMUCapsPtr qemuCaps,
+                        qemuDomainSecretInfoPtr secinfo,
+                        const char *tlsCertdir,
+                        bool tlsListen,
+                        bool tlsVerify,
+                        const char *srcAlias,
+                        virJSONValuePtr *tlsProps,
+                        char **tlsAlias,
+                        virJSONValuePtr *secProps,
+                        char **secAlias)
 {
-    qemuDomainChrSourcePrivatePtr chrSourcePriv =3D
-        QEMU_DOMAIN_CHR_SOURCE_PRIVATE(dev);
-
     /* Add a secret object in order to access the TLS environment.
      * The secinfo will only be created for serial TCP device. */
-    if (chrSourcePriv && chrSourcePriv->secinfo) {
-        if (qemuBuildSecretInfoProps(chrSourcePriv->secinfo, secProps) < 0)
+    if (secinfo) {
+        if (qemuBuildSecretInfoProps(secinfo, secProps) < 0)
             return -1;
=20
-        if (!(*secAlias =3D qemuDomainGetSecretAESAlias(charAlias, false)))
+        if (!(*secAlias =3D qemuDomainGetSecretAESAlias(srcAlias, false)))
             return -1;
     }
=20
-    if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
-                                     dev->data.tcp.listen,
-                                     cfg->chardevTLSx509verify,
-                                     *secAlias,
-                                     priv->qemuCaps,
-                                     tlsProps) < 0)
+    if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify,
+                                     *secAlias, qemuCaps, tlsProps) < 0)
         return -1;
=20
-    if (!(*tlsAlias =3D qemuAliasTLSObjFromSrcAlias(charAlias)))
+    if (!(*tlsAlias =3D qemuAliasTLSObjFromSrcAlias(srcAlias)))
         return -1;
-    dev->data.tcp.tlscreds =3D true;
=20
     return 0;
 }
@@ -1656,6 +1650,8 @@ qemuDomainAddChardevTLSObjects(virConnectPtr conn,
     int ret =3D -1;
     virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    qemuDomainChrSourcePrivatePtr chrSourcePriv;
+    qemuDomainSecretInfoPtr secinfo =3D NULL;
     virJSONValuePtr tlsProps =3D NULL;
     virJSONValuePtr secProps =3D NULL;
=20
@@ -1671,10 +1667,17 @@ qemuDomainAddChardevTLSObjects(virConnectPtr conn,
     if (qemuDomainSecretChardevPrepare(conn, cfg, priv, devAlias, dev) < 0)
         goto cleanup;
=20
-    if (qemuDomainGetChardevTLSObjects(cfg, priv, dev, charAlias,
-                                       &tlsProps, tlsAlias,
-                                       &secProps, secAlias) < 0)
+    if ((chrSourcePriv =3D QEMU_DOMAIN_CHR_SOURCE_PRIVATE(dev)))
+        secinfo =3D chrSourcePriv->secinfo;
+
+    if (qemuDomainGetTLSObjects(priv->qemuCaps, secinfo,
+                                cfg->chardevTLSx509certdir,
+                                dev->data.tcp.listen,
+                                cfg->chardevTLSx509verify,
+                                charAlias, &tlsProps, tlsAlias,
+                                &secProps, secAlias) < 0)
         goto cleanup;
+    dev->data.tcp.tlscreds =3D true;
=20
     if (qemuDomainAddTLSObjects(driver, vm, *secAlias, &secProps,
                                 *tlsAlias, &tlsProps) < 0)
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index 24cf033..73f2b1f 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -46,6 +46,17 @@ int qemuDomainAddTLSObjects(virQEMUDriverPtr driver,
                             const char *tlsAlias,
                             virJSONValuePtr *tlsProps);
=20
+int qemuDomainGetTLSObjects(virQEMUCapsPtr qemuCaps,
+                            qemuDomainSecretInfoPtr secinfo,
+                            const char *tlsCertdir,
+                            bool tlsListen,
+                            bool tlsVerify,
+                            const char *srcAlias,
+                            virJSONValuePtr *tlsProps,
+                            char **tlsAlias,
+                            virJSONValuePtr *secProps,
+                            char **secAlias);
+
 int qemuDomainAttachControllerDevice(virQEMUDriverPtr driver,
                                      virDomainObjPtr vm,
                                      virDomainControllerDefPtr controller);
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 1487875681736810.6606488263153;
 Thu, 23 Feb 2017 10:48:01 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIiVjt040842;
	Thu, 23 Feb 2017 13:44:31 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgcfk028557 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:38 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiF029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:38 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:11 -0500
Message-Id: <20170223184216.5158-10-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 09/14] qemu: Add TLS params to
	_qemuMonitorMigrationParams
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add the fields to support setting tls-creds and tls-hostname during
a migration (either source or target)

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_monitor.c      | 11 ++++++++---
 src/qemu/qemu_monitor.h      |  3 +++
 src/qemu/qemu_monitor_json.c | 10 ++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index b15207a..898bbe1 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -2504,12 +2504,15 @@ qemuMonitorSetMigrationParams(qemuMonitorPtr mon,
 {
     VIR_DEBUG("compressLevel=3D%d:%d compressThreads=3D%d:%d "
               "decompressThreads=3D%d:%d cpuThrottleInitial=3D%d:%d "
-              "cpuThrottleIncrement=3D%d:%d",
+              "cpuThrottleIncrement=3D%d:%d tlsAlias=3D%s "
+              "tlsHostname=3D%s",
               params->compressLevel_set, params->compressLevel,
               params->compressThreads_set, params->compressThreads,
               params->decompressThreads_set, params->decompressThreads,
               params->cpuThrottleInitial_set, params->cpuThrottleInitial,
-              params->cpuThrottleIncrement_set, params->cpuThrottleIncreme=
nt);
+              params->cpuThrottleIncrement_set, params->cpuThrottleIncreme=
nt,
+              NULLSTR(params->migrateTLSAlias),
+              NULLSTR(params->migrateTLSHostname));
=20
     QEMU_CHECK_MONITOR_JSON(mon);
=20
@@ -2517,7 +2520,9 @@ qemuMonitorSetMigrationParams(qemuMonitorPtr mon,
         !params->compressThreads_set &&
         !params->decompressThreads_set &&
         !params->cpuThrottleInitial_set &&
-        !params->cpuThrottleIncrement_set)
+        !params->cpuThrottleIncrement_set &&
+        !params->migrateTLSAlias &&
+        !params->migrateTLSHostname)
         return 0;
=20
     return qemuMonitorJSONSetMigrationParams(mon, params);
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 8811d85..b292be5 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -570,6 +570,9 @@ struct _qemuMonitorMigrationParams {
=20
     bool cpuThrottleIncrement_set;
     int cpuThrottleIncrement;
+
+    char *migrateTLSAlias;
+    char *migrateTLSHostname;
 };
=20
 int qemuMonitorGetMigrationParams(qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 7aa9e31..1112d10 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2637,6 +2637,16 @@ qemuMonitorJSONSetMigrationParams(qemuMonitorPtr mon,
=20
 #undef APPEND
=20
+    if (params->migrateTLSAlias &&
+        virJSONValueObjectAppendString(args, "tls-creds",
+                                       params->migrateTLSAlias) < 0)
+        goto cleanup;
+
+    if (params->migrateTLSHostname &&
+        virJSONValueObjectAppendString(args, "tls-hostname",
+                                       params->migrateTLSHostname) < 0)
+        goto cleanup;
+
     if (virJSONValueObjectAppend(cmd, "arguments", args) < 0)
         goto cleanup;
     args =3D NULL;
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.24
 as permitted sender) client-ip=209.132.183.24;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx3-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.24 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) by
 mx.zohomail.com
	with SMTPS id 1487875732224700.5544988315606;
 Thu, 23 Feb 2017 10:48:52 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1NIjBIS030105;
	Thu, 23 Feb 2017 13:45:11 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgdGu028562 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:39 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiG029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:38 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:12 -0500
Message-Id: <20170223184216.5158-11-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 10/14] Add new migration flag VIR_MIGRATE_TLS
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 include/libvirt/libvirt-domain.h | 8 ++++++++
 src/qemu/qemu_migration.h        | 3 ++-
 tools/virsh-domain.c             | 7 +++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom=
ain.h
index c0f715d..bca04d3 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -815,6 +815,14 @@ typedef enum {
      * post-copy mode. See virDomainMigrateStartPostCopy for more details.
      */
     VIR_MIGRATE_POSTCOPY          =3D (1 << 15),
+
+    /* Setting the VIR_MIGRATE_TLS flag will cause the migration to attempt
+     * to use the TLS environment configured by the hypervisor in order to
+     * perform the migration. If incorrectly configured on either source or
+     * destination, the migration will fail.
+     */
+    VIR_MIGRATE_TLS               =3D (1 << 16),
+
 } virDomainMigrateFlags;
=20
=20
diff --git a/src/qemu/qemu_migration.h b/src/qemu/qemu_migration.h
index 14c6178..bcebf06 100644
--- a/src/qemu/qemu_migration.h
+++ b/src/qemu/qemu_migration.h
@@ -45,7 +45,8 @@ typedef qemuMigrationCompression *qemuMigrationCompressio=
nPtr;
      VIR_MIGRATE_ABORT_ON_ERROR |               \
      VIR_MIGRATE_AUTO_CONVERGE |                \
      VIR_MIGRATE_RDMA_PIN_ALL |                 \
-     VIR_MIGRATE_POSTCOPY)
+     VIR_MIGRATE_POSTCOPY |                     \
+     VIR_MIGRATE_TLS)
=20
 /* All supported migration parameters and their types. */
 # define QEMU_MIGRATION_PARAMETERS                                \
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 09a9f82..ebd4b33 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -10222,6 +10222,10 @@ static const vshCmdOptDef opts_migrate[] =3D {
      .type =3D VSH_OT_STRING,
      .help =3D N_("filename containing updated persistent XML for the targ=
et")
     },
+    {.name =3D "tls",
+     .type =3D VSH_OT_BOOL,
+     .help =3D N_("use TLS for migration")
+    },
     {.name =3D NULL}
 };
=20
@@ -10463,6 +10467,9 @@ doMigrate(void *opaque)
     if (vshCommandOptBool(cmd, "postcopy"))
         flags |=3D VIR_MIGRATE_POSTCOPY;
=20
+    if (vshCommandOptBool(cmd, "tls"))
+        flags |=3D VIR_MIGRATE_TLS;
+
     if (flags & VIR_MIGRATE_PEER2PEER || vshCommandOptBool(cmd, "direct"))=
 {
         if (virDomainMigrateToURI3(dom, desturi, params, nparams, flags) =
=3D=3D 0)
             ret =3D '0';
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39
 as permitted sender) client-ip=209.132.183.39;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by
 mx.zohomail.com
	with SMTPS id 1487875731034603.7173922204813;
 Thu, 23 Feb 2017 10:48:51 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIjC75051029;
	Thu, 23 Feb 2017 13:45:12 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgdNq028567 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:39 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiH029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:39 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:13 -0500
Message-Id: <20170223184216.5158-12-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 11/14] qemu: Create #define for TLS
	configuration setup.
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Create GET_CONFIG_TLS_CERT to set up the TLS for 'chardev' TLS setting.
Soon to be reused.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_conf.c | 43 +++++++++++++++++++++++++++----------------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index b5b0645..b75cd54 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -529,22 +529,33 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPt=
r cfg,
     if (virConfGetValueBool(conf, "spice_auto_unix_socket", &cfg->spiceAut=
oUnixSocket) < 0)
         goto cleanup;
=20
-    if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0)
-        goto cleanup;
-    if (virConfGetValueString(conf, "chardev_tls_x509_cert_dir", &cfg->cha=
rdevTLSx509certdir) < 0)
-        goto cleanup;
-    if ((rv =3D virConfGetValueBool(conf, "chardev_tls_x509_verify", &cfg-=
>chardevTLSx509verify)) < 0)
-        goto cleanup;
-    if (rv =3D=3D 0)
-        cfg->chardevTLSx509verify =3D cfg->defaultTLSx509verify;
-    if (virConfGetValueString(conf, "chardev_tls_x509_secret_uuid",
-                              &cfg->chardevTLSx509secretUUID) < 0)
-        goto cleanup;
-    if (!cfg->chardevTLSx509secretUUID && cfg->defaultTLSx509secretUUID) {
-        if (VIR_STRDUP(cfg->chardevTLSx509secretUUID,
-                       cfg->defaultTLSx509secretUUID) < 0)
-            goto cleanup;
-    }
+#define GET_CONFIG_TLS_CERT(val)                                          =
  \
+    do {                                                                  =
  \
+        if (virConfGetValueBool(conf, #val "_tls", &cfg->val## TLS) < 0)  =
  \
+            goto cleanup;                                                 =
  \
+        if ((rv =3D virConfGetValueBool(conf, #val "_tls_x509_verify",    =
    \
+                                      &cfg->val## TLSx509verify)) < 0)    =
  \
+            goto cleanup;                                                 =
  \
+        if (rv =3D=3D 0)                                                  =
      \
+            cfg->val## TLSx509verify =3D cfg->defaultTLSx509verify;       =
    \
+        if (virConfGetValueString(conf, #val "_tls_x509_cert_dir",        =
  \
+                                  &cfg->val## TLSx509certdir) < 0)        =
  \
+            goto cleanup;                                                 =
  \
+        if (virConfGetValueString(conf,                                   =
  \
+                                  #val "_tls_x509_secret_uuid",           =
  \
+                                  &cfg->val## TLSx509secretUUID) < 0)     =
  \
+            goto cleanup;                                                 =
  \
+        if (!cfg->val## TLSx509secretUUID &&                              =
  \
+            cfg->defaultTLSx509secretUUID) {                              =
  \
+            if (VIR_STRDUP(cfg->val## TLSx509secretUUID,                  =
  \
+                           cfg->defaultTLSx509secretUUID) < 0)            =
  \
+                goto cleanup;                                             =
  \
+        }                                                                 =
  \
+    } while (false);
+
+    GET_CONFIG_TLS_CERT(chardev);
+
+#undef GET_CONFIG_TLS_CERT
=20
     if (virConfGetValueUInt(conf, "remote_websocket_port_min", &cfg->webSo=
cketPortMin) < 0)
         goto cleanup;
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 148787567717773.87019564930176;
 Thu, 23 Feb 2017 10:47:57 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIhtmt040816;
	Thu, 23 Feb 2017 13:43:55 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgdRI028572 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:39 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiI029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:39 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:14 -0500
Message-Id: <20170223184216.5158-13-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 12/14] conf: Introduce migrate_tls_x509_cert_dir
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add a new TLS X.509 certificate type - "migrate". This will handle the
creation of a TLS certificate capability (and possibly repository) to
be used for migrations. Similar to chardev's, credentials will be handled
via a libvirt secrets.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/libvirtd_qemu.aug         |  6 ++++++
 src/qemu/qemu.conf                 | 39 ++++++++++++++++++++++++++++++++++=
++++
 src/qemu/qemu_conf.c               |  2 ++
 src/qemu/qemu_conf.h               |  5 +++++
 src/qemu/test_libvirtd_qemu.aug.in |  4 ++++
 5 files changed, 56 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 82bae9e..18679c1 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -54,6 +54,11 @@ module Libvirtd_qemu =3D
                  | bool_entry "chardev_tls_x509_verify"
                  | str_entry "chardev_tls_x509_secret_uuid"
=20
+   let migrate_entry =3D bool_entry "migrate_tls"
+                 | str_entry "migrate_tls_x509_cert_dir"
+                 | bool_entry "migrate_tls_x509_verify"
+                 | str_entry "migrate_tls_x509_secret_uuid"
+
    let nogfx_entry =3D bool_entry "nographics_allow_host_audio"
=20
    let remote_display_entry =3D int_entry "remote_display_port_min"
@@ -116,6 +121,7 @@ module Libvirtd_qemu =3D
              | vnc_entry
              | spice_entry
              | chardev_entry
+             | migrate_entry
              | nogfx_entry
              | remote_display_entry
              | security_entry
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 9f990c2..c4e228b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -238,6 +238,45 @@
 #chardev_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000"
=20
=20
+# Enable use of TLS encryption for migration
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#migrate_tls =3D 1
+
+
+# In order to override the default TLS certificate location for migration
+# certificates, supply a valid path to the certificate directory. If the
+# provided path does not exist then the default_tls_x509_cert_dir path
+# will be used.
+#
+#migrate_tls_x509_cert_dir =3D "/etc/pki/libvirt-migrate"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing a x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/libvirt-migrate/ca-cert.pem
+#
+#migrate_tls_x509_verify =3D 1
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#migrate_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000"
+
+
 # By default, if no graphical front end is configured, libvirt will disable
 # QEMU audio output since directly talking to alsa/pulseaudio may not work
 # with various security settings. If you know what you're doing, enable
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index b75cd54..f63d9c2 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -555,6 +555,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr =
cfg,
=20
     GET_CONFIG_TLS_CERT(chardev);
=20
+    GET_CONFIG_TLS_CERT(migrate);
+
 #undef GET_CONFIG_TLS_CERT
=20
     if (virConfGetValueUInt(conf, "remote_websocket_port_min", &cfg->webSo=
cketPortMin) < 0)
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index e585f81..ac7badb 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -137,6 +137,11 @@ struct _virQEMUDriverConfig {
     bool chardevTLSx509verify;
     char *chardevTLSx509secretUUID;
=20
+    bool migrateTLS;
+    char *migrateTLSx509certdir;
+    bool migrateTLSx509verify;
+    char *migrateTLSx509secretUUID;
+
     unsigned int remotePortMin;
     unsigned int remotePortMax;
=20
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index 6f03898..71ddf7d 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -25,6 +25,10 @@ module Test_libvirtd_qemu =3D
 { "chardev_tls_x509_cert_dir" =3D "/etc/pki/libvirt-chardev" }
 { "chardev_tls_x509_verify" =3D "1" }
 { "chardev_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000=
" }
+{ "migrate_tls" =3D "1" }
+{ "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" }
+{ "migrate_tls_x509_verify" =3D "1" }
+{ "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000=
" }
 { "nographics_allow_host_audio" =3D "1" }
 { "remote_display_port_min" =3D "5900" }
 { "remote_display_port_max" =3D "65535" }
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.25
 as permitted sender) client-ip=209.132.183.25;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx4-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.25 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) by
 mx.zohomail.com
	with SMTPS id 1487875737770601.4421506530726;
 Thu, 23 Feb 2017 10:48:57 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1NIjpSd003994;
	Thu, 23 Feb 2017 13:45:51 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgemU028580 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:40 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiJ029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:40 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:15 -0500
Message-Id: <20170223184216.5158-14-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 13/14] qemu: Set up the migrate TLS objects for
	target
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Support TLS for a migration is a multistep process. The target guest must
be started using the "-object tls-creds-x509,endpoint=3Dserver,...". If that
TLS object requires a passphrase an addition "-object security..." would
also be created.  The alias/id used for the TLS object is "objmigrate_tls0",
while the alias/id used for the security object is "migrate-secret0".

Once the domain is started, the "tls-creds" migration parameter must be
set to the alias/id of the "tls-creds-x509" object.

Once the migration completes, removing the two objects is necessary since
the newly started domain could then become the source of a migration and
thus would not be an endpoint.

Handle the possibility of libvirtd stop/reconnect by saving the fact that
a migration is using TLS was started in a "migrateTLS" boolean.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_domain.c    |   7 +-
 src/qemu/qemu_domain.h    |   4 ++
 src/qemu/qemu_migration.c | 166 ++++++++++++++++++++++++++++++++++++++++++=
++++
 3 files changed, 176 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 40c9dab..af84aac 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -766,7 +766,7 @@ qemuDomainSecretAESClear(qemuDomainSecretAES secret)
 }
=20
=20
-static void
+void
 qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
 {
     if (!*secinfo)
@@ -1844,6 +1844,9 @@ qemuDomainObjPrivateXMLFormat(virBufferPtr buf,
     virBufferEscapeString(buf, "<channelTargetDir path=3D'%s'/>\n",
                           priv->channelTargetDir);
=20
+    if (priv->migrateTLS)
+        virBufferAddLit(buf, "<migrateTLS/>\n");
+
     return 0;
 }
=20
@@ -2112,6 +2115,8 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
     if (qemuDomainSetPrivatePathsOld(driver, vm) < 0)
         goto error;
=20
+    priv->migrateTLS =3D virXPathBoolean("boolean(./migrateTLS)", ctxt) =
=3D=3D 1;
+
     return 0;
=20
  error:
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 85f7eb6..9ce8677 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -287,6 +287,7 @@ struct _qemuDomainObjPrivate {
     /* for migration's using TLS with a secret (not to be saved in our */
     /* private XML). */
     qemuDomainSecretInfoPtr migSecinfo;
+    bool migrateTLS;
 };
=20
 # define QEMU_DOMAIN_PRIVATE(vm)	\
@@ -734,6 +735,9 @@ int qemuDomainMasterKeyCreate(virDomainObjPtr vm);
=20
 void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);
=20
+void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
+    ATTRIBUTE_NONNULL(1);
+
 void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
     ATTRIBUTE_NONNULL(1);
=20
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 0db1616..0e95fd9 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1487,6 +1487,145 @@ qemuMigrationEatCookie(virQEMUDriverPtr driver,
     return NULL;
 }
=20
+
+/* qemuMigrationCheckSetupTLS
+ * @driver: Pointer to driver
+ * @dconn: Connection pointer
+ * @vm: vm object
+ * @flags: migration flags
+ *
+ * Check if flags desired to use TLS and whether it's configured for the
+ * host it's being run on (src or dst depending on caller). If configured
+ * to use a secret for the TLS config, generate and save the migSecinfo.
+ *
+ * Returns 0 on success (or no TLS)
+ */
+static int
+qemuMigrationCheckSetupTLS(virQEMUDriverPtr driver,
+                           virConnectPtr dconn,
+                           virDomainObjPtr vm,
+                           unsigned int flags)
+{
+    int ret =3D -1;
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virQEMUDriverConfigPtr cfg =3D NULL;
+
+    if (flags & VIR_MIGRATE_TLS) {
+        cfg =3D virQEMUDriverGetConfig(driver);
+
+        if (!cfg->migrateTLS) {
+            virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                           _("migration TLS not enabled for the host"));
+            goto cleanup;
+        }
+
+        priv->migrateTLS =3D true;
+        if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir,
+                                vm, driver->caps) < 0)
+            VIR_WARN("Failed to save migrateTLS for vm %s", vm->def->name);
+
+        /* If there's a secret associated with the migrate TLS, then we
+         * need to grab it now while we have the connection. */
+        if (cfg->migrateTLSx509secretUUID &&
+            qemuDomainSecretMigratePrepare(dconn, priv, "migrate",
+                                           cfg->migrateTLSx509secretUUID) =
< 0)
+            goto cleanup;
+    }
+
+    ret =3D 0;
+
+ cleanup:
+    virObjectUnref(cfg);
+    return ret;
+}
+
+
+/* qemuMigrationAddTLSObjects
+ * @driver: pointer to qemu driver
+ * @priv: private qemu data
+ * @srcAlias: source alias to be used (migrate or nbd)
+ * @tlsCertDir: where to find certs
+ * @tlsListen: server or client
+ * @tlsVerify: tls verify
+ * @tlsAlias: alias to be generated for TLS object
+ * @secAlias: alias to be generated for a secinfo object
+ * @migParams: migration parameters to set
+ *
+ * Create the TLS objects for the migration and set the migParams value
+ *
+ * Returns 0 on success, -1 on failure
+ */
+static int
+qemuMigrationAddTLSObjects(virQEMUDriverPtr driver,
+                           virDomainObjPtr vm,
+                           const char *srcAlias,
+                           const char *tlsCertDir,
+                           bool tlsListen,
+                           bool tlsVerify,
+                           char **tlsAlias,
+                           char **secAlias,
+                           qemuMonitorMigrationParamsPtr migParams)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virJSONValuePtr tlsProps =3D NULL;
+    virJSONValuePtr secProps =3D NULL;
+
+    if (qemuDomainGetTLSObjects(priv->qemuCaps, priv->migSecinfo,
+                                tlsCertDir, tlsListen, tlsVerify,
+                                srcAlias, &tlsProps, tlsAlias,
+                                &secProps, secAlias) < 0)
+        return -1;
+
+    /* Ensure the domain doesn't already have the TLS objects defined...
+     * This should prevent any issues just in case some cleanup wasn't
+     * properly completed (both src and dst use the same aliases) or
+     * some other error path between now and perform . */
+    qemuDomainDelTLSObjects(driver, vm, *secAlias, *tlsAlias);
+
+    /* Add the migrate TLS objects to the domain */
+    if (qemuDomainAddTLSObjects(driver, vm, *secAlias, &secProps,
+                                *tlsAlias, &tlsProps) < 0)
+        return -1;
+
+    migParams->migrateTLSAlias =3D *tlsAlias;
+
+    return 0;
+}
+
+
+/* qemuMigrationCheckSetupTLS
+ * @driver: Pointer to driver
+ * @cfg: Configuration pointer
+ * @vm: vm object
+ * @tlsAlias: alias to be free'd for TLS object
+ * @secAlias: alias to be free'd for a secinfo object
+ *
+ * Remove the TLS associated objects and memory
+ */
+static void
+qemuMigrationDelTLSObjects(virQEMUDriverPtr driver,
+                           virQEMUDriverConfigPtr cfg,
+                           virDomainObjPtr vm,
+                           char **tlsAlias,
+                           char **secAlias)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+
+    if (!priv->migrateTLS)
+        return;
+
+    qemuDomainDelTLSObjects(driver, vm, *secAlias, *tlsAlias);
+    qemuDomainSecretInfoFree(&priv->migSecinfo);
+    VIR_FREE(*tlsAlias);
+    VIR_FREE(*secAlias);
+
+    priv->migrateTLS =3D false;
+    if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir,
+                            vm, driver->caps) < 0)
+        VIR_WARN("Failed to save migrateTLS on vm %s", vm->def->name);
+}
+
+
 static void
 qemuMigrationStoreDomainState(virDomainObjPtr vm)
 {
@@ -3600,6 +3739,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
 {
     virDomainObjPtr vm =3D NULL;
     virObjectEventPtr event =3D NULL;
+    virQEMUDriverConfigPtr cfg =3D NULL;
     int ret =3D -1;
     int dataFD[2] =3D { -1, -1 };
     qemuDomainObjPrivatePtr priv =3D NULL;
@@ -3613,6 +3753,8 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
     bool stopProcess =3D false;
     bool relabel =3D false;
     int rv;
+    char *tlsAlias =3D NULL;
+    char *secAlias =3D NULL;
     qemuMonitorMigrationParams migParams =3D { 0 };
=20
     virNWFilterReadLockFilterUpdates();
@@ -3779,6 +3921,9 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
                                  VIR_QEMU_PROCESS_START_AUTODESTROY) < 0)
         goto stopjob;
=20
+    if (qemuMigrationCheckSetupTLS(driver, dconn, vm, flags) < 0)
+        goto stopjob;
+
     if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0)
         goto stopjob;
=20
@@ -3806,6 +3951,16 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
                                     compression, &migParams) < 0)
         goto stopjob;
=20
+    /* A set only parameter to indicate the "tls-creds-x509" object id */
+    if (priv->migrateTLS) {
+        cfg =3D virQEMUDriverGetConfig(driver);
+        if (qemuMigrationAddTLSObjects(driver, vm, "migrate",
+                                       cfg->migrateTLSx509certdir, true,
+                                       cfg->migrateTLSx509verify,
+                                       &tlsAlias, &secAlias, &migParams) <=
 0)
+            goto stopjob;
+    }
+
     if (STREQ_NULLABLE(protocol, "rdma") &&
         virProcessSetMaxMemLock(vm->pid, vm->def->mem.hard_limit << 10) < =
0) {
         goto stopjob;
@@ -3891,6 +4046,8 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
     ret =3D 0;
=20
  cleanup:
+    qemuMigrationDelTLSObjects(driver, cfg, vm, &tlsAlias, &secAlias);
+    virObjectUnref(cfg);
     qemuProcessIncomingDefFree(incoming);
     VIR_FREE(xmlout);
     VIR_FORCE_CLOSE(dataFD[0]);
@@ -6185,6 +6342,15 @@ qemuMigrationFinish(virQEMUDriverPtr driver,
     qemuDomainCleanupRemove(vm, qemuMigrationPrepareCleanup);
     VIR_FREE(priv->job.completed);
=20
+    /* If for some reason at this point in time something didn't properly
+     * remove the TLS objects, then make one last gasp attempt */
+    if (priv->migrateTLS) {
+        char *tlsAlias =3D qemuAliasTLSObjFromSrcAlias("migrate");
+        char *secAlias =3D qemuDomainGetSecretAESAlias("migrate", false);
+
+        qemuMigrationDelTLSObjects(driver, cfg, vm, &tlsAlias, &secAlias);
+    }
+
     cookie_flags =3D QEMU_MIGRATION_COOKIE_NETWORK |
                    QEMU_MIGRATION_COOKIE_STATS |
                    QEMU_MIGRATION_COOKIE_NBD;
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Fri May  3 21:46:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 148787567940776.51705005037309;
 Thu, 23 Feb 2017 10:47:59 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1NIiXKd040850;
	Thu, 23 Feb 2017 13:44:33 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1NIgeni028585 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 23 Feb 2017 13:42:40 -0500
Received: from localhost.localdomain.com (ovpn-117-109.phx2.redhat.com
	[10.3.117.109])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1NIgXiK029831
	for <libvir-list@redhat.com>; Thu, 23 Feb 2017 13:42:40 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 23 Feb 2017 13:42:16 -0500
Message-Id: <20170223184216.5158-15-jferlan@redhat.com>
In-Reply-To: <20170223184216.5158-1-jferlan@redhat.com>
References: <20170223184216.5158-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 14/14] qemu: Set up the migration TLS objects
	for source
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.redhat.com/show_bug.cgi?id=3D1300769

Modify the Begin phase to add the checks to determine whether a migration
wishes to use TLS and whether it's configured including adding the secret
into the priv->migSecinfo for the source domain.

Modify the Perform phase in qemuMigrationRun in order to generate the
TLS objects to be used for the migration and set the migration channel
parameters 'tls-creds' and possibly 'tls-hostname' in order to enable TLS.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_migration.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 0e95fd9..4779d23 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3452,6 +3452,9 @@ qemuMigrationBegin(virConnectPtr conn,
         goto endjob;
     }
=20
+    if (qemuMigrationCheckSetupTLS(driver, conn, vm, flags) < 0)
+        goto endjob;
+
     /* Check if there is any ejected media.
      * We don't want to require them on the destination.
      */
@@ -4802,8 +4805,12 @@ qemuMigrationRun(virQEMUDriverPtr driver,
 {
     int ret =3D -1;
     unsigned int migrate_flags =3D QEMU_MONITOR_MIGRATE_BACKGROUND;
+    virQEMUDriverConfigPtr cfg =3D NULL;
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     qemuMigrationCookiePtr mig =3D NULL;
+    char *tlsAlias =3D NULL;
+    char *tlsHostname =3D NULL;
+    char *secAlias =3D NULL;
     qemuMigrationIOThreadPtr iothread =3D NULL;
     int fd =3D -1;
     unsigned long migrate_speed =3D resource ? resource : priv->migMaxBand=
width;
@@ -4867,6 +4874,29 @@ qemuMigrationRun(virQEMUDriverPtr driver,
     if (qemuDomainMigrateGraphicsRelocate(driver, vm, mig, graphicsuri) < =
0)
         VIR_WARN("unable to provide data for graphics client relocation");
=20
+    /* If we're using TLS attempt to add the objects */
+    if (priv->migrateTLS) {
+        cfg =3D virQEMUDriverGetConfig(driver);
+        if (qemuMigrationAddTLSObjects(driver, vm, "migrate",
+                                       cfg->migrateTLSx509certdir, false,
+                                       cfg->migrateTLSx509verify,
+                                       &tlsAlias, &secAlias, migParams) < =
0)
+            goto cleanup;
+
+        /* We need to add the tls-hostname only for special circumstances.
+         * When using "fd:" or "exec:", qemu needs to know the hostname of
+         * the target qemu to correctly validate the x509 certificate
+         * it receives. */
+        if (STREQ(spec->dest.host.protocol, "fd") ||
+            STREQ(spec->dest.host.protocol, "exec")) {
+            if (VIR_STRDUP(tlsHostname, spec->dest.host.name) < 0) {
+                qemuDomainDelTLSObjects(driver, vm, secAlias, tlsAlias);
+                return -1;
+            }
+            migParams->migrateTLSHostname =3D tlsHostname;
+        }
+    }
+
     if (migrate_flags & (QEMU_MONITOR_MIGRATE_NON_SHARED_DISK |
                          QEMU_MONITOR_MIGRATE_NON_SHARED_INC)) {
         if (mig->nbd) {
@@ -5047,6 +5077,10 @@ qemuMigrationRun(virQEMUDriverPtr driver,
             ret =3D -1;
     }
=20
+    qemuMigrationDelTLSObjects(driver, cfg, vm, &secAlias, &tlsAlias);
+    VIR_FREE(tlsHostname);
+    virObjectUnref(cfg);
+
     if (spec->fwdType !=3D MIGRATION_FWD_DIRECT) {
         if (iothread && qemuMigrationStopTunnel(iothread, ret < 0) < 0)
             ret =3D -1;
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list