From nobody Mon Apr 29 14:58:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1523993034285619.8734840577454; Tue, 17 Apr 2018 12:23:54 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7836F85540; Tue, 17 Apr 2018 19:23:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4C6697BE52; Tue, 17 Apr 2018 19:23:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D1226180215F; Tue, 17 Apr 2018 19:23:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w3HJNmlX008653 for ; Tue, 17 Apr 2018 15:23:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id C2F267E6DF; Tue, 17 Apr 2018 19:23:48 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-30.phx2.redhat.com [10.3.116.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 83C085FC29 for ; Tue, 17 Apr 2018 19:23:48 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Tue, 17 Apr 2018 15:23:32 -0400 Message-Id: <20180417192333.16805-2-jferlan@redhat.com> In-Reply-To: <20180417192333.16805-1-jferlan@redhat.com> References: <20180417192333.16805-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/2] storage: Separate out the qemu-img help output generation X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 17 Apr 2018 19:23:53 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Separate out and return the output string for future comparison. Going to need to add new checks shortly. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 897dfdaaee..7df52239c2 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -799,11 +799,10 @@ enum { QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT, }; =20 -static bool -virStorageBackendQemuImgSupportsCompat(const char *qemuimg) +static char * +virStorageBackendQemuImgCreateHelp(const char *qemuimg) { - bool ret =3D false; - char *output; + char *output =3D NULL; virCommandPtr cmd =3D NULL; =20 cmd =3D virCommandNewArgList(qemuimg, "create", "-o", "?", "-f", "qcow= 2", @@ -812,34 +811,40 @@ virStorageBackendQemuImgSupportsCompat(const char *qe= muimg) virCommandAddEnvString(cmd, "LC_ALL=3DC"); virCommandSetOutputBuffer(cmd, &output); =20 - if (virCommandRun(cmd, NULL) < 0) - goto cleanup; - - if (strstr(output, "\ncompat ")) - ret =3D true; + ignore_value(virCommandRun(cmd, NULL)); =20 - cleanup: virCommandFree(cmd); - VIR_FREE(output); - return ret; + return output; } =20 =20 +static bool +virStorageBackendQemuImgSupportsCompat(const char *output) +{ + return strstr(output, "\ncompat "); +} + static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg) { + char *output =3D NULL; /* As of QEMU 0.11 the [-o options] support was added via qemu * commit id '9ea2ea71', so we start with that base and figure * out what else we have */ int ret =3D QEMU_IMG_BACKING_FORMAT_OPTIONS; =20 + if (!(output =3D virStorageBackendQemuImgCreateHelp(qemuimg))) + goto cleanup; + /* QEMU 2.0 changed to using a format that only QEMU 1.1 and newer * understands. Since we still support QEMU 0.12 and newer, we need * to be able to handle the previous format as can be set via a * compat=3D0.10 option. */ - if (virStorageBackendQemuImgSupportsCompat(qemuimg)) + if (virStorageBackendQemuImgSupportsCompat(output)) ret =3D QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT; =20 + cleanup: + VIR_FREE(output); return ret; } =20 --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 14:58:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1523993033635726.4800818048518; Tue, 17 Apr 2018 12:23:53 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5774E313064B; Tue, 17 Apr 2018 19:23:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F18D19E69; Tue, 17 Apr 2018 19:23:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CDF024CA9C; Tue, 17 Apr 2018 19:23:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w3HJNnO4008658 for ; Tue, 17 Apr 2018 15:23:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 37B6D7EE18; Tue, 17 Apr 2018 19:23:49 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-30.phx2.redhat.com [10.3.116.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA1757E6DF for ; Tue, 17 Apr 2018 19:23:48 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Tue, 17 Apr 2018 15:23:33 -0400 Message-Id: <20180417192333.16805-3-jferlan@redhat.com> In-Reply-To: <20180417192333.16805-1-jferlan@redhat.com> References: <20180417192333.16805-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/2] storage: Check qemu-img encryption type capability X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 17 Apr 2018 19:23:52 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1526382 As of QEMU 2.9, qemu-img has enforced using the "key-secret" for creation of encrypted volumes. That is, LUKS encryption is now required and the old (awful) qcow[2] encryption methodolgy is no longer supported. In order to check for this, we scan the qemu-img -o help options looking for "key-secret" and if set, we enforce during the create volume processing that the about to be encrypted volume doesn't attempt to use the old crufty encryption mechanism. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 7df52239c2..d2e02a57ca 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -797,6 +797,7 @@ storagePloopResize(virStorageVolDefPtr vol, enum { QEMU_IMG_BACKING_FORMAT_OPTIONS =3D 0, QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT, + QEMU_IMG_BACKING_FORMAT_OPTIONS_KEY_SECRET, }; =20 static char * @@ -824,6 +825,14 @@ virStorageBackendQemuImgSupportsCompat(const char *out= put) return strstr(output, "\ncompat "); } =20 + +static bool +virStorageBackendQemuImgRequiresKeySecret(const char *output) +{ + return strstr(output, "key-secret"); +} + + static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg) { @@ -843,6 +852,11 @@ virStorageBackendQEMUImgBackingFormat(const char *qemu= img) if (virStorageBackendQemuImgSupportsCompat(output)) ret =3D QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT; =20 + /* QEMU 2.9 enforced that qemu-img creation of an encrypted volume + * uses LUKS encryption. */ + if (virStorageBackendQemuImgRequiresKeySecret(output)) + ret =3D QEMU_IMG_BACKING_FORMAT_OPTIONS_KEY_SECRET; + cleanup: VIR_FREE(output); return ret; @@ -934,6 +948,7 @@ storageBackendCreateQemuImgOpts(virStorageEncryptionInf= oDefPtr enc, =20 /* storageBackendCreateQemuImgCheckEncryption: * @format: format of file found + * @imgformat: image format capability * @conn: pointer to connection * @vol: pointer to volume def * @@ -943,6 +958,7 @@ storageBackendCreateQemuImgOpts(virStorageEncryptionInf= oDefPtr enc, */ static int storageBackendCreateQemuImgCheckEncryption(int format, + int imgformat, const char *type, virStorageVolDefPtr vol) { @@ -956,6 +972,12 @@ storageBackendCreateQemuImgCheckEncryption(int format, vol->target.encryption->format); return -1; } + if (imgformat >=3D QEMU_IMG_BACKING_FORMAT_OPTIONS_KEY_SECRET) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("qemu-img no longer supports qcow encryption,= " + "use LUKS encryption instead")); + return -1; + } if (enc->nsecrets > 1) { virReportError(VIR_ERR_XML_ERROR, "%s", _("too many secrets for qcow encryption")); @@ -1264,8 +1286,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, return NULL; =20 if (info.encryption && - storageBackendCreateQemuImgCheckEncryption(info.format, type, - vol) < 0) + storageBackendCreateQemuImgCheckEncryption(info.format, imgformat, + type, vol) < 0) return NULL; =20 =20 @@ -2359,6 +2381,7 @@ storageBackendResizeQemuImg(virStoragePoolObjPtr pool, { int ret =3D -1; char *img_tool =3D NULL; + int imgformat; virCommandPtr cmd =3D NULL; const char *type; char *secretPath =3D NULL; @@ -2371,6 +2394,10 @@ storageBackendResizeQemuImg(virStoragePoolObjPtr poo= l, return -1; } =20 + imgformat =3D virStorageBackendQEMUImgBackingFormat("qemu-img"); + if (imgformat < 0) + goto cleanup; + if (vol->target.encryption) { if (vol->target.format =3D=3D VIR_STORAGE_FILE_RAW) type =3D "luks"; @@ -2380,6 +2407,7 @@ storageBackendResizeQemuImg(virStoragePoolObjPtr pool, storageBackendLoadDefaultSecrets(vol); =20 if (storageBackendCreateQemuImgCheckEncryption(vol->target.format, + imgformat, type, vol) < 0) goto cleanup; =20 --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list