From nobody Fri May 17 10:34:19 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1671524888; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Hjn9Mh6i5ghyqRiRyvT5CW/iMpet8bWbMgtq34j65HDbFlZnRj24TJ8KRMTRVHXSvcV0rMyEhF4wW6geX2ul4oY/dxR+i5YV4ePk4IzlDI9wqe6f97LFKjhspsQBns5Rt1oRVv4CYi76LMSiXUb4g991AZSV0/BRnHEBAaX8Lq4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1671524888;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=xzu0RJXFJAScw5cTXOUW6g8CVNIRZkroNasjGSKXoOk=;
	b=SbgrENtcOVFn550hI67G5rrUr/Vxir/bZa/XSJT0UzpSlD2b8BfX4fI31IBFzaU96bQQDmN+qnKPpXwLnq8VUEh+cV8VEXKZBk9UT5rHaC7dOM5/pYnO0wn13UE4kgdBum7Gg37epQvoQpweZZoOnG/NiP8V4QgmEHmuB2EVUdo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1671524888128689.2168425338513;
 Tue, 20 Dec 2022 00:28:08 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-447-nqE5--XKMauAYsHQBEEvNQ-1; Tue, 20 Dec 2022 03:27:32 -0500
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 18BC33C021B6;
	Tue, 20 Dec 2022 08:27:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 4246C492C14;
	Tue, 20 Dec 2022 08:27:28 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 2E8C719465B5;
	Tue, 20 Dec 2022 08:27:27 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 2C8021946597 for <libvir-list@listman.corp.redhat.com>;
 Tue, 20 Dec 2022 08:27:13 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 6559039D3E; Tue, 20 Dec 2022 08:27:13 +0000 (UTC)
Received: from maggie.redhat.com (unknown [10.43.2.39])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 0DAF751FF
 for <libvir-list@redhat.com>; Tue, 20 Dec 2022 08:27:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1671524886;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=xzu0RJXFJAScw5cTXOUW6g8CVNIRZkroNasjGSKXoOk=;
	b=Dvd4yZ/lU5gg2OnbD0gBoB8AdGKu7/v0dX1pNVtBtGQXeB6lohQlV7jdpDsgbCu0B3zCrj
	I4/WluFbeVTc7csHVL911fCx55DK2SwlBAKKdRItFs6H2j1sUJXTClx6TCUeYkWamxGpLp
	eRvNFG4X2uMXznWQ/Wj5R0l0kCV8NMs=
X-MC-Unique: nqE5--XKMauAYsHQBEEvNQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 1/1] secret: Inhibit shutdown for ephemeral secrets
Date: Tue, 20 Dec 2022 09:27:11 +0100
Message-Id: 
 <d822d1385ab0f486808362fb3cd39a4b4e6497dc.1671524545.git.mprivozn@redhat.com>
In-Reply-To: <cover.1671524545.git.mprivozn@redhat.com>
References: <cover.1671524545.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1671524888664100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Our secret driver divides secrets into two groups: ephemeral
(stored only in memory) and persistent (stored on disk). Now, the
aim of ephemeral secrets is to define them shortly before being
used and then undefine them. But 'shortly before being used' is a
very vague time frame. And since we default to socket activation
and thus pass '--timeout 120' to every daemon it may happen that
just defined ephemeral secret is gone among with the virtsecretd.

This is no problem for persistent secrets as their definition
(and value) is restored when the virtsecretd starts again, but
ephemeral secrets can't be restored.

Therefore, we could view ephemeral secrets as active objects that
the daemon manages and thus inhibit automatic shutdown (just like
hypervisor daemons do when a guest is running).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/secret/secret_driver.c | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index bd981a8ace..c38cd6f651 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -66,6 +66,10 @@ struct _virSecretDriverState {
=20
     /* Immutable pointer, self-locking APIs */
     virObjectEventState *secretEventState;
+
+    /* Immutable pointers. Caller must provide locking */
+    virStateInhibitCallback inhibitCallback;
+    void *inhibitOpaque;
 };
=20
 static virSecretDriverState *driver;
@@ -86,6 +90,23 @@ secretObjFromSecret(virSecretPtr secret)
 }
=20
=20
+static bool
+secretNumOfEphemeralSecretsHelper(virConnectPtr conn G_GNUC_UNUSED,
+                                  virSecretDef *def)
+{
+    return def->isephemeral;
+}
+
+
+static int
+secretNumOfEphemeralSecrets(void)
+{
+    return virSecretObjListNumOfSecrets(driver->secrets,
+                                        secretNumOfEphemeralSecretsHelper,
+                                        NULL);
+}
+
+
 /* Driver functions */
=20
 static int
@@ -266,6 +287,10 @@ secretDefineXML(virConnectPtr conn,
  cleanup:
     virSecretDefFree(def);
     virSecretObjEndAPI(&obj);
+
+    if (secretNumOfEphemeralSecrets() > 0)
+        driver->inhibitCallback(true, driver->inhibitOpaque);
+
     virObjectEventStateQueue(driver->secretEventState, event);
=20
     return ret;
@@ -424,6 +449,10 @@ secretUndefine(virSecretPtr secret)
=20
  cleanup:
     virSecretObjEndAPI(&obj);
+
+    if (secretNumOfEphemeralSecrets() =3D=3D 0)
+        driver->inhibitCallback(false, driver->inhibitOpaque);
+
     virObjectEventStateQueue(driver->secretEventState, event);
=20
     return ret;
@@ -463,8 +492,8 @@ static int
 secretStateInitialize(bool privileged,
                       const char *root,
                       bool monolithic G_GNUC_UNUSED,
-                      virStateInhibitCallback callback G_GNUC_UNUSED,
-                      void *opaque G_GNUC_UNUSED)
+                      virStateInhibitCallback callback,
+                      void *opaque)
 {
     VIR_LOCK_GUARD lock =3D virLockGuardLock(&mutex);
=20
@@ -473,6 +502,8 @@ secretStateInitialize(bool privileged,
     driver->lockFD =3D -1;
     driver->secretEventState =3D virObjectEventStateNew();
     driver->privileged =3D privileged;
+    driver->inhibitCallback =3D callback;
+    driver->inhibitOpaque =3D opaque;
=20
     if (root) {
         driver->embeddedRoot =3D g_strdup(root);
--=20
2.38.2