From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107234; cv=none; d=zohomail.com; s=zohoarc; b=cDMiradN16+NsrJOvFmjLu++WmN1vInnEsiRJD7I/vn8qLiAl2ATkly5+NgRprAeSfziaZ5kfAaUq/znFAqPxRZdccTDMNPesBUBcJ1pXLAbWysGNNlXL4l5JwfijW4kfD2Zm3mVDyBgHe57bKzLg8uh77kq7cA2hzbIkIx2khk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107234; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=7Wm+UmoulJpT8ZHZLjKfN7o45hDSWDO7MTV8LLddRd8=; b=BUyH5aZmQL0lCxP/g6+/uUp8NaDe18mDJXexJkPcpwdD4hw1crbrRnQo4EFKylEFmdqGvlD9Qn6F9JH9stD+4tpDSbPaS8OoH3ZisdjbN2My/yHDk61wtATyeFvYRLX2UGMa2liwAK5HHWhsDgmpzeeWO370q1FjDQQQolYAfQ0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1678107234686885.4988491116835; Mon, 6 Mar 2023 04:53:54 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-512-Wrl_7s9iOf-5iRNLSXxd6Q-1; Mon, 06 Mar 2023 07:53:47 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A6871800B23; Mon, 6 Mar 2023 12:53:45 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 929E41410DD9; Mon, 6 Mar 2023 12:53:45 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 691A7194658C; Mon, 6 Mar 2023 12:53:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0FC091946586 for ; Mon, 6 Mar 2023 12:53:45 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 01CA8492B01; Mon, 6 Mar 2023 12:53:45 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EE942492B00 for ; Mon, 6 Mar 2023 12:53:44 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D04C93C218A3 for ; Mon, 6 Mar 2023 12:53:44 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-502-jx3RsVS5NzKITtCSdFKKpg-1; Mon, 06 Mar 2023 07:53:43 -0500 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326Aputh008373 for ; Mon, 6 Mar 2023 12:53:42 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4wsw5jkg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:53:42 +0000 Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326CG2JS007723 for ; Mon, 6 Mar 2023 12:53:42 GMT Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4wsw5jkc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:42 +0000 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3269Y0KW005023; Mon, 6 Mar 2023 12:53:41 GMT Received: from smtprelay03.wdc07v.mail.ibm.com ([9.208.129.113]) by ppma01wdc.us.ibm.com (PPS) with ESMTPS id 3p418456dn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:41 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay03.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326CrcnE51708382 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:53:38 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 812B45804E; Mon, 6 Mar 2023 12:53:38 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B61745803F; Mon, 6 Mar 2023 12:53:37 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:37 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107233; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=7Wm+UmoulJpT8ZHZLjKfN7o45hDSWDO7MTV8LLddRd8=; b=Q3RlUyEQi56MnW7wObd+2MaLXn8XP+OnJo/qKu42UyzMQ0LNUvAFfvc+/1MLFtMl91tksw sO/xsykQ7L5Sn2w9oF0UasUvs9JvAH+YYo2el7TgtZ96tBSQjgJahkkRl6oV7E5m8d59E2 pHhajOO9TFV6W0yQble+CnQQt5yDcJ0= X-MC-Unique: Wrl_7s9iOf-5iRNLSXxd6Q-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: jx3RsVS5NzKITtCSdFKKpg-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 1/7] tests: qemucapabilitiesdata: Add rbd encryption layering Date: Mon, 6 Mar 2023 06:53:06 -0600 Message-Id: <20230306125312.3077608-2-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: zRR3BFExQsAx04-KmjxOUCkkQM-VH1bZ X-Proofpoint-GUID: b7P39z9Up4TbBPkYtH61-YgOmlkreZ-3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 impostorscore=0 phishscore=0 adultscore=0 bulkscore=0 mlxlogscore=603 spamscore=0 mlxscore=0 lowpriorityscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107235527100001 Content-Type: text/plain; charset="utf-8"; x-default="true" RBD encryption layering support was added to qemu in 0f385a24. Signed-off-by: Or Ozeri --- tests/qemucapabilitiesdata/caps_8.0.0.x86_64.replies | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.replies b/tests/q= emucapabilitiesdata/caps_8.0.0.x86_64.replies index a41b3e1825..21df6c5e22 100644 --- a/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.replies @@ -17041,6 +17041,11 @@ { "name": "format", "type": "666" + }, + { + "name": "parent", + "default": null, + "type": "545" } ], "meta-type": "object" --=20 2.25.1 From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107239; cv=none; d=zohomail.com; s=zohoarc; b=MHL40ItZ8PWz/EwWnjhVEgfioCSXZcqDp5/2AfcHWGrCsSt82mZSPcAbPNC+9VyelGWzHAGI6FYGTkm02E5geCXeND/MOLG5v5GRfLgnWQ59FqbgW1srs/+20ixvI3y1AiPjIRRZ9wlTbsLdKywKTUG37UM4IO+CmIquBfjnYnU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107239; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2dostNcEjmmTHPErBWgsFjXgmmWTI213QaqzCp/kVV0=; b=OiKcjXZkV/fq9yL4Wb0W3Mo6E5c7UMyakvbvtYWqlypsvfbuJXikDpkdhtojVLbimbeFyjKEZZgvSMKojJLPnKxefJMx8pXoFqgaSjVVcWxxY4IybE7nzygJpm1dWi/ue4CIILfN7Ep4/yR34v9qKO/v2+fivFnkJd453F9jsxU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1678107239239113.46379002034416; Mon, 6 Mar 2023 04:53:59 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-604-_yYO17_nOpCkbeldFOk2dA-1; Mon, 06 Mar 2023 07:53:54 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 900F2882821; Mon, 6 Mar 2023 12:53:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 78C21112132D; Mon, 6 Mar 2023 12:53:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 49A92194658C; Mon, 6 Mar 2023 12:53:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7BC821946586 for ; Mon, 6 Mar 2023 12:53:50 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 5B5D32026D76; Mon, 6 Mar 2023 12:53:50 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5320E2026D4B for ; Mon, 6 Mar 2023 12:53:50 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3359D8588E3 for ; Mon, 6 Mar 2023 12:53:50 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-237-hTxvBtJTMo-V9k4LNFDmKg-1; Mon, 06 Mar 2023 07:53:47 -0500 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326CIkKl029648 for ; Mon, 6 Mar 2023 12:53:46 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4yhqv2yr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:53:46 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326Ca51C025492 for ; Mon, 6 Mar 2023 12:53:46 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4yhqv2yj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:46 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 326AZbPk015411; Mon, 6 Mar 2023 12:53:45 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([9.208.129.116]) by ppma02dal.us.ibm.com (PPS) with ESMTPS id 3p4199gemg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:45 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326CrgP960752244 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:53:42 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C37458060; Mon, 6 Mar 2023 12:53:42 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6A5E65803F; Mon, 6 Mar 2023 12:53:41 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:41 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107238; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=2dostNcEjmmTHPErBWgsFjXgmmWTI213QaqzCp/kVV0=; b=a4ZpMUUqjBM/e7MM7TDg3cCUtUac0lxlQZ9ODa+OWadRg3GHuq38tMYDaTzD3FcK/4top3 pXtPCIdZVvIX59HQYCXH+ux/r+3EGWeNTe7Da5/3UDQ1MwYD/dAl20PXsM03+gPAt8/pFb zKkdgwXwh3did5HWHxPphbWM3ABa+ys= X-MC-Unique: _yYO17_nOpCkbeldFOk2dA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: hTxvBtJTMo-V9k4LNFDmKg-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 2/7] qemu: capabilities: Introduce QEMU_CAPS_RBD_ENCRYPTION_LAYERING capability Date: Mon, 6 Mar 2023 06:53:07 -0600 Message-Id: <20230306125312.3077608-3-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: vcqLpvrvRSomlJSioIxau9VGBFpcaG0s X-Proofpoint-ORIG-GUID: QTzX9qPFQK74PF_1klFwdWwU6UIGcmgi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 priorityscore=1501 lowpriorityscore=0 bulkscore=0 adultscore=0 phishscore=0 suspectscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107241346100001 Content-Type: text/plain; charset="utf-8"; x-default="true" This capability represents that qemu supports the layered encryption of RBD images, where a cloned image is encrypted with a possible different encryption than its parent image. Signed-off-by: Or Ozeri Reviewed-by: Peter Krempa --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml | 1 + 3 files changed, 4 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 3cb5785baa..fe69a752ee 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -690,6 +690,7 @@ VIR_ENUM_IMPL(virQEMUCaps, =20 /* 445 */ "netdev.stream.reconnect", /* QEMU_CAPS_NETDEV_STREAM_RECONN= ECT */ + "rbd-encryption-layering", /* QEMU_CAPS_RBD_ENCRYPTION_LAYER= ING */ ); =20 =20 @@ -1554,6 +1555,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc= hemaQueries[] =3D { { "blockdev-add/arg-type/+nvme", QEMU_CAPS_DRIVE_NVME }, { "blockdev-add/arg-type/+file/aio/^io_uring", QEMU_CAPS_AIO_IO_URING = }, { "blockdev-add/arg-type/+rbd/encrypt", QEMU_CAPS_RBD_ENCRYPTION }, + { "blockdev-add/arg-type/+rbd/encrypt/parent", QEMU_CAPS_RBD_ENCRYPTIO= N_LAYERING }, { "blockdev-add/arg-type/+nbd/tls-hostname", QEMU_CAPS_BLOCKDEV_NBD_TL= S_HOSTNAME }, { "blockdev-snapshot/$allow-write-only-overlay", QEMU_CAPS_BLOCKDEV_SN= APSHOT_ALLOW_WRITE_ONLY }, { "chardev-add/arg-type/backend/+socket/data/reconnect", QEMU_CAPS_CHA= RDEV_RECONNECT }, diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index d049f79dd9..1f29c691e7 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -669,6 +669,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ =20 /* 445 */ QEMU_CAPS_NETDEV_STREAM_RECONNECT, /* -netdev stream supports reconnec= t */ + QEMU_CAPS_RBD_ENCRYPTION_LAYERING, /* layered encryption support for C= eph RBD */ =20 QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_8.0.0.x86_64.xml index ce051d3f1c..b90ad6d831 100644 --- a/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml @@ -206,6 +206,7 @@ + 7002050 0 43100244 --=20 2.25.1 From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107244; cv=none; d=zohomail.com; s=zohoarc; b=a5uK0tiSoeift8ac9WoYn4dqWbRSdCtccmvM3kSKqjarYNrrZ422b7rrj+w/pR8XB+wHb0rTwlrdAWuE31dPRuq0LPS244DaKCpLe+PyLR1OsU479Be/dJwF5Pm2rKwIkfFka3I/ENSkOu2mUTIpHECnZZLOFQZXnQZDoYKGthM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107244; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=fTxb2TnHyTHAdOMnqByt2vkuSGD3GP8Y8a4B8HsrMvM=; b=GnEUlPWb7Z/HO4A0i9OSyMshn1r8JXy/eAszQy6dOqxMU8/KYJyO1bvrbMda+G3VBDP68OsKMt6hGpzNgmdQkylDfYj4LhNxQGw24AOg7TcMB29FybWkssovNy8mdXShR66T/PKHRrrTndoScI+oxtM9cx8c1eL/Q40E9XbH97M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1678107244732293.42774989792747; Mon, 6 Mar 2023 04:54:04 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-413-Wy2gLHGiO4Oy3AH8b_PigA-1; Mon, 06 Mar 2023 07:53:58 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D7192882820; Mon, 6 Mar 2023 12:53:55 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id C2A37408573E; Mon, 6 Mar 2023 12:53:55 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A1B02194658C; Mon, 6 Mar 2023 12:53:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4E22D1946586 for ; Mon, 6 Mar 2023 12:53:54 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 24E65C1602A; Mon, 6 Mar 2023 12:53:54 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1CFDCC16029 for ; Mon, 6 Mar 2023 12:53:54 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F12E938012F5 for ; Mon, 6 Mar 2023 12:53:53 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-612-aLiO8wFsNGGueTJo1XM_Fg-1; Mon, 06 Mar 2023 07:53:51 -0500 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326CTBke017416 for ; Mon, 6 Mar 2023 12:53:50 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p50vmaymt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:53:50 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326CFH0b028699 for ; Mon, 6 Mar 2023 12:53:50 GMT Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p50vmaym8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:50 +0000 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3269N0sk028682; Mon, 6 Mar 2023 12:53:48 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([9.208.130.101]) by ppma05wdc.us.ibm.com (PPS) with ESMTPS id 3p419v560j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:48 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326CrkhV4850200 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:53:46 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E9B1058054; Mon, 6 Mar 2023 12:53:45 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 29F1F5804E; Mon, 6 Mar 2023 12:53:45 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:45 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107243; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=fTxb2TnHyTHAdOMnqByt2vkuSGD3GP8Y8a4B8HsrMvM=; b=H0hcdUDbc+QFadXNMNVxGwVyl2q4oJDHCcE0p/WqDfxE2YND98ttTKP9nKXH0TmWEmPD0C hiyqKGlW5vsj88tCJ4POKhMl1AWqN2HL9RYNG0F+C0zVHHmeuoKuxEkp1iprMFzq7cIvao P2rE9IeAVMyLmRHS7xkpkVIwlYL05iA= X-MC-Unique: Wy2gLHGiO4Oy3AH8b_PigA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: aLiO8wFsNGGueTJo1XM_Fg-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 3/7] qemu: add support for multiple secret aliases Date: Mon, 6 Mar 2023 06:53:08 -0600 Message-Id: <20230306125312.3077608-4-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: kQZBZWuO9Wou2XHfd2TyxKr9MNdddM1b X-Proofpoint-ORIG-GUID: -zpx-Ym5cVb-Hl2-xVFd9P0zl5PTqTZY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=923 suspectscore=0 adultscore=0 mlxscore=0 phishscore=0 spamscore=0 clxscore=1015 malwarescore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107245506100002 Content-Type: text/plain; charset="utf-8"; x-default="true" Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu, which will later be used for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri Reviewed-by: Peter Krempa --- src/qemu/qemu_alias.c | 8 +++++--- src/qemu/qemu_alias.h | 3 ++- src/qemu/qemu_domain.c | 14 ++++++++------ src/qemu/qemu_hotplug.c | 2 +- src/qemu/qemu_migration_params.c | 2 +- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index a9809797d5..2e0a50b68b 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -801,17 +801,19 @@ qemuDomainGetMasterKeyAlias(void) /* qemuAliasForSecret: * @parentalias: alias of the parent object * @obj: optional sub-object of the parent device the secret is for + * @secret_idx: secret index number (0 in the case of a single secret) * * Generate alias for a secret object used by @parentalias device or one of * the dependencies of the device described by @obj. */ char * qemuAliasForSecret(const char *parentalias, - const char *obj) + const char *obj, + size_t secret_idx) { if (obj) - return g_strdup_printf("%s-%s-secret0", parentalias, obj); - return g_strdup_printf("%s-secret0", parentalias); + return g_strdup_printf("%s-%s-secret%lu", parentalias, obj, secret= _idx); + return g_strdup_printf("%s-secret%lu", parentalias, secret_idx); } =20 /* qemuAliasTLSObjFromSrcAlias diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index f13f4cc5f8..eae08020dc 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hos= tdev); char *qemuDomainGetMasterKeyAlias(void); =20 char *qemuAliasForSecret(const char *parentalias, - const char *obj); + const char *obj, + size_t secret_idx); =20 char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias) ATTRIBUTE_NONNULL(1); diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f5fd140c85..80c9852dae 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv, * @priv: pointer to domain private object * @srcalias: Alias of the disk/hostdev used to generate the secret alias * @secretuse: specific usage for the secret (may be NULL if main object i= s using it) + * @secret_idx: secret index number (0 in the case of a single secret) * @usageType: The virSecretUsageType * @username: username to use for authentication (may be NULL) * @seclookupdef: Pointer to seclookupdef data @@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo * qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv, const char *srcalias, const char *secretuse, + size_t secret_idx, virSecretUsageType usageType, const char *username, virSecretLookupTypeDef *seclookupdef) { qemuDomainSecretInfo *secinfo; - g_autofree char *alias =3D qemuAliasForSecret(srcalias, secretuse); + g_autofree char *alias =3D qemuAliasForSecret(srcalias, secretuse, sec= ret_idx); g_autofree uint8_t *secret =3D NULL; size_t secretlen =3D 0; VIR_IDENTITY_AUTORESTORE virIdentity *oldident =3D virIdentityElevateC= urrent(); @@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv, } seclookupdef.type =3D VIR_SECRET_LOOKUP_TYPE_UUID; =20 - return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, + return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0, VIR_SECRET_USAGE_TYPE_TLS, NULL, &seclookupdef); } @@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomai= nObjPrivate *priv, virStorageSource *src, const char *aliasprotocol) { - g_autofree char *secretalias =3D qemuAliasForSecret(aliasprotocol, "ht= tpcookie"); + g_autofree char *secretalias =3D qemuAliasForSecret(aliasprotocol, "ht= tpcookie", 0); g_autofree char *cookies =3D qemuBlockStorageSourceGetCookieString(src= ); =20 return qemuDomainSecretInfoSetup(priv, secretalias, NULL, @@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPri= vate *priv, usageType =3D VIR_SECRET_USAGE_TYPE_CEPH; =20 if (!(srcPriv->secinfo =3D qemuDomainSecretInfoSetupFromSecret(pri= v, aliasprotocol, - "auth= ", + "auth= ", 0, usage= Type, src->= auth->username, &src-= >auth->seclookupdef))) @@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPri= vate *priv, =20 if (hasEnc) { if (!(srcPriv->encinfo =3D qemuDomainSecretInfoSetupFromSecret(pri= v, aliasformat, - "encr= yption", + "encr= yption", 0, VIR_S= ECRET_USAGE_TYPE_VOLUME, NULL, &src-= >encryption->secrets[0]->seclookupdef))) @@ -11181,7 +11183,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostd= ev, =20 if (!(srcPriv->secinfo =3D qemuDomainSecretInfoSetupFromSe= cret(priv, = backendalias, - = NULL, + = NULL, 0, = usageType, = src->auth->username, = &src->auth->seclookupdef))) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index da17525824..f15b4ea31f 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver, * secret UUID and we have a serial TCP chardev, then formulate a * secAlias which we'll attempt to destroy. */ if (cfg->chardevTLSx509secretUUID && - !(secAlias =3D qemuAliasForSecret(inAlias, NULL))) + !(secAlias =3D qemuAliasForSecret(inAlias, NULL, 0))) return -1; =20 qemuDomainObjEnterMonitor(vm); diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_par= ams.c index bd09dcfb23..0d747580f4 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm, return; =20 tlsAlias =3D qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE= ); - secAlias =3D qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL); + secAlias =3D qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0= ); =20 qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias); g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecret= InfoFree); --=20 2.25.1 From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107244; cv=none; d=zohomail.com; s=zohoarc; b=kmopJ7FHu64xmAb3/B/OhOG4uiJUbbikBhOyhArpVFC2P0jGCZE+vv6FJiZD/lIciy4XOhw9xVckL7HbSDrr5Fe3KktRiC1ZDC/op9ym6FG02IC3sEOyikOX2jjpMbWwVmS36sfQsZ3Eg3jM5a4EX4Sni3NgfL14ZsjP4cNzZko= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107244; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+xIQU0E5lKusPD2Fd7EPywcU/5lsGRMvCGzwOA2x8Dg=; b=jpyzmp/Q+qOqm9qjUuK/bs9qAC72SbnB4gjC3GVs/l0X1MOO5dtOIRWoIWoRHL/QS2L9gaF4Xth1qTwGAH3egHdB/1m1DhXSmVdy5lBmUrcgAlq7uz76XTVRB62FHPP2qaCLniYK+buJu5/n7Rp6LAQZj2wLXOELdz5LSwuQVOc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1678107244554842.0403395613216; Mon, 6 Mar 2023 04:54:04 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-225-nyykEBm_N5CDTB5s7nWqxA-1; Mon, 06 Mar 2023 07:54:00 -0500 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BA030280AA20; Mon, 6 Mar 2023 12:53:57 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A4CCB492C14; Mon, 6 Mar 2023 12:53:57 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 843FC194658C; Mon, 6 Mar 2023 12:53:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D3C961946586 for ; Mon, 6 Mar 2023 12:53:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id C4F0E492C18; Mon, 6 Mar 2023 12:53:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BD1AD492C14 for ; Mon, 6 Mar 2023 12:53:56 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 99F5C8588F3 for ; Mon, 6 Mar 2023 12:53:56 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-495-PgycLdG1MvWHBPkzT3rxlg-1; Mon, 06 Mar 2023 07:53:54 -0500 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326B31rF028552 for ; Mon, 6 Mar 2023 12:53:54 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4yhqv32x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:53:54 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326AVZuV026226 for ; Mon, 6 Mar 2023 12:53:53 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4yhqv32j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:53 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 326AXACI023908; Mon, 6 Mar 2023 12:53:53 GMT Received: from smtprelay01.wdc07v.mail.ibm.com ([9.208.129.119]) by ppma03dal.us.ibm.com (PPS) with ESMTPS id 3p41878fpe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:53 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326CrnMa38011386 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:53:49 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A22DD58056; Mon, 6 Mar 2023 12:53:49 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8699A5803F; Mon, 6 Mar 2023 12:53:48 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:48 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107243; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=+xIQU0E5lKusPD2Fd7EPywcU/5lsGRMvCGzwOA2x8Dg=; b=IMyN9jpo37+7M2jtzUMjCCLO+b6KS8IdqoPzS6wEinqCeohlC6nupUXM4S4n8Ks5rCHBsy 4fd3kPgX0G9ExbGDu4YW//KLbCdFek63/93rph9N3wMZSVxhcASRnoMpDETTvsOh7NCnZu 39/D3+UxE3DLgzhkmDmoVfkttTZXIDM= X-MC-Unique: nyykEBm_N5CDTB5s7nWqxA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: PgycLdG1MvWHBPkzT3rxlg-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 4/7] qemu: add multi-secret support in qemuBlockStorageSourceAttachData Date: Mon, 6 Mar 2023 06:53:09 -0600 Message-Id: <20230306125312.3077608-5-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: rUxuNnu7KjBIuDELUO4q_NuGO1bXE912 X-Proofpoint-ORIG-GUID: xKKsHMoulOYwRqxgv_01BswuCWFGAk17 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxlogscore=890 priorityscore=1501 lowpriorityscore=0 bulkscore=0 adultscore=0 phishscore=0 suspectscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107245480100001 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit changes the qemuBlockStorageSourceAttachData struct to support multiple secrets (instead of a single one before this commit). This will useful for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri Reviewed-by: Peter Krempa --- src/qemu/qemu_block.c | 35 ++++++++++++++++++++++++++--------- src/qemu/qemu_block.h | 5 +++-- src/qemu/qemu_blockjob.c | 6 ++++++ src/qemu/qemu_command.c | 21 +++++++++++++++++---- 4 files changed, 52 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 5e700eff99..2e3e0f6572 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1310,6 +1310,7 @@ qemuBlockStorageSourceGetBlockdevStorageSliceProps(vi= rStorageSource *src) void qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachData *dat= a) { + size_t i; if (!data) return; =20 @@ -1319,12 +1320,16 @@ qemuBlockStorageSourceAttachDataFree(qemuBlockStora= geSourceAttachData *data) virJSONValueFree(data->prmgrProps); virJSONValueFree(data->authsecretProps); virJSONValueFree(data->httpcookiesecretProps); - virJSONValueFree(data->encryptsecretProps); + for (i =3D 0; i < data->encryptsecretCount; ++i) { + virJSONValueFree(data->encryptsecretProps[i]); + g_free(data->encryptsecretAlias[i]); + } virJSONValueFree(data->tlsProps); virJSONValueFree(data->tlsKeySecretProps); g_free(data->tlsAlias); g_free(data->tlsKeySecretAlias); g_free(data->authsecretAlias); + g_free(data->encryptsecretProps); g_free(data->encryptsecretAlias); g_free(data->httpcookiesecretAlias); g_free(data->driveCmd); @@ -1435,10 +1440,12 @@ static int qemuBlockStorageSourceAttachApplyFormatDeps(qemuMonitor *mon, qemuBlockStorageSourceAttachDa= ta *data) { - if (data->encryptsecretProps && - qemuMonitorAddObject(mon, &data->encryptsecretProps, - &data->encryptsecretAlias) < 0) - return -1; + size_t i; + for (i =3D 0; i < data->encryptsecretCount; ++i) { + if (qemuMonitorAddObject(mon, &data->encryptsecretProps[i], + &data->encryptsecretAlias[i]) < 0) + return -1; + } =20 return 0; } @@ -1524,6 +1531,7 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mon, qemuBlockStorageSourceAttachData *dat= a) { virErrorPtr orig_err; + size_t i; =20 virErrorPreserveLast(&orig_err); =20 @@ -1549,8 +1557,10 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mo= n, if (data->authsecretAlias) ignore_value(qemuMonitorDelObject(mon, data->authsecretAlias, fals= e)); =20 - if (data->encryptsecretAlias) - ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlias, f= alse)); + for (i =3D 0; i < data->encryptsecretCount; ++i) { + if (data->encryptsecretAlias[i]) + ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlia= s[i], false)); + } =20 if (data->httpcookiesecretAlias) ignore_value(qemuMonitorDelObject(mon, data->httpcookiesecretAlias= , false)); @@ -1605,8 +1615,15 @@ qemuBlockStorageSourceDetachPrepare(virStorageSource= *src) if (srcpriv->secinfo) data->authsecretAlias =3D g_strdup(srcpriv->secinfo->alias); =20 - if (srcpriv->encinfo) - data->encryptsecretAlias =3D g_strdup(srcpriv->encinfo->alias); + if (srcpriv->encinfo) { + if (!data->encryptsecretAlias) { + data->encryptsecretCount =3D 1; + data->encryptsecretProps =3D g_new0(virJSONValue *, 1); + data->encryptsecretAlias =3D g_new0(char *, 1); + } + + data->encryptsecretAlias[0] =3D g_strdup(srcpriv->encinfo->ali= as); + } =20 if (srcpriv->httpcookie) data->httpcookiesecretAlias =3D g_strdup(srcpriv->httpcookie->= alias); diff --git a/src/qemu/qemu_block.h b/src/qemu/qemu_block.h index 5a61a19da2..530d88d28e 100644 --- a/src/qemu/qemu_block.h +++ b/src/qemu/qemu_block.h @@ -89,8 +89,9 @@ struct qemuBlockStorageSourceAttachData { virJSONValue *authsecretProps; char *authsecretAlias; =20 - virJSONValue *encryptsecretProps; - char *encryptsecretAlias; + size_t encryptsecretCount; + virJSONValue **encryptsecretProps; + char **encryptsecretAlias; =20 virJSONValue *httpcookiesecretProps; char *httpcookiesecretAlias; diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index a20cf1db62..818e90022c 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -1336,9 +1336,15 @@ qemuBlockJobProcessEventConcludedCreate(virQEMUDrive= r *driver, /* the format node part was not attached yet, so we don't need to deta= ch it */ backend->formatAttached =3D false; if (job->data.create.storage) { + size_t i; + backend->storageAttached =3D false; backend->storageSliceAttached =3D false; + for (i =3D 0; i < backend->encryptsecretCount; ++i) { + VIR_FREE(backend->encryptsecretAlias[i]); + } VIR_FREE(backend->encryptsecretAlias); + VIR_FREE(backend->encryptsecretProps); } =20 if (qemuDomainObjEnterMonitorAsync(vm, asyncJob) < 0) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 4839d45a34..f5dcb46e42 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -2108,15 +2108,21 @@ qemuBuildBlockStorageSourceAttachDataCommandline(vi= rCommand *cmd, virQEMUCaps *qemuCaps) { char *tmp; + size_t i; =20 if (qemuBuildObjectCommandline(cmd, data->prmgrProps, qemuCaps) < 0 || qemuBuildObjectCommandline(cmd, data->authsecretProps, qemuCaps) <= 0 || - qemuBuildObjectCommandline(cmd, data->encryptsecretProps, qemuCaps= ) < 0 || qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps, qemuC= aps) < 0 || qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps, qemuCaps)= < 0 || qemuBuildObjectCommandline(cmd, data->tlsProps, qemuCaps) < 0) return -1; =20 + for (i =3D 0; i < data->encryptsecretCount; ++i) { + if (qemuBuildObjectCommandline(cmd, data->encryptsecretProps[i], q= emuCaps) < 0) { + return -1; + } + } + if (data->driveCmd) virCommandAddArgList(cmd, "-drive", data->driveCmd, NULL); =20 @@ -10637,9 +10643,16 @@ qemuBuildStorageSourceAttachPrepareCommon(virStora= geSource *src, qemuBuildSecretInfoProps(srcpriv->secinfo, &data->authsecretPr= ops) < 0) return -1; =20 - if (srcpriv->encinfo && - qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptsecre= tProps) < 0) - return -1; + if (srcpriv->encinfo) { + if (!data->encryptsecretProps) { + data->encryptsecretCount =3D 1; + data->encryptsecretProps =3D g_new0(virJSONValue *, 1); + data->encryptsecretAlias =3D g_new0(char *, 1); + } + + if (qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptse= cretProps[0]) < 0) + return -1; + } =20 if (srcpriv->httpcookie && qemuBuildSecretInfoProps(srcpriv->httpcookie, &data->httpcooki= esecretProps) < 0) --=20 2.25.1 From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107253; cv=none; d=zohomail.com; s=zohoarc; b=FznA1FtxOUOkmZgHoqFW2jj83QCo4vgxCASBqMlLGH2UhPjO9uAItjd7mDu4fAKZ0kzUESxlgSQ87l03m607++XFLht6yl4ax4BTkvcBiN/XK6jMdimfFJ3bTd+cv5H7m+obMwjcd7L9j9nOFzzw8jOa0Or4nsfiJ+/JKVEp97A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107253; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CemiZ2U1giTaBGVgRETpjLGNsJPMBo1Xe0pu+060p/s=; b=maHaF5JeF+tPRteUJX7ZsssABKLZA6jMX5+N1ak7gsWQdjvZFeG1ux9f1TRTCzIKq2zKyJYxQmzIt9pWxDU85GEZhO0aOZExCXrAJDs+uTCkPOo9c/1XRKvPhW/pNu/Bii89b/jeMYUfo3kW4loz20XNbrcLj+ObrkfQq20V4sI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1678107253654988.6016191023704; Mon, 6 Mar 2023 04:54:13 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-656-t1miy224M6mAIlmPDlpesA-1; Mon, 06 Mar 2023 07:54:04 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E9B6B3810B0E; Mon, 6 Mar 2023 12:54:01 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id D582E2166B26; Mon, 6 Mar 2023 12:54:01 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C4B4D19465B2; Mon, 6 Mar 2023 12:54:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 70B46194658C for ; Mon, 6 Mar 2023 12:54:00 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 46D8C400DFA1; Mon, 6 Mar 2023 12:54:00 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3EAF440C83B6 for ; Mon, 6 Mar 2023 12:54:00 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1EC433C218A2 for ; Mon, 6 Mar 2023 12:54:00 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-328-pudxW9QpPPW0xe4lDWPZrw-1; Mon, 06 Mar 2023 07:53:58 -0500 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326AYXHM032091 for ; Mon, 6 Mar 2023 12:53:58 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4x1hng1p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:53:57 +0000 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326B1Wv4002048 for ; Mon, 6 Mar 2023 12:53:57 GMT Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p4x1hng1c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:57 +0000 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 326B9iod017241; Mon, 6 Mar 2023 12:53:56 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([9.208.129.117]) by ppma04dal.us.ibm.com (PPS) with ESMTPS id 3p41ak8ec4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:56 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326CrrKW54657284 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:53:53 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1CEBD58054; Mon, 6 Mar 2023 12:53:53 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5AD4D5803F; Mon, 6 Mar 2023 12:53:52 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:52 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107251; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CemiZ2U1giTaBGVgRETpjLGNsJPMBo1Xe0pu+060p/s=; b=C1DONwOkHbvTzYJfpCXM9k9K11MEDHzwvciFWKBA+uk3GZVh/y9EPu6MROj2DZfrFbqbSr /jppTOTBep/4I+WoSszLBkN9QhZiOb8uGxFlMQsxthwslpYC3YdPjxhzbWSyNeA5cIxEMA czJExGDtD8O/3GGIHMQo6wlY/EcraC0= X-MC-Unique: t1miy224M6mAIlmPDlpesA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: pudxW9QpPPW0xe4lDWPZrw-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 5/7] qemu: add multi-secret support in _qemuDomainStorageSourcePrivate Date: Mon, 6 Mar 2023 06:53:10 -0600 Message-Id: <20230306125312.3077608-6-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: kw_0okAGvpMQEMu5LBstJDGmS8aiMvtV X-Proofpoint-ORIG-GUID: x7aD7hX-bbvDfAIpTd2yGA6tkqJYCcbh X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 suspectscore=0 clxscore=1015 adultscore=0 phishscore=0 mlxscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107255429100003 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit changes the _qemuDomainStorageSourcePrivate struct to support multiple secrets (instead of a single one before this commit). This will useful for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri --- src/qemu/qemu_block.c | 22 +++++++----- src/qemu/qemu_command.c | 20 ++++++----- src/qemu/qemu_domain.c | 75 ++++++++++++++++++++++++++++++++--------- src/qemu/qemu_domain.h | 3 +- tests/qemublocktest.c | 7 ++-- 5 files changed, 91 insertions(+), 36 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 2e3e0f6572..f6d21d2040 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -581,7 +581,7 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src, =20 if (virJSONValueObjectAdd(&encrypt, "s:format", encformat, - "s:key-secret", srcPriv->encinfo->alias, + "s:key-secret", srcPriv->encinfo[0]->ali= as, NULL) < 0) return NULL; } @@ -978,7 +978,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSour= ce *src, { qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE= _PRIVATE(src); =20 - if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->alias) { + if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo[0]->alias) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("missing secret info for 'luks' driver")); return -1; @@ -986,7 +986,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSour= ce *src, =20 if (virJSONValueObjectAdd(&props, "s:driver", "luks", - "s:key-secret", srcPriv->encinfo->alias, + "s:key-secret", srcPriv->encinfo[0]->alias, NULL) < 0) return -1; =20 @@ -1054,7 +1054,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource= *src, =20 return virJSONValueObjectAdd(encprops, "s:format", encformat, - "s:key-secret", srcpriv->encinfo->alias, + "s:key-secret", srcpriv->encinfo[0]->alia= s, NULL); } =20 @@ -1616,13 +1616,17 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourc= e *src) data->authsecretAlias =3D g_strdup(srcpriv->secinfo->alias); =20 if (srcpriv->encinfo) { + size_t i; + if (!data->encryptsecretAlias) { - data->encryptsecretCount =3D 1; - data->encryptsecretProps =3D g_new0(virJSONValue *, 1); - data->encryptsecretAlias =3D g_new0(char *, 1); + data->encryptsecretCount =3D srcpriv->enccount; + data->encryptsecretProps =3D g_new0(virJSONValue *, srcpri= v->enccount); + data->encryptsecretAlias =3D g_new0(char *, srcpriv->encco= unt); } =20 - data->encryptsecretAlias[0] =3D g_strdup(srcpriv->encinfo->ali= as); + for (i =3D 0; i < srcpriv->enccount; ++i) { + data->encryptsecretAlias[i] =3D g_strdup(srcpriv->encinfo[= i]->alias); + } } =20 if (srcpriv->httpcookie) @@ -1987,7 +1991,7 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStor= ageSource *src, =20 if (srcpriv && srcpriv->encinfo) - keysecret =3D srcpriv->encinfo->alias; + keysecret =3D srcpriv->encinfo[0]->alias; =20 if (virJSONValueObjectAdd(&props, "s:key-secret", keysecret, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f5dcb46e42..69f0d74b92 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1603,7 +1603,7 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk, { virStorageType actualType =3D virStorageSourceGetActualType(disk->src); qemuDomainStorageSourcePrivate *srcpriv =3D QEMU_DOMAIN_STORAGE_SOURCE= _PRIVATE(disk->src); - qemuDomainSecretInfo *encinfo =3D NULL; + qemuDomainSecretInfo **encinfo =3D NULL; g_autoptr(virJSONValue) srcprops =3D NULL; bool rawluks =3D false; =20 @@ -1647,12 +1647,12 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk, =20 if (encinfo) { if (disk->src->format =3D=3D VIR_STORAGE_FILE_RAW) { - virBufferAsprintf(buf, "key-secret=3D%s,", encinfo->alias); + virBufferAsprintf(buf, "key-secret=3D%s,", encinfo[0]->alias); rawluks =3D true; } else if (disk->src->format =3D=3D VIR_STORAGE_FILE_QCOW2 && disk->src->encryption->format =3D=3D VIR_STORAGE_ENCRYP= TION_FORMAT_LUKS) { virBufferAddLit(buf, "encrypt.format=3Dluks,"); - virBufferAsprintf(buf, "encrypt.key-secret=3D%s,", encinfo->al= ias); + virBufferAsprintf(buf, "encrypt.key-secret=3D%s,", encinfo[0]-= >alias); } } =20 @@ -10644,14 +10644,18 @@ qemuBuildStorageSourceAttachPrepareCommon(virStor= ageSource *src, return -1; =20 if (srcpriv->encinfo) { + size_t i; + if (!data->encryptsecretProps) { - data->encryptsecretCount =3D 1; - data->encryptsecretProps =3D g_new0(virJSONValue *, 1); - data->encryptsecretAlias =3D g_new0(char *, 1); + data->encryptsecretCount =3D srcpriv->enccount; + data->encryptsecretProps =3D g_new0(virJSONValue *, srcpriv= ->enccount); + data->encryptsecretAlias =3D g_new0(char *, srcpriv->enccou= nt); } =20 - if (qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptse= cretProps[0]) < 0) - return -1; + for (i =3D 0; i < srcpriv->enccount; ++i) { + if (qemuBuildSecretInfoProps(srcpriv->encinfo[i], &data->en= cryptsecretProps[i]) < 0) + return -1; + } } =20 if (srcpriv->httpcookie && diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 80c9852dae..a3b9b57cfa 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -872,7 +872,13 @@ qemuDomainStorageSourcePrivateDispose(void *obj) qemuDomainStorageSourcePrivate *priv =3D obj; =20 g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree); - g_clear_pointer(&priv->encinfo, qemuDomainSecretInfoFree); + if (priv->encinfo) { + size_t i; + for (i =3D 0; i < priv->enccount; ++i) { + g_clear_pointer(&priv->encinfo[i], qemuDomainSecretInfoFree); + } + priv->encinfo =3D NULL; + } g_clear_pointer(&priv->httpcookie, qemuDomainSecretInfoFree); g_clear_pointer(&priv->tlsKeySecret, qemuDomainSecretInfoFree); g_clear_pointer(&priv->fdpass, qemuFDPassFree); @@ -1401,7 +1407,13 @@ qemuDomainSecretDiskDestroy(virDomainDiskDef *disk) for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt= ore) { if ((srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(n))) { qemuDomainSecretInfoDestroy(srcPriv->secinfo); - qemuDomainSecretInfoDestroy(srcPriv->encinfo); + if (srcPriv->encinfo) { + size_t i; + + for (i =3D 0; i < srcPriv->enccount; ++i) { + qemuDomainSecretInfoDestroy(srcPriv->encinfo[i]); + } + } qemuDomainSecretInfoDestroy(srcPriv->tlsKeySecret); } } @@ -1470,12 +1482,14 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjP= rivate *priv, } =20 if (hasEnc) { - if (!(srcPriv->encinfo =3D qemuDomainSecretInfoSetupFromSecret(pri= v, aliasformat, - "encr= yption", 0, - VIR_S= ECRET_USAGE_TYPE_VOLUME, - NULL, - &src-= >encryption->secrets[0]->seclookupdef))) - return -1; + srcPriv->enccount =3D 1; + srcPriv->encinfo =3D g_new0(qemuDomainSecretInfo *, 1); + if (!(srcPriv->encinfo[0] =3D qemuDomainSecretInfoSetupFromSecret(= priv, aliasformat, + "e= ncryption", 0, + VI= R_SECRET_USAGE_TYPE_VOLUME, + NU= LL, + &s= rc->encryption->secrets[0]->seclookupdef))) + return -1; } =20 if (src->ncookies && @@ -1964,13 +1978,14 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPt= r ctxt, virStorageSource *src) { qemuDomainStorageSourcePrivate *priv; + g_autofree xmlNodePtr *encnodes =3D NULL; g_autofree char *authalias =3D NULL; - g_autofree char *encalias =3D NULL; g_autofree char *httpcookiealias =3D NULL; g_autofree char *tlskeyalias =3D NULL; g_autofree char *thresholdEventWithIndex =3D NULL; bool fdsetPresent =3D false; unsigned int fdSetID; + int enccount; =20 src->nodestorage =3D virXPathString("string(./nodenames/nodename[@type= =3D'storage']/@name)", ctxt); src->nodeformat =3D virXPathString("string(./nodenames/nodename[@type= =3D'format']/@name)", ctxt); @@ -1983,13 +1998,16 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPt= r ctxt, src->pr->mgralias =3D virXPathString("string(./reservations/@mgral= ias)", ctxt); =20 authalias =3D virXPathString("string(./objects/secret[@type=3D'auth']/= @alias)", ctxt); - encalias =3D virXPathString("string(./objects/secret[@type=3D'encrypti= on']/@alias)", ctxt); + if ((enccount =3D virXPathNodeSet("./objects/secret[@type=3D'encryptio= n']", ctxt, &encnodes)) < 0) + return -1; httpcookiealias =3D virXPathString("string(./objects/secret[@type=3D'h= ttpcookie']/@alias)", ctxt); tlskeyalias =3D virXPathString("string(./objects/secret[@type=3D'tlske= y']/@alias)", ctxt); =20 fdsetPresent =3D virXPathUInt("string(./fdsets/fdset[@type=3D'storage'= ]/@id)", ctxt, &fdSetID) =3D=3D 0; =20 - if (authalias || encalias || httpcookiealias || tlskeyalias || fdsetPr= esent) { + if (authalias || (enccount > 0) || httpcookiealias || tlskeyalias || f= dsetPresent) { + size_t i; + if (!src->privateData && !(src->privateData =3D qemuDomainStorageSourcePrivateNew())) return -1; @@ -1999,8 +2017,27 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr= ctxt, if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &aut= halias) < 0) return -1; =20 - if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &enc= alias) < 0) - return -1; + if (enccount > 0) { + xmlNodePtr tmp =3D ctxt->node; + + priv->enccount =3D enccount; + priv->encinfo =3D g_new0(qemuDomainSecretInfo *, enccount); + for (i =3D 0; i < enccount; ++i) { + g_autofree char *encalias =3D NULL; + + ctxt->node =3D encnodes[i]; + if (!(encalias =3D virXMLPropString(encnodes[i], "alias"))= ) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("missing alias on encryption secret #= %lu"), i); + return -1; + } + + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encin= fo[i], &encalias) < 0) + return -1; + } + + ctxt->node =3D tmp; + } =20 if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &= httpcookiealias) < 0) return -1; @@ -2061,10 +2098,13 @@ qemuStorageSourcePrivateDataFormat(virStorageSource= *src, return -1; =20 if (srcPriv) { + size_t i; unsigned int fdSetID; =20 qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->secinfo, "auth"); - qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->encinfo, "encryption"); + for (i =3D 0; i < srcPriv->enccount; ++i) { + qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, sr= cPriv->encinfo[i], "encryption"); + } qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->httpcookie, "httpcookie"); qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->tlsKeySecret, "tlskey"); =20 @@ -5631,9 +5671,14 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virD= omainDiskDef *disk, } =20 if (restoreEncSecret) { + if (!priv->encinfo) { + priv->enccount =3D 1; + priv->encinfo =3D g_new0(qemuDomainSecretInfo *, 1); + } + encalias =3D g_strdup_printf("%s-luks-secret0", disk->info.alias); =20 - if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &enc= alias) < 0) + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo[0], &= encalias) < 0) return -1; } =20 diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 550397ee50..dda92b5da3 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -295,7 +295,8 @@ struct _qemuDomainStorageSourcePrivate { qemuDomainSecretInfo *secinfo; =20 /* data required for decryption of encrypted storage source */ - qemuDomainSecretInfo *encinfo; + size_t enccount; + qemuDomainSecretInfo **encinfo; =20 /* secure passthrough of the http cookie */ qemuDomainSecretInfo *httpcookie; diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 010b52f4b3..2d790e2b2e 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -237,10 +237,11 @@ testQemuDiskXMLToJSONFakeSecrets(virStorageSource *sr= c) } =20 if (src->encryption) { - srcpriv->encinfo =3D g_new0(qemuDomainSecretInfo, 1); + srcpriv->encinfo =3D g_new0(qemuDomainSecretInfo *, 1); + srcpriv->encinfo[0] =3D g_new0(qemuDomainSecretInfo, 1); =20 - srcpriv->encinfo->alias =3D g_strdup_printf("%s-encalias", - NULLSTR(src->nodeformat)= ); + srcpriv->encinfo[0]->alias =3D g_strdup_printf("%s-encalias", + NULLSTR(src->nodeform= at)); } =20 return 0; --=20 2.25.1 From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107251; cv=none; d=zohomail.com; s=zohoarc; b=QXMdMcLEBSCXrzAyzbrnW+CljulqpLrqx83SEtUDFDLKcda6b4BhaqvhWtVu/vY6irMNBaLFj8h8lls3WnXZZL6Eixwb/VN12jpYz7uP4wKqI8aNDtQt5KWqQAPYjPm0Fkw86YcrPF5L9Wk3B+dtMdtWnK4mWxnUNoe1eKZXmoQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107251; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/KXiyream3gohQ7VmDt5G4fMcuqxPq/cRLjXPZWafa8=; b=FVv3Df68LZ8Zu4iHTDDnq00Vb4n4oPkbXOLRUiM8TO53xRKEh7EvjKgss9R8PxT8ObZK4MlqifSl49nNHx7hvFgfME1UpIsZuMTOIzzKcs9T3rjkFFllW8OCVQvnncAJCyFclM9Ip6JpviVDycSPvgO+1mTjVZ0hk16uzbG/jCU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1678107251839671.0569097573874; Mon, 6 Mar 2023 04:54:11 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-110-lrn_YqZ0NRKvcoPLTUM04w-1; Mon, 06 Mar 2023 07:54:09 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 434653810B2C; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 315E52166B26; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 201C619465B3; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 6B6781946586 for ; Mon, 6 Mar 2023 12:54:05 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 5D7F84014CF3; Mon, 6 Mar 2023 12:54:05 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 55BAF40C945A for ; Mon, 6 Mar 2023 12:54:05 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 37003882824 for ; Mon, 6 Mar 2023 12:54:05 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-326-VM7Qp2f_MpeMowHpqBcIXQ-1; Mon, 06 Mar 2023 07:54:02 -0500 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326Antdg027039 for ; Mon, 6 Mar 2023 12:54:01 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p500dk4kh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:54:01 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326CnxII016872 for ; Mon, 6 Mar 2023 12:54:01 GMT Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p500dk4jv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:54:00 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 326CfdKj020389; Mon, 6 Mar 2023 12:53:59 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([9.208.130.98]) by ppma02wdc.us.ibm.com (PPS) with ESMTPS id 3p419k568d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:53:59 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326CrvQS7340796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:53:57 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 098D958055; Mon, 6 Mar 2023 12:53:57 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ED1B25803F; Mon, 6 Mar 2023 12:53:55 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107250; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/KXiyream3gohQ7VmDt5G4fMcuqxPq/cRLjXPZWafa8=; b=aRqhnrfH/ohFvDY4C3qrhbB5oNPkln/iZUKAZgr9/vOm7X/xZM036aTOYJiDv9khNlK9ZY QC8KBs6w5BumZ5qrKZn+qDab1fP9TL5dXhPgWvOO2weWooqJYWwW3d44CXHhb/X4kJ47g1 94liMI/UR65MRfuHueCx52reTDHO2Vk= X-MC-Unique: lrn_YqZ0NRKvcoPLTUM04w-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: VM7Qp2f_MpeMowHpqBcIXQ-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 6/7] qemu: support pass-on of multiple secrets to _qemuDomainStorageSourcePrivate Date: Mon, 6 Mar 2023 06:53:11 -0600 Message-Id: <20230306125312.3077608-7-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: zlEJimu4QasJ6-TEHaJljSBKkuajyv9V X-Proofpoint-GUID: uoZjm3zCjLUB9CE-yLHU343Z8k41mBIM X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 phishscore=0 impostorscore=0 clxscore=1015 lowpriorityscore=0 bulkscore=0 suspectscore=0 adultscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=582 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107253378100001 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit extends qemuDomainSecretStorageSourcePrepare to setup multiple qemu secrets as defined by virStorageSource->encryption. Signed-off-by: Or Ozeri --- src/qemu/qemu_domain.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a3b9b57cfa..ffe29dc832 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1482,14 +1482,19 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjP= rivate *priv, } =20 if (hasEnc) { - srcPriv->enccount =3D 1; - srcPriv->encinfo =3D g_new0(qemuDomainSecretInfo *, 1); - if (!(srcPriv->encinfo[0] =3D qemuDomainSecretInfoSetupFromSecret(= priv, aliasformat, - "e= ncryption", 0, - VI= R_SECRET_USAGE_TYPE_VOLUME, - NU= LL, - &s= rc->encryption->secrets[0]->seclookupdef))) - return -1; + size_t nsecrets =3D src->encryption->nsecrets; + size_t i; + + srcPriv->enccount =3D nsecrets; + srcPriv->encinfo =3D g_new0(qemuDomainSecretInfo *, nsecrets); + for (i =3D 0; i < nsecrets; ++i) { + if (!(srcPriv->encinfo[i] =3D qemuDomainSecretInfoSetupFromSec= ret(priv, aliasformat, + = "encryption", i, + = VIR_SECRET_USAGE_TYPE_VOLUME, + = NULL, + = &src->encryption->secrets[i]->seclookupdef))) + return -1; + } } =20 if (src->ncookies && --=20 2.25.1 From nobody Sat Apr 20 11:01:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678107256; cv=none; d=zohomail.com; s=zohoarc; b=KVTal1ATovmOy1wei7kOukecBhxiUxQuFtDjLZ4c/Iqu3Q8gdfh4rv1XgPaMTN2JKAnph7XAUEAU538IvquaxBD1jhltKMFaRFRFT+2VYt9h8qqG6LBHYVH3z8+yQOnISv3akGm0H+CzSyCOQxEFxxrUawM2VnjHvHcP9uooRTc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678107256; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=AZlKwBhKeCUbaQrThfUzPnXFhT8/OVA1ag90n1DzpVg=; b=GLRBf35Hl2DkqIYxmp+T5I5ZP2xbVIdoxcQwYcmoQNXklmNISHxjWKsf9Ug+wnIoeofUnM/ntES+iv+OXepBRbvirIRQG4c3sw39qG6oBPQA+tEJeRi42FFUQw2bwz8RJ8WtGU4Shyg/ISLdbjEi2Sksngsj9Zho9HKPc+Yx+cY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1678107256398410.2194472960517; Mon, 6 Mar 2023 04:54:16 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-581-CpMEzf2dPVK3r_i3RFPvQw-1; Mon, 06 Mar 2023 07:54:12 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8E2C5100F917; Mon, 6 Mar 2023 12:54:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3AAFF140240B; Mon, 6 Mar 2023 12:54:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1A6D9194658C; Mon, 6 Mar 2023 12:54:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 605C019465B2 for ; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 40547112132D; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 388E41121314 for ; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 16A6D3C218B6 for ; Mon, 6 Mar 2023 12:54:07 +0000 (UTC) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-454-DH50RIrxOyOQ8-ndmtrSsw-1; Mon, 06 Mar 2023 07:54:05 -0500 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 326Ba5jY005330 for ; Mon, 6 Mar 2023 12:54:05 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p50n431vu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 Mar 2023 12:54:04 +0000 Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326CeP47018546 for ; Mon, 6 Mar 2023 12:54:04 GMT Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p50n431vn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:54:04 +0000 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 326APbQ1017270; Mon, 6 Mar 2023 12:54:03 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([9.208.130.100]) by ppma04dal.us.ibm.com (PPS) with ESMTPS id 3p41ak8ecm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Mar 2023 12:54:03 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 326Cs0nN10224212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Mar 2023 12:54:00 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 731E158056; Mon, 6 Mar 2023 12:54:00 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 45FB858055; Mon, 6 Mar 2023 12:53:59 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 Mar 2023 12:53:59 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678107255; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=AZlKwBhKeCUbaQrThfUzPnXFhT8/OVA1ag90n1DzpVg=; b=GyfL4kn9vcamqTInstuyBYNtU9DWNeWJmMNyFGuuMUjojPJ+5H/Hjx0L8q64vgWrMdY2QK jfaRf+bH41l5kYRhqvunp0LcCcFnLs/NHkymsShuFWVl/+scygsoxJF8d5DpnZ6n6mSZtP LSK6H8FHLlgJYSZLe7F2BwNOIf9+UV8= X-MC-Unique: CpMEzf2dPVK3r_i3RFPvQw-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: DH50RIrxOyOQ8-ndmtrSsw-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v1 7/7] qemu: add support for librbd layered encryption Date: Mon, 6 Mar 2023 06:53:12 -0600 Message-Id: <20230306125312.3077608-8-oro@il.ibm.com> In-Reply-To: <20230306125312.3077608-1-oro@il.ibm.com> References: <20230306125312.3077608-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: pmdzeveFVjEaV2m2ty9pgZC8D5KjaYeh X-Proofpoint-GUID: 3P4wu6KQeRu-MrT5kNqLWQ2S_IBjk_ov X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-06_05,2023-03-06_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 mlxlogscore=999 bulkscore=0 phishscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 suspectscore=0 lowpriorityscore=0 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303060110 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678107257562100001 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit enables libvirt users to use layered encryption of RBD images, using the librbd encryption engine. This allows opening of an encrypted cloned image whose parent is encrypted with a possibly different encryption key. To open such images, multiple encryption secrets are expected to be defined under the encryption XML tag. Signed-off-by: Or Ozeri --- docs/formatstorageencryption.rst | 11 +++-- src/conf/schemas/storagecommon.rng | 4 +- src/qemu/qemu_block.c | 23 +++++++--- src/qemu/qemu_domain.c | 14 ++++++ ...k-rbd-encryption-layering.x86_64-7.2.0.err | 1 + ...rbd-encryption-layering.x86_64-latest.args | 39 ++++++++++++++++ .../disk-network-rbd-encryption-layering.xml | 40 +++++++++++++++++ tests/qemuxml2argvtest.c | 2 + ...-rbd-encryption-layering.x86_64-latest.xml | 45 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 10 files changed, 169 insertions(+), 11 deletions(-) create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-laye= ring.x86_64-7.2.0.err create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-laye= ring.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-laye= ring.xml create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption-la= yering.x86_64-latest.xml diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryptio= n.rst index 2c19473d6b..3b3e9ea379 100644 --- a/docs/formatstorageencryption.rst +++ b/docs/formatstorageencryption.rst @@ -28,7 +28,10 @@ network disks. If the engine tag is not specified, the `= `qemu`` engine will be used by default (assuming the qemu driver is used). Note that ``librbd`` e= ngine is currently only supported by the qemu VM driver, and is not supported by= the storage driver. Furthermore, the storage driver currently ignores the ``en= gine`` -tag. +tag. :since:`since 9.3.0` RBD layered encryption is supported. Layered +encryption requires a secret per each encrypted layer. The first secret +corresponds to the (child) image itself, the second secret to the parent i= mage, +and so forth. =20 The ``encryption`` tag can currently contain a sequence of ``secret`` tags= , each with mandatory attributes ``type`` and either ``uuid`` or ``usage`` ( @@ -55,7 +58,8 @@ added to libvirt. The ``luks`` format is specific to a luks encrypted volume and the secret = is used in order to either encrypt during volume creation or decrypt the volu= me for usage by the domain. A single ```` element = is -expected. :since:`Since 2.1.0` . +expected (except for the case of RBD layered encryption mentioned above). +:since:`Since 2.1.0` . =20 For volume creation, it is possible to specify the encryption algorithm us= ed to encrypt the luks volume. The following two optional elements may be provid= ed for @@ -102,7 +106,8 @@ can only be applied to RBD network disks (RBD images). = Since the ``librbd`` engine is currently not supported by the libvirt storage driver, you canno= t use it to control such disks. However, pre-formatted RBD luks2 disks can be lo= aded to a qemu VM using the qemu VM driver. A single -```` element is expected. +```` element is expected (except for the ca= se of +RBD layered encryption mentioned above). =20 Examples -------- diff --git a/src/conf/schemas/storagecommon.rng b/src/conf/schemas/storagec= ommon.rng index 4d6e646c9a..ff24ae9548 100644 --- a/src/conf/schemas/storagecommon.rng +++ b/src/conf/schemas/storagecommon.rng @@ -26,7 +26,9 @@ - + + + diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index f6d21d2040..e0f355874f 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -543,7 +543,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src, qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE= _PRIVATE(src); g_autoptr(virJSONValue) servers =3D NULL; virJSONValue *ret =3D NULL; - g_autoptr(virJSONValue) encrypt =3D NULL; + g_autolist(virJSONValue) encrypts =3D NULL; + virJSONValue *null_encrypt =3D NULL; const char *encformat =3D NULL; const char *username =3D NULL; g_autoptr(virJSONValue) authmodes =3D NULL; @@ -563,6 +564,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src, =20 if (src->encryption && src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB= D) { + size_t i; + switch ((virStorageEncryptionFormatType) src->encryption->format) { case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS: encformat =3D "luks"; @@ -579,11 +582,17 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s= rc, break; } =20 - if (virJSONValueObjectAdd(&encrypt, - "s:format", encformat, - "s:key-secret", srcPriv->encinfo[0]->ali= as, - NULL) < 0) - return NULL; + for (i =3D src->encryption->nsecrets; i > 0; --i) { + virJSONValue *encrypt =3D NULL; + if (virJSONValueObjectAdd(&encrypt, + "s:format", encformat, + "s:key-secret", srcPriv->encinfo[i-1= ]->alias, + "A:parent", encrypts ? (virJSONValue= **)&encrypts->data : &null_encrypt, + NULL) < 0) + return NULL; + + encrypts =3D g_list_prepend(encrypts, encrypt); + } } =20 if (virJSONValueObjectAdd(&ret, @@ -592,7 +601,7 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src, "S:snapshot", src->snapshot, "S:conf", src->configFile, "A:server", &servers, - "A:encrypt", &encrypt, + "A:encrypt", encrypts ? (virJSONValue **)&en= crypts->data : &null_encrypt, "S:user", username, "A:auth-client-required", &authmodes, "S:key-secret", keysecret, diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index ffe29dc832..e336273588 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5195,6 +5195,12 @@ qemuDomainValidateStorageSource(virStorageSource *sr= c, return -1; } =20 + if (src->encryption->nsecrets > 1) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("qemu encryption engine expects only = a single secret")); + return -1; + } + break; =20 case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD: @@ -5210,6 +5216,14 @@ qemuDomainValidateStorageSource(virStorageSource *sr= c, _("librbd encryption is supported only = with RBD backed disks")); return -1; } + + if (src->encryption->nsecrets > 1) { + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION= _LAYERING)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("librbd encryption layering is no= t supported by this QEMU binary")); + return -1; + } + } break; =20 case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT: diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x8= 6_64-7.2.0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layerin= g.x86_64-7.2.0.err new file mode 100644 index 0000000000..73e5b2a1f3 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-7.= 2.0.err @@ -0,0 +1 @@ +unsupported configuration: librbd encryption layering is not supported by = this QEMU binary diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x8= 6_64-latest.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layer= ing.x86_64-latest.args new file mode 100644 index 0000000000..c260eda5e8 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-la= test.args @@ -0,0 +1,39 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-encryptdisk \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dencryptdisk,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm= p/lib/domain--1-encryptdisk/master-key.aes"}' \ +-machine pc-i440fx-2.1,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc= .ram \ +-accel tcg \ +-cpu qemu64 \ +-m 1024 \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}= ' \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0= x2"}' \ +-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","= data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k= eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \ +-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret1","= data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k= eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \ +-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"= :"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"= },{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke= y-secret":"libvirt-1-format-encryption-secret0","parent":{"format":"luks","= key-secret":"libvirt-1-format-encryption-secret1"}},"node-name":"libvirt-1-= storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw= ","file":"libvirt-1-storage"}' \ +-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li= bvirt-1-format","id":"virtio-disk0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","add= r":"0x3"}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xm= l b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xml new file mode 100644 index 0000000000..cbde665958 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xml @@ -0,0 +1,40 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + + + + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index f46fc29f32..08c912f588 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1277,6 +1277,8 @@ mymain(void) DO_TEST_CAPS_LATEST("disk-network-rbd"); DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0"); DO_TEST_CAPS_LATEST("disk-network-rbd-encryption"); + DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption-layering", "= 7.2.0"); + DO_TEST_CAPS_LATEST("disk-network-rbd-encryption-layering"); DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-encryption-wrong"); DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon"); /* qemu-6.0 is the last qemu version supporting sheepdog */ diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-layering.= x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-la= yering.x86_64-latest.xml new file mode 100644 index 0000000000..03c07c2527 --- /dev/null +++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-layering.x86_64-= latest.xml @@ -0,0 +1,45 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + + +
+ + +
+ + + + +