From nobody Thu Apr 25 05:15:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678701071; cv=none; d=zohomail.com; s=zohoarc; b=ZRsndI8culiMMrq8nBSJp07+pdqinfrEBMcd3rKzy2gnx2RmrcokYAhPnRvsCXO+Qzw+Z7/gsWnvaKnsFGjfRmZ/cDK+bSAhSfaYTbp1hMUzY+hHRMdES9HdTHSxJBONAc0J+tsiAZXcQiSt/J2+zTpZ80KJVYgDYxuVdRIhyS8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678701071; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KZDDJOMDGAalhZp8IZczJNL3Bu+BRtwCr48NgkT+28Y=; b=TQp/cXTDV5opO7IWu6X003WPCX5IiePqMv/3Yn5tCPW+cUzKIWj/8dbA7hhWXcIYvCl7z5lLv6gQDYKQraK/wFGlZLU21wU3thZtJmDgwWoPrTwlw3znq7javG3Kfz4wmB0fHJux3NdwYIJBD9DJJbnR4tIQXiwoiWiVBBrrdmI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1678701071912162.6797939499727; Mon, 13 Mar 2023 02:51:11 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-281-GH_VS8voP4mcaJOYoCGdZA-1; Mon, 13 Mar 2023 05:51:08 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 252AC85CBE8; Mon, 13 Mar 2023 09:51:06 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0EAE12A68; Mon, 13 Mar 2023 09:51:06 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E8433194658F; Mon, 13 Mar 2023 09:51:05 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 302BE19465A4 for ; Mon, 13 Mar 2023 09:51:04 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 12F922166B2A; Mon, 13 Mar 2023 09:51:04 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0B2F82166B26 for ; Mon, 13 Mar 2023 09:51:04 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DAC9E85CBE2 for ; Mon, 13 Mar 2023 09:51:03 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-346-oKtvFv_pMAaFaOkkQ4XeVA-1; Mon, 13 Mar 2023 05:51:00 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32D7pWWh007420 for ; Mon, 13 Mar 2023 09:50:59 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p93fs8spq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 13 Mar 2023 09:50:59 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32D8Pw6d005042 for ; Mon, 13 Mar 2023 09:50:59 GMT Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p93fs8spe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:50:58 +0000 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 32D7fIEr019308; Mon, 13 Mar 2023 09:50:57 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([9.208.130.100]) by ppma01wdc.us.ibm.com (PPS) with ESMTPS id 3p8h96mv6f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:50:57 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 32D9otcx5899006 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Mar 2023 09:50:55 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D501A5805D; Mon, 13 Mar 2023 09:50:54 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B1D75805F; Mon, 13 Mar 2023 09:50:54 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 13 Mar 2023 09:50:53 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678701070; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KZDDJOMDGAalhZp8IZczJNL3Bu+BRtwCr48NgkT+28Y=; b=VcKGmpB5P5/MAruzvKWzF0ONqW6kk8HPxC+F22fQcRKS6sEd6r7BaWYo7X0DjijFVRsyi/ l8BMsuTQxtnB9OzevLRsaQC7lyBpCuU9b2swtF2S4UYSQX+SB1SBnRlNn/v0LHj5wyKcLf VHv5ZHdJEFDPZ3wax4bl/hfdK8HIDgc= X-MC-Unique: GH_VS8voP4mcaJOYoCGdZA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: oKtvFv_pMAaFaOkkQ4XeVA-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v2 4/7] qemu: add multi-secret support in _qemuDomainStorageSourcePrivate Date: Mon, 13 Mar 2023 04:50:20 -0500 Message-Id: <20230313095023.3477917-5-oro@il.ibm.com> In-Reply-To: <20230313095023.3477917-1-oro@il.ibm.com> References: <20230313095023.3477917-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: tKknCTgGvzaGzg7umacpnJpPbeSyKwyc X-Proofpoint-ORIG-GUID: dLfS7e25z_JJl1abHcdrmlmPSWlvGoOa X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-13_02,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 bulkscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 mlxscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 phishscore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303130078 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678701073657100001 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit changes the _qemuDomainStorageSourcePrivate struct to support multiple secrets (instead of a single one before this commit). This will useful for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri --- src/qemu/qemu_block.c | 25 +++++--- src/qemu/qemu_command.c | 20 +++--- src/qemu/qemu_domain.c | 75 ++++++++++++++++++----- src/qemu/qemu_domain.h | 3 +- tests/qemublocktest.c | 7 ++- tests/qemustatusxml2xmldata/modern-in.xml | 14 +++++ 6 files changed, 108 insertions(+), 36 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 9e1ecf68f9..0cc3b82cca 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -582,7 +582,7 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src, =20 if (virJSONValueObjectAdd(&encrypt, "s:format", encformat, - "s:key-secret", srcPriv->encinfo->alias, + "s:key-secret", srcPriv->encinfo[0]->ali= as, NULL) < 0) return NULL; } @@ -979,7 +979,8 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSour= ce *src, { qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE= _PRIVATE(src); =20 - if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->alias) { + /* validation ensures that the qemu encryption engine accepts only a s= ingle secret */ + if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo[0]->alias) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("missing secret info for 'luks' driver")); return -1; @@ -987,7 +988,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSour= ce *src, =20 if (virJSONValueObjectAdd(&props, "s:driver", "luks", - "s:key-secret", srcPriv->encinfo->alias, + "s:key-secret", srcPriv->encinfo[0]->alias, NULL) < 0) return -1; =20 @@ -1053,9 +1054,10 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSourc= e *src, return -1; } =20 + /* validation ensures that the qemu encryption engine accepts only a s= ingle secret */ return virJSONValueObjectAdd(encprops, "s:format", encformat, - "s:key-secret", srcpriv->encinfo->alias, + "s:key-secret", srcpriv->encinfo[0]->alia= s, NULL); } =20 @@ -1617,10 +1619,15 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourc= e *src) data->authsecretAlias =3D g_strdup(srcpriv->secinfo->alias); =20 if (srcpriv->encinfo) { - data->encryptsecretCount =3D 1; - data->encryptsecretProps =3D g_new0(virJSONValue *, 1); - data->encryptsecretAlias =3D g_new0(char *, 1); - data->encryptsecretAlias[0] =3D g_strdup(srcpriv->encinfo->ali= as); + size_t i; + + data->encryptsecretCount =3D srcpriv->enccount; + data->encryptsecretProps =3D g_new0(virJSONValue *, srcpriv->e= nccount); + data->encryptsecretAlias =3D g_new0(char *, srcpriv->enccount); + + for (i =3D 0; i < srcpriv->enccount; ++i) { + data->encryptsecretAlias[i] =3D g_strdup(srcpriv->encinfo[= i]->alias); + } } =20 if (srcpriv->httpcookie) @@ -1986,7 +1993,7 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStor= ageSource *src, =20 if (srcpriv && srcpriv->encinfo) - keysecret =3D srcpriv->encinfo->alias; + keysecret =3D srcpriv->encinfo[0]->alias; =20 if (virJSONValueObjectAdd(&props, "s:key-secret", keysecret, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f166e1c891..7c577ae6ca 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1603,7 +1603,7 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk, { virStorageType actualType =3D virStorageSourceGetActualType(disk->src); qemuDomainStorageSourcePrivate *srcpriv =3D QEMU_DOMAIN_STORAGE_SOURCE= _PRIVATE(disk->src); - qemuDomainSecretInfo *encinfo =3D NULL; + qemuDomainSecretInfo **encinfo =3D NULL; g_autoptr(virJSONValue) srcprops =3D NULL; bool rawluks =3D false; =20 @@ -1647,12 +1647,12 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk, =20 if (encinfo) { if (disk->src->format =3D=3D VIR_STORAGE_FILE_RAW) { - virBufferAsprintf(buf, "key-secret=3D%s,", encinfo->alias); + virBufferAsprintf(buf, "key-secret=3D%s,", encinfo[0]->alias); rawluks =3D true; } else if (disk->src->format =3D=3D VIR_STORAGE_FILE_QCOW2 && disk->src->encryption->format =3D=3D VIR_STORAGE_ENCRYP= TION_FORMAT_LUKS) { virBufferAddLit(buf, "encrypt.format=3Dluks,"); - virBufferAsprintf(buf, "encrypt.key-secret=3D%s,", encinfo->al= ias); + virBufferAsprintf(buf, "encrypt.key-secret=3D%s,", encinfo[0]-= >alias); } } =20 @@ -10746,12 +10746,16 @@ qemuBuildStorageSourceAttachPrepareCommon(virStor= ageSource *src, return -1; =20 if (srcpriv->encinfo) { - data->encryptsecretCount =3D 1; - data->encryptsecretProps =3D g_new0(virJSONValue *, 1); - data->encryptsecretAlias =3D g_new0(char *, 1); + size_t i; =20 - if (qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptse= cretProps[0]) < 0) - return -1; + data->encryptsecretCount =3D srcpriv->enccount; + data->encryptsecretProps =3D g_new0(virJSONValue *, srcpriv->e= nccount); + data->encryptsecretAlias =3D g_new0(char *, srcpriv->enccount); + + for (i =3D 0; i < srcpriv->enccount; ++i) { + if (qemuBuildSecretInfoProps(srcpriv->encinfo[i], &data->e= ncryptsecretProps[i]) < 0) + return -1; + } } =20 if (srcpriv->httpcookie && diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f62fb453a9..638788c614 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -872,7 +872,13 @@ qemuDomainStorageSourcePrivateDispose(void *obj) qemuDomainStorageSourcePrivate *priv =3D obj; =20 g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree); - g_clear_pointer(&priv->encinfo, qemuDomainSecretInfoFree); + if (priv->encinfo) { + size_t i; + for (i =3D 0; i < priv->enccount; ++i) { + g_clear_pointer(&priv->encinfo[i], qemuDomainSecretInfoFree); + } + VIR_FREE(priv->encinfo); + } g_clear_pointer(&priv->httpcookie, qemuDomainSecretInfoFree); g_clear_pointer(&priv->tlsKeySecret, qemuDomainSecretInfoFree); g_clear_pointer(&priv->fdpass, qemuFDPassFree); @@ -1401,7 +1407,13 @@ qemuDomainSecretDiskDestroy(virDomainDiskDef *disk) for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt= ore) { if ((srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(n))) { qemuDomainSecretInfoDestroy(srcPriv->secinfo); - qemuDomainSecretInfoDestroy(srcPriv->encinfo); + if (srcPriv->encinfo) { + size_t i; + + for (i =3D 0; i < srcPriv->enccount; ++i) { + qemuDomainSecretInfoDestroy(srcPriv->encinfo[i]); + } + } qemuDomainSecretInfoDestroy(srcPriv->tlsKeySecret); } } @@ -1470,12 +1482,19 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjP= rivate *priv, } =20 if (hasEnc) { - if (!(srcPriv->encinfo =3D qemuDomainSecretInfoSetupFromSecret(pri= v, aliasformat, - "encr= yption", 0, - VIR_S= ECRET_USAGE_TYPE_VOLUME, - NULL, - &src-= >encryption->secrets[0]->seclookupdef))) - return -1; + size_t nsecrets =3D src->encryption->nsecrets; + size_t i; + + srcPriv->enccount =3D nsecrets; + srcPriv->encinfo =3D g_new0(qemuDomainSecretInfo *, nsecrets); + for (i =3D 0; i < nsecrets; ++i) { + if (!(srcPriv->encinfo[i] =3D qemuDomainSecretInfoSetupFromSec= ret(priv, aliasformat, + = "encryption", i, + = VIR_SECRET_USAGE_TYPE_VOLUME, + = NULL, + = &src->encryption->secrets[i]->seclookupdef))) + return -1; + } } =20 if (src->ncookies && @@ -1964,13 +1983,14 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPt= r ctxt, virStorageSource *src) { qemuDomainStorageSourcePrivate *priv; + g_autofree xmlNodePtr *encnodes =3D NULL; g_autofree char *authalias =3D NULL; - g_autofree char *encalias =3D NULL; g_autofree char *httpcookiealias =3D NULL; g_autofree char *tlskeyalias =3D NULL; g_autofree char *thresholdEventWithIndex =3D NULL; bool fdsetPresent =3D false; unsigned int fdSetID; + int enccount; =20 src->nodestorage =3D virXPathString("string(./nodenames/nodename[@type= =3D'storage']/@name)", ctxt); src->nodeformat =3D virXPathString("string(./nodenames/nodename[@type= =3D'format']/@name)", ctxt); @@ -1983,13 +2003,14 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPt= r ctxt, src->pr->mgralias =3D virXPathString("string(./reservations/@mgral= ias)", ctxt); =20 authalias =3D virXPathString("string(./objects/secret[@type=3D'auth']/= @alias)", ctxt); - encalias =3D virXPathString("string(./objects/secret[@type=3D'encrypti= on']/@alias)", ctxt); + if ((enccount =3D virXPathNodeSet("./objects/secret[@type=3D'encryptio= n']", ctxt, &encnodes)) < 0) + return -1; httpcookiealias =3D virXPathString("string(./objects/secret[@type=3D'h= ttpcookie']/@alias)", ctxt); tlskeyalias =3D virXPathString("string(./objects/secret[@type=3D'tlske= y']/@alias)", ctxt); =20 fdsetPresent =3D virXPathUInt("string(./fdsets/fdset[@type=3D'storage'= ]/@id)", ctxt, &fdSetID) =3D=3D 0; =20 - if (authalias || encalias || httpcookiealias || tlskeyalias || fdsetPr= esent) { + if (authalias || (enccount > 0) || httpcookiealias || tlskeyalias || f= dsetPresent) { if (!src->privateData && !(src->privateData =3D qemuDomainStorageSourcePrivateNew())) return -1; @@ -1999,8 +2020,24 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr= ctxt, if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &aut= halias) < 0) return -1; =20 - if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &enc= alias) < 0) - return -1; + if (enccount > 0) { + size_t i; + + priv->enccount =3D enccount; + priv->encinfo =3D g_new0(qemuDomainSecretInfo *, enccount); + for (i =3D 0; i < enccount; ++i) { + g_autofree char *encalias =3D NULL; + + if (!(encalias =3D virXMLPropString(encnodes[i], "alias"))= ) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("missing alias on encryption secret #= %lu"), i); + return -1; + } + + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encin= fo[i], &encalias) < 0) + return -1; + } + } =20 if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &= httpcookiealias) < 0) return -1; @@ -2061,10 +2098,13 @@ qemuStorageSourcePrivateDataFormat(virStorageSource= *src, return -1; =20 if (srcPriv) { + size_t i; unsigned int fdSetID; =20 qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->secinfo, "auth"); - qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->encinfo, "encryption"); + for (i =3D 0; i < srcPriv->enccount; ++i) { + qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, sr= cPriv->encinfo[i], "encryption"); + } qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->httpcookie, "httpcookie"); qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPri= v->tlsKeySecret, "tlskey"); =20 @@ -5639,9 +5679,14 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virD= omainDiskDef *disk, } =20 if (restoreEncSecret) { + if (!priv->encinfo) { + priv->enccount =3D 1; + priv->encinfo =3D g_new0(qemuDomainSecretInfo *, 1); + } + encalias =3D g_strdup_printf("%s-luks-secret0", disk->info.alias); =20 - if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &enc= alias) < 0) + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo[0], &= encalias) < 0) return -1; } =20 diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 9bcc5e1380..5928828f3b 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -296,7 +296,8 @@ struct _qemuDomainStorageSourcePrivate { qemuDomainSecretInfo *secinfo; =20 /* data required for decryption of encrypted storage source */ - qemuDomainSecretInfo *encinfo; + size_t enccount; + qemuDomainSecretInfo **encinfo; =20 /* secure passthrough of the http cookie */ qemuDomainSecretInfo *httpcookie; diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 010b52f4b3..2d790e2b2e 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -237,10 +237,11 @@ testQemuDiskXMLToJSONFakeSecrets(virStorageSource *sr= c) } =20 if (src->encryption) { - srcpriv->encinfo =3D g_new0(qemuDomainSecretInfo, 1); + srcpriv->encinfo =3D g_new0(qemuDomainSecretInfo *, 1); + srcpriv->encinfo[0] =3D g_new0(qemuDomainSecretInfo, 1); =20 - srcpriv->encinfo->alias =3D g_strdup_printf("%s-encalias", - NULLSTR(src->nodeformat)= ); + srcpriv->encinfo[0]->alias =3D g_strdup_printf("%s-encalias", + NULLSTR(src->nodeform= at)); } =20 return 0; diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxm= l2xmldata/modern-in.xml index cdab1d7178..95fc569029 100644 --- a/tests/qemustatusxml2xmldata/modern-in.xml +++ b/tests/qemustatusxml2xmldata/modern-in.xml @@ -360,6 +360,20 @@ + + + + + + + + + + + + +
+ --=20 2.25.1