From nobody Sun Feb 8 17:47:06 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701109; cv=none; d=zohomail.com; s=zohoarc; b=lUp2hCfREcR8DxkYs1238YhYFT6oCgo2sQUoHHGgR+N7Bw5uD5KvFcf5p7tDitz/maSiG/nvw8f9acJ4kpQc/92c4v23l86gwU1MhEL74JrRfW6g9layouzVO7HyIGIu2aJazYm+yn/lN7C0JHxbp7lmi2+fJ+N4aLTiWDhTRaU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701109; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=P+bPdapMPn4P4Yczjw6WVu4WET3J4OacJve4EnxJeL0=; b=MjuGzwlBMYhp0Jjvk5JSnFuvyclg80egW6jnjTUveCDtYBMo+0DN+lkDg4zv/pGem0SFnJkMkoZML+MYqQ8DWQUSm/hKqDFCSzVnIQDqqatSujgEzr78++uZOEttvaL2GxMXA7ox8ZB+zsKak022AjMuV2Aieqqofnvr7nDDxE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593701109520347.6905181357264; Thu, 2 Jul 2020 07:45:09 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-322-dXG_w5zrNES-IWXjat2RhQ-1; Thu, 02 Jul 2020 10:45:04 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 04F8B1B2C980; Thu, 2 Jul 2020 14:44:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D85B02B4BC; Thu, 2 Jul 2020 14:44:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AAC3C6C9CF; Thu, 2 Jul 2020 14:44:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EePEV011768 for ; Thu, 2 Jul 2020 10:40:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 54BC31002397; Thu, 2 Jul 2020 14:40:25 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id C57BD10013D2 for ; Thu, 2 Jul 2020 14:40:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701107; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=P+bPdapMPn4P4Yczjw6WVu4WET3J4OacJve4EnxJeL0=; b=QcHyrIke81hYrdHCCu1FeGcvbrZGJj3oarvCCPvnJXkDSkma1VDyQPS3Ipgu8sMqGJmo6D 09xMxsZiSyD7s0K0/bi4zX/BsRTlfDKTnyUbN7DXJTVE+q3zQ/MbwSjwd1U3MqC0oJiWG+ H8Mv0wzHyd2Zu1mMO++xYZTutu2Llw8= X-MC-Unique: dXG_w5zrNES-IWXjat2RhQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 10/24] qemu: domain: Setup secret for TLS key for nbd/vxhs disks Date: Thu, 2 Jul 2020 16:39:56 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Setup the TLS secret when preparing a virStorageSource for use. https://bugzilla.redhat.com/show_bug.cgi?id=3D1602328 Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_domain.c | 44 +++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 7f0be22f20..42cc78ac1b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -9537,7 +9537,9 @@ qemuDomainPrepareChardevSource(virDomainDefPtr def, static int qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src, - virQEMUDriverConfigPtr cfg) + virQEMUDriverConfigPtr cfg, + qemuDomainObjPrivatePtr priv, + const char *parentAlias) { /* VxHS uses only client certificates and thus has no need for * the server-key.pem nor a secret that could be used to decrypt @@ -9550,9 +9552,19 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSou= rcePtr src, src->tlsFromConfig =3D true; } - if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) + if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { + src->tlsAlias =3D qemuAliasTLSObjFromSrcAlias(parentAlias); src->tlsCertdir =3D g_strdup(cfg->vxhsTLSx509certdir); + if (cfg->vxhsTLSx509secretUUID) { + qemuDomainStorageSourcePrivatePtr srcpriv =3D qemuDomainStorag= eSourcePrivateFetch(src); + + if (!(srcpriv->tlsKeySecret =3D qemuDomainSecretInfoTLSNew(pri= v, src->tlsAlias, + cfg->= vxhsTLSx509secretUUID))) + return -1; + } + } + return 0; } @@ -9560,7 +9572,8 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSour= cePtr src, static int qemuProcessPrepareStorageSourceTLSNBD(virStorageSourcePtr src, virQEMUDriverConfigPtr cfg, - virQEMUCapsPtr qemuCaps) + qemuDomainObjPrivatePtr priv, + const char *parentAlias) { if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_ABSENT) { if (cfg->nbdTLS) @@ -9571,13 +9584,22 @@ qemuProcessPrepareStorageSourceTLSNBD(virStorageSou= rcePtr src, } if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) { + if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_NBD_TLS)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("this qemu does not support TLS transport for= NBD")); return -1; } + src->tlsAlias =3D qemuAliasTLSObjFromSrcAlias(parentAlias); src->tlsCertdir =3D g_strdup(cfg->nbdTLSx509certdir); + + if (cfg->nbdTLSx509secretUUID) { + qemuDomainStorageSourcePrivatePtr srcpriv =3D qemuDomainStorag= eSourcePrivateFetch(src); + + if (!(srcpriv->tlsKeySecret =3D qemuDomainSecretInfoTLSNew(pri= v, src->tlsAlias, + cfg->= nbdTLSx509secretUUID))) + return -1; + } } return 0; @@ -9599,19 +9621,19 @@ static int qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src, virQEMUDriverConfigPtr cfg, const char *parentAlias, - virQEMUCapsPtr qemuCaps) + qemuDomainObjPrivatePtr priv) { if (virStorageSourceGetActualType(src) !=3D VIR_STORAGE_TYPE_NETWORK) return 0; switch ((virStorageNetProtocol) src->protocol) { case VIR_STORAGE_NET_PROTOCOL_VXHS: - if (qemuProcessPrepareStorageSourceTLSVxhs(src, cfg) < 0) + if (qemuProcessPrepareStorageSourceTLSVxhs(src, cfg, priv, parentA= lias) < 0) return -1; break; case VIR_STORAGE_NET_PROTOCOL_NBD: - if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, qemuCaps) < 0) + if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, priv, parentAl= ias) < 0) return -1; break; @@ -9640,10 +9662,6 @@ qemuDomainPrepareStorageSourceTLS(virStorageSourcePt= r src, return -1; } - if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES && - !(src->tlsAlias =3D qemuAliasTLSObjFromSrcAlias(parentAlias))) - return -1; - return 0; } @@ -12128,7 +12146,7 @@ qemuDomainPrepareDiskSourceLegacy(virDomainDiskDefP= tr disk, return -1; if (qemuDomainPrepareStorageSourceTLS(disk->src, cfg, disk->info.alias, - priv->qemuCaps) < 0) + priv) < 0) return -1; return 0; @@ -12164,7 +12182,7 @@ qemuDomainPrepareStorageSourceBlockdev(virDomainDis= kDefPtr disk, return -1; if (qemuDomainPrepareStorageSourceTLS(src, cfg, src->nodestorage, - priv->qemuCaps) < 0) + priv) < 0) return -1; return 0; --=20 2.26.2