From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259882317637.245504850803; Wed, 23 Jan 2019 08:11:22 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 487187A19B; Wed, 23 Jan 2019 16:11:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 03FB75D739; Wed, 23 Jan 2019 16:11:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9C04F3F603; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBErM013739 for ; Wed, 23 Jan 2019 11:11:14 -0500 Received: by smtp.corp.redhat.com (Postfix) id 843F55D6A9; Wed, 23 Jan 2019 16:11:14 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 09F0A5D739 for ; Wed, 23 Jan 2019 16:11:11 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:10:56 +0100 Message-Id: <1a1de61f7389b628ed98507c6b59bd820d455ccc.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 01/11] qemu: domain: Clarify temp variable scope in qemuDomainDetermineDiskChain X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 23 Jan 2019 16:11:21 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The function at first validates the top image of the chain, then traverses the chain as declared in the XML (if any) and then procedes to detect the rest of the chain from images. All of the steps have their own temporary iterator. Clarify the use scope of the steps by introducing a new temp variable holding the top level source and adding comments. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_domain.c | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 32a43f2064..8e3d0dd374 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -8945,43 +8945,49 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr drive= r, bool report_broken) { virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); - virStorageSourcePtr src =3D disk->src; - virStorageSourcePtr n; + virStorageSourcePtr disksrc =3D NULL; /* disk source */ + virStorageSourcePtr src; /* iterator for the backing chain declared in= XML */ + virStorageSourcePtr n; /* iterator for the backing chain detected from= disk */ qemuDomainObjPrivatePtr priv =3D vm->privateData; int ret =3D -1; uid_t uid; gid_t gid; - if (virStorageSourceIsEmpty(src)) { + if (!disksrc) + disksrc =3D disk->src; + + src =3D disksrc; + + if (virStorageSourceIsEmpty(disksrc)) { ret =3D 0; goto cleanup; } /* There is no need to check the backing chain for disks without backi= ng * support */ - if (virStorageSourceIsLocalStorage(src) && - src->format > VIR_STORAGE_FILE_NONE && - src->format < VIR_STORAGE_FILE_BACKING) { + if (virStorageSourceIsLocalStorage(disksrc) && + disksrc->format > VIR_STORAGE_FILE_NONE && + disksrc->format < VIR_STORAGE_FILE_BACKING) { - if (!virFileExists(src->path)) { + if (!virFileExists(disksrc->path)) { if (report_broken) - virStorageFileReportBrokenChain(errno, src, disk->src); + virStorageFileReportBrokenChain(errno, disksrc, disksrc); goto cleanup; } /* terminate the chain for such images as the code below would do = */ - if (!src->backingStore && - VIR_ALLOC(src->backingStore) < 0) + if (!disksrc->backingStore && + VIR_ALLOC(disksrc->backingStore) < 0) goto cleanup; /* host cdrom requires special treatment in qemu, so we need to ch= eck * whether a block device is a cdrom */ if (disk->device =3D=3D VIR_DOMAIN_DISK_DEVICE_CDROM && - src->format =3D=3D VIR_STORAGE_FILE_RAW && - virStorageSourceIsBlockLocal(src) && - virFileIsCDROM(src->path) =3D=3D 1) - src->hostcdrom =3D true; + disksrc->format =3D=3D VIR_STORAGE_FILE_RAW && + virStorageSourceIsBlockLocal(disksrc) && + virFileIsCDROM(disksrc->path) =3D=3D 1) + disksrc->hostcdrom =3D true; ret =3D 0; goto cleanup; @@ -8996,11 +9002,11 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr drive= r, goto cleanup; if (rv > 0) { - if (qemuDomainStorageFileInit(driver, vm, src, disk->src) = < 0) + if (qemuDomainStorageFileInit(driver, vm, src, disksrc) < = 0) goto cleanup; if (virStorageFileAccess(src, F_OK) < 0) { - virStorageFileReportBrokenChain(errno, src, disk->src); + virStorageFileReportBrokenChain(errno, src, disksrc); virStorageFileDeinit(src); goto cleanup; } @@ -9018,7 +9024,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, goto cleanup; } - qemuDomainGetImageIds(cfg, vm, src, disk->src, &uid, &gid); + qemuDomainGetImageIds(cfg, vm, src, disksrc, &uid, &gid); if (virStorageFileGetMetadata(src, uid, gid, report_broken) < 0) goto cleanup; --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259887609827.8136656019352; Wed, 23 Jan 2019 08:11:27 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 00F7689AE2; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A2CA92657F; Wed, 23 Jan 2019 16:11:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 43D8518033CA; Wed, 23 Jan 2019 16:11:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBFgo013846 for ; Wed, 23 Jan 2019 11:11:15 -0500 Received: by smtp.corp.redhat.com (Postfix) id 570B05D6A9; Wed, 23 Jan 2019 16:11:15 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id D215F5D6A6 for ; Wed, 23 Jan 2019 16:11:14 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:10:57 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 02/11] qemu: domain: Allow overriding disk source in qemuDomainDetermineDiskChain X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 23 Jan 2019 16:11:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" When we need to detect a chain for a image which will become the new source for a disk (e.g. after a disk media change or a blockjob) we'd need to replace disk->src temporarily to do so. Move the 'disksrc' temporary variable as an argument and adjust callers. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_blockjob.c | 2 +- src/qemu/qemu_domain.c | 15 ++++++++++++++- src/qemu/qemu_domain.h | 1 + src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_hotplug.c | 4 ++-- src/qemu/qemu_process.c | 4 ++-- 6 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index 9b638b7ef6..e69aa1b6fb 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -287,7 +287,7 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPt= r driver, disk->mirrorJob =3D VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN; disk->src->id =3D 0; virStorageSourceBackingStoreClear(disk->src); - ignore_value(qemuDomainDetermineDiskChain(driver, vm, disk, true)); + ignore_value(qemuDomainDetermineDiskChain(driver, vm, disk, NULL, true= )); ignore_value(qemuBlockNodeNamesDetect(driver, vm, asyncJob)); qemuBlockJobTerminate(job); } diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 8e3d0dd374..e42b93e051 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -8938,14 +8938,27 @@ qemuDomainStorageAlias(const char *device, int dept= h) } +/** + * qemuDomainDetermineDiskChain: + * @driver: qemu driver object + * @vm: domain object + * @disk: disk definition + * @disksrc: source to determine the chain for, may be NULL + * @report_broken: report broken chain verbosely + * + * Prepares and initializes the backing chain of disk @disk. In cases where + * a new source is to be associated with @disk the @disksrc parameter can = be + * used to override the source. If @report_broken is true missing images + * in the backing chain are reported. + */ int qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainDiskDefPtr disk, + virStorageSourcePtr disksrc, bool report_broken) { virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); - virStorageSourcePtr disksrc =3D NULL; /* disk source */ virStorageSourcePtr src; /* iterator for the backing chain declared in= XML */ virStorageSourcePtr n; /* iterator for the backing chain detected from= disk */ qemuDomainObjPrivatePtr priv =3D vm->privateData; diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index defbffbf94..e7c5a0a49c 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -742,6 +742,7 @@ int qemuDomainCheckDiskPresence(virQEMUDriverPtr driver, int qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainDiskDefPtr disk, + virStorageSourcePtr disksrc, bool report_broken); bool qemuDomainDiskChangeSupported(virDomainDiskDefPtr disk, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 90319261ff..b254e96131 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17183,7 +17183,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, oldsrc =3D disk->src; disk->src =3D disk->mirror; - if (qemuDomainDetermineDiskChain(driver, vm, disk, true) < 0) + if (qemuDomainDetermineDiskChain(driver, vm, disk, disk->mirror, t= rue) < 0) goto cleanup; if (disk->mirror->format && diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 1df80fcab6..615105d595 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -820,7 +820,7 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, sharedAdded =3D true; - if (qemuDomainDetermineDiskChain(driver, vm, disk, true) < 0) + if (qemuDomainDetermineDiskChain(driver, vm, disk, NULL, true) < 0) goto cleanup; if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0) @@ -1197,7 +1197,7 @@ qemuDomainAttachDeviceDiskLiveInternal(virQEMUDriverP= tr driver, if (qemuSetUnprivSGIO(dev) < 0) goto cleanup; - if (qemuDomainDetermineDiskChain(driver, vm, disk, true) < 0) + if (qemuDomainDetermineDiskChain(driver, vm, disk, NULL, true) < 0) goto cleanup; for (i =3D 0; i < vm->def->ndisks; i++) { diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 8120201eb6..fb596d960f 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6210,7 +6210,7 @@ qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, if (qemuDomainDiskIsMissingLocalOptional(disk) && cold_boot) VIR_INFO("optional disk '%s' source file is missing, " "skip checking disk chain", disk->dst); - else if (qemuDomainDetermineDiskChain(driver, vm, disk, true) >=3D= 0) + else if (qemuDomainDetermineDiskChain(driver, vm, disk, NULL, true= ) >=3D 0) continue; if (qemuDomainCheckDiskStartupPolicy(driver, vm, idx, cold_boot) >= =3D 0) @@ -8032,7 +8032,7 @@ qemuProcessReconnect(void *opaque) * qemuDomainDetermineDiskChain with @report_broken =3D=3D fal= se * to guarantee best-effort domain reconnect */ virStorageSourceBackingStoreClear(disk->src); - if (qemuDomainDetermineDiskChain(driver, obj, disk, false) < 0) + if (qemuDomainDetermineDiskChain(driver, obj, disk, NULL, fals= e) < 0) goto error; } else { VIR_DEBUG("skipping backing chain detection for '%s'", disk->d= st); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 154825988229935.16346346245268; Wed, 23 Jan 2019 08:11:22 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B91AE89ACF; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7866A1019625; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2048F180339C; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBGHE013883 for ; Wed, 23 Jan 2019 11:11:16 -0500 Received: by smtp.corp.redhat.com (Postfix) id 29C825D6A9; Wed, 23 Jan 2019 16:11:16 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id A3B0A5D6A6 for ; Wed, 23 Jan 2019 16:11:15 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:10:58 +0100 Message-Id: <43e68b7b4e66b7720b97574a3eeb2a386b2851ff.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 03/11] qemu: cgroup: Change qemu[Setup|Teardown]DiskCgroup to take virStorageSource X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 23 Jan 2019 16:11:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Since the disk is necessary only to get the source modify the functions to take the source directly and rename them to qemu[Setup|Teardown]ImageChainCgroup. Additionally drop a pointless comment containing the old function name. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_cgroup.c | 14 +++++++------- src/qemu/qemu_cgroup.h | 8 ++++---- src/qemu/qemu_domain.c | 3 --- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_hotplug.c | 4 ++-- 5 files changed, 14 insertions(+), 17 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 4931fb6575..9ceecb884e 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -204,13 +204,13 @@ qemuTeardownImageCgroup(virDomainObjPtr vm, int -qemuSetupDiskCgroup(virDomainObjPtr vm, - virDomainDiskDefPtr disk) +qemuSetupImageChainCgroup(virDomainObjPtr vm, + virStorageSourcePtr src) { virStorageSourcePtr next; bool forceReadonly =3D false; - for (next =3D disk->src; virStorageSourceIsBacking(next); next =3D nex= t->backingStore) { + for (next =3D src; virStorageSourceIsBacking(next); next =3D next->bac= kingStore) { if (qemuSetupImageCgroupInternal(vm, next, forceReadonly) < 0) return -1; @@ -223,12 +223,12 @@ qemuSetupDiskCgroup(virDomainObjPtr vm, int -qemuTeardownDiskCgroup(virDomainObjPtr vm, - virDomainDiskDefPtr disk) +qemuTeardownImageChainCgroup(virDomainObjPtr vm, + virStorageSourcePtr src) { virStorageSourcePtr next; - for (next =3D disk->src; virStorageSourceIsBacking(next); next =3D nex= t->backingStore) { + for (next =3D src; virStorageSourceIsBacking(next); next =3D next->bac= kingStore) { if (qemuTeardownImageCgroup(vm, next) < 0) return -1; } @@ -720,7 +720,7 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm) goto cleanup; for (i =3D 0; i < vm->def->ndisks; i++) { - if (qemuSetupDiskCgroup(vm, vm->def->disks[i]) < 0) + if (qemuSetupImageChainCgroup(vm, vm->def->disks[i]->src) < 0) goto cleanup; } diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h index 17a565244f..dc6d173fce 100644 --- a/src/qemu/qemu_cgroup.h +++ b/src/qemu/qemu_cgroup.h @@ -31,10 +31,10 @@ int qemuSetupImageCgroup(virDomainObjPtr vm, virStorageSourcePtr src); int qemuTeardownImageCgroup(virDomainObjPtr vm, virStorageSourcePtr src); -int qemuSetupDiskCgroup(virDomainObjPtr vm, - virDomainDiskDefPtr disk); -int qemuTeardownDiskCgroup(virDomainObjPtr vm, - virDomainDiskDefPtr disk); +int qemuSetupImageChainCgroup(virDomainObjPtr vm, + virStorageSourcePtr src); +int qemuTeardownImageChainCgroup(virDomainObjPtr vm, + virStorageSourcePtr src); int qemuSetupInputCgroup(virDomainObjPtr vm, virDomainInputDefPtr dev); int qemuTeardownInputCgroup(virDomainObjPtr vm, diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index e42b93e051..9ec30099a1 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11238,9 +11238,6 @@ qemuDomainGetHostdevPath(virDomainDefPtr def, case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: if (scsisrc->protocol =3D=3D VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_= TYPE_ISCSI) { virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D &scsisrc->= u.iscsi; - /* Follow qemuSetupDiskCgroup() and qemuSetImageCgroupInte= rnal() - * which does nothing for non local storage - */ VIR_DEBUG("Not updating /dev for hostdev iSCSI path '%s'",= iscsisrc->src->path); } else { virDomainHostdevSubsysSCSIHostPtr scsihostsrc =3D &scsisrc= ->u.host; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b254e96131..fbc2a20915 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17189,7 +17189,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, if (disk->mirror->format && disk->mirror->format !=3D VIR_STORAGE_FILE_RAW && (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0 || - qemuSetupDiskCgroup(vm, disk) < 0 || + qemuSetupImageChainCgroup(vm, disk->src) < 0 || qemuSecuritySetDiskLabel(driver, vm, disk) < 0)) goto cleanup; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 615105d595..000102ac3f 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -116,14 +116,14 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, if (qemuSecuritySetDiskLabel(driver, vm, disk) < 0) goto rollback_namespace; - if (qemuSetupDiskCgroup(vm, disk) < 0) + if (qemuSetupImageChainCgroup(vm, disk->src) < 0) goto rollback_label; ret =3D 0; goto cleanup; rollback_cgroup: - if (qemuTeardownDiskCgroup(vm, disk) < 0) + if (qemuTeardownImageChainCgroup(vm, disk->src) < 0) VIR_WARN("Unable to tear down cgroup access on %s", NULLSTR(virDomainDiskGetSource(disk))); rollback_label: --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259888273956.2909087118971; Wed, 23 Jan 2019 08:11:28 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 496FD7F416; Wed, 23 Jan 2019 16:11:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F146B67152; Wed, 23 Jan 2019 16:11:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 95DE0180339E; Wed, 23 Jan 2019 16:11:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBH9N014036 for ; Wed, 23 Jan 2019 11:11:17 -0500 Received: by smtp.corp.redhat.com (Postfix) id 22FA85D6A9; Wed, 23 Jan 2019 16:11:17 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 76EFC5D6A6 for ; Wed, 23 Jan 2019 16:11:16 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:10:59 +0100 Message-Id: <8d4d20a622ff06d82688ebf324f8940259bb02eb.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 04/11] security: Remove security driver internals for disk labelling X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Security labelling of disks consists of labelling of the disk image itself and it's backing chain. Modify virSecurityManager[Set|Restore]ImageLabel to take a boolean flag that will label the full chain rather than the top image itself. This allows to delete/unify some parts of the code and will also simplify callers in some cases. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_security.c | 6 ++-- src/security/security_apparmor.c | 24 +++------------ src/security/security_dac.c | 40 +++++++------------------ src/security/security_driver.h | 15 +++------- src/security/security_manager.c | 20 ++++++++----- src/security/security_manager.h | 6 ++-- src/security/security_nop.c | 25 +++------------- src/security/security_selinux.c | 42 ++++++++------------------- src/security/security_stack.c | 50 +++++--------------------------- 9 files changed, 60 insertions(+), 168 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 5faa34a4fd..4940195216 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -170,8 +170,7 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver, goto cleanup; if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, - src) < 0) + vm->def, src, false) < 0) goto cleanup; if (virSecurityManagerTransactionCommit(driver->securityManager, @@ -201,8 +200,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, goto cleanup; if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm->def, - src) < 0) + vm->def, src, false) < 0) goto cleanup; if (virSecurityManagerTransactionCommit(driver->securityManager, diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 43310361ba..a61105cbb7 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -691,7 +691,8 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr = mgr ATTRIBUTE_UNUSED, static int AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingStore ATTRIBUTE_UNUSED) { if (!virStorageSourceIsLocalStorage(src)) return 0; @@ -699,13 +700,6 @@ AppArmorRestoreSecurityImageLabel(virSecurityManagerPt= r mgr, return reload_profile(mgr, def, NULL, false); } -static int -AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) -{ - return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src); -} /* Called when hotplugging */ static int @@ -799,7 +793,8 @@ AppArmorRestoreInputLabel(virSecurityManagerPtr mgr, static int AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingStore ATTRIBUTE_UNUSED) { int rc =3D -1; char *profile_name =3D NULL; @@ -844,14 +839,6 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mg= r, return rc; } -static int -AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) -{ - return AppArmorSetSecurityImageLabel(mgr, def, disk->src); -} - static int AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr def) @@ -1188,9 +1175,6 @@ virSecurityDriver virAppArmorSecurityDriver =3D { .domainSecurityVerify =3D AppArmorSecurityVerify, - .domainSetSecurityDiskLabel =3D AppArmorSetSecurityDiskLabel, - .domainRestoreSecurityDiskLabel =3D AppArmorRestoreSecurityDiskLab= el, - .domainSetSecurityImageLabel =3D AppArmorSetSecurityImageLabel, .domainRestoreSecurityImageLabel =3D AppArmorRestoreSecurityImageLa= bel, diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 533d990de1..08ff0d89c0 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -897,22 +897,17 @@ virSecurityDACSetImageLabelInternal(virSecurityManage= rPtr mgr, static int virSecurityDACSetImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { - return virSecurityDACSetImageLabelInternal(mgr, def, src, NULL); -} - -static int -virSecurityDACSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) + virStorageSourcePtr n; -{ - virStorageSourcePtr next; - - for (next =3D disk->src; virStorageSourceIsBacking(next); next =3D nex= t->backingStore) { - if (virSecurityDACSetImageLabelInternal(mgr, def, next, disk->src)= < 0) + for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { + if (virSecurityDACSetImageLabelInternal(mgr, def, n, src) < 0) return -1; + + if (!backingChain) + break; } return 0; @@ -969,21 +964,13 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager= Ptr mgr, static int virSecurityDACRestoreImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain ATTRIBUTE_UNUSED) { return virSecurityDACRestoreImageLabelInt(mgr, def, src, false); } -static int -virSecurityDACRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) -{ - return virSecurityDACRestoreImageLabelInt(mgr, def, disk->src, false); -} - - static int virSecurityDACSetHostdevLabelHelper(const char *file, void *opaque) @@ -1853,9 +1840,7 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, /* XXX fixme - we need to recursively label the entire tree :-( */ if (virDomainDiskGetType(def->disks[i]) =3D=3D VIR_STORAGE_TYPE_DI= R) continue; - if (virSecurityDACSetDiskLabel(mgr, - def, - def->disks[i]) < 0) + if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, true= ) < 0) return -1; } @@ -2295,9 +2280,6 @@ virSecurityDriver virSecurityDriverDAC =3D { .domainSecurityVerify =3D virSecurityDACVerify, - .domainSetSecurityDiskLabel =3D virSecurityDACSetDiskLabel, - .domainRestoreSecurityDiskLabel =3D virSecurityDACRestoreDiskLabel, - .domainSetSecurityImageLabel =3D virSecurityDACSetImageLabel, .domainRestoreSecurityImageLabel =3D virSecurityDACRestoreImageLabe= l, diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 70c8cde50b..df270cdc02 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -54,18 +54,12 @@ typedef int (*virSecurityDriverTransactionCommit) (virS= ecurityManagerPtr mgr, bool lock); typedef void (*virSecurityDriverTransactionAbort) (virSecurityManagerPtr m= gr); -typedef int (*virSecurityDomainRestoreDiskLabel) (virSecurityManagerPtr mg= r, - virDomainDefPtr def, - virDomainDiskDefPtr disk= ); typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr= mgr, virDomainDefPtr vm); typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def); typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr, virDomainDefPtr def); -typedef int (*virSecurityDomainSetDiskLabel) (virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr= mgr, virDomainDefPtr def, virDomainHostdevDefPt= r dev, @@ -119,10 +113,12 @@ typedef int (*virSecurityDomainSetHugepages) (virSecu= rityManagerPtr mgr, const char *path); typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src); + virStorageSourcePtr src, + bool backingChain); typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr m= gr, virDomainDefPtr def, - virStorageSourcePtr src= ); + virStorageSourcePtr src, + bool backingChain); typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainMemoryDefPtr mem); @@ -171,9 +167,6 @@ struct _virSecurityDriver { virSecurityDomainSecurityVerify domainSecurityVerify; - virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel; - virSecurityDomainRestoreDiskLabel domainRestoreSecurityDiskLabel; - virSecurityDomainSetImageLabel domainSetSecurityImageLabel; virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel; diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index f6b4c2d5d5..5493f0f66b 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -418,10 +418,10 @@ virSecurityManagerRestoreDiskLabel(virSecurityManager= Ptr mgr, virDomainDefPtr vm, virDomainDiskDefPtr disk) { - if (mgr->drv->domainRestoreSecurityDiskLabel) { + if (mgr->drv->domainRestoreSecurityImageLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainRestoreSecurityDiskLabel(mgr, vm, disk); + ret =3D mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk->s= rc, true); virObjectUnlock(mgr); return ret; } @@ -436,6 +436,7 @@ virSecurityManagerRestoreDiskLabel(virSecurityManagerPt= r mgr, * @mgr: security manager object * @vm: domain definition object * @src: disk source definition to operate on + * @backingChain: Restore labels also on backingChains of @src * * Removes security label from a single storage image. * @@ -444,12 +445,13 @@ virSecurityManagerRestoreDiskLabel(virSecurityManager= Ptr mgr, int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { if (mgr->drv->domainRestoreSecurityImageLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src); + ret =3D mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, ba= ckingChain); virObjectUnlock(mgr); return ret; } @@ -526,10 +528,10 @@ virSecurityManagerSetDiskLabel(virSecurityManagerPtr = mgr, virDomainDefPtr vm, virDomainDiskDefPtr disk) { - if (mgr->drv->domainSetSecurityDiskLabel) { + if (mgr->drv->domainSetSecurityImageLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainSetSecurityDiskLabel(mgr, vm, disk); + ret =3D mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk->src, = true); virObjectUnlock(mgr); return ret; } @@ -544,6 +546,7 @@ virSecurityManagerSetDiskLabel(virSecurityManagerPtr mg= r, * @mgr: security manager object * @vm: domain definition object * @src: disk source definition to operate on + * @backingChain: set labels also on backing chain of @src * * Labels a single storage image with the configured security label. * @@ -552,12 +555,13 @@ virSecurityManagerSetDiskLabel(virSecurityManagerPtr = mgr, int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { if (mgr->drv->domainSetSecurityImageLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainSetSecurityImageLabel(mgr, vm, src); + ret =3D mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, backin= gChain); virObjectUnlock(mgr); return ret; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index f7beb29f86..0207113b14 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -156,10 +156,12 @@ virSecurityManagerPtr* virSecurityManagerGetNested(vi= rSecurityManagerPtr mgr); int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - virStorageSourcePtr src); + virStorageSourcePtr src, + bool backingChain); int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - virStorageSourcePtr src); + virStorageSourcePtr src, + bool backingChain); int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index ff739f8199..21e668c169 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -55,14 +55,6 @@ virSecurityDriverGetDOINop(virSecurityManagerPtr mgr ATT= RIBUTE_UNUSED) return "0"; } -static int -virSecurityDomainRestoreDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_U= NUSED, - virDomainDefPtr vm ATTRIBUTE_UNUSED, - virDomainDiskDefPtr disk ATTRIBUTE_UN= USED) -{ - return 0; -} - static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBU= TE_UNUSED, virDomainDefPtr vm ATTRIBUTE_UNUS= ED) @@ -84,14 +76,6 @@ virSecurityDomainClearSocketLabelNop(virSecurityManagerP= tr mgr ATTRIBUTE_UNUSED, return 0; } -static int -virSecurityDomainSetDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSE= D, - virDomainDefPtr vm ATTRIBUTE_UNUSED, - virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) -{ - return 0; -} - static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUT= E_UNUSED, virDomainDefPtr vm ATTRIBUTE_UNUSE= D, @@ -225,7 +209,8 @@ virSecurityGetBaseLabel(virSecurityManagerPtr mgr ATTRI= BUTE_UNUSED, static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_= UNUSED, virDomainDefPtr def ATTRIBUTE_UNUSED, - virStorageSourcePtr src ATTRIBUTE_UN= USED) + virStorageSourcePtr src ATTRIBUTE_UN= USED, + bool backingChain ATTRIBUTE_UNUSED) { return 0; } @@ -233,7 +218,8 @@ virSecurityDomainRestoreImageLabelNop(virSecurityManage= rPtr mgr ATTRIBUTE_UNUSED static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUS= ED, virDomainDefPtr def ATTRIBUTE_UNUSED, - virStorageSourcePtr src ATTRIBUTE_UNUSED) + virStorageSourcePtr src ATTRIBUTE_UNUSED, + bool backingChain ATTRIBUTE_UNUSED) { return 0; } @@ -292,9 +278,6 @@ virSecurityDriver virSecurityDriverNop =3D { .domainSecurityVerify =3D virSecurityDomainVerifyNop, - .domainSetSecurityDiskLabel =3D virSecurityDomainSetDiskLabelN= op, - .domainRestoreSecurityDiskLabel =3D virSecurityDomainRestoreDiskLa= belNop, - .domainSetSecurityImageLabel =3D virSecurityDomainSetImageLabel= Nop, .domainRestoreSecurityImageLabel =3D virSecurityDomainRestoreImageL= abelNop, diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 5cdb839c13..106494ff3a 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1771,20 +1771,11 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityM= anagerPtr mgr, } -static int -virSecuritySELinuxRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) -{ - return virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, - false); -} - - static int virSecuritySELinuxRestoreImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain ATTRIBUTE_UNUSED) { return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false); } @@ -1869,28 +1860,23 @@ virSecuritySELinuxSetImageLabelInternal(virSecurity= ManagerPtr mgr, static int virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virStorageSourcePtr src) -{ - return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL); -} - - -static int -virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) - + virStorageSourcePtr src, + bool backingChain) { - virStorageSourcePtr next; + virStorageSourcePtr n; - for (next =3D disk->src; virStorageSourceIsBacking(next); next =3D nex= t->backingStore) { - if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->= src) < 0) + for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { + if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, src) < 0) return -1; + + if (!backingChain) + break; } return 0; } + static int virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque) { @@ -3026,8 +3012,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr m= gr, def->disks[i]->dst); continue; } - if (virSecuritySELinuxSetDiskLabel(mgr, - def, def->disks[i]) < 0) + if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src, = true) < 0) return -1; } /* XXX fixme process def->fss if relabel =3D=3D true */ @@ -3441,9 +3426,6 @@ virSecurityDriver virSecurityDriverSELinux =3D { .domainSecurityVerify =3D virSecuritySELinuxVerify, - .domainSetSecurityDiskLabel =3D virSecuritySELinuxSetDiskLabel, - .domainRestoreSecurityDiskLabel =3D virSecuritySELinuxRestoreDiskL= abel, - .domainSetSecurityImageLabel =3D virSecuritySELinuxSetImageLabe= l, .domainRestoreSecurityImageLabel =3D virSecuritySELinuxRestoreImage= Label, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 3e60d5d2b7..e1c98a75e3 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -267,42 +267,6 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr, } -static int -virSecurityStackSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) -{ - virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); - virSecurityStackItemPtr item =3D priv->itemsHead; - int rc =3D 0; - - for (; item; item =3D item->next) { - if (virSecurityManagerSetDiskLabel(item->securityManager, vm, disk= ) < 0) - rc =3D -1; - } - - return rc; -} - - -static int -virSecurityStackRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) -{ - virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); - virSecurityStackItemPtr item =3D priv->itemsHead; - int rc =3D 0; - - for (; item; item =3D item->next) { - if (virSecurityManagerRestoreDiskLabel(item->securityManager, vm, = disk) < 0) - rc =3D -1; - } - - return rc; -} - - static int virSecurityStackSetHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, @@ -600,14 +564,16 @@ virSecurityStackGetBaseLabel(virSecurityManagerPtr mg= r, int virtType) static int virSecurityStackSetImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; int rc =3D 0; for (; item; item =3D item->next) { - if (virSecurityManagerSetImageLabel(item->securityManager, vm, src= ) < 0) + if (virSecurityManagerSetImageLabel(item->securityManager, vm, src, + backingChain) < 0) rc =3D -1; } @@ -617,7 +583,8 @@ virSecurityStackSetImageLabel(virSecurityManagerPtr mgr, static int virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; @@ -625,7 +592,7 @@ virSecurityStackRestoreImageLabel(virSecurityManagerPtr= mgr, for (; item; item =3D item->next) { if (virSecurityManagerRestoreImageLabel(item->securityManager, - vm, src) < 0) + vm, src, backingChain) < 0) rc =3D -1; } @@ -816,9 +783,6 @@ virSecurityDriver virSecurityDriverStack =3D { .domainSecurityVerify =3D virSecurityStackVerify, - .domainSetSecurityDiskLabel =3D virSecurityStackSetDiskLabel, - .domainRestoreSecurityDiskLabel =3D virSecurityStackRestoreDiskLab= el, - .domainSetSecurityImageLabel =3D virSecurityStackSetImageLabel, .domainRestoreSecurityImageLabel =3D virSecurityStackRestoreImageLa= bel, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259882144279.8816411932762; Wed, 23 Jan 2019 08:11:22 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9371A58E54; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5367E1816A; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ED3623F602; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBH1u014041 for ; Wed, 23 Jan 2019 11:11:17 -0500 Received: by smtp.corp.redhat.com (Postfix) id E928F5D739; Wed, 23 Jan 2019 16:11:17 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 704AA5D6A6 for ; Wed, 23 Jan 2019 16:11:17 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:00 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 05/11] qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 23 Jan 2019 16:11:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Allow callers use the new flag. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_domain.c | 4 ++-- src/qemu/qemu_security.c | 10 ++++++---- src/qemu/qemu_security.h | 6 ++++-- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 9ec30099a1..2853337316 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -9122,7 +9122,7 @@ qemuDomainDiskChainElementRevoke(virQEMUDriverPtr dri= ver, VIR_WARN("Failed to teardown cgroup for disk path %s", NULLSTR(elem->path)); - if (qemuSecurityRestoreImageLabel(driver, vm, elem) < 0) + if (qemuSecurityRestoreImageLabel(driver, vm, elem, false) < 0) VIR_WARN("Unable to restore security label on %s", NULLSTR(elem->p= ath)); if (qemuDomainNamespaceTeardownDisk(vm, elem) < 0) @@ -9173,7 +9173,7 @@ qemuDomainDiskChainElementPrepare(virQEMUDriverPtr dr= iver, if (qemuSetupImageCgroup(vm, elem) < 0) goto cleanup; - if (qemuSecuritySetImageLabel(driver, vm, elem) < 0) + if (qemuSecuritySetImageLabel(driver, vm, elem, false) < 0) goto cleanup; ret =3D 0; diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 4940195216..fed15e90e9 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -157,7 +157,8 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, int qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { qemuDomainObjPrivatePtr priv =3D vm->privateData; pid_t pid =3D -1; @@ -170,7 +171,7 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver, goto cleanup; if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, src, false) < 0) + vm->def, src, backingChain) < 0) goto cleanup; if (virSecurityManagerTransactionCommit(driver->securityManager, @@ -187,7 +188,8 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver, int qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + bool backingChain) { qemuDomainObjPrivatePtr priv =3D vm->privateData; pid_t pid =3D -1; @@ -200,7 +202,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, goto cleanup; if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm->def, src, false) < 0) + vm->def, src, backingChain) < = 0) goto cleanup; if (virSecurityManagerTransactionCommit(driver->securityManager, diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 5b4fe6eb8f..2a916f5169 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -44,11 +44,13 @@ int qemuSecurityRestoreDiskLabel(virQEMUDriverPtr drive= r, int qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - virStorageSourcePtr src); + virStorageSourcePtr src, + bool backingChain); int qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - virStorageSourcePtr src); + virStorageSourcePtr src, + bool backingChain); int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259892136241.40375675463736; Wed, 23 Jan 2019 08:11:32 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A02143E2A4; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 508D8104C53E; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 02BBD18033A0; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBIvM014055 for ; Wed, 23 Jan 2019 11:11:18 -0500 Received: by smtp.corp.redhat.com (Postfix) id BB71D5D739; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4256D5D6A6 for ; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:01 +0100 Message-Id: <9b56b79fa24e57c5c35da667540c86684bc56122.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 06/11] qemu: security: Replace and remove qemuSecurity[Set|Restore]DiskLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 23 Jan 2019 16:11:30 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The same can be achieved by using qemuSecurity[Set|Restore]ImageLabel. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_hotplug.c | 4 +-- src/qemu/qemu_security.c | 62 ---------------------------------------- src/qemu/qemu_security.h | 8 ------ 4 files changed, 3 insertions(+), 73 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index fbc2a20915..025acec6af 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17190,7 +17190,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, disk->mirror->format !=3D VIR_STORAGE_FILE_RAW && (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0 || qemuSetupImageChainCgroup(vm, disk->src) < 0 || - qemuSecuritySetDiskLabel(driver, vm, disk) < 0)) + qemuSecuritySetImageLabel(driver, vm, disk->src, true) < 0)) goto cleanup; disk->src =3D oldsrc; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 000102ac3f..015f1837ab 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -113,7 +113,7 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, if (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0) goto rollback_lock; - if (qemuSecuritySetDiskLabel(driver, vm, disk) < 0) + if (qemuSecuritySetImageLabel(driver, vm, disk->src, true) < 0) goto rollback_namespace; if (qemuSetupImageChainCgroup(vm, disk->src) < 0) @@ -127,7 +127,7 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, VIR_WARN("Unable to tear down cgroup access on %s", NULLSTR(virDomainDiskGetSource(disk))); rollback_label: - if (qemuSecurityRestoreDiskLabel(driver, vm, disk) < 0) + if (qemuSecurityRestoreImageLabel(driver, vm, disk->src, true) < 0) VIR_WARN("Unable to restore security label on %s", NULLSTR(virDomainDiskGetSource(disk))); diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index fed15e90e9..c15ca24f21 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -92,68 +92,6 @@ qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, } -int -qemuSecuritySetDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk) -{ - qemuDomainObjPrivatePtr priv =3D vm->privateData; - pid_t pid =3D -1; - int ret =3D -1; - - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) - pid =3D vm->pid; - - if (virSecurityManagerTransactionStart(driver->securityManager) < 0) - goto cleanup; - - if (virSecurityManagerSetDiskLabel(driver->securityManager, - vm->def, - disk) < 0) - goto cleanup; - - if (virSecurityManagerTransactionCommit(driver->securityManager, - pid, priv->rememberOwner) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virSecurityManagerTransactionAbort(driver->securityManager); - return ret; -} - - -int -qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk) -{ - qemuDomainObjPrivatePtr priv =3D vm->privateData; - pid_t pid =3D -1; - int ret =3D -1; - - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) - pid =3D vm->pid; - - if (virSecurityManagerTransactionStart(driver->securityManager) < 0) - goto cleanup; - - if (virSecurityManagerRestoreDiskLabel(driver->securityManager, - vm->def, - disk) < 0) - goto cleanup; - - if (virSecurityManagerTransactionCommit(driver->securityManager, - pid, priv->rememberOwner) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virSecurityManagerTransactionAbort(driver->securityManager); - return ret; -} - - int qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 2a916f5169..546a66f284 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -34,14 +34,6 @@ void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, bool migrated); -int qemuSecuritySetDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk); - -int qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk); - int qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr src, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259888541135.4534008183217; Wed, 23 Jan 2019 08:11:28 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D65A87F7B5; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8EAE56714B; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3044C3F607; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBJCO014068 for ; Wed, 23 Jan 2019 11:11:19 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8FF5E5D739; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 154EE5D6A6 for ; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:02 +0100 Message-Id: <74baa3acb5f05cfae8bed970143dd3dc34b51836.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 07/11] security: Remove disk labelling functions and fix callers X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 23 Jan 2019 16:11:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Now that we have replacement in the form of the image labelling function we can drop the unnecessary functions by replacing all callers. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/libvirt_private.syms | 2 -- src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 4 +-- src/security/security_manager.c | 58 --------------------------------- src/security/security_manager.h | 6 ---- 5 files changed, 4 insertions(+), 69 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c3d6306809..599b97569a 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1354,7 +1354,6 @@ virSecurityManagerReleaseLabel; virSecurityManagerReserveLabel; virSecurityManagerRestoreAllLabel; virSecurityManagerRestoreChardevLabel; -virSecurityManagerRestoreDiskLabel; virSecurityManagerRestoreHostdevLabel; virSecurityManagerRestoreImageLabel; virSecurityManagerRestoreInputLabel; @@ -1365,7 +1364,6 @@ virSecurityManagerSetAllLabel; virSecurityManagerSetChardevLabel; virSecurityManagerSetChildProcessLabel; virSecurityManagerSetDaemonSocketLabel; -virSecurityManagerSetDiskLabel; virSecurityManagerSetHostdevLabel; virSecurityManagerSetImageFDLabel; virSecurityManagerSetImageLabel; diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2bec8846aa..790ff65b0e 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1932,7 +1932,8 @@ static int virLXCControllerSetupDisk(virLXCController= Ptr ctrl, /* Labelling normally operates on src, but we need * to actually label the dst here, so hack the config */ def->src->path =3D dst; - if (virSecurityManagerSetDiskLabel(securityDriver, ctrl->def, def) < 0) + if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, + def->src, true) < 0) goto cleanup; ret =3D 0; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index df15a0da50..f03c6af691 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -3636,8 +3636,8 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_= UNUSED, virDomainDiskDefPtr def =3D data->def->data.disk; char *tmpsrc =3D def->src->path; def->src->path =3D data->file; - if (virSecurityManagerSetDiskLabel(data->driver->securityManager, - data->vm->def, def) < 0) { + if (virSecurityManagerSetImageLabel(data->driver->securityManager, + data->vm->def, def->src, true)= < 0) { def->src->path =3D tmpsrc; goto cleanup; } diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 5493f0f66b..72081ac586 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -402,35 +402,6 @@ virSecurityManagerGetPrivileged(virSecurityManagerPtr = mgr) } -/** - * virSecurityManagerRestoreDiskLabel: - * @mgr: security manager object - * @vm: domain definition object - * @disk: disk definition to operate on - * - * Removes security label from the source image of the disk. Note that this - * function doesn't restore labels on backing chain elements of @disk. - * - * Returns: 0 on success, -1 on error. - */ -int -virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) -{ - if (mgr->drv->domainRestoreSecurityImageLabel) { - int ret; - virObjectLock(mgr); - ret =3D mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk->s= rc, true); - virObjectUnlock(mgr); - return ret; - } - - virReportUnsupportedError(); - return -1; -} - - /** * virSecurityManagerRestoreImageLabel: * @mgr: security manager object @@ -512,35 +483,6 @@ virSecurityManagerClearSocketLabel(virSecurityManagerP= tr mgr, } -/** - * virSecurityManagerSetDiskLabel: - * @mgr: security manager object - * @vm: domain definition object - * @disk: disk definition to operate on - * - * Labels the disk image and all images in the backing chain with the conf= igured - * security label. - * - * Returns: 0 on success, -1 on error. - */ -int -virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) -{ - if (mgr->drv->domainSetSecurityImageLabel) { - int ret; - virObjectLock(mgr); - ret =3D mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk->src, = true); - virObjectUnlock(mgr); - return ret; - } - - virReportUnsupportedError(); - return -1; -} - - /** * virSecurityManagerSetImageLabel: * @mgr: security manager object diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 0207113b14..8e1fb3b3c9 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -90,18 +90,12 @@ bool virSecurityManagerGetDefaultConfined(virSecurityMa= nagerPtr mgr); bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr); bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr); -int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm); int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr def); int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr def); -int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259892832596.4649166014323; Wed, 23 Jan 2019 08:11:32 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 214C7C05B039; Wed, 23 Jan 2019 16:11:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DC4845C224; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8D5C918033A1; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBKFl014078 for ; Wed, 23 Jan 2019 11:11:20 -0500 Received: by smtp.corp.redhat.com (Postfix) id 6145C5D73F; Wed, 23 Jan 2019 16:11:20 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id DC94F5D6A6 for ; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:03 +0100 Message-Id: <64f3acfb8663469da184698ad581c628ed261b24.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 08/11] qemu: driver: Remove disk source munging in qemuDomainBlockPivot X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 23 Jan 2019 16:11:31 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Previously there weren't any suitable functions which would allow setting up host side of a full disk chain so we've opted to replace the 'src' in a virDomainDiskDef by the new image source. That is now no longer necessary so remove the munging. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_driver.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 025acec6af..79a767288e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17144,7 +17144,6 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, { int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; - virStorageSourcePtr oldsrc =3D NULL; virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); if (!disk->mirror) { @@ -17180,21 +17179,15 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, * has already been labeled; but only necessary when we know for * sure that there is a backing chain. */ if (disk->mirrorJob =3D=3D VIR_DOMAIN_BLOCK_JOB_TYPE_COPY) { - oldsrc =3D disk->src; - disk->src =3D disk->mirror; - if (qemuDomainDetermineDiskChain(driver, vm, disk, disk->mirror, t= rue) < 0) goto cleanup; if (disk->mirror->format && disk->mirror->format !=3D VIR_STORAGE_FILE_RAW && - (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0 || - qemuSetupImageChainCgroup(vm, disk->src) < 0 || - qemuSecuritySetImageLabel(driver, vm, disk->src, true) < 0)) + (qemuDomainNamespaceSetupDisk(vm, disk->mirror) < 0 || + qemuSetupImageChainCgroup(vm, disk->mirror) < 0 || + qemuSecuritySetImageLabel(driver, vm, disk->mirror, true) < 0= )) goto cleanup; - - disk->src =3D oldsrc; - oldsrc =3D NULL; } /* Attempt the pivot. Record the attempt now, to prevent duplicate @@ -17222,9 +17215,6 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, } cleanup: - if (oldsrc) - disk->src =3D oldsrc; - virObjectUnref(cfg); return ret; } --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259897029890.1844270875039; Wed, 23 Jan 2019 08:11:37 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1BA59804E4; Wed, 23 Jan 2019 16:11:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CD4BD5D757; Wed, 23 Jan 2019 16:11:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6CD3A18033A6; Wed, 23 Jan 2019 16:11:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBLuu014091 for ; Wed, 23 Jan 2019 11:11:21 -0500 Received: by smtp.corp.redhat.com (Postfix) id 35ECB5D739; Wed, 23 Jan 2019 16:11:21 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id B04425D756 for ; Wed, 23 Jan 2019 16:11:20 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:04 +0100 Message-Id: <48427f46134a8ff6dedabdb36bb818dfe31e8da2.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 09/11] locking: Use virDomainLockImage[Attach|Detach] instead of *Disk X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 23 Jan 2019 16:11:35 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Use the functions designed to deal with single images as the *Disk functions were just wrappers. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/libvirt_private.syms | 2 -- src/libxl/libxl_driver.c | 14 +++++++------- src/locking/domain_lock.c | 17 ----------------- src/locking/domain_lock.h | 8 -------- src/qemu/qemu_hotplug.c | 6 +++--- 5 files changed, 10 insertions(+), 37 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 599b97569a..ffabb66867 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1291,8 +1291,6 @@ virStreamInData; # locking/domain_lock.h -virDomainLockDiskAttach; -virDomainLockDiskDetach; virDomainLockImageAttach; virDomainLockImageDetach; virDomainLockLeaseAttach; diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index e30c9891d2..0d8c5aec3a 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -3050,9 +3050,9 @@ libxlDomainAttachDeviceDiskLive(virDomainObjPtr vm, v= irDomainDeviceDefPtr dev) if (libxlMakeDisk(l_disk, &x_disk) < 0) goto cleanup; - if (virDomainLockDiskAttach(libxl_driver->lockManager, - "xen:///system", - vm, l_disk) < 0) + if (virDomainLockImageAttach(libxl_driver->lockManager, + "xen:///system", + vm, l_disk->src) < 0) goto cleanup; if ((ret =3D libxl_device_disk_add(cfg->ctx, vm->def->id, @@ -3060,8 +3060,8 @@ libxlDomainAttachDeviceDiskLive(virDomainObjPtr vm, v= irDomainDeviceDefPtr dev) virReportError(VIR_ERR_INTERNAL_ERROR, _("libxenlight failed to attach disk '%= s'"), l_disk->dst); - if (virDomainLockDiskDetach(libxl_driver->lockManager, - vm, l_disk) < 0) { + if (virDomainLockImageDetach(libxl_driver->lockManager, + vm, l_disk->src) < 0) { VIR_WARN("Unable to release lock on %s", virDomainDiskGetSource(l_disk)); } @@ -3349,8 +3349,8 @@ libxlDomainDetachDeviceDiskLive(virDomainObjPtr vm, v= irDomainDeviceDefPtr dev) goto cleanup; } - if (virDomainLockDiskDetach(libxl_driver->lockManager, - vm, l_disk) < 0) + if (virDomainLockImageDetach(libxl_driver->lockManager, + vm, l_disk->src) < 0) VIR_WARN("Unable to release lock on %s", virDomainDiskGetSource(l_disk)); diff --git a/src/locking/domain_lock.c b/src/locking/domain_lock.c index 705b132457..d91ac83c45 100644 --- a/src/locking/domain_lock.c +++ b/src/locking/domain_lock.c @@ -281,15 +281,6 @@ int virDomainLockImageAttach(virLockManagerPluginPtr p= lugin, } -int virDomainLockDiskAttach(virLockManagerPluginPtr plugin, - const char *uri, - virDomainObjPtr dom, - virDomainDiskDefPtr disk) -{ - return virDomainLockImageAttach(plugin, uri, dom, disk->src); -} - - int virDomainLockImageDetach(virLockManagerPluginPtr plugin, virDomainObjPtr dom, virStorageSourcePtr src) @@ -317,14 +308,6 @@ int virDomainLockImageDetach(virLockManagerPluginPtr p= lugin, } -int virDomainLockDiskDetach(virLockManagerPluginPtr plugin, - virDomainObjPtr dom, - virDomainDiskDefPtr disk) -{ - return virDomainLockImageDetach(plugin, dom, disk->src); -} - - int virDomainLockLeaseAttach(virLockManagerPluginPtr plugin, const char *uri, virDomainObjPtr dom, diff --git a/src/locking/domain_lock.h b/src/locking/domain_lock.h index 027e93271a..02417b471b 100644 --- a/src/locking/domain_lock.h +++ b/src/locking/domain_lock.h @@ -42,14 +42,6 @@ int virDomainLockProcessInquire(virLockManagerPluginPtr = plugin, virDomainObjPtr dom, char **state); -int virDomainLockDiskAttach(virLockManagerPluginPtr plugin, - const char *uri, - virDomainObjPtr dom, - virDomainDiskDefPtr disk); -int virDomainLockDiskDetach(virLockManagerPluginPtr plugin, - virDomainObjPtr dom, - virDomainDiskDefPtr disk); - int virDomainLockImageAttach(virLockManagerPluginPtr plugin, const char *uri, virDomainObjPtr dom, diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 015f1837ab..b08f443fbc 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -106,8 +106,8 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, goto rollback_cgroup; } - if (virDomainLockDiskAttach(driver->lockManager, cfg->uri, - vm, disk) < 0) + if (virDomainLockImageAttach(driver->lockManager, cfg->uri, + vm, disk->src) < 0) goto cleanup; if (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0) @@ -137,7 +137,7 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, NULLSTR(virDomainDiskGetSource(disk))); rollback_lock: - if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) + if (virDomainLockImageDetach(driver->lockManager, vm, disk->src) < 0) VIR_WARN("Unable to release lock on %s", NULLSTR(virDomainDiskGetSource(disk))); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259902916887.6462769733736; Wed, 23 Jan 2019 08:11:42 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4690589AED; Wed, 23 Jan 2019 16:11:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 00D615D6A6; Wed, 23 Jan 2019 16:11:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5E1C43F60D; Wed, 23 Jan 2019 16:11:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBMWU014098 for ; Wed, 23 Jan 2019 11:11:22 -0500 Received: by smtp.corp.redhat.com (Postfix) id 09F345D6A6; Wed, 23 Jan 2019 16:11:22 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 83A165D739 for ; Wed, 23 Jan 2019 16:11:21 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:05 +0100 Message-Id: <2495559246d73ae2b902225ee7233ec8d38c4ca1.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 10/11] qemu: hotplug: Refactor qemuHotplugPrepareDiskAccess to work on virStorageSource X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 23 Jan 2019 16:11:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Rather than passing in a virStorageSource which would override the originally passed disk->src we can now drop passing in a disk completely as all functions called inside here require a virStorageSource. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_hotplug.c | 75 ++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 46 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index b08f443fbc..19aed3ee8e 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -68,37 +68,29 @@ unsigned long long qemuDomainRemoveDeviceWaitTime =3D 1= 000ull * 5; /** - * qemuHotplugPrepareDiskAccess: + * qemuHotplugPrepareDiskSourceAccess: * @driver: qemu driver struct * @vm: domain object - * @disk: disk to prepare - * @overridesrc: Source different than @disk->src when necessary - * @teardown: Teardown the disk instead of adding it to a vm + * @src: Source to prepare + * @teardown: Teardown the access to @src instead of adding it to a vm * - * Setup the locks, cgroups and security permissions on a disk of a VM. - * If @overridesrc is specified the source struct is used instead of the - * one present in @disk. If @teardown is true, then the labels and cgroups - * are removed instead. + * Setup the locks, cgroups and security permissions on a disk source and = it's + * backing chain. If @teardown is true, then the labels and cgroups are re= moved + * instead. * * Returns 0 on success and -1 on error. Reports libvirt error. */ static int -qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk, - virStorageSourcePtr overridesrc, - bool teardown) +qemuHotplugPrepareDiskSourceAccess(virQEMUDriverPtr driver, + virDomainObjPtr vm, + virStorageSourcePtr src, + bool teardown) { virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); + const char *srcstr =3D NULLSTR(src->path); int ret =3D -1; - virStorageSourcePtr origsrc =3D NULL; virErrorPtr orig_err =3D NULL; - if (overridesrc) { - origsrc =3D disk->src; - disk->src =3D overridesrc; - } - /* just tear down the disk access */ if (teardown) { virErrorPreserveLast(&orig_err); @@ -106,47 +98,38 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, goto rollback_cgroup; } - if (virDomainLockImageAttach(driver->lockManager, cfg->uri, - vm, disk->src) < 0) + if (virDomainLockImageAttach(driver->lockManager, cfg->uri, vm, src) <= 0) goto cleanup; - if (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0) + if (qemuDomainNamespaceSetupDisk(vm, src) < 0) goto rollback_lock; - if (qemuSecuritySetImageLabel(driver, vm, disk->src, true) < 0) + if (qemuSecuritySetImageLabel(driver, vm, src, true) < 0) goto rollback_namespace; - if (qemuSetupImageChainCgroup(vm, disk->src) < 0) + if (qemuSetupImageChainCgroup(vm, src) < 0) goto rollback_label; ret =3D 0; goto cleanup; rollback_cgroup: - if (qemuTeardownImageChainCgroup(vm, disk->src) < 0) - VIR_WARN("Unable to tear down cgroup access on %s", - NULLSTR(virDomainDiskGetSource(disk))); + if (qemuTeardownImageChainCgroup(vm, src) < 0) + VIR_WARN("Unable to tear down cgroup access on %s", srcstr); rollback_label: - if (qemuSecurityRestoreImageLabel(driver, vm, disk->src, true) < 0) - VIR_WARN("Unable to restore security label on %s", - NULLSTR(virDomainDiskGetSource(disk))); + if (qemuSecurityRestoreImageLabel(driver, vm, src, true) < 0) + VIR_WARN("Unable to restore security label on %s", srcstr); rollback_namespace: - if (qemuDomainNamespaceTeardownDisk(vm, disk->src) < 0) - VIR_WARN("Unable to remove /dev entry for %s", - NULLSTR(virDomainDiskGetSource(disk))); + if (qemuDomainNamespaceTeardownDisk(vm, src) < 0) + VIR_WARN("Unable to remove /dev entry for %s", srcstr); rollback_lock: - if (virDomainLockImageDetach(driver->lockManager, vm, disk->src) < 0) - VIR_WARN("Unable to release lock on %s", - NULLSTR(virDomainDiskGetSource(disk))); + if (virDomainLockImageDetach(driver->lockManager, vm, src) < 0) + VIR_WARN("Unable to release lock on %s", srcstr); cleanup: - if (origsrc) - disk->src =3D origsrc; - virErrorRestore(&orig_err); - virObjectUnref(cfg); return ret; @@ -826,7 +809,7 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0) goto cleanup; - if (qemuHotplugPrepareDiskAccess(driver, vm, disk, newsrc, false) < 0) + if (qemuHotplugPrepareDiskSourceAccess(driver, vm, newsrc, false) < 0) goto cleanup; if (qemuHotplugAttachManagedPR(driver, vm, newsrc, QEMU_ASYNC_JOB_NONE= ) < 0) @@ -845,7 +828,7 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, /* remove the old source from shared device list */ disk->src =3D oldsrc; ignore_value(qemuRemoveSharedDisk(driver, disk, vm->def->name)); - ignore_value(qemuHotplugPrepareDiskAccess(driver, vm, disk, oldsrc, tr= ue)); + ignore_value(qemuHotplugPrepareDiskSourceAccess(driver, vm, oldsrc, tr= ue)); /* media was changed, so we can remove the old media definition now */ virStorageSourceFree(oldsrc); @@ -860,7 +843,7 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, if (sharedAdded) ignore_value(qemuRemoveSharedDisk(driver, disk, vm->def->name)= ); - ignore_value(qemuHotplugPrepareDiskAccess(driver, vm, disk, newsrc= , true)); + ignore_value(qemuHotplugPrepareDiskSourceAccess(driver, vm, newsrc= , true)); } /* remove PR manager object if unneeded */ @@ -891,7 +874,7 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver, char *devstr =3D NULL; virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); - if (qemuHotplugPrepareDiskAccess(driver, vm, disk, NULL, false) < 0) + if (qemuHotplugPrepareDiskSourceAccess(driver, vm, disk->src, false) <= 0) goto cleanup; if (qemuAssignDeviceDiskAlias(vm->def, disk, priv->qemuCaps) < 0) @@ -954,7 +937,7 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver, virDomainAuditDisk(vm, NULL, disk->src, "attach", false); error: - ignore_value(qemuHotplugPrepareDiskAccess(driver, vm, disk, NULL, true= )); + ignore_value(qemuHotplugPrepareDiskSourceAccess(driver, vm, disk->src,= true)); goto cleanup; } @@ -4377,7 +4360,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver, qemuDomainReleaseDeviceAddress(vm, &disk->info, virDomainDiskGetSource= (disk)); /* tear down disk security access */ - qemuHotplugPrepareDiskAccess(driver, vm, disk, NULL, true); + qemuHotplugPrepareDiskSourceAccess(driver, vm, disk->src, true); dev.type =3D VIR_DOMAIN_DEVICE_DISK; dev.data.disk =3D disk; --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 04:36:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259906678872.3910711434453; Wed, 23 Jan 2019 08:11:46 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A342280F95; Wed, 23 Jan 2019 16:11:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 69E4A17AF6; Wed, 23 Jan 2019 16:11:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 186903F611; Wed, 23 Jan 2019 16:11:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBM8L014106 for ; Wed, 23 Jan 2019 11:11:22 -0500 Received: by smtp.corp.redhat.com (Postfix) id D09CD5D739; Wed, 23 Jan 2019 16:11:22 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 56A995D6A6 for ; Wed, 23 Jan 2019 16:11:22 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:06 +0100 Message-Id: <2ada12bb6966c8dd274978fdf85102d79b2d384e.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 11/11] qemu: Label backing chain of user-provided target of blockCopy when starting the job X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 23 Jan 2019 16:11:45 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Be more sensible when setting labels of the target of a virDomainBlockCopy operation. Previously we'd relabel everything in case it's a copy job even if there's no unlabelled backing chain. Since we are also not sure whether the backing chain is shared we don't relabel the chain on completion of the blockjob. This certainly won't play nice with the image permission relabelling feature. While this does not fix the case where the image is reused and has backing chain it certainly sanitizes all the other cases. Later on it will also allow to do the correct thing in cases where only one layer was introduced. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_driver.c | 43 ++++++++++++++++++++--------------------- src/qemu/qemu_process.c | 22 +++++++++++++++++++++ 2 files changed, 43 insertions(+), 22 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 79a767288e..2c2c0ce92e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17170,26 +17170,6 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, goto cleanup; } - /* For active commit, the mirror is part of the already labeled - * chain. For blockcopy, we previously labeled only the top-level - * image; but if the user is reusing an external image that - * includes a backing file, the pivot may result in qemu needing - * to open the entire backing chain, so we need to label the - * entire chain. This action is safe even if the backing chain - * has already been labeled; but only necessary when we know for - * sure that there is a backing chain. */ - if (disk->mirrorJob =3D=3D VIR_DOMAIN_BLOCK_JOB_TYPE_COPY) { - if (qemuDomainDetermineDiskChain(driver, vm, disk, disk->mirror, t= rue) < 0) - goto cleanup; - - if (disk->mirror->format && - disk->mirror->format !=3D VIR_STORAGE_FILE_RAW && - (qemuDomainNamespaceSetupDisk(vm, disk->mirror) < 0 || - qemuSetupImageChainCgroup(vm, disk->mirror) < 0 || - qemuSecuritySetImageLabel(driver, vm, disk->mirror, true) < 0= )) - goto cleanup; - } - /* Attempt the pivot. Record the attempt now, to prevent duplicate * attempts; but the actual disk change will be made when emitting * the event. @@ -17836,9 +17816,28 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm, keepParentLabel) < 0) goto endjob; - if (qemuDomainDiskChainElementPrepare(driver, vm, mirror, false, true)= < 0) { - qemuDomainDiskChainElementRevoke(driver, vm, mirror); + /* If reusing an external image that includes a backing file, the pivo= t may + * result in qemu needing to open the entire backing chain, so we need= to + * label the full backing chain of the mirror instead of just the top = image */ + if (flags & VIR_DOMAIN_BLOCK_COPY_REUSE_EXT && + mirror->format >=3D VIR_STORAGE_FILE_BACKING && + qemuDomainDetermineDiskChain(driver, vm, disk, mirror, true) < 0) goto endjob; + + if (flags & VIR_DOMAIN_BLOCK_COPY_REUSE_EXT && + virStorageSourceHasBacking(mirror)) { + /* note that we don't really know whether a part of the backing ch= ain + * is shared so rolling this back is not as easy. Thus we do it on= ly + * if there's a backing chain */ + if (qemuDomainNamespaceSetupDisk(vm, mirror) < 0 || + qemuSetupImageChainCgroup(vm, disk->mirror) < 0 || + qemuSecuritySetImageLabel(driver, vm, disk->mirror, true) < 0) + goto endjob; + } else { + if (qemuDomainDiskChainElementPrepare(driver, vm, mirror, false, t= rue) < 0) { + qemuDomainDiskChainElementRevoke(driver, vm, mirror); + goto endjob; + } } if (!(job =3D qemuBlockJobDiskNew(disk, QEMU_BLOCKJOB_TYPE_COPY, devic= e))) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index fb596d960f..c9e68397b6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7857,6 +7857,7 @@ qemuProcessRefreshLegacyBlockjob(void *payload, virDomainDiskDefPtr disk; qemuBlockJobDataPtr job; qemuBlockJobType jobtype =3D info->type; + qemuDomainObjPrivatePtr priv =3D vm->privateData; if (!(disk =3D qemuProcessFindDomainDiskByAliasOrQOM(vm, jobname, jobn= ame))) { VIR_DEBUG("could not find disk for block job '%s'", jobname); @@ -7878,8 +7879,29 @@ qemuProcessRefreshLegacyBlockjob(void *payload, disk->mirrorState =3D VIR_DOMAIN_DISK_MIRROR_STATE_READY; job->state =3D VIR_DOMAIN_BLOCK_JOB_READY; } + + /* Pre-blockdev block copy labelled the chain of the mirrored devi= ce + * just before pivoting. At that point it was no longer known whet= her + * it's even necessary (e.g. disk is being reused). This code fixes + * the labelling in case the job was started in a libvirt version + * which did not label the chain when the block copy is being star= ted. + * Note that we can't do much on failure. */ + if (disk->mirrorJob =3D=3D VIR_DOMAIN_BLOCK_JOB_TYPE_COPY) { + if (qemuDomainDetermineDiskChain(priv->driver, vm, disk, + disk->mirror, true) < 0) + goto cleanup; + + if (disk->mirror->format && + disk->mirror->format !=3D VIR_STORAGE_FILE_RAW && + (qemuDomainNamespaceSetupDisk(vm, disk->mirror) < 0 || + qemuSetupImageChainCgroup(vm, disk->mirror) < 0 || + qemuSecuritySetImageLabel(priv->driver, vm, disk->mirror, + true) < 0)) + goto cleanup; + } } + cleanup: qemuBlockJobStartupFinalize(job); return 0; --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list