Re: [libvirt] [PATCH 4/6] qemu: don't pass virConnectPtr around for secrets
On 02/09/2018 12:24 PM, Daniel P. Berrangé wrote: > During domain startup there are many places where we need to acquire > secrets. Currently code passes around a virConnectPtr, except in the > places where we pass in NULL. So there are a few codepaths where ability > to start guests using secrets will fail. Change to acquire a handle to > the secret driver when needed. > > Signed-off-by: Daniel P. Berrangé > --- > src/qemu/qemu_domain.c| 111 > ++ > src/qemu/qemu_domain.h| 15 +++ > src/qemu/qemu_driver.c| 18 > src/qemu/qemu_hotplug.c | 64 +++--- > src/qemu/qemu_hotplug.h | 15 +++ > src/qemu/qemu_migration.c | 10 ++--- > src/qemu/qemu_process.c | 40 + > tests/qemuhotplugtest.c | 4 +- > 8 files changed, 114 insertions(+), 163 deletions(-) > More, but different qemuxml2argvtest failures. John > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > index 84207db16a..27063873a4 100644 > --- a/src/qemu/qemu_domain.c > +++ b/src/qemu/qemu_domain.c > @@ -1151,7 +1151,6 @@ qemuDomainChrSourcePrivateDispose(void *obj) > > > /* qemuDomainSecretPlainSetup: > - * @conn: Pointer to connection > * @secinfo: Pointer to secret info > * @usageType: The virSecretUsageType > * @username: username to use for authentication (may be NULL) > @@ -1162,24 +1161,33 @@ qemuDomainChrSourcePrivateDispose(void *obj) > * Returns 0 on success, -1 on failure with error message > */ > static int > -qemuDomainSecretPlainSetup(virConnectPtr conn, > - qemuDomainSecretInfoPtr secinfo, > +qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo, > virSecretUsageType usageType, > const char *username, > virSecretLookupTypeDefPtr seclookupdef) > { > +virConnectPtr conn; > +int ret = -1; > + > +conn = virGetConnectSecret(); > +if (!conn) > +return -1; > + > secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN; > if (VIR_STRDUP(secinfo->s.plain.username, username) < 0) > -return -1; > +goto cleanup; > > -return virSecretGetSecretString(conn, seclookupdef, usageType, > -&secinfo->s.plain.secret, > -&secinfo->s.plain.secretlen); > +ret = virSecretGetSecretString(conn, seclookupdef, usageType, > + &secinfo->s.plain.secret, > + &secinfo->s.plain.secretlen); > + > + cleanup: > +virObjectUnref(conn); > +return ret; > } > > > /* qemuDomainSecretAESSetup: > - * @conn: Pointer to connection > * @priv: pointer to domain private object > * @secinfo: Pointer to secret info > * @srcalias: Alias of the disk/hostdev used to generate the secret alias > @@ -1193,8 +1201,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn, > * Returns 0 on success, -1 on failure with error message > */ > static int > -qemuDomainSecretAESSetup(virConnectPtr conn, > - qemuDomainObjPrivatePtr priv, > +qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, > qemuDomainSecretInfoPtr secinfo, > const char *srcalias, > virSecretUsageType usageType, > @@ -1202,6 +1209,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn, > virSecretLookupTypeDefPtr seclookupdef, > bool isLuks) > { > +virConnectPtr conn; > int ret = -1; > uint8_t *raw_iv = NULL; > size_t ivlen = QEMU_DOMAIN_AES_IV_LEN; > @@ -1210,16 +1218,20 @@ qemuDomainSecretAESSetup(virConnectPtr conn, > uint8_t *ciphertext = NULL; > size_t ciphertextlen = 0; > > +conn = virGetConnectSecret(); > +if (!conn) > +return -1; > + > secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES; > if (VIR_STRDUP(secinfo->s.aes.username, username) < 0) > -return -1; > +goto cleanup; > > if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, > isLuks))) > -return -1; > +goto cleanup; > > /* Create a random initialization vector */ > if (!(raw_iv = virCryptoGenerateRandom(ivlen))) > -return -1; > +goto cleanup; > > /* Encode the IV and save that since qemu will need it */ > if (!(secinfo->s.aes.iv = virStringEncodeBase64(raw_iv, ivlen))) > @@ -1250,13 +1262,12 @@ qemuDomainSecretAESSetup(virConnectPtr conn, > VIR_DISPOSE_N(raw_iv, ivlen); > VIR_DISPOSE_N(secret, secretlen); > VIR_DISPOSE_N(ciphertext, ciphertextlen); > - > +virObjectUnref(conn); > return ret; > } > > > /* qemuDomainSecretSetup: > - * @conn: Pointer to connection > * @priv: pointer to domain private object > * @secinfo: Pointer to secret info > * @srcalias: Alias of the disk/
[libvirt] [PATCH 4/6] qemu: don't pass virConnectPtr around for secrets
During domain startup there are many places where we need to acquire secrets. Currently code passes around a virConnectPtr, except in the places where we pass in NULL. So there are a few codepaths where ability to start guests using secrets will fail. Change to acquire a handle to the secret driver when needed. Signed-off-by: Daniel P. Berrangé --- src/qemu/qemu_domain.c| 111 ++ src/qemu/qemu_domain.h| 15 +++ src/qemu/qemu_driver.c| 18 src/qemu/qemu_hotplug.c | 64 +++--- src/qemu/qemu_hotplug.h | 15 +++ src/qemu/qemu_migration.c | 10 ++--- src/qemu/qemu_process.c | 40 + tests/qemuhotplugtest.c | 4 +- 8 files changed, 114 insertions(+), 163 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 84207db16a..27063873a4 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1151,7 +1151,6 @@ qemuDomainChrSourcePrivateDispose(void *obj) /* qemuDomainSecretPlainSetup: - * @conn: Pointer to connection * @secinfo: Pointer to secret info * @usageType: The virSecretUsageType * @username: username to use for authentication (may be NULL) @@ -1162,24 +1161,33 @@ qemuDomainChrSourcePrivateDispose(void *obj) * Returns 0 on success, -1 on failure with error message */ static int -qemuDomainSecretPlainSetup(virConnectPtr conn, - qemuDomainSecretInfoPtr secinfo, +qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo, virSecretUsageType usageType, const char *username, virSecretLookupTypeDefPtr seclookupdef) { +virConnectPtr conn; +int ret = -1; + +conn = virGetConnectSecret(); +if (!conn) +return -1; + secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN; if (VIR_STRDUP(secinfo->s.plain.username, username) < 0) -return -1; +goto cleanup; -return virSecretGetSecretString(conn, seclookupdef, usageType, -&secinfo->s.plain.secret, -&secinfo->s.plain.secretlen); +ret = virSecretGetSecretString(conn, seclookupdef, usageType, + &secinfo->s.plain.secret, + &secinfo->s.plain.secretlen); + + cleanup: +virObjectUnref(conn); +return ret; } /* qemuDomainSecretAESSetup: - * @conn: Pointer to connection * @priv: pointer to domain private object * @secinfo: Pointer to secret info * @srcalias: Alias of the disk/hostdev used to generate the secret alias @@ -1193,8 +1201,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn, * Returns 0 on success, -1 on failure with error message */ static int -qemuDomainSecretAESSetup(virConnectPtr conn, - qemuDomainObjPrivatePtr priv, +qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, qemuDomainSecretInfoPtr secinfo, const char *srcalias, virSecretUsageType usageType, @@ -1202,6 +1209,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn, virSecretLookupTypeDefPtr seclookupdef, bool isLuks) { +virConnectPtr conn; int ret = -1; uint8_t *raw_iv = NULL; size_t ivlen = QEMU_DOMAIN_AES_IV_LEN; @@ -1210,16 +1218,20 @@ qemuDomainSecretAESSetup(virConnectPtr conn, uint8_t *ciphertext = NULL; size_t ciphertextlen = 0; +conn = virGetConnectSecret(); +if (!conn) +return -1; + secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES; if (VIR_STRDUP(secinfo->s.aes.username, username) < 0) -return -1; +goto cleanup; if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks))) -return -1; +goto cleanup; /* Create a random initialization vector */ if (!(raw_iv = virCryptoGenerateRandom(ivlen))) -return -1; +goto cleanup; /* Encode the IV and save that since qemu will need it */ if (!(secinfo->s.aes.iv = virStringEncodeBase64(raw_iv, ivlen))) @@ -1250,13 +1262,12 @@ qemuDomainSecretAESSetup(virConnectPtr conn, VIR_DISPOSE_N(raw_iv, ivlen); VIR_DISPOSE_N(secret, secretlen); VIR_DISPOSE_N(ciphertext, ciphertextlen); - +virObjectUnref(conn); return ret; } /* qemuDomainSecretSetup: - * @conn: Pointer to connection * @priv: pointer to domain private object * @secinfo: Pointer to secret info * @srcalias: Alias of the disk/hostdev used to generate the secret alias @@ -1273,8 +1284,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn, * Returns 0 on success, -1 on failure */ static int -qemuDomainSecretSetup(virConnectPtr conn, - qemuDomainObjPrivatePtr priv, +qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv, qemuDomainSecretInfoPtr secinf