Re: [PATCH v2 02/12] qemu: Introduce qemuDomainSecretPrepare and Destroy

Ján Tomko <jtomko@xxxxxxxxxx> · Mon, 2 May 2016 13:38:41 +0200

On Sat, Apr 16, 2016 at 10:17:35AM -0400, John Ferlan wrote:
> Rather than needing to pass the conn parameter to various command
> line building API's, add qemuDomainSecretPrepare just prior to the
> qemuProcessLaunch which calls qemuBuilCommandLine. The function
> must be called after qemuProcessPrepareHost since it's expected
> to eventually need the domain masterKey generated during the prepare
> host call. Additionally, future patches may require device aliases
> (assigned during the prepare domain call) in order to associate
> the secret objects.
> 
> The qemuDomainSecretDestroy is called after the qemuProcessLaunch
> finishes in order to clear and free memory used by the secrets
> that were recently prepared, so they are not kept around in memory
> too long.
> 
> Placing the setup here is beneficial for future patches which will
> need the domain masterKey in order to generate an encrypted secret
> along with an initialization vector to be saved and passed (since
> the masterKey shouldn't be passed around).
> 
> Finally, since the secret is not added during command line build,
> the hotplug code will need to get the secret into the private disk data.
> 
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
>  src/qemu/qemu_command.c |  45 ++++-----------
>  src/qemu/qemu_command.h |   5 +-
>  src/qemu/qemu_domain.c  | 150 ++++++++++++++++++++++++++++++++++++++++++++++--
>  src/qemu/qemu_domain.h  |  15 ++++-
>  src/qemu/qemu_driver.c  |  10 ++--
>  src/qemu/qemu_hotplug.c |  26 +++++----
>  src/qemu/qemu_hotplug.h |   1 -
>  src/qemu/qemu_process.c |   8 +++
>  8 files changed, 202 insertions(+), 58 deletions(-)
> 

> @@ -1033,8 +1012,7 @@ qemuCheckFips(void)
>  
>  
>  char *
> -qemuBuildDriveStr(virConnectPtr conn,
> -                  virDomainDiskDefPtr disk,

It's really nice to see the 'conn' go.

> +qemuBuildDriveStr(virDomainDiskDefPtr disk,
>                    bool bootable,
>                    virQEMUCapsPtr qemuCaps)
>  {

> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 81d86c2..c9f43fa 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -5640,6 +5640,9 @@ qemuProcessStart(virConnectPtr conn,
>      if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0)
>          goto stop;
>  
> +    if (qemuDomainSecretPrepare(conn, vm) < 0)
> +        goto cleanup;
> +

The call fits better in qemuProcessPrepareDomain,
that way it will be called even for incoming migration.

Jan

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list