Re: [PATCH v4 3/7] qemu: Implement qemuDomainManagedSaveGetXMLDesc

Peter Krempa <pkrempa@xxxxxxxxxx> · Mon, 28 Aug 2017 17:44:04 +0200

On Tue, Aug 08, 2017 at 13:32:51 +0530, Kothapally Madhu Pavan wrote:
> This commit adds qemu driver implementation to get xml description
> for managed save state domain.
> 
> Signed-off-by: Kothapally Madhu Pavan <kmp@xxxxxxxxxxxxxxxxxx>
> ---
>  src/qemu/qemu_driver.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 46 insertions(+)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index b3f65f4..ec73dc1 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -6797,6 +6797,51 @@ qemuDomainSaveImageDefineXML(virConnectPtr conn, const char *path,
>      return ret;
>  }
>  
> +static char *
> +qemuDomainManagedSaveGetXMLDesc(virDomainPtr dom, unsigned int flags)
> +{
> +    virQEMUDriverPtr driver = dom->conn->privateData;
> +    virDomainObjPtr vm;
> +    char *path = NULL;
> +    char *ret = NULL;
> +    virDomainDefPtr def = NULL;
> +    int fd = -1;
> +    virQEMUSaveDataPtr data = NULL;
> +
> +    /* We only take subset of virDomainDefFormat flags.  */
> +    virCheckFlags(VIR_DOMAIN_XML_SECURE, NULL);
> +
> +    if (!(vm = qemuDomObjFromDomain(dom)))
> +        return ret;
> +
> +    path = qemuDomainManagedSavePath(driver, vm);
> +
> +    if (!path)
> +        goto cleanup;
> +
> +    if (!virFileExists(path)) {
> +        virReportError(VIR_ERR_OPERATION_INVALID,
> +                       "%s",_("domain does not have managed save image"));
> +        goto cleanup;
> +    }
> +
> +    fd = qemuDomainSaveImageOpen(driver, path, &def, &data,
> +                                 false, NULL, false, false);
> +    if (fd < 0)
> +        goto cleanup;
> +    if (virDomainManagedSaveGetXMLDescEnsureACL(dom->conn, def, flags) < 0)
> +        goto cleanup;

Since you have the 'vm' object at the beginning, I think the ACL check
should be done right away with vm->def in this case. The ACL check
should only need the name and UUID from the definition and thus can be
run earlier.

This will mitigate a possible side channel, where we'd return 'domain
does not have managed save image' instead of the "access denied"
message.

I'll do this adjustment locally along with others pointed out. I might
finish this until the freeze tomorrow.
Attachment:
signature.asc

Description: PGP signature
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list