qemu: Don't assume secret provided for LUKS encryption

https://bugzilla.redhat.com/show_bug.cgi?id=1405269

If a secret was not provided for what was determined to be a LUKS
encrypted disk (during virStorageFileGetMetadata processing when
called from qemuDomainDetermineDiskChain as a result of hotplug
attach qemuDomainAttachDeviceDiskLive), then do not attempt to
look it up (avoiding a libvirtd crash) and do not alter the format
to "luks" when adding the disk; otherwise, the device_add would
fail with a message such as:

   "unable to execute QEMU command 'device_add': Property 'scsi-hd.drive'
    can't find value 'drive-scsi0-0-0-0'"

because of assumptions that when the format=luks that libvirt would have
provided the secret to decrypt the volume.

Access to unlock the volume will thus be left to the application.

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f8e48d20899d3484e043c9f585498797c09d011e..28d81466241fd697f0d2efb96c52b803726c3c50 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1442,8 +1442,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
     if (disk->src->format > 0 &&
         disk->src->type != VIR_STORAGE_TYPE_DIR) {
         const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format);
-        if (disk->src->encryption &&
-            disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
+        if (qemuDomainDiskHasEncryptionSecret(disk->src))
             qemuformat = "luks";
         virBufferAsprintf(buf, "format=%s,", qemuformat);
     }

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index acfa69589bac046c207cbefb50334bb8b83e3944..25cb4ad5901e987648dfe9e49bcaf2558eab2104 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1174,6 +1174,18 @@ qemuDomainSecretDiskCapable(virStorageSourcePtr src)
 }
 
 
+bool
+qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
+{
+    if (!virStorageSourceIsEmpty(src) && src->encryption &&
+        src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+        src->encryption->nsecrets > 0)
+        return true;
+
+    return false;
+}
+
+
 /* qemuDomainSecretDiskPrepare:
  * @conn: Pointer to connection
  * @priv: pointer to domain private object
@@ -1209,8 +1221,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
         diskPriv->secinfo = secinfo;
     }
 
-    if (!virStorageSourceIsEmpty(src) && src->encryption &&
-        src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+    if (qemuDomainDiskHasEncryptionSecret(src)) {
 
         if (VIR_ALLOC(secinfo) < 0)
             return -1;

diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index b2db45e87706a00e38927e5ba501cc978d442026..cce879f763c32fcad847d4841bf7fee975ce3383 100644 (file)
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -734,6 +734,9 @@ void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
 bool qemuDomainSecretDiskCapable(virStorageSourcePtr src)
     ATTRIBUTE_NONNULL(1);
 
+bool qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src)
+    ATTRIBUTE_NONNULL(1);
+
 int qemuDomainSecretDiskPrepare(virConnectPtr conn,
                                 qemuDomainObjPrivatePtr priv,
                                 virDomainDiskDefPtr disk)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 92a2e737112645132cd9706ffd09d9a408d00449..f2e98469e0f658c24b0f9543353eaa7f24e6fd1d 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3583,8 +3583,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
     /* Similarly, if this is possible a device using LUKS encryption, we
      * can remove the luks object password too
      */
-    if (!virStorageSourceIsEmpty(disk->src) && disk->src->encryption &&
-        disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+    if (qemuDomainDiskHasEncryptionSecret(disk->src)) {
 
         if (!(encAlias =
               qemuDomainGetSecretAESAlias(disk->info.alias, true))) {