|
 |
1bdc94 |
From c8b73d0f85b2435aabbdec92452cb7a0446b1d36 Mon Sep 17 00:00:00 2001
|
|
|
1bdc94 |
From: Kevin Wolf <kwolf@redhat.com>
|
|
|
1bdc94 |
Date: Mon, 3 Sep 2018 09:41:40 +0200
|
|
|
1bdc94 |
Subject: [PATCH 27/29] qemu-img: fix regression copying secrets during convert
|
|
|
1bdc94 |
MIME-Version: 1.0
|
|
|
1bdc94 |
Content-Type: text/plain; charset=UTF-8
|
|
|
1bdc94 |
Content-Transfer-Encoding: 8bit
|
|
|
1bdc94 |
|
|
|
1bdc94 |
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
|
|
1bdc94 |
Message-id: <20180903094140.12988-2-kwolf@redhat.com>
|
|
|
1bdc94 |
Patchwork-id: 82031
|
|
|
1bdc94 |
O-Subject: [RHV-7.6 qemu-kvm-rhev PATCH 1/1] qemu-img: fix regression copying secrets during convert
|
|
|
1bdc94 |
Bugzilla: 1575578
|
|
|
1bdc94 |
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
|
|
1bdc94 |
RH-Acked-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
1bdc94 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
1bdc94 |
|
|
|
1bdc94 |
From: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
1bdc94 |
|
|
|
1bdc94 |
When the convert command is creating an output file that needs
|
|
|
1bdc94 |
secrets, we need to ensure those secrets are passed to both the
|
|
|
1bdc94 |
blk_new_open and bdrv_create API calls.
|
|
|
1bdc94 |
|
|
|
1bdc94 |
This is done by qemu-img extracting all opts matching the name
|
|
|
1bdc94 |
suffix "key-secret". Unfortunately the code doing this was run after the
|
|
|
1bdc94 |
call to bdrv_create(), which meant the QemuOpts it was extracting
|
|
|
1bdc94 |
secrets from was now empty.
|
|
|
1bdc94 |
|
|
|
1bdc94 |
Previously this worked by luks as a bug meant the "key-secret"
|
|
|
1bdc94 |
parameters were not purged from the QemuOpts. This bug was fixed in
|
|
|
1bdc94 |
|
|
|
1bdc94 |
commit b76b4f604521e59f857d6177bc55f6f2e41fd392
|
|
|
1bdc94 |
Author: Kevin Wolf <kwolf@redhat.com>
|
|
|
1bdc94 |
Date: Thu Jan 11 16:18:08 2018 +0100
|
|
|
1bdc94 |
|
|
|
1bdc94 |
qcow2: Use visitor for options in qcow2_create()
|
|
|
1bdc94 |
|
|
|
1bdc94 |
Exposing the latent bug in qemu-img. This fix simply moves the copying
|
|
|
1bdc94 |
of secrets to before the bdrv_create() call.
|
|
|
1bdc94 |
|
|
|
1bdc94 |
Cc: qemu-stable@nongnu.org
|
|
|
1bdc94 |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
1bdc94 |
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
1bdc94 |
(cherry picked from commit 8d65a3ccfd5db7f0436e095cd952f5d0c3a873ba)
|
|
|
1bdc94 |
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
1bdc94 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
1bdc94 |
---
|
|
|
1bdc94 |
qemu-img.c | 32 +++++++++++++++-----------------
|
|
|
1bdc94 |
1 file changed, 15 insertions(+), 17 deletions(-)
|
|
|
1bdc94 |
|
|
|
1bdc94 |
diff --git a/qemu-img.c b/qemu-img.c
|
|
|
1bdc94 |
index f42750a..fa0cbd7 100644
|
|
|
1bdc94 |
--- a/qemu-img.c
|
|
|
1bdc94 |
+++ b/qemu-img.c
|
|
|
1bdc94 |
@@ -348,21 +348,6 @@ static int img_add_key_secrets(void *opaque,
|
|
|
1bdc94 |
return 0;
|
|
|
1bdc94 |
}
|
|
|
1bdc94 |
|
|
|
1bdc94 |
-static BlockBackend *img_open_new_file(const char *filename,
|
|
|
1bdc94 |
- QemuOpts *create_opts,
|
|
|
1bdc94 |
- const char *fmt, int flags,
|
|
|
1bdc94 |
- bool writethrough, bool quiet,
|
|
|
1bdc94 |
- bool force_share)
|
|
|
1bdc94 |
-{
|
|
|
1bdc94 |
- QDict *options = NULL;
|
|
|
1bdc94 |
-
|
|
|
1bdc94 |
- options = qdict_new();
|
|
|
1bdc94 |
- qemu_opt_foreach(create_opts, img_add_key_secrets, options, &error_abort);
|
|
|
1bdc94 |
-
|
|
|
1bdc94 |
- return img_open_file(filename, options, fmt, flags, writethrough, quiet,
|
|
|
1bdc94 |
- force_share);
|
|
|
1bdc94 |
-}
|
|
|
1bdc94 |
-
|
|
|
1bdc94 |
|
|
|
1bdc94 |
static BlockBackend *img_open(bool image_opts,
|
|
|
1bdc94 |
const char *filename,
|
|
|
1bdc94 |
@@ -1994,6 +1979,7 @@ static int img_convert(int argc, char **argv)
|
|
|
1bdc94 |
BlockDriverState *out_bs;
|
|
|
1bdc94 |
QemuOpts *opts = NULL, *sn_opts = NULL;
|
|
|
1bdc94 |
QemuOptsList *create_opts = NULL;
|
|
|
1bdc94 |
+ QDict *open_opts = NULL;
|
|
|
1bdc94 |
char *options = NULL;
|
|
|
1bdc94 |
Error *local_err = NULL;
|
|
|
1bdc94 |
bool writethrough, src_writethrough, quiet = false, image_opts = false,
|
|
|
1bdc94 |
@@ -2342,6 +2328,16 @@ static int img_convert(int argc, char **argv)
|
|
|
1bdc94 |
}
|
|
|
1bdc94 |
}
|
|
|
1bdc94 |
|
|
|
1bdc94 |
+ /*
|
|
|
1bdc94 |
+ * The later open call will need any decryption secrets, and
|
|
|
1bdc94 |
+ * bdrv_create() will purge "opts", so extract them now before
|
|
|
1bdc94 |
+ * they are lost.
|
|
|
1bdc94 |
+ */
|
|
|
1bdc94 |
+ if (!skip_create) {
|
|
|
1bdc94 |
+ open_opts = qdict_new();
|
|
|
1bdc94 |
+ qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
|
|
|
1bdc94 |
+ }
|
|
|
1bdc94 |
+
|
|
|
1bdc94 |
if (!skip_create) {
|
|
|
1bdc94 |
/* Create the new image */
|
|
|
1bdc94 |
ret = bdrv_create(drv, out_filename, opts, &local_err);
|
|
|
1bdc94 |
@@ -2368,8 +2364,9 @@ static int img_convert(int argc, char **argv)
|
|
|
1bdc94 |
* That has to wait for bdrv_create to be improved
|
|
|
1bdc94 |
* to allow filenames in option syntax
|
|
|
1bdc94 |
*/
|
|
|
1bdc94 |
- s.target = img_open_new_file(out_filename, opts, out_fmt,
|
|
|
1bdc94 |
- flags, writethrough, quiet, false);
|
|
|
1bdc94 |
+ s.target = img_open_file(out_filename, open_opts, out_fmt,
|
|
|
1bdc94 |
+ flags, writethrough, quiet, false);
|
|
|
1bdc94 |
+ open_opts = NULL; /* blk_new_open will have freed it */
|
|
|
1bdc94 |
}
|
|
|
1bdc94 |
if (!s.target) {
|
|
|
1bdc94 |
ret = -1;
|
|
|
1bdc94 |
@@ -2437,6 +2434,7 @@ out:
|
|
|
1bdc94 |
qemu_opts_del(opts);
|
|
|
1bdc94 |
qemu_opts_free(create_opts);
|
|
|
1bdc94 |
qemu_opts_del(sn_opts);
|
|
|
1bdc94 |
+ qobject_unref(open_opts);
|
|
|
1bdc94 |
blk_unref(s.target);
|
|
|
1bdc94 |
if (s.src) {
|
|
|
1bdc94 |
for (bs_i = 0; bs_i < s.src_num; bs_i++) {
|
|
|
1bdc94 |
--
|
|
|
1bdc94 |
1.8.3.1
|
|
|
1bdc94 |
|