[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PULL 13/21] qemu-img: fix regression copying secrets durin
From: |
Kevin Wolf |
Subject: |
[Qemu-block] [PULL 13/21] qemu-img: fix regression copying secrets during convert |
Date: |
Wed, 15 Aug 2018 14:55:29 +0200 |
From: Daniel P. Berrangé <address@hidden>
When the convert command is creating an output file that needs
secrets, we need to ensure those secrets are passed to both the
blk_new_open and bdrv_create API calls.
This is done by qemu-img extracting all opts matching the name
suffix "key-secret". Unfortunately the code doing this was run after the
call to bdrv_create(), which meant the QemuOpts it was extracting
secrets from was now empty.
Previously this worked by luks as a bug meant the "key-secret"
parameters were not purged from the QemuOpts. This bug was fixed in
commit b76b4f604521e59f857d6177bc55f6f2e41fd392
Author: Kevin Wolf <address@hidden>
Date: Thu Jan 11 16:18:08 2018 +0100
qcow2: Use visitor for options in qcow2_create()
Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.
Cc: address@hidden
Signed-off-by: Daniel P. Berrangé <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
qemu-img.c | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index 1acddf693c..b12f4cd19b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -345,21 +345,6 @@ static int img_add_key_secrets(void *opaque,
return 0;
}
-static BlockBackend *img_open_new_file(const char *filename,
- QemuOpts *create_opts,
- const char *fmt, int flags,
- bool writethrough, bool quiet,
- bool force_share)
-{
- QDict *options = NULL;
-
- options = qdict_new();
- qemu_opt_foreach(create_opts, img_add_key_secrets, options, &error_abort);
-
- return img_open_file(filename, options, fmt, flags, writethrough, quiet,
- force_share);
-}
-
static BlockBackend *img_open(bool image_opts,
const char *filename,
@@ -2018,6 +2003,7 @@ static int img_convert(int argc, char **argv)
BlockDriverState *out_bs;
QemuOpts *opts = NULL, *sn_opts = NULL;
QemuOptsList *create_opts = NULL;
+ QDict *open_opts = NULL;
char *options = NULL;
Error *local_err = NULL;
bool writethrough, src_writethrough, quiet = false, image_opts = false,
@@ -2362,6 +2348,16 @@ static int img_convert(int argc, char **argv)
}
}
+ /*
+ * The later open call will need any decryption secrets, and
+ * bdrv_create() will purge "opts", so extract them now before
+ * they are lost.
+ */
+ if (!skip_create) {
+ open_opts = qdict_new();
+ qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
+ }
+
if (!skip_create) {
/* Create the new image */
ret = bdrv_create(drv, out_filename, opts, &local_err);
@@ -2388,8 +2384,9 @@ static int img_convert(int argc, char **argv)
* That has to wait for bdrv_create to be improved
* to allow filenames in option syntax
*/
- s.target = img_open_new_file(out_filename, opts, out_fmt,
- flags, writethrough, quiet, false);
+ s.target = img_open_file(out_filename, open_opts, out_fmt,
+ flags, writethrough, quiet, false);
+ open_opts = NULL; /* blk_new_open will have freed it */
}
if (!s.target) {
ret = -1;
@@ -2464,6 +2461,7 @@ out:
qemu_opts_del(opts);
qemu_opts_free(create_opts);
qemu_opts_del(sn_opts);
+ qobject_unref(open_opts);
blk_unref(s.target);
if (s.src) {
for (bs_i = 0; bs_i < s.src_num; bs_i++) {
--
2.13.6
- [Qemu-block] [PULL 03/21] throttle-groups: Skip the round-robin if a member is being drained, (continued)
- [Qemu-block] [PULL 03/21] throttle-groups: Skip the round-robin if a member is being drained, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 01/21] block/qapi: Fix memory leak in qmp_query_blockstats(), Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 04/21] qemu-iotests: Update 093 to improve the draining test, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 02/21] qemu-iotests: Test removing a throttle group member with a pending timer, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 05/21] throttle-groups: Don't allow timers without throttled requests, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 06/21] luks: Allow share-rw=on, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 07/21] block: Remove deprecated -drive geometry options, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 12/21] mirror: Fail gracefully for source == target, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 08/21] block: Remove deprecated -drive option addr, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 09/21] block: Remove deprecated -drive option serial, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 13/21] qemu-img: fix regression copying secrets during convert,
Kevin Wolf <=
- [Qemu-block] [PULL 15/21] block: drop empty .bdrv_close handlers, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 16/21] qdict: Make qdict_extract_subqdict() accept dst = NULL, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 14/21] block: make .bdrv_close optional, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 10/21] block: Remove dead deprecation warning code, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 18/21] block: Simplify bdrv_reopen_abort(), Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 21/21] qapi: block: Remove mentions of error types which were removed, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 20/21] block: Simplify append_open_options(), Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 11/21] qapi/block: Document restrictions for node names, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 19/21] block: Update bs->options if bdrv_reopen() succeeds, Kevin Wolf, 2018/08/15
- [Qemu-block] [PULL 17/21] block: Remove children options from bs->{options, explicit_options}, Kevin Wolf, 2018/08/15