motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-04 08:13:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

qemu-img: fix regression copying secrets during convert

Browse source 
When the convert command is creating an output file that needs
secrets, we need to ensure those secrets are passed to both the
blk_new_open and bdrv_create API calls.

This is done by qemu-img extracting all opts matching the name
suffix "key-secret". Unfortunately the code doing this was run after the
call to bdrv_create(), which meant the QemuOpts it was extracting
secrets from was now empty.

Previously this worked by luks as a bug meant the "key-secret"
parameters were not purged from the QemuOpts. This bug was fixed in

  commit b76b4f6045
  Author: Kevin Wolf <kwolf@redhat.com>
  Date:   Thu Jan 11 16:18:08 2018 +0100

    qcow2: Use visitor for options in qcow2_create()

Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.

Cc: qemu-stable@nongnu.org
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2018-08-14 13:39:47 +01:00 committed by Kevin Wolf
parent 86fae10c64
commit 8d65a3ccfd
1 changed files with 15 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

32
qemu-img.c
View file

@ -345,21 +345,6 @@ static int img_add_key_secrets(void *opaque,
return 0; return 0;
} }
static BlockBackend *img_open_new_file(const char *filename,
QemuOpts *create_opts,
const char *fmt, int flags,
bool writethrough, bool quiet,
bool force_share)
{
QDict *options = NULL;
options = qdict_new();
qemu_opt_foreach(create_opts, img_add_key_secrets, options, &error_abort);
return img_open_file(filename, options, fmt, flags, writethrough, quiet,
force_share);
}
static BlockBackend *img_open(bool image_opts, static BlockBackend *img_open(bool image_opts,
const char *filename, const char *filename,
@ -2018,6 +2003,7 @@ static int img_convert(int argc, char **argv)
BlockDriverState *out_bs; BlockDriverState *out_bs;
QemuOpts *opts = NULL, *sn_opts = NULL; QemuOpts *opts = NULL, *sn_opts = NULL;
QemuOptsList *create_opts = NULL; QemuOptsList *create_opts = NULL;
QDict *open_opts = NULL;
char *options = NULL; char *options = NULL;
Error *local_err = NULL; Error *local_err = NULL;
bool writethrough, src_writethrough, quiet = false, image_opts = false, bool writethrough, src_writethrough, quiet = false, image_opts = false,
@ -2362,6 +2348,16 @@ static int img_convert(int argc, char **argv)
} }
} }
/*
* The later open call will need any decryption secrets, and
* bdrv_create() will purge "opts", so extract them now before
* they are lost.
*/
if (!skip_create) {
open_opts = qdict_new();
qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
}
if (!skip_create) { if (!skip_create) {
/* Create the new image */ /* Create the new image */
ret = bdrv_create(drv, out_filename, opts, &local_err); ret = bdrv_create(drv, out_filename, opts, &local_err);
@ -2388,8 +2384,9 @@ static int img_convert(int argc, char **argv)
* That has to wait for bdrv_create to be improved * That has to wait for bdrv_create to be improved
* to allow filenames in option syntax * to allow filenames in option syntax
*/ */
s.target = img_open_new_file(out_filename, opts, out_fmt, s.target = img_open_file(out_filename, open_opts, out_fmt,
flags, writethrough, quiet, false); flags, writethrough, quiet, false);
open_opts = NULL; /* blk_new_open will have freed it */
} }
if (!s.target) { if (!s.target) {
ret = -1; ret = -1;
@ -2464,6 +2461,7 @@ out:
qemu_opts_del(opts); qemu_opts_del(opts);
qemu_opts_free(create_opts); qemu_opts_free(create_opts);
qemu_opts_del(sn_opts); qemu_opts_del(sn_opts);
qobject_unref(open_opts);
blk_unref(s.target); blk_unref(s.target);
if (s.src) { if (s.src) {
for (bs_i = 0; bs_i < s.src_num; bs_i++) { for (bs_i = 0; bs_i < s.src_num; bs_i++) {