qemu: migration: Don't pass around secAlias

The alias of the secret for decrypting the TLS passphrase is useless besides for TLS setup. Stop passing it around. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2025-03-20 06:50:22 +03:00 · 2018-05-29 19:56:05 +02:00 · 2018-05-29 19:56:05 +02:00 · 4e1330ab36
commit 4e1330ab36
parent 2cbc026b5d
3 changed files with 13 additions and 17 deletions
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@ -2296,7 +2296,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
    bool relabel = false;
    int rv;
    char *tlsAlias = NULL;
-    char *secAlias = NULL;

    virNWFilterReadLockFilterUpdates();

@ -2505,7 +2504,7 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
    if (flags & VIR_MIGRATE_TLS) {
        if (qemuMigrationParamsEnableTLS(driver, vm, true,
                                         QEMU_ASYNC_JOB_MIGRATION_IN,
-                                         &tlsAlias, &secAlias, NULL,
+                                         &tlsAlias, NULL,
                                         migParams) < 0)
            goto stopjob;
    } else {
@ -2596,7 +2595,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,

 cleanup:
    VIR_FREE(tlsAlias);
-    VIR_FREE(secAlias);
    qemuProcessIncomingDefFree(incoming);
    VIR_FREE(xmlout);
    VIR_FORCE_CLOSE(dataFD[0]);
@ -3371,7 +3369,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
    qemuDomainObjPrivatePtr priv = vm->privateData;
    qemuMigrationCookiePtr mig = NULL;
    char *tlsAlias = NULL;
-    char *secAlias = NULL;
    qemuMigrationIOThreadPtr iothread = NULL;
    int fd = -1;
    unsigned long migrate_speed = resource ? resource : priv->migMaxBandwidth;
@ -3455,7 +3452,7 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,

        if (qemuMigrationParamsEnableTLS(driver, vm, false,
                                         QEMU_ASYNC_JOB_MIGRATION_OUT,
-                                         &tlsAlias, &secAlias, hostname,
+                                         &tlsAlias, hostname,
                                         migParams) < 0)
            goto error;
    } else {
@ -3675,7 +3672,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,

 cleanup:
    VIR_FREE(tlsAlias);
-    VIR_FREE(secAlias);
    VIR_FORCE_CLOSE(fd);
    virDomainDefFree(persistDef);
    qemuMigrationCookieFree(mig);
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@ -809,7 +809,6 @@ qemuMigrationParamsSetString(qemuMigrationParamsPtr migParams,
 * @tlsListen: server or client
 * @asyncJob: Migration job to join
 * @tlsAlias: alias to be generated for TLS object
- * @secAlias: alias to be generated for a secinfo object
 * @hostname: hostname of the migration destination
 * @migParams: migration parameters to set
 *
@ -825,7 +824,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                             bool tlsListen,
                             int asyncJob,
                             char **tlsAlias,
-                             char **secAlias,
                             const char *hostname,
                             qemuMigrationParamsPtr migParams)
 {
@ -833,6 +831,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
    virJSONValuePtr tlsProps = NULL;
    virJSONValuePtr secProps = NULL;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+    const char *secAlias = NULL;
    int ret = -1;

    if (!cfg->migrateTLSx509certdir) {
@ -849,26 +848,28 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
    }

    /* If there's a secret, then grab/store it now using the connection */
-    if (cfg->migrateTLSx509secretUUID &&
-        !(priv->migSecinfo =
-          qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
-                                     cfg->migrateTLSx509secretUUID)))
-        goto error;
+    if (cfg->migrateTLSx509secretUUID) {
+        if (!(priv->migSecinfo =
+              qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
+                                         cfg->migrateTLSx509secretUUID)))
+            goto error;
+        secAlias = priv->migSecinfo->s.aes.alias;
+    }

    if (qemuDomainGetTLSObjects(priv->qemuCaps, priv->migSecinfo,
                                cfg->migrateTLSx509certdir, tlsListen,
                                cfg->migrateTLSx509verify,
                                QEMU_MIGRATION_TLS_ALIAS_BASE,
-                                &tlsProps, tlsAlias, &secProps, secAlias) < 0)
+                                &tlsProps, tlsAlias, &secProps, NULL) < 0)
        goto error;

    /* Ensure the domain doesn't already have the TLS objects defined...
     * This should prevent any issues just in case some cleanup wasn't
     * properly completed (both src and dst use the same alias) or
     * some other error path between now and perform . */
-    qemuDomainDelTLSObjects(driver, vm, asyncJob, *secAlias, *tlsAlias);
+    qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, *tlsAlias);

-    if (qemuDomainAddTLSObjects(driver, vm, asyncJob, *secAlias, &secProps,
+    if (qemuDomainAddTLSObjects(driver, vm, asyncJob, secAlias, &secProps,
                                *tlsAlias, &tlsProps) < 0)
        goto error;

--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@ -98,7 +98,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                             bool tlsListen,
                             int asyncJob,
                             char **tlsAlias,
-                             char **secAlias,
                             const char *hostname,
                             qemuMigrationParamsPtr migParams);