Message ID | 20190830205608.18192-10-mlevitsk@redhat.com |
---|---|
State | New |
Headers | show |
Series | RFC crypto/luks: encryption key managment using amend interface | expand |
On Fri, Aug 30, 2019 at 11:56:07PM +0300, Maxim Levitsky wrote: > Currently only for changing crypto parameters > > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> > --- > block/qcow2.c | 71 ++++++++++++++++++++++++++++++++++++++++++++ > qapi/block-core.json | 4 +-- > 2 files changed, 73 insertions(+), 2 deletions(-) > > diff --git a/block/qcow2.c b/block/qcow2.c > index 8dff4c6b5f..327d2afd9f 100644 > --- a/block/qcow2.c > +++ b/block/qcow2.c > @@ -3082,6 +3082,18 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) > assert(create_options->driver == BLOCKDEV_DRIVER_QCOW2); > qcow2_opts = &create_options->u.qcow2; > > + if (!qcow2_opts->has_size) { > + error_setg(errp, "Size is manadatory for image creation"); > + return -EINVAL; > + > + } > + > + if (!qcow2_opts->has_file) { > + error_setg(errp, "'file' is manadatory for image creation"); > + return -EINVAL; > + > + } > + > bs = bdrv_open_blockdev_ref(qcow2_opts->file, errp); > if (bs == NULL) { > return -EIO; > @@ -5112,6 +5124,64 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, > return 0; > } > > + > +static int coroutine_fn qcow2_co_amend(BlockDriverState *bs, > + BlockdevCreateOptions *opts, > + bool force, > + Error **errp) > +{ > + BlockdevCreateOptionsQcow2 *qopts = &opts->u.qcow2; > + BDRVQcow2State *s = bs->opaque; > + int ret; > + > + /* > + * This is ugly as hell, in later versions of this patch > + * something has to be done about this > + */ > + if (qopts->has_file || qopts->has_size || qopts->has_data_file || > + qopts->has_data_file_raw || qopts->has_version || > + qopts->has_backing_file || qopts->has_backing_fmt || > + qopts->has_cluster_size || qopts->has_preallocation || > + qopts->has_lazy_refcounts || qopts->has_refcount_bits) { > + > + error_setg(errp, > + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); > + return -EOPNOTSUPP; > + > + } > + > + if (qopts->has_encrypt) { > + if (!s->crypto) { > + error_setg(errp, "QCOW2 image is not encrypted, can't amend"); > + return -EOPNOTSUPP; > + } > + > + if (qopts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) { > + error_setg(errp, > + "Amend can't be used to change the qcow2 encryption format"); > + return -EOPNOTSUPP; > + } > + > + if (s->crypt_method_header != QCOW_CRYPT_LUKS) { > + error_setg(errp, > + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); > + return -EOPNOTSUPP; > + } > + > + ret = qcrypto_block_amend_options(s->crypto, > + qcow2_crypto_hdr_read_func, > + qcow2_crypto_hdr_write_func, > + bs, > + qopts->encrypt, > + force, > + errp); > + if (ret) { > + return ret; > + } > + } > + return 0; > +} > + > /* > * If offset or size are negative, respectively, they will not be included in > * the BLOCK_IMAGE_CORRUPTED event emitted. > @@ -5304,6 +5374,7 @@ BlockDriver bdrv_qcow2 = { > .mutable_opts = mutable_opts, > .bdrv_co_check = qcow2_co_check, > .bdrv_amend_options = qcow2_amend_options, > + .bdrv_co_amend = qcow2_co_amend, > > .bdrv_detach_aio_context = qcow2_detach_aio_context, > .bdrv_attach_aio_context = qcow2_attach_aio_context, > diff --git a/qapi/block-core.json b/qapi/block-core.json > index 02375fb59a..ba41744427 100644 > --- a/qapi/block-core.json > +++ b/qapi/block-core.json > @@ -4312,10 +4312,10 @@ > # Since: 2.12 > ## > { 'struct': 'BlockdevCreateOptionsQcow2', > - 'data': { 'file': 'BlockdevRef', > + 'data': { '*file': 'BlockdevRef', > '*data-file': 'BlockdevRef', > '*data-file-raw': 'bool', > - 'size': 'size', > + '*size': 'size', > '*version': 'BlockdevQcow2Version', > '*backing-file': 'str', > '*backing-fmt': 'BlockdevDriver', Docs comment to say they are mandatory for creation. Regards, Daniel
On Fri, 2019-09-06 at 15:12 +0100, Daniel P. Berrangé wrote: > On Fri, Aug 30, 2019 at 11:56:07PM +0300, Maxim Levitsky wrote: > > Currently only for changing crypto parameters > > > > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> > > --- > > block/qcow2.c | 71 ++++++++++++++++++++++++++++++++++++++++++++ > > qapi/block-core.json | 4 +-- > > 2 files changed, 73 insertions(+), 2 deletions(-) > > > > diff --git a/block/qcow2.c b/block/qcow2.c > > index 8dff4c6b5f..327d2afd9f 100644 > > --- a/block/qcow2.c > > +++ b/block/qcow2.c > > @@ -3082,6 +3082,18 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) > > assert(create_options->driver == BLOCKDEV_DRIVER_QCOW2); > > qcow2_opts = &create_options->u.qcow2; > > > > + if (!qcow2_opts->has_size) { > > + error_setg(errp, "Size is manadatory for image creation"); > > + return -EINVAL; > > + > > + } > > + > > + if (!qcow2_opts->has_file) { > > + error_setg(errp, "'file' is manadatory for image creation"); > > + return -EINVAL; > > + > > + } > > + > > bs = bdrv_open_blockdev_ref(qcow2_opts->file, errp); > > if (bs == NULL) { > > return -EIO; > > @@ -5112,6 +5124,64 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, > > return 0; > > } > > > > + > > +static int coroutine_fn qcow2_co_amend(BlockDriverState *bs, > > + BlockdevCreateOptions *opts, > > + bool force, > > + Error **errp) > > +{ > > + BlockdevCreateOptionsQcow2 *qopts = &opts->u.qcow2; > > + BDRVQcow2State *s = bs->opaque; > > + int ret; > > + > > + /* > > + * This is ugly as hell, in later versions of this patch > > + * something has to be done about this > > + */ > > + if (qopts->has_file || qopts->has_size || qopts->has_data_file || > > + qopts->has_data_file_raw || qopts->has_version || > > + qopts->has_backing_file || qopts->has_backing_fmt || > > + qopts->has_cluster_size || qopts->has_preallocation || > > + qopts->has_lazy_refcounts || qopts->has_refcount_bits) { > > + > > + error_setg(errp, > > + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); > > + return -EOPNOTSUPP; > > + > > + } > > + > > + if (qopts->has_encrypt) { > > + if (!s->crypto) { > > + error_setg(errp, "QCOW2 image is not encrypted, can't amend"); > > + return -EOPNOTSUPP; > > + } > > + > > + if (qopts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) { > > + error_setg(errp, > > + "Amend can't be used to change the qcow2 encryption format"); > > + return -EOPNOTSUPP; > > + } > > + > > + if (s->crypt_method_header != QCOW_CRYPT_LUKS) { > > + error_setg(errp, > > + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); > > + return -EOPNOTSUPP; > > + } > > + > > + ret = qcrypto_block_amend_options(s->crypto, > > + qcow2_crypto_hdr_read_func, > > + qcow2_crypto_hdr_write_func, > > + bs, > > + qopts->encrypt, > > + force, > > + errp); > > + if (ret) { > > + return ret; > > + } > > + } > > + return 0; > > +} > > + > > /* > > * If offset or size are negative, respectively, they will not be included in > > * the BLOCK_IMAGE_CORRUPTED event emitted. > > @@ -5304,6 +5374,7 @@ BlockDriver bdrv_qcow2 = { > > .mutable_opts = mutable_opts, > > .bdrv_co_check = qcow2_co_check, > > .bdrv_amend_options = qcow2_amend_options, > > + .bdrv_co_amend = qcow2_co_amend, > > > > .bdrv_detach_aio_context = qcow2_detach_aio_context, > > .bdrv_attach_aio_context = qcow2_attach_aio_context, > > diff --git a/qapi/block-core.json b/qapi/block-core.json > > index 02375fb59a..ba41744427 100644 > > --- a/qapi/block-core.json > > +++ b/qapi/block-core.json > > @@ -4312,10 +4312,10 @@ > > # Since: 2.12 > > ## > > { 'struct': 'BlockdevCreateOptionsQcow2', > > - 'data': { 'file': 'BlockdevRef', > > + 'data': { '*file': 'BlockdevRef', > > '*data-file': 'BlockdevRef', > > '*data-file-raw': 'bool', > > - 'size': 'size', > > + '*size': 'size', > > '*version': 'BlockdevQcow2Version', > > '*backing-file': 'str', > > '*backing-fmt': 'BlockdevDriver', > > Docs comment to say they are mandatory for creation. Done > > > Regards, > Daniel Best regards, Maxim Levitsky
diff --git a/block/qcow2.c b/block/qcow2.c index 8dff4c6b5f..327d2afd9f 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -3082,6 +3082,18 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_QCOW2); qcow2_opts = &create_options->u.qcow2; + if (!qcow2_opts->has_size) { + error_setg(errp, "Size is manadatory for image creation"); + return -EINVAL; + + } + + if (!qcow2_opts->has_file) { + error_setg(errp, "'file' is manadatory for image creation"); + return -EINVAL; + + } + bs = bdrv_open_blockdev_ref(qcow2_opts->file, errp); if (bs == NULL) { return -EIO; @@ -5112,6 +5124,64 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, return 0; } + +static int coroutine_fn qcow2_co_amend(BlockDriverState *bs, + BlockdevCreateOptions *opts, + bool force, + Error **errp) +{ + BlockdevCreateOptionsQcow2 *qopts = &opts->u.qcow2; + BDRVQcow2State *s = bs->opaque; + int ret; + + /* + * This is ugly as hell, in later versions of this patch + * something has to be done about this + */ + if (qopts->has_file || qopts->has_size || qopts->has_data_file || + qopts->has_data_file_raw || qopts->has_version || + qopts->has_backing_file || qopts->has_backing_fmt || + qopts->has_cluster_size || qopts->has_preallocation || + qopts->has_lazy_refcounts || qopts->has_refcount_bits) { + + error_setg(errp, + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); + return -EOPNOTSUPP; + + } + + if (qopts->has_encrypt) { + if (!s->crypto) { + error_setg(errp, "QCOW2 image is not encrypted, can't amend"); + return -EOPNOTSUPP; + } + + if (qopts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) { + error_setg(errp, + "Amend can't be used to change the qcow2 encryption format"); + return -EOPNOTSUPP; + } + + if (s->crypt_method_header != QCOW_CRYPT_LUKS) { + error_setg(errp, + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); + return -EOPNOTSUPP; + } + + ret = qcrypto_block_amend_options(s->crypto, + qcow2_crypto_hdr_read_func, + qcow2_crypto_hdr_write_func, + bs, + qopts->encrypt, + force, + errp); + if (ret) { + return ret; + } + } + return 0; +} + /* * If offset or size are negative, respectively, they will not be included in * the BLOCK_IMAGE_CORRUPTED event emitted. @@ -5304,6 +5374,7 @@ BlockDriver bdrv_qcow2 = { .mutable_opts = mutable_opts, .bdrv_co_check = qcow2_co_check, .bdrv_amend_options = qcow2_amend_options, + .bdrv_co_amend = qcow2_co_amend, .bdrv_detach_aio_context = qcow2_detach_aio_context, .bdrv_attach_aio_context = qcow2_attach_aio_context, diff --git a/qapi/block-core.json b/qapi/block-core.json index 02375fb59a..ba41744427 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4312,10 +4312,10 @@ # Since: 2.12 ## { 'struct': 'BlockdevCreateOptionsQcow2', - 'data': { 'file': 'BlockdevRef', + 'data': { '*file': 'BlockdevRef', '*data-file': 'BlockdevRef', '*data-file-raw': 'bool', - 'size': 'size', + '*size': 'size', '*version': 'BlockdevQcow2Version', '*backing-file': 'str', '*backing-fmt': 'BlockdevDriver',
Currently only for changing crypto parameters Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> --- block/qcow2.c | 71 ++++++++++++++++++++++++++++++++++++++++++++ qapi/block-core.json | 4 +-- 2 files changed, 73 insertions(+), 2 deletions(-)