[11/13] block/crypto: implement blockdev-amend
diff mbox series

Message ID 20200114193350.10830-12-mlevitsk@redhat.com
State New
Headers show
Series
  • LUKS: encryption slot management using amend interface
Related show

Commit Message

Maxim Levitsky Jan. 14, 2020, 7:33 p.m. UTC
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 block/crypto.c       | 70 ++++++++++++++++++++++++++++++++------------
 qapi/block-core.json | 14 ++++++++-
 2 files changed, 64 insertions(+), 20 deletions(-)

Comments

Daniel P. Berrangé Jan. 28, 2020, 5:40 p.m. UTC | #1
On Tue, Jan 14, 2020 at 09:33:48PM +0200, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
>  block/crypto.c       | 70 ++++++++++++++++++++++++++++++++------------
>  qapi/block-core.json | 14 ++++++++-
>  2 files changed, 64 insertions(+), 20 deletions(-)
> 
> diff --git a/block/crypto.c b/block/crypto.c
> index 081880bced..6836337863 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c


>  
> +static int
> +coroutine_fn block_crypto_co_amend(BlockDriverState *bs,
> +                                   BlockdevAmendOptions *opts,
> +                                   bool force,
> +                                   Error **errp)

This should have a _luks suffix given...

> +{
> +    QCryptoBlockAmendOptions amend_opts;
> +
> +    amend_opts = (QCryptoBlockAmendOptions) {
> +        .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
> +        .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),

...this is hardcoded to luks

> +    };
> +    return block_crypto_amend_options_generic(bs, &amend_opts, force, errp);
> +}
>  
>  static void
>  block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
> @@ -812,6 +843,7 @@ static BlockDriver bdrv_crypto_luks = {
>      .bdrv_get_info      = block_crypto_get_info_luks,
>      .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
>      .bdrv_amend_options = block_crypto_amend_options,
> +    .bdrv_co_amend      = block_crypto_co_amend,
>  
>      .strong_runtime_opts = block_crypto_strong_runtime_opts,
>  };

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>



Regards,
Daniel
Maxim Levitsky Jan. 30, 2020, 4:24 p.m. UTC | #2
On Tue, 2020-01-28 at 17:40 +0000, Daniel P. Berrangé wrote:
> On Tue, Jan 14, 2020 at 09:33:48PM +0200, Maxim Levitsky wrote:
> > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> > ---
> >  block/crypto.c       | 70 ++++++++++++++++++++++++++++++++------------
> >  qapi/block-core.json | 14 ++++++++-
> >  2 files changed, 64 insertions(+), 20 deletions(-)
> > 
> > diff --git a/block/crypto.c b/block/crypto.c
> > index 081880bced..6836337863 100644
> > --- a/block/crypto.c
> > +++ b/block/crypto.c
> 
> 
> >  
> > +static int
> > +coroutine_fn block_crypto_co_amend(BlockDriverState *bs,
> > +                                   BlockdevAmendOptions *opts,
> > +                                   bool force,
> > +                                   Error **errp)
> 
> This should have a _luks suffix given...

100% agree. Fixed now.

> > +{
> > +    QCryptoBlockAmendOptions amend_opts;
> > +
> > +    amend_opts = (QCryptoBlockAmendOptions) {
> > +        .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
> > +        .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
> 
> ...this is hardcoded to luks
> 
> > +    };
> > +    return block_crypto_amend_options_generic(bs, &amend_opts, force, errp);
> > +}
> >  
> >  static void
> >  block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
> > @@ -812,6 +843,7 @@ static BlockDriver bdrv_crypto_luks = {
> >      .bdrv_get_info      = block_crypto_get_info_luks,
> >      .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
> >      .bdrv_amend_options = block_crypto_amend_options,
> > +    .bdrv_co_amend      = block_crypto_co_amend,
> >  
> >      .strong_runtime_opts = block_crypto_strong_runtime_opts,
> >  };
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Thanks for the review,
	Best regards,
		Maxim Levitsky
> 
> 
> 
> Regards,
> Daniel

Patch
diff mbox series

diff --git a/block/crypto.c b/block/crypto.c
index 081880bced..6836337863 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -697,32 +697,21 @@  block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
 }
 
 static int
-block_crypto_amend_options(BlockDriverState *bs,
-                           QemuOpts *opts,
-                           BlockDriverAmendStatusCB *status_cb,
-                           void *cb_opaque,
-                           bool force,
-                           Error **errp)
+block_crypto_amend_options_generic(BlockDriverState *bs,
+                                   QCryptoBlockAmendOptions *amend_options,
+                                   bool force,
+                                   Error **errp)
 {
     BlockCrypto *crypto = bs->opaque;
-    QDict *cryptoopts = NULL;
-    QCryptoBlockAmendOptions *amend_options = NULL;
     int ret;
 
     assert(crypto);
     assert(crypto->block);
-    crypto->updating_keys = true;
 
+    /* apply for exclusive read/write permissions to the underlying file*/
+    crypto->updating_keys = true;
     ret = bdrv_child_refresh_perms(bs, bs->file, errp);
-    if (ret < 0) {
-        goto cleanup;
-    }
-
-    cryptoopts = qemu_opts_to_qdict(opts, NULL);
-    qdict_put_str(cryptoopts, "format", "luks");
-    amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
-    if (!amend_options) {
-        ret = -EINVAL;
+    if (ret) {
         goto cleanup;
     }
 
@@ -734,13 +723,55 @@  block_crypto_amend_options(BlockDriverState *bs,
                                       force,
                                       errp);
 cleanup:
+    /* release exclusive read/write permissions to the underlying file*/
     crypto->updating_keys = false;
     bdrv_child_refresh_perms(bs, bs->file, errp);
-    qapi_free_QCryptoBlockAmendOptions(amend_options);
+    return ret;
+}
+
+static int
+block_crypto_amend_options(BlockDriverState *bs,
+                           QemuOpts *opts,
+                           BlockDriverAmendStatusCB *status_cb,
+                           void *cb_opaque,
+                           bool force,
+                           Error **errp)
+{
+    BlockCrypto *crypto = bs->opaque;
+    QDict *cryptoopts = NULL;
+    QCryptoBlockAmendOptions *amend_options = NULL;
+    int ret = -EINVAL;
+
+    assert(crypto);
+    assert(crypto->block);
+
+    cryptoopts = qemu_opts_to_qdict(opts, NULL);
+    qdict_put_str(cryptoopts, "format", "luks");
+    amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
     qobject_unref(cryptoopts);
+    if (!amend_options) {
+        goto cleanup;
+    }
+    ret = block_crypto_amend_options_generic(bs, amend_options, force, errp);
+cleanup:
+    qapi_free_QCryptoBlockAmendOptions(amend_options);
     return ret;
 }
 
+static int
+coroutine_fn block_crypto_co_amend(BlockDriverState *bs,
+                                   BlockdevAmendOptions *opts,
+                                   bool force,
+                                   Error **errp)
+{
+    QCryptoBlockAmendOptions amend_opts;
+
+    amend_opts = (QCryptoBlockAmendOptions) {
+        .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
+        .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
+    };
+    return block_crypto_amend_options_generic(bs, &amend_opts, force, errp);
+}
 
 static void
 block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
@@ -812,6 +843,7 @@  static BlockDriver bdrv_crypto_luks = {
     .bdrv_get_info      = block_crypto_get_info_luks,
     .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
     .bdrv_amend_options = block_crypto_amend_options,
+    .bdrv_co_amend      = block_crypto_co_amend,
 
     .strong_runtime_opts = block_crypto_strong_runtime_opts,
 };
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 601f7dc9a4..790aa40991 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4743,6 +4743,18 @@ 
   'data': { 'job-id': 'str',
             'options': 'BlockdevCreateOptions' } }
 
+##
+# @BlockdevAmendOptionsLUKS:
+#
+# Driver specific image amend options for LUKS.
+#
+# Since: 5.0
+##
+{ 'struct': 'BlockdevAmendOptionsLUKS',
+  'base': 'QCryptoBlockAmendOptionsLUKS',
+  'data': { }
+}
+
 ##
 # @BlockdevAmendOptions:
 #
@@ -4757,7 +4769,7 @@ 
       'driver':         'BlockdevDriver' },
   'discriminator': 'driver',
   'data': {
-  } }
+      'luks':           'BlockdevAmendOptionsLUKS' } }
 
 ##
 # @x-blockdev-amend: