Re: [Qemu-devel] [PATCH 06/10] qcow2: implement crypto amend options
On Fri, 2019-09-06 at 15:06 +0100, Daniel P. Berrangé wrote:
> On Fri, Aug 30, 2019 at 11:56:04PM +0300, Maxim Levitsky wrote:
> > ---
> > block/qcow2.c | 79 ---
> > 1 file changed, 63 insertions(+), 16 deletions(-)
> >
> > @@ -4888,9 +4899,22 @@ static int qcow2_amend_options(BlockDriverState *bs,
> > QemuOpts *opts,
> > return -ENOTSUP;
> > }
> > } else if (g_str_has_prefix(desc->name, "encrypt.")) {
> > -error_setg(errp,
> > - "Changing the encryption parameters is not
> > supported");
> > -return -ENOTSUP;
> > +
> > +if (!s->crypto) {
> > +error_setg(errp,
> > + "Can't amend encryption options - encryption
> > not supported");
> > +return -ENOTSUP;
> > +
> > +}
>
> Perhaps ' - encryption not present', and -EINVAL
Agree. Fixed.
>
> > +
> > +if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
> > +error_setg(errp,
> > + "Only LUKS encryption options can be amended");
> > +return -ENOTSUP;
> > +}
> > +
> > +encryption_update = true;
> > +
> > } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) {
> > cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
> > cluster_size);
> > @@ -4927,7 +4951,7 @@ static int qcow2_amend_options(BlockDriverState *bs,
> > QemuOpts *opts,
> > "images");
> > return -EINVAL;
> > }
> > -} else {
> > +} else {
>
> Accidental change
Fixed.
>
> > /* if this point is reached, this probably means a new option
> > was
> > * added without having it covered here */
> > abort();
> > @@ -4940,7 +4964,8 @@ static int qcow2_amend_options(BlockDriverState *bs,
> > QemuOpts *opts,
> > .original_status_cb = status_cb,
> > .original_cb_opaque = cb_opaque,
> > .total_operations = (new_version < old_version)
> > - + (s->refcount_bits != refcount_bits)
> > + + (s->refcount_bits != refcount_bits) +
> > + (encryption_update == true)
> > };
> >
> > /* Upgrade first (some features may require compat=1.1) */
> > @@ -4954,6 +4979,28 @@ static int qcow2_amend_options(BlockDriverState *bs,
> > QemuOpts *opts,
> > }
> > }
> >
> > +if (encryption_update) {
> > +
>
> Redundant blank line
Fixed.
>
> > +QCryptoBlockCreateOptions *cryptoopts;
> > +
> > +cryptoopts = qcow2_extract_crypto_create_opts(opts, "luks", errp);
> > +if (!cryptoopts)
> > +return -EINVAL;
> > +
> > +helper_cb_info.current_operation = QCOW2_UPDATING_ENCRYPTION;
> > +
> > +ret = qcrypto_block_amend_options(s->crypto,
> > + qcow2_crypto_hdr_read_func,
> > + qcow2_crypto_hdr_write_func,
> > + bs,
> > + cryptoopts,
> > + force,
> > + errp);
> > +if (ret) {
>
> Check ret < 0
Fixed.
>
> > +return ret;
> > +}
> > +}
> > +
>
> Regards,
> Daniel
Best regards,
Maxim Levitsky
Re: [Qemu-devel] [PATCH 06/10] qcow2: implement crypto amend options
On Fri, Aug 30, 2019 at 11:56:04PM +0300, Maxim Levitsky wrote:
> ---
> block/qcow2.c | 79 ---
> 1 file changed, 63 insertions(+), 16 deletions(-)
>
> @@ -4888,9 +4899,22 @@ static int qcow2_amend_options(BlockDriverState *bs,
> QemuOpts *opts,
> return -ENOTSUP;
> }
> } else if (g_str_has_prefix(desc->name, "encrypt.")) {
> -error_setg(errp,
> - "Changing the encryption parameters is not
> supported");
> -return -ENOTSUP;
> +
> +if (!s->crypto) {
> +error_setg(errp,
> + "Can't amend encryption options - encryption not
> supported");
> +return -ENOTSUP;
> +
> +}
Perhaps ' - encryption not present', and -EINVAL
> +
> +if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
> +error_setg(errp,
> + "Only LUKS encryption options can be amended");
> +return -ENOTSUP;
> +}
> +
> +encryption_update = true;
> +
> } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) {
> cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
> cluster_size);
> @@ -4927,7 +4951,7 @@ static int qcow2_amend_options(BlockDriverState *bs,
> QemuOpts *opts,
> "images");
> return -EINVAL;
> }
> -} else {
> +} else {
Accidental change
> /* if this point is reached, this probably means a new option was
> * added without having it covered here */
> abort();
> @@ -4940,7 +4964,8 @@ static int qcow2_amend_options(BlockDriverState *bs,
> QemuOpts *opts,
> .original_status_cb = status_cb,
> .original_cb_opaque = cb_opaque,
> .total_operations = (new_version < old_version)
> - + (s->refcount_bits != refcount_bits)
> + + (s->refcount_bits != refcount_bits) +
> + (encryption_update == true)
> };
>
> /* Upgrade first (some features may require compat=1.1) */
> @@ -4954,6 +4979,28 @@ static int qcow2_amend_options(BlockDriverState *bs,
> QemuOpts *opts,
> }
> }
>
> +if (encryption_update) {
> +
Redundant blank line
> +QCryptoBlockCreateOptions *cryptoopts;
> +
> +cryptoopts = qcow2_extract_crypto_create_opts(opts, "luks", errp);
> +if (!cryptoopts)
> +return -EINVAL;
> +
> +helper_cb_info.current_operation = QCOW2_UPDATING_ENCRYPTION;
> +
> +ret = qcrypto_block_amend_options(s->crypto,
> + qcow2_crypto_hdr_read_func,
> + qcow2_crypto_hdr_write_func,
> + bs,
> + cryptoopts,
> + force,
> + errp);
> +if (ret) {
Check ret < 0
> +return ret;
> +}
> +}
> +
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
[Qemu-devel] [PATCH 06/10] qcow2: implement crypto amend options
---
block/qcow2.c | 79 ---
1 file changed, 63 insertions(+), 16 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index 376bb416fd..8dff4c6b5f 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -171,6 +171,25 @@ static ssize_t qcow2_crypto_hdr_write_func(QCryptoBlock
*block, size_t offset,
return ret;
}
+static QCryptoBlockCreateOptions*
+qcow2_extract_crypto_create_opts(QemuOpts *opts, const char *fmt, Error **errp)
+{
+QDict *cryptoopts_qdict;
+QCryptoBlockCreateOptions *cryptoopts;
+QDict *opts_qdict;
+
+/* Extract "encrypt." options into a qdict */
+opts_qdict = qemu_opts_to_qdict(opts, NULL);
+qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt.");
+qobject_unref(opts_qdict);
+
+/* Build QCryptoBlockCreateOptions object from qdict */
+qdict_put_str(cryptoopts_qdict, "format", "luks");
+cryptoopts = block_crypto_create_opts_init(cryptoopts_qdict, errp);
+qobject_unref(cryptoopts_qdict);
+return cryptoopts;
+}
+
/*
* read qcow2 extension and fill bs
@@ -4366,20 +4385,10 @@ static ssize_t
qcow2_measure_crypto_hdr_write_func(QCryptoBlock *block,
static bool qcow2_measure_luks_headerlen(QemuOpts *opts, size_t *len,
Error **errp)
{
-QDict *opts_qdict;
-QDict *cryptoopts_qdict;
QCryptoBlockCreateOptions *cryptoopts;
QCryptoBlock *crypto;
-/* Extract "encrypt." options into a qdict */
-opts_qdict = qemu_opts_to_qdict(opts, NULL);
-qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt.");
-qobject_unref(opts_qdict);
-
-/* Build QCryptoBlockCreateOptions object from qdict */
-qdict_put_str(cryptoopts_qdict, "format", "luks");
-cryptoopts = block_crypto_create_opts_init(cryptoopts_qdict, errp);
-qobject_unref(cryptoopts_qdict);
+cryptoopts = qcow2_extract_crypto_create_opts(opts, "luks", errp);
if (!cryptoopts) {
return false;
}
@@ -4756,6 +4765,7 @@ typedef enum Qcow2AmendOperation {
* invocation from an operation change */
QCOW2_NO_OPERATION = 0,
+QCOW2_UPDATING_ENCRYPTION,
QCOW2_CHANGING_REFCOUNT_ORDER,
QCOW2_DOWNGRADING,
} Qcow2AmendOperation;
@@ -4840,6 +4850,7 @@ static int qcow2_amend_options(BlockDriverState *bs,
QemuOpts *opts,
int ret;
QemuOptDesc *desc = opts->list->desc;
Qcow2AmendHelperCBInfo helper_cb_info;
+bool encryption_update = false;
while (desc && desc->name) {
if (!qemu_opt_find(opts, desc->name)) {
@@ -4888,9 +4899,22 @@ static int qcow2_amend_options(BlockDriverState *bs,
QemuOpts *opts,
return -ENOTSUP;
}
} else if (g_str_has_prefix(desc->name, "encrypt.")) {
-error_setg(errp,
- "Changing the encryption parameters is not supported");
-return -ENOTSUP;
+
+if (!s->crypto) {
+error_setg(errp,
+ "Can't amend encryption options - encryption not
supported");
+return -ENOTSUP;
+
+}
+
+if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
+error_setg(errp,
+ "Only LUKS encryption options can be amended");
+return -ENOTSUP;
+}
+
+encryption_update = true;
+
} else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) {
cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
cluster_size);
@@ -4927,7 +4951,7 @@ static int qcow2_amend_options(BlockDriverState *bs,
QemuOpts *opts,
"images");
return -EINVAL;
}
-} else {
+} else {
/* if this point is reached, this probably means a new option was
* added without having it covered here */
abort();
@@ -4940,7 +4964,8 @@ static int qcow2_amend_options(BlockDriverState *bs,
QemuOpts *opts,
.original_status_cb = status_cb,
.original_cb_opaque = cb_opaque,
.total_operations = (new_version < old_version)
- + (s->refcount_bits != refcount_bits)
+ + (s->refcount_bits != refcount_bits) +
+ (encryption_update == true)
};
/* Upgrade first (some features may require compat=1.1) */
@@ -4954,6 +4979,28 @@ static int qcow2_amend_options(BlockDriverState *bs,
QemuOpts *opts,
}
}
+if (encryption_update) {
+
+QCryptoBlockCreateOptions *cryptoopts;
+
+cryptoopts = qcow2_extract_crypto_create_opts(opts, "luks", errp);
+if (!cryptoopts)
+return -EINVAL;
+
+helper_cb_info.current_operation = QCOW2_UPDATING_ENCRYPTION;
+
+ret = qcrypto_block_amend_options(s->crypto,
+ qcow2_crypto_hdr_read_fun
