Signed-off-by: Fam Zheng
---
blockdev.c | 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/blockdev.c b/blockdev.c
index 4927914..4e04dec 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3174,6 +3174,7 @@ static BlockJob *do_drive_backup(DriveBackup
Signed-off-by: Fam Zheng
Reviewed-by: Max Reitz
---
tests/drive_del-test.c| 2 +-
tests/nvme-test.c | 2 +-
tests/usb-hcd-uhci-test.c | 2 +-
tests/usb-hcd-xhci-test.c | 2 +-
tests/virtio-blk-test.c | 2 +-
tests/virtio-scsi-test.c | 5 +++--
This extends the permission bits of op blocker API to external using
Linux OFD locks.
Each permission in @perm and @shared_perm is represented by a locked
byte in the image file. Requesting a permission in @perm is translated
to a shared lock of the corresponding byte; rejecting to share the
Signed-off-by: Fam Zheng
---
tests/qemu-iotests/153 | 220 +
tests/qemu-iotests/153.out | 390 +
tests/qemu-iotests/group | 1 +
3 files changed, 611 insertions(+)
create mode 100755
Signed-off-by: Fam Zheng
Reviewed-by: Max Reitz
---
tests/qemu-iotests/091 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/qemu-iotests/091 b/tests/qemu-iotests/091
index 32bbd56..10ac4a8 100755
--- a/tests/qemu-iotests/091
+++
They are wrappers of POSIX fcntl "file private locking", with a
convenient "try lock" wrapper implemented with F_OFD_GETLK.
Signed-off-by: Fam Zheng
Reviewed-by: Max Reitz
---
include/qemu/osdep.h | 3 +++
util/osdep.c | 48
The COLO block replication architecture requires one disk to be shared
between primary and secondary, in the test both processes use posix file
protocol (instead of over NBD) so it is affected by image locking.
Disable the lock.
Signed-off-by: Fam Zheng
---
To avoid image lock failures.
Signed-off-by: Fam Zheng
---
tests/qemu-iotests/172 | 55 +-
tests/qemu-iotests/172.out | 50 +
2 files changed, 56 insertions(+), 49 deletions(-)
diff --git
The qemu-img info command is executed while VM is running, add -U option
to avoid the image locking error.
Signed-off-by: Fam Zheng
---
tests/qemu-iotests/046 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/046 b/tests/qemu-iotests/046
Double attach is not a valid usage of the target image, drive-backup
will open the blockdev itself so skip the add_drive call in this case.
Signed-off-by: Fam Zheng
Reviewed-by: Max Reitz
---
tests/qemu-iotests/055 | 32 ++--
1
The test scenario doesn't require the same image, instead it focuses on
the duplicated node-name, so use null-co to avoid locking conflict.
Reviewed-by: Max Reitz
Signed-off-by: Fam Zheng
---
tests/qemu-iotests/087 | 6 ++
1 file changed, 2
Making this option available even before implementing it will let
converting tests easier: in coming patches they can specify the option
already when necessary, before we actually write code to lock the
images.
Signed-off-by: Fam Zheng
---
block/file-posix.c | 5 +
1 file
In the case where we test the expected error when a blockdev-snapshot
target already has a backing image, the backing chain is opened multiple
times. This will be a problem when we use image locking, so use a
different backing file that is not already open.
Signed-off-by: Fam Zheng
qemu-img and qemu-io commands when guest is running need "-U" option,
add it.
Signed-off-by: Fam Zheng
---
tests/qemu-iotests/030 | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index
Signed-off-by: Fam Zheng
---
qemu-img-cmds.hx | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index 8ac7822..ae309c0 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -10,15
Add --force-share/-U to program options and -U to open subcommand.
Signed-off-by: Fam Zheng
---
qemu-io.c | 42 ++
1 file changed, 34 insertions(+), 8 deletions(-)
diff --git a/qemu-io.c b/qemu-io.c
index 427cbae..cf4b876 100644
---
Signed-off-by: Fam Zheng
---
block.c | 32
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/block.c b/block.c
index 9db39b6..e9f4750 100644
--- a/block.c
+++ b/block.c
@@ -1430,6 +1430,22 @@ static int
This is the order of the largest possible permission.
Signed-off-by: Fam Zheng
---
include/block/block.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/block/block.h b/include/block/block.h
index eb0565d..a798f10 100644
--- a/include/block/block.h
+++
This will force the opened images to allow sharing all permissions with other
programs.
Signed-off-by: Fam Zheng
---
qemu-img.c | 154 ++---
1 file changed, 118 insertions(+), 36 deletions(-)
diff --git a/qemu-img.c
Signed-off-by: Fam Zheng
---
block.c | 17 +
include/block/block.h | 1 +
include/block/block_int.h | 1 +
qapi/block-core.json | 3 +++
4 files changed, 22 insertions(+)
diff --git a/block.c b/block.c
index fce77bf..9db39b6 100644
v15: Rework a number of things, especially around what and how lockings are
done. [Kevin]
- Map each permission to a locked byte.
- Make the new option --force-share-perms, and require read-only=on.
- Update test case 153 accordingly.
- Only add -U where necessary in
It can be used outside of block.c for making user friendly messages.
Signed-off-by: Fam Zheng
---
block.c | 2 +-
include/block/block.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/block.c b/block.c
index 1e668fb..fce77bf 100644
---
Reported by Coverity. We already use bs in bdrv_inc_in_flight before
checking for NULL. It is unnecessary as all callers pass non-NULL bs, so
drop it.
Signed-off-by: Fam Zheng
---
block/io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/io.c
On Tue, 04/25 17:16, Kevin Wolf wrote:
> Am 10.04.2017 um 17:05 hat Fam Zheng geschrieben:
> > bdrv_inc_in_flight and bdrv_dec_in_flight are mandatory for
> > BDRV_POLL_WHILE to work, even for the shortcut case where flush is
> > unnecessary. Move the if block to below bdrv_dec_in_flight, and BTW
At the moment, dmg_co_preadv() reads one sector at a time. Make it
read multiple sectors at a time depending on the number of sectors
stored in "drs->sectors_read". This does not provide any significant
optimization in the I/O process of DMG but is still a nicer way.
Adjust the 'data' variable
Refactor dmg_read_chunk() to start making use of the new DMGReadState
structure and do chunk and sector related calculations based on it.
Add a new argument "DMGReadState *drs" to it.
Signed-off-by: Ashijeet Acharya
---
block/dmg.c | 153
On 25.04.2017 03:50, 858585 jemmy wrote:
> On Mon, Apr 24, 2017 at 10:43 PM, Eric Blake wrote:
>> On 04/23/2017 09:33 AM, jemmy858...@gmail.com wrote:
>>> From: Lidong Chen
>>>
>>> is_allocated_sectors_min don't guarantee to contain the
>>> consecutive
We have refactored the DMG driver to accept and process images
irrespective of their chunk sizes since we now have limit of 2MB on our
output buffer size. Thus QEMU will not allocate huge amounts of memory
no matter what the chunk size is.
Remove the error messages to prevent denial-of-service in
Set the output buffer size to be equal to the size of number of sectors
stored in @sectors_read. Start inflating to a max output buffer size of
2MB and cache our access point to aid random access later if required.
Signed-off-by: Ashijeet Acharya
---
block/dmg.c | 48
The size of the output buffer is limited to a maximum of 2MB so that
QEMU doesn't end up allocating huge amounts of memory while
decompressing compressed input streams.
2MB is an appropriate size because "qemu-img convert" has the same I/O
buffer size and the most important use case for DMG files
We do not need to cache the access point for these chunks but need to
update our various supporting variables like chunk, sectors_read etc.
to keep maintaining our code structure. Call cache_access_point() after
reading chunks of these types.
Signed-off-by: Ashijeet Acharya
This series helps to provide chunk size independence for DMG driver to prevent
denial-of-service in cases where untrusted files are being accessed by the user.
This task is mentioned on the public block ToDo
Here -> http://wiki.qemu.org/ToDo/Block/DmgChunkSizeIndependence
Patch 1 introduces a
We need to cache the random access point while performing partial
decompression so that we can resume decompression from that point
onwards in our next sequential read request. Introduce a new struct
DMGReadState which will help us do this.
Signed-off-by: Ashijeet Acharya
Introduce a new cache_access_point() function which will help us first
cache a random access point inside a compressed stream and then keep
updating it according to our requirement at appropriate times.
Signed-off-by: Ashijeet Acharya
---
block/dmg.c | 18
On 04/24/2017 08:50 PM, 858585 jemmy wrote:
> On Mon, Apr 24, 2017 at 10:43 PM, Eric Blake wrote:
>> On 04/23/2017 09:33 AM, jemmy858...@gmail.com wrote:
>>> From: Lidong Chen
>>>
>>> is_allocated_sectors_min don't guarantee to contain the
>>>
On 24.04.2017 17:53, Eric Blake wrote:
> On 04/24/2017 10:47 AM, Eric Blake wrote:
>> On 04/24/2017 10:37 AM, Philippe Mathieu-Daudé wrote:
>>
> /*
> - * Returns true iff the first sector pointed to by 'buf' contains at
> least
> - * a non-NUL byte.
> + * Returns true if the
Hi,
This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.
Message-id: 20170425153858.25660-1-berra...@redhat.com
Subject: [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock
On 04/25/2017 12:55 PM, Peter Lieven wrote:
Am 24.04.2017 um 22:13 schrieb Anton Nefedov:
On 24/04/2017 21:16, Peter Lieven wrote:
Am 24.04.2017 um 18:27 schrieb Anton Nefedov
:
On 04/21/2017 03:37 PM, Peter Lieven wrote:
Am 21.04.2017 um 14:19 schrieb
Hi,
This series failed build test on s390x host. Please find the details below.
Type: series
Message-id: 20170425153858.25660-1-berra...@redhat.com
Subject: [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add
LUKS support
=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script
On Tue, Apr 25, 2017 at 11:13:17PM +0800, Fam Zheng wrote:
> Hi Kevin,
>
> This happens both on master and on your block-next tree:
>
> $ qemu-io -f raw null-co:// -c 'reopen -r'
> Unexpected error in bdrv_check_perm() at /stor/work/qemu/block.c:1437:
> Block node is read-only
>
This adds support for using LUKS as an encryption format
with the qcow2 file, using the new encrypt.format parameter
to request "luks" format. e.g.
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encrypt.-format=luks,encrypt.key-secret=sec0 \
test.qcow2 10G
The 138 and 158 iotests exercise the legacy qcow2 aes encryption
code path and they work fine with qcow v1 too.
Reviewed-by: Alberto Garcia
Reviewed-by: Max Reitz
Signed-off-by: Daniel P. Berrange
---
tests/qemu-iotests/134 | 2 +-
While the crypto layer uses a fixed option name "key-secret",
the upper block layer may have a prefix on the options. e.g.
"luks-key-secret", "aes-key-secret", in order to avoid clashes
between crypto option names & other block option names. To
ensure the crypto layer can report accurate error
Now that qcow & qcow2 are wired up to get encryption keys
via the QCryptoSecret object, nothing is relying on the
interactive prompting for passwords. All the code related
to password prompting can thus be ripped out.
Reviewed-by: Alberto Garcia
Reviewed-by: Max Reitz
This converts the qcow driver to make use of the QCryptoBlock
APIs for encrypting image content. This is only wired up to
permit use of the legacy QCow encryption format. Users who wish
to have the strong LUKS format should switch to qcow2 instead.
With this change it is now required to use the
Historically the qcow & qcow2 image formats supported a property
"encryption=on" to enable their built-in AES encryption. We'll
soon be supporting LUKS for qcow2, so need a more general purpose
way to enable encryption, with a choice of formats.
This introduces an "encrypt.format" option, which
This extends the 087 iotest to cover LUKS encryption when doing
blockdev-add.
Two further tests are added to validate read/write of LUKS
encrypted images with a single file and with a backing file.
Reviewed-by: Alberto Garcia
Reviewed-by: Max Reitz
This converts the qcow2 driver to make use of the QCryptoBlock
APIs for encrypting image content, using the legacyy QCow2 AES
scheme.
With this change it is now required to use the QCryptoSecret
object for providing passwords, instead of the current block
password APIs / interactive prompting.
Instead of requiring separate input/output buffers for
encrypting data, change encrypt_sectors() to assume
use of a single buffer, encrypting in place. One current
caller uses the same buffer for input/output already
and the other two callers are easily converted to do so.
Reviewed-by: Alberto
Now that all encryption keys must be provided upfront via
the QCryptoSecret API and associated block driver properties
there is no need for any explicit encryption handling APIs
in the block layer. Encryption can be handled transparently
within the block driver. We only retain an API for querying
Test 042 is designed to verify operation with zero sized images.
Such images are not supported with qcow (v1), so this test has
always failed.
Reviewed-by: Max Reitz
Reviewed-by: Alberto Garcia
Signed-off-by: Daniel P. Berrange
---
Test 048 is designed to verify data preservation during an
image resize. The qcow (v1) format impl has never supported
resize so always fails.
Reviewed-by: Max Reitz
Reviewed-by: Alberto Garcia
Signed-off-by: Daniel P. Berrange
---
The qcow driver refuses to open images which are less than
2 bytes in size, but will happily create such images. Add
a check in the create path to avoid this discrepancy.
Reviewed-by: Max Reitz
Reviewed-by: Alberto Garcia
Reviewed-by: Eric Blake
The block/crypto.c defines a set of QemuOpts that provide
parameters for encryption. This will also be needed by
the qcow/qcow2 integration, so expose the relevant pieces
in a new block/crypto.h header. Some helper methods taking
QemuOpts are changed to take QDict to simplify usage in
other
When integrating the crypto support with qcow/qcow2, we don't
want to use the bare LUKS option names "hash-alg", "key-secret",
etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
so that they don't clash with any general qcow options at a later
date.
Reviewed-by: Max Reitz
Instead of requiring separate input/output buffers for
encrypting data, change qcow2_encrypt_sectors() to assume
use of a single buffer, encrypting in place. The current
callers all used the same buffer for input/output already.
Reviewed-by: Eric Blake
Reviewed-by: Fam Zheng
Update the qcow2 specification to describe how the LUKS header is
placed inside a qcow2 file, when using LUKS encryption for the
qcow2 payload instead of the legacy AES-CBC encryption
Reviewed-by: Alberto Garcia
Reviewed-by: Max Reitz
Signed-off-by: Daniel
Document that use of guest virtual sector numbers as the basis for
the initialization vectors is a potential weakness, when combined
with internal snapshots or multiple images using the same passphrase.
This fixes the formatting of the itemized list too.
Reviewed-by: Max Reitz
Previously posted:
v1: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00201.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg05147.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg05671.html
v4:
Am 10.04.2017 um 17:05 hat Fam Zheng geschrieben:
> bdrv_inc_in_flight and bdrv_dec_in_flight are mandatory for
> BDRV_POLL_WHILE to work, even for the shortcut case where flush is
> unnecessary. Move the if block to below bdrv_dec_in_flight, and BTW fix
> the variable declaration position.
>
>
Hi Kevin,
This happens both on master and on your block-next tree:
$ qemu-io -f raw null-co:// -c 'reopen -r'
Unexpected error in bdrv_check_perm() at /stor/work/qemu/block.c:1437:
Block node is read-only
Aborted
It seems bs->read_only and perms go out of sync when bdrv_reopen()
29.03.2017 18:53, Paolo Bonzini wrote:
On 29/03/2017 17:29, Dr. David Alan Gilbert wrote:
'abort' is not very good too I think. migration is completed, nothing to
abort.. (may be successful migration to file for suspend, some kind of
vm cloning, etc)
There is already migrate_cancel. Does it
Am 25.04.2017 um 11:55 schrieb Peter Lieven:
Am 24.04.2017 um 22:13 schrieb Anton Nefedov:
On 24/04/2017 21:16, Peter Lieven wrote:
Am 24.04.2017 um 18:27 schrieb Anton Nefedov :
On 04/21/2017 03:37 PM, Peter Lieven wrote:
Am 21.04.2017 um 14:19 schrieb
On 04/25/2017 03:08 AM, Thomas Huth wrote:
> If the user needs to specify the disk geometry, the corresponding
> parameters of the "-drive" option should be used instead. "-hdachs"
> is considered as deprecated and might be removed soon.
>
> Signed-off-by: Thomas Huth
> ---
>
On 24 April 2017 at 20:19, Jeff Cody wrote:
> The following changes since commit 4c55b1d0bad8a703f0499fe62e3761a0cd288da3:
>
> Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2017-04-24'
> into staging (2017-04-24 14:49:48 +0100)
>
> are available in the git
Am 24.04.2017 um 22:13 schrieb Anton Nefedov:
On 24/04/2017 21:16, Peter Lieven wrote:
Am 24.04.2017 um 18:27 schrieb Anton Nefedov :
On 04/21/2017 03:37 PM, Peter Lieven wrote:
Am 21.04.2017 um 14:19 schrieb Anton Nefedov:
On 04/21/2017 01:44 PM, Peter
If the user needs to specify the disk geometry, the corresponding
parameters of the "-drive" option should be used instead. "-hdachs"
is considered as deprecated and might be removed soon.
Signed-off-by: Thomas Huth
---
vl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git
On 2017/4/24 15:59, Kashyap Chamarthy wrote:
On Sat, Apr 22, 2017 at 05:23:49PM +0800, Hailiang Zhang wrote:
Hi,
Hi Hailiang,
I think the bellow patch can fix your problme.
[PATCH 2/4] qmp-cont: invalidate on RUN_STATE_PRELAUNCH
https://patchwork.kernel.org/patch/9591885/
Hmm, the above
68 matches
Mail list logo