* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
struct BlockCrypto {
QCryptoBlock *block;
+ bool updating_keys;
};
return ret;
}
+static ssize_t block_crypto_write_func(QCryptoBlock *block,
+ size_t offset,
+ const uint8_t *buf,
+ size_t buflen,
+ void *opaque,
+ Error **errp)
+{
+ BlockDriverState *bs = opaque;
+ ssize_t ret;
+
+ ret = bdrv_pwrite(bs->file, offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not write encryption header");
+ return ret;
+ }
+ return ret;
+}
+
struct BlockCryptoCreateData {
BlockBackend *blk;
};
-static ssize_t block_crypto_write_func(QCryptoBlock *block,
- size_t offset,
- const uint8_t *buf,
- size_t buflen,
- void *opaque,
- Error **errp)
+static ssize_t block_crypto_create_write_func(QCryptoBlock *block,
+ size_t offset,
+ const uint8_t *buf,
+ size_t buflen,
+ void *opaque,
+ Error **errp)
{
struct BlockCryptoCreateData *data = opaque;
ssize_t ret;
return ret;
}
-
-static ssize_t block_crypto_init_func(QCryptoBlock *block,
- size_t headerlen,
- void *opaque,
- Error **errp)
+static ssize_t block_crypto_create_init_func(QCryptoBlock *block,
+ size_t headerlen,
+ void *opaque,
+ Error **errp)
{
struct BlockCryptoCreateData *data = opaque;
+ Error *local_error = NULL;
+ int ret;
if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
- error_setg(errp, "The requested file size is too large");
- return -EFBIG;
+ ret = -EFBIG;
+ goto error;
}
/* User provided size should reflect amount of space made
* available to the guest, so we must take account of that
* which will be used by the crypto header
*/
- return blk_truncate(data->blk, data->size + headerlen, false,
- data->prealloc, errp);
+ ret = blk_truncate(data->blk, data->size + headerlen, false,
+ data->prealloc, 0, &local_error);
+
+ if (ret >= 0) {
+ return ret;
+ }
+
+error:
+ if (ret == -EFBIG) {
+ /* Replace the error message with a better one */
+ error_free(local_error);
+ error_setg(errp, "The requested file size is too large");
+ } else {
+ error_propagate(errp, local_error);
+ }
+
+ return ret;
}
};
+static QemuOptsList block_crypto_amend_opts_luks = {
+ .name = "crypto",
+ .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
+ .desc = {
+ BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
+ { /* end of list */ }
+ },
+};
+
QCryptoBlockOpenOptions *
block_crypto_open_opts_init(QDict *opts, Error **errp)
{
return ret;
}
+QCryptoBlockAmendOptions *
+block_crypto_amend_opts_init(QDict *opts, Error **errp)
+{
+ Visitor *v;
+ QCryptoBlockAmendOptions *ret;
+
+ v = qobject_input_visitor_new_flat_confused(opts, errp);
+ if (!v) {
+ return NULL;
+ }
+
+ visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
+
+ visit_free(v);
+ return ret;
+}
+
static int block_crypto_open_generic(QCryptoBlockFormat format,
QemuOptsList *opts_spec,
{
BlockCrypto *crypto = bs->opaque;
QemuOpts *opts = NULL;
- Error *local_err = NULL;
int ret = -EINVAL;
QCryptoBlockOpenOptions *open_opts = NULL;
unsigned int cflags = 0;
QDict *cryptoopts = NULL;
- bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
- false, errp);
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds,
+ BDRV_CHILD_IMAGE, false, errp);
if (!bs->file) {
return -EINVAL;
}
bs->file->bs->supported_write_flags;
opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
- qemu_opts_absorb_qdict(opts, options, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
+ if (!qemu_opts_absorb_qdict(opts, options, errp)) {
goto cleanup;
}
QCryptoBlock *crypto = NULL;
struct BlockCryptoCreateData data;
- blk = blk_new(bdrv_get_aio_context(bs),
- BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL);
-
- ret = blk_insert_bs(blk, bs, errp);
- if (ret < 0) {
+ blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL,
+ errp);
+ if (!blk) {
+ ret = -EPERM;
goto cleanup;
}
};
crypto = qcrypto_block_create(opts, NULL,
- block_crypto_init_func,
- block_crypto_write_func,
+ block_crypto_create_init_func,
+ block_crypto_create_write_func,
&data,
errp);
* Unallocated blocks are still encrypted so allocation status makes no
* difference to the file size.
*/
- info = g_new(BlockMeasureInfo, 1);
+ info = g_new0(BlockMeasureInfo, 1);
info->fully_allocated = luks_payload_size + size;
info->required = luks_payload_size + size;
return info;
return ret;
}
- bdi->unallocated_blocks_are_zero = false;
bdi->cluster_size = subbdi.cluster_size;
return 0;
return spec_info;
}
+static int
+block_crypto_amend_options_generic_luks(BlockDriverState *bs,
+ QCryptoBlockAmendOptions *amend_options,
+ bool force,
+ Error **errp)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int ret;
+
+ assert(crypto);
+ assert(crypto->block);
+
+ /* apply for exclusive read/write permissions to the underlying file*/
+ crypto->updating_keys = true;
+ ret = bdrv_child_refresh_perms(bs, bs->file, errp);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = qcrypto_block_amend_options(crypto->block,
+ block_crypto_read_func,
+ block_crypto_write_func,
+ bs,
+ amend_options,
+ force,
+ errp);
+cleanup:
+ /* release exclusive read/write permissions to the underlying file*/
+ crypto->updating_keys = false;
+ bdrv_child_refresh_perms(bs, bs->file, errp);
+ return ret;
+}
+
+static int
+block_crypto_amend_options_luks(BlockDriverState *bs,
+ QemuOpts *opts,
+ BlockDriverAmendStatusCB *status_cb,
+ void *cb_opaque,
+ bool force,
+ Error **errp)
+{
+ BlockCrypto *crypto = bs->opaque;
+ QDict *cryptoopts = NULL;
+ QCryptoBlockAmendOptions *amend_options = NULL;
+ int ret = -EINVAL;
+
+ assert(crypto);
+ assert(crypto->block);
+
+ cryptoopts = qemu_opts_to_qdict(opts, NULL);
+ qdict_put_str(cryptoopts, "format", "luks");
+ amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
+ qobject_unref(cryptoopts);
+ if (!amend_options) {
+ goto cleanup;
+ }
+ ret = block_crypto_amend_options_generic_luks(bs, amend_options,
+ force, errp);
+cleanup:
+ qapi_free_QCryptoBlockAmendOptions(amend_options);
+ return ret;
+}
+
+static int
+coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs,
+ BlockdevAmendOptions *opts,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockAmendOptions amend_opts;
+
+ amend_opts = (QCryptoBlockAmendOptions) {
+ .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
+ };
+ return block_crypto_amend_options_generic_luks(bs, &amend_opts,
+ force, errp);
+}
+
+static void
+block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole role,
+ BlockReopenQueue *reopen_queue,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared)
+{
+
+ BlockCrypto *crypto = bs->opaque;
+
+ bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared);
+
+ /*
+ * For backward compatibility, manually share the write
+ * and resize permission
+ */
+ *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
+ /*
+ * Since we are not fully a format driver, don't always request
+ * the read/resize permission but only when explicitly
+ * requested
+ */
+ *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
+ *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
+
+ /*
+ * This driver doesn't modify LUKS metadata except
+ * when updating the encryption slots.
+ * Thus unlike a proper format driver we don't ask for
+ * shared write/read permission. However we need it
+ * when we are updating the keys, to ensure that only we
+ * have access to the device.
+ *
+ * Encryption update will set the crypto->updating_keys
+ * during that period and refresh permissions
+ *
+ */
+ if (crypto->updating_keys) {
+ /* need exclusive write access for header update */
+ *nperm |= BLK_PERM_WRITE;
+ /* unshare read and write permission */
+ *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE);
+ }
+}
+
+
static const char *const block_crypto_strong_runtime_opts[] = {
BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
.bdrv_probe = block_crypto_probe_luks,
.bdrv_open = block_crypto_open_luks,
.bdrv_close = block_crypto_close,
- /* This driver doesn't modify LUKS metadata except when creating image.
- * Allow share-rw=on as a special case. */
- .bdrv_child_perm = bdrv_filter_default_perms,
+ .bdrv_child_perm = block_crypto_child_perms,
.bdrv_co_create = block_crypto_co_create_luks,
.bdrv_co_create_opts = block_crypto_co_create_opts_luks,
.bdrv_co_truncate = block_crypto_co_truncate,
.create_opts = &block_crypto_create_opts_luks,
+ .amend_opts = &block_crypto_amend_opts_luks,
.bdrv_reopen_prepare = block_crypto_reopen_prepare,
.bdrv_refresh_limits = block_crypto_refresh_limits,
.bdrv_measure = block_crypto_measure,
.bdrv_get_info = block_crypto_get_info_luks,
.bdrv_get_specific_info = block_crypto_get_specific_info_luks,
+ .bdrv_amend_options = block_crypto_amend_options_luks,
+ .bdrv_co_amend = block_crypto_co_amend_luks,
+
+ .is_format = true,
.strong_runtime_opts = block_crypto_strong_runtime_opts,
};
projects / qemu.git / blobdiff