From nobody Tue May 7 22:43:58 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1673786461; cv=none; d=zohomail.com; s=zohoarc; b=N6/4kZ3lXh7HDvWYClACl980xNbk5fJeXcgPhvibAdJOax+orNjVTixETmfBDAUXtsRCRayxvM0iuyiMd9aW45mTrj89JvLMUhBFK7PTKvx+az5H/EYFWDl6EDSwJLmZZirGdL9zxYDRimTS/CXJs5eQd7ASCNBEtODE4UxzwrY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673786461; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=yGGgRBbeuV+h16W/IxogjwPn7ZQTpXREF023Zue8ljI=; b=C9dyvCofQHsSHnqAbdwmL/vMyn75hKhriSaZdQ1Grp61YH7mImdM9EK1Xo+g5sUpNwMYwuxHobVExb2TFwYb2TSn8t5JWZ+J3UbUbME3Wzy93pD0B2aE3WAV+A+HBt9wDFcP+9PF4S7dq7oUSaFzkneYhq/vcNVg1zvsphZsMIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1673786461271676.6122515292445; Sun, 15 Jan 2023 04:41:01 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pH2J6-0003DF-Nh; Sun, 15 Jan 2023 07:40:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2Ir-00032r-CP; Sun, 15 Jan 2023 07:40:01 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2Ik-0006o5-NV; Sun, 15 Jan 2023 07:40:00 -0500 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30FAPeA9012411; Sun, 15 Jan 2023 12:39:51 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n4fqp9e4r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Jan 2023 12:39:51 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30FBxP85005665; Sun, 15 Jan 2023 12:39:50 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([9.208.129.116]) by ppma02dal.us.ibm.com (PPS) with ESMTPS id 3n3m16tq7y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Jan 2023 12:39:50 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30FCdkpN7930380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 15 Jan 2023 12:39:47 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8F9F958059; Sun, 15 Jan 2023 12:39:46 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09C055805D; Sun, 15 Jan 2023 12:39:46 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Sun, 15 Jan 2023 12:39:45 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=yGGgRBbeuV+h16W/IxogjwPn7ZQTpXREF023Zue8ljI=; b=nvloXpoEcq747CsgFX10YhI8v7ieGUN81pWOtCbibrTv+kEaEa4J77LdvNZmnqDJW4ru ks+KjDT/B0ACnq5+gVXU5M9JYvi37Ah2F+4TmLvwN6hOb/woGJGAx9u7pERBE1TIXbW3 PxktiVt5vc6m2ABYgnphtudIdWDdomfYo5BkOtftwVtZwUx/1MMmHqMABhcbnuGXvg+b zfL3XCW/MG/X7TLjIv3exemOpLGIkT/CGMqCEBso6jNaot/rZywlVxipfc8jLrZnKjxO 1MkbgfcKxQYK9y6jqr42spZLRB+QiAMoi1gERtinVre4fexNr8LYXlt/x9GFxyCr1RCo Eg== From: Or Ozeri To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, oro@il.ibm.com Subject: [PATCH v5 1/3] block/rbd: Remove redundant stack variable passphrase_len Date: Sun, 15 Jan 2023 06:39:30 -0600 Message-Id: <20230115123932.2564966-2-oro@il.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230115123932.2564966-1-oro@il.ibm.com> References: <20230115123932.2564966-1-oro@il.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: apW3CbBAShtJL-Wl58CkQeHH1ZO_sq-T X-Proofpoint-GUID: apW3CbBAShtJL-Wl58CkQeHH1ZO_sq-T X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-15_07,2023-01-13_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 phishscore=0 spamscore=0 suspectscore=0 malwarescore=0 clxscore=1015 mlxlogscore=588 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301150096 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=oro@il.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1673786462808100001 Content-Type: text/plain; charset="utf-8" Signed-off-by: Or Ozeri Reviewed-by: Ilya Dryomov --- block/rbd.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 3aa6aae0e0..cfec0f2862 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -385,7 +385,6 @@ static int qemu_rbd_encryption_format(rbd_image_t image, { int r =3D 0; g_autofree char *passphrase =3D NULL; - size_t passphrase_len; rbd_encryption_format_t format; rbd_encryption_options_t opts; rbd_encryption_luks1_format_options_t luks_opts; @@ -407,12 +406,12 @@ static int qemu_rbd_encryption_format(rbd_image_t ima= ge, opts_size =3D sizeof(luks_opts); r =3D qemu_rbd_convert_luks_create_options( qapi_RbdEncryptionCreateOptionsLUKS_base(&encrypt->u.l= uks), - &luks_opts.alg, &passphrase, &passphrase_len, errp); + &luks_opts.alg, &passphrase, &luks_opts.passphrase_siz= e, + errp); if (r < 0) { return r; } luks_opts.passphrase =3D passphrase; - luks_opts.passphrase_size =3D passphrase_len; break; } case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: { @@ -423,12 +422,12 @@ static int qemu_rbd_encryption_format(rbd_image_t ima= ge, r =3D qemu_rbd_convert_luks_create_options( qapi_RbdEncryptionCreateOptionsLUKS2_base( &encrypt->u.luks2), - &luks2_opts.alg, &passphrase, &passphrase_len, errp); + &luks2_opts.alg, &passphrase, &luks2_opts.passphrase_s= ize, + errp); if (r < 0) { return r; } luks2_opts.passphrase =3D passphrase; - luks2_opts.passphrase_size =3D passphrase_len; break; } default: { @@ -467,7 +466,6 @@ static int qemu_rbd_encryption_load(rbd_image_t image, { int r =3D 0; g_autofree char *passphrase =3D NULL; - size_t passphrase_len; rbd_encryption_luks1_format_options_t luks_opts; rbd_encryption_luks2_format_options_t luks2_opts; rbd_encryption_format_t format; @@ -482,12 +480,11 @@ static int qemu_rbd_encryption_load(rbd_image_t image, opts_size =3D sizeof(luks_opts); r =3D qemu_rbd_convert_luks_options( qapi_RbdEncryptionOptionsLUKS_base(&encrypt->u.luks), - &passphrase, &passphrase_len, errp); + &passphrase, &luks_opts.passphrase_size, errp); if (r < 0) { return r; } luks_opts.passphrase =3D passphrase; - luks_opts.passphrase_size =3D passphrase_len; break; } case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: { @@ -497,12 +494,11 @@ static int qemu_rbd_encryption_load(rbd_image_t image, opts_size =3D sizeof(luks2_opts); r =3D qemu_rbd_convert_luks_options( qapi_RbdEncryptionOptionsLUKS2_base(&encrypt->u.luks2), - &passphrase, &passphrase_len, errp); + &passphrase, &luks2_opts.passphrase_size, errp); if (r < 0) { return r; } luks2_opts.passphrase =3D passphrase; - luks2_opts.passphrase_size =3D passphrase_len; break; } default: { --=20 2.25.1 From nobody Tue May 7 22:43:58 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1673786501; cv=none; d=zohomail.com; s=zohoarc; b=NQNVFofew2GkiFERlaOT7xhyX9XgRlQ6imvXzwaNxxAewYOH8yXVqFuQqHa5VGohBhum31iTLv9MtAs5jhdVTAuS/LE0SZIuItv+1MQwvCz+uaJ2oxTSm+nCBw+DieeB6wFHNfUmzb7a3Z9zkqRiDdLgok6XIeKKo8GrUaA2dlM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673786501; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=db99MLEFtNtO0xb5H0G0kwTMDecZs4tuYQwT8W+Br70=; b=Uweduf6EkYHT+C+ZM2iNSqVqMErdjmjyNxZCooE5Cubv3xmhO5lj6hMxcwqhkd1Qdd1vM/Y8EzWRvpd9oLJN51wJpw8bOF5vTVYxXKG89pFgyTSzgn/qG2Z5cbXIrqWDOdQHAlqJQLx+Sb4UT4+dNhr5FjhS+oY62bOflGk9xFA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1673786501707446.22543496632807; Sun, 15 Jan 2023 04:41:41 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pH2Iy-000370-2B; Sun, 15 Jan 2023 07:40:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2In-00031s-92; Sun, 15 Jan 2023 07:39:57 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2Ik-0006nv-Mc; Sun, 15 Jan 2023 07:39:56 -0500 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30FAhxqW026929; Sun, 15 Jan 2023 12:39:50 GMT Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n4g0798r9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Jan 2023 12:39:50 +0000 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30FAA6Wj024981; Sun, 15 Jan 2023 12:39:50 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([9.208.130.97]) by ppma05wdc.us.ibm.com (PPS) with ESMTPS id 3n3m170jy9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Jan 2023 12:39:50 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30FCdlWg14746006 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 15 Jan 2023 12:39:47 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8CD0558059; Sun, 15 Jan 2023 12:39:47 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BD9A658043; Sun, 15 Jan 2023 12:39:46 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Sun, 15 Jan 2023 12:39:46 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=db99MLEFtNtO0xb5H0G0kwTMDecZs4tuYQwT8W+Br70=; b=H/hm9E4a+pOsQatPOBieNpU4z/2rHRMc/xVvOAsr/KagRopH44Ri709QCDSl3xQcQO9k KcEVdgM0dCH1ue/uu83utrH07LFeJ/iW0uvA+pQaAbtldsCIE/uRYEtuWyib8KxnNvX4 ug+mwkVhCyd7xrF74xX3iwQj5nqNzfJmlbkWNr27GICcbgaZIaPAU7baQPcRkJ++LP4r Fy/OXkOBnwJhPYZNA78iydSUEOGIR8L925eAIYSxA/LtqkljknVaWKzhvg4VJQenIMDR GhVZP0r48jN+M8mleyjzimbtH/a+TAt7NssnljgcPuP6iBk5R1lhUAxE31qII+SmtFeA NQ== From: Or Ozeri To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, oro@il.ibm.com Subject: [PATCH v5 2/3] block/rbd: Add luks-any encryption opening option Date: Sun, 15 Jan 2023 06:39:31 -0600 Message-Id: <20230115123932.2564966-3-oro@il.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230115123932.2564966-1-oro@il.ibm.com> References: <20230115123932.2564966-1-oro@il.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: jSJT1ku12d0QNxt_rPgG-9wdy15nL2S7 X-Proofpoint-GUID: jSJT1ku12d0QNxt_rPgG-9wdy15nL2S7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-15_07,2023-01-13_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 bulkscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 spamscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=781 clxscore=1011 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301150096 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=oro@il.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1673786502876100001 Content-Type: text/plain; charset="utf-8" Ceph RBD encryption API required specifying the encryption format for loading encryption. The supported formats were LUKS (v1) and LUKS2. Starting from Reef release, RBD also supports loading with "luks-any" forma= t, which works for both versions of LUKS. This commit extends the qemu rbd driver API to enable qemu users to use this luks-any wildcard format. Signed-off-by: Or Ozeri Reviewed-by: Ilya Dryomov --- block/rbd.c | 19 +++++++++++++++++++ qapi/block-core.json | 20 ++++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index cfec0f2862..b929378871 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -468,6 +468,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image, g_autofree char *passphrase =3D NULL; rbd_encryption_luks1_format_options_t luks_opts; rbd_encryption_luks2_format_options_t luks2_opts; +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 + rbd_encryption_luks_format_options_t luks_any_opts; +#endif rbd_encryption_format_t format; rbd_encryption_options_t opts; size_t opts_size; @@ -501,6 +504,22 @@ static int qemu_rbd_encryption_load(rbd_image_t image, luks2_opts.passphrase =3D passphrase; break; } +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: { + memset(&luks_any_opts, 0, sizeof(luks_any_opts)); + format =3D RBD_ENCRYPTION_FORMAT_LUKS; + opts =3D &luks_any_opts; + opts_size =3D sizeof(luks_any_opts); + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKSAny_base(&encrypt->u.luks= _any), + &passphrase, &luks_any_opts.passphrase_size, errp); + if (r < 0) { + return r; + } + luks_any_opts.passphrase =3D passphrase; + break; + } +#endif default: { r =3D -ENOTSUP; error_setg_errno( diff --git a/qapi/block-core.json b/qapi/block-core.json index 95ac4fa634..e59fb5d453 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3827,10 +3827,16 @@ ## # @RbdImageEncryptionFormat: # +# luks +# +# luks2 +# +# luks-any: Used for opening either luks or luks2. (Since 8.0) +# # Since: 6.1 ## { 'enum': 'RbdImageEncryptionFormat', - 'data': [ 'luks', 'luks2' ] } + 'data': [ 'luks', 'luks2', 'luks-any' ] } =20 ## # @RbdEncryptionOptionsLUKSBase: @@ -3872,6 +3878,15 @@ 'base': 'RbdEncryptionOptionsLUKSBase', 'data': { } } =20 +## +# @RbdEncryptionOptionsLUKSAny: +# +# Since: 8.0 +## +{ 'struct': 'RbdEncryptionOptionsLUKSAny', + 'base': 'RbdEncryptionOptionsLUKSBase', + 'data': { } } + ## # @RbdEncryptionCreateOptionsLUKS: # @@ -3899,7 +3914,8 @@ 'base': { 'format': 'RbdImageEncryptionFormat' }, 'discriminator': 'format', 'data': { 'luks': 'RbdEncryptionOptionsLUKS', - 'luks2': 'RbdEncryptionOptionsLUKS2' } } + 'luks2': 'RbdEncryptionOptionsLUKS2', + 'luks-any': 'RbdEncryptionOptionsLUKSAny'} } =20 ## # @RbdEncryptionCreateOptions: --=20 2.25.1 From nobody Tue May 7 22:43:58 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1673786474; cv=none; d=zohomail.com; s=zohoarc; b=TnNj8f1fDCmW/Mnwx3RZ9z0zOIWulTYeAAKfsHSEFIBQANvVoO3uiZgqEiRlA28VGYjCfy4al17i2B2zld3ACRPjJmfJysrYmqN9f1OkYuCRslDf0qRhvQLsRHkgmtwOwGWukN8HHBuub8p/nMw/FTm7QZ63asflRLxmq3GsPxg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673786474; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=30dD+v21qgSVlbv964vuqn6KndWUruJa38MNfUQKp3s=; b=Zfv4/QeCRdSQc5OtaO4bIguBpUafydjgO68d/iSR3elgqiHhP0/06Eums8G25nvsr+hQLYFie50DeZg19tmDibrKMZhISoIn6SJ/w5yzYoAYT2BtFB/j+ZtccFW9Qk6yEJIHAshTWT1Vj4Jhwl8o+DC1f32A+iVxoDMWsMsfBKQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1673786474581174.0105720559335; Sun, 15 Jan 2023 04:41:14 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pH2J3-0003AC-IB; Sun, 15 Jan 2023 07:40:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2Iq-00032l-1p; Sun, 15 Jan 2023 07:40:01 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2Ik-0006o0-OB; Sun, 15 Jan 2023 07:39:57 -0500 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30F8scjn010797; Sun, 15 Jan 2023 12:39:51 GMT Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n4ed22mgm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Jan 2023 12:39:51 +0000 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30F9sSC0018758; Sun, 15 Jan 2023 12:39:50 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([9.208.130.98]) by ppma04wdc.us.ibm.com (PPS) with ESMTPS id 3n3m16rjs5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 15 Jan 2023 12:39:50 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30FCdm3N3080882 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 15 Jan 2023 12:39:48 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 41F5358055; Sun, 15 Jan 2023 12:39:48 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BA88758043; Sun, 15 Jan 2023 12:39:47 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Sun, 15 Jan 2023 12:39:47 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=30dD+v21qgSVlbv964vuqn6KndWUruJa38MNfUQKp3s=; b=OzRH16yFLlXf9Poq87+UM7Gz49SX824cinEupXWuWB+owdypofYgCfdC0q3QSeTkL4eU TzArInXsjVAHzcdwYEKCIdMSIQEfO5duB4VXbj3thCs1Oeu2AuUQRRa20yrO6z3lD403 5Gr/x5WbaZTGIFPUk0MhVZn78qHFAtHFuNSXTWgkq6UiLSHWJH7JFwXYftbIqRiLVyFq HBvQBPEc2xzwVuvUHS8f4CJE01J8urT7vWW8sQkFmFu9UOdVmYIhzJkwsu30fywqtyVM bil/j89bm/sRF5+xgZPSEgwxt7tCWWXNLbNi/BbhkICrTfRpQTArR6yC6gaFPL7GvUPq hA== From: Or Ozeri To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, oro@il.ibm.com Subject: [PATCH v5 3/3] block/rbd: Add support for layered encryption Date: Sun, 15 Jan 2023 06:39:32 -0600 Message-Id: <20230115123932.2564966-4-oro@il.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230115123932.2564966-1-oro@il.ibm.com> References: <20230115123932.2564966-1-oro@il.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 0HP0Rt134qnH7cS4__quTmZ8uhqgKy1L X-Proofpoint-ORIG-GUID: 0HP0Rt134qnH7cS4__quTmZ8uhqgKy1L X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-15_07,2023-01-13_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 suspectscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 spamscore=0 clxscore=1015 mlxlogscore=870 impostorscore=0 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301150096 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=oro@il.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1673786476924100003 Content-Type: text/plain; charset="utf-8" Starting from ceph Reef, RBD has built-in support for layered encryption, where each ancestor image (in a cloned image setting) can be possibly encrypted using a unique passphrase. A new function, rbd_encryption_load2, was added to librbd API. This new function supports an array of passphrases (via "spec" structs). This commit extends the qemu rbd driver API to use this new librbd API, in order to support this new layered encryption feature. Signed-off-by: Or Ozeri Reviewed-by: Ilya Dryomov --- block/rbd.c | 154 ++++++++++++++++++++++++++++++++++++++++++- qapi/block-core.json | 11 +++- 2 files changed, 163 insertions(+), 2 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index b929378871..c8418a8057 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -71,6 +71,16 @@ static const char rbd_luks2_header_verification[ 'L', 'U', 'K', 'S', 0xBA, 0xBE, 0, 2 }; =20 +static const char rbd_layered_luks_header_verification[ + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] =3D { + 'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 1 +}; + +static const char rbd_layered_luks2_header_verification[ + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] =3D { + 'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 2 +}; + typedef enum { RBD_AIO_READ, RBD_AIO_WRITE, @@ -537,6 +547,129 @@ static int qemu_rbd_encryption_load(rbd_image_t image, =20 return 0; } + +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 +static int qemu_rbd_encryption_load2(rbd_image_t image, + RbdEncryptionOptions *encrypt, + Error **errp) +{ + int r =3D 0; + int encrypt_count =3D 1; + int i; + RbdEncryptionOptions *curr_encrypt; + rbd_encryption_spec_t *specs; + rbd_encryption_luks1_format_options_t *luks_opts; + rbd_encryption_luks2_format_options_t *luks2_opts; + rbd_encryption_luks_format_options_t *luks_any_opts; + + /* count encryption options */ + for (curr_encrypt =3D encrypt; curr_encrypt->parent; + curr_encrypt =3D curr_encrypt->parent) { + ++encrypt_count; + } + + specs =3D g_new0(rbd_encryption_spec_t, encrypt_count); + + curr_encrypt =3D encrypt; + for (i =3D 0; i < encrypt_count; ++i) { + switch (curr_encrypt->format) { + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS: { + specs[i].format =3D RBD_ENCRYPTION_FORMAT_LUKS1; + + luks_opts =3D g_new0(rbd_encryption_luks1_format_options_t= , 1); + specs[i].opts =3D luks_opts; + specs[i].opts_size =3D sizeof(*luks_opts); + + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKS_base( + &curr_encrypt->u.luks), + (char **)&luks_opts->passphrase, + &luks_opts->passphrase_size, + errp); + break; + } + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: { + specs[i].format =3D RBD_ENCRYPTION_FORMAT_LUKS2; + + luks2_opts =3D g_new0(rbd_encryption_luks2_format_options_= t, 1); + specs[i].opts =3D luks2_opts; + specs[i].opts_size =3D sizeof(*luks2_opts); + + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKS2_base( + &curr_encrypt->u.luks2), + (char **)&luks2_opts->passphrase, + &luks2_opts->passphrase_size, + errp); + break; + } + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: { + specs[i].format =3D RBD_ENCRYPTION_FORMAT_LUKS; + + luks_any_opts =3D g_new0(rbd_encryption_luks_format_option= s_t, 1); + specs[i].opts =3D luks_any_opts; + specs[i].opts_size =3D sizeof(*luks_any_opts); + + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKSAny_base( + &curr_encrypt->u.luks_any), + (char **)&luks_any_opts->passphrase, + &luks_any_opts->passphrase_size, + errp); + break; + } + + default: { + r =3D -ENOTSUP; + error_setg_errno( + errp, -r, "unknown image encryption format: %u", + curr_encrypt->format); + } + } + + if (r < 0) { + goto exit; + } + + curr_encrypt =3D curr_encrypt->parent; + } + + r =3D rbd_encryption_load2(image, specs, encrypt_count); + if (r < 0) { + error_setg_errno(errp, -r, "layered encryption load fail"); + goto exit; + } + +exit: + for (i =3D 0; i < encrypt_count; ++i) { + if (!specs[i].opts) { + break; + } + + switch (specs[i].format) { + case RBD_ENCRYPTION_FORMAT_LUKS1: { + luks_opts =3D specs[i].opts; + g_free((void *)luks_opts->passphrase); + break; + } + case RBD_ENCRYPTION_FORMAT_LUKS2: { + luks2_opts =3D specs[i].opts; + g_free((void *)luks2_opts->passphrase); + break; + } + case RBD_ENCRYPTION_FORMAT_LUKS: { + luks_any_opts =3D specs[i].opts; + g_free((void *)luks_any_opts->passphrase); + break; + } + } + + g_free(specs[i].opts); + } + g_free(specs); + return r; +} +#endif #endif =20 /* FIXME Deprecate and remove keypairs or make it available in QMP. */ @@ -1003,7 +1136,16 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict= *options, int flags, =20 if (opts->encrypt) { #ifdef LIBRBD_SUPPORTS_ENCRYPTION - r =3D qemu_rbd_encryption_load(s->image, opts->encrypt, errp); + if (opts->encrypt->parent) { +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 + r =3D qemu_rbd_encryption_load2(s->image, opts->encrypt, errp); +#else + r =3D -ENOTSUP; + error_setg(errp, "RBD library does not support layered encrypt= ion"); +#endif + } else { + r =3D qemu_rbd_encryption_load(s->image, opts->encrypt, errp); + } if (r < 0) { goto failed_post_open; } @@ -1294,6 +1436,16 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info= (BlockDriverState *bs, spec_info->u.rbd.data->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; spec_info->u.rbd.data->has_encryption_format =3D true; + } else if (memcmp(buf, rbd_layered_luks_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + spec_info->u.rbd.data->encryption_format =3D + RBD_IMAGE_ENCRYPTION_FORMAT_LUKS; + spec_info->u.rbd.data->has_encryption_format =3D true; + } else if (memcmp(buf, rbd_layered_luks2_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + spec_info->u.rbd.data->encryption_format =3D + RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; + spec_info->u.rbd.data->has_encryption_format =3D true; } else { spec_info->u.rbd.data->has_encryption_format =3D false; } diff --git a/qapi/block-core.json b/qapi/block-core.json index e59fb5d453..49df47c3c6 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3908,10 +3908,19 @@ ## # @RbdEncryptionOptions: # +# @format: Encryption format. +# +# @parent: Parent image encryption options (for cloned images). +# Can be left unspecified if this cloned image is encrypted +# using the same format and secret as its parent image (i.e. +# not explicitly formatted) or if its parent image is not +# encrypted. (Since 8.0) +# # Since: 6.1 ## { 'union': 'RbdEncryptionOptions', - 'base': { 'format': 'RbdImageEncryptionFormat' }, + 'base': { 'format': 'RbdImageEncryptionFormat', + '*parent': 'RbdEncryptionOptions' }, 'discriminator': 'format', 'data': { 'luks': 'RbdEncryptionOptionsLUKS', 'luks2': 'RbdEncryptionOptionsLUKS2', --=20 2.25.1