1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22
23#include "block/block_int.h"
24#include "block/qdict.h"
25#include "sysemu/block-backend.h"
26#include "crypto/block.h"
27#include "qapi/opts-visitor.h"
28#include "qapi/qapi-visit-crypto.h"
29#include "qapi/qobject-input-visitor.h"
30#include "qapi/error.h"
31#include "qemu/module.h"
32#include "qemu/option.h"
33#include "qemu/cutils.h"
34#include "qemu/memalign.h"
35#include "crypto.h"
36
37typedef struct BlockCrypto BlockCrypto;
38
39struct BlockCrypto {
40 QCryptoBlock *block;
41 bool updating_keys;
42};
43
44
45static int block_crypto_probe_generic(QCryptoBlockFormat format,
46 const uint8_t *buf,
47 int buf_size,
48 const char *filename)
49{
50 if (qcrypto_block_has_format(format, buf, buf_size)) {
51 return 100;
52 } else {
53 return 0;
54 }
55}
56
57
58static int block_crypto_read_func(QCryptoBlock *block,
59 size_t offset,
60 uint8_t *buf,
61 size_t buflen,
62 void *opaque,
63 Error **errp)
64{
65 BlockDriverState *bs = opaque;
66 ssize_t ret;
67
68 ret = bdrv_pread(bs->file, offset, buflen, buf, 0);
69 if (ret < 0) {
70 error_setg_errno(errp, -ret, "Could not read encryption header");
71 return ret;
72 }
73 return 0;
74}
75
76static int block_crypto_write_func(QCryptoBlock *block,
77 size_t offset,
78 const uint8_t *buf,
79 size_t buflen,
80 void *opaque,
81 Error **errp)
82{
83 BlockDriverState *bs = opaque;
84 ssize_t ret;
85
86 ret = bdrv_pwrite(bs->file, offset, buflen, buf, 0);
87 if (ret < 0) {
88 error_setg_errno(errp, -ret, "Could not write encryption header");
89 return ret;
90 }
91 return 0;
92}
93
94
95struct BlockCryptoCreateData {
96 BlockBackend *blk;
97 uint64_t size;
98 PreallocMode prealloc;
99};
100
101
102static int block_crypto_create_write_func(QCryptoBlock *block,
103 size_t offset,
104 const uint8_t *buf,
105 size_t buflen,
106 void *opaque,
107 Error **errp)
108{
109 struct BlockCryptoCreateData *data = opaque;
110 ssize_t ret;
111
112 ret = blk_pwrite(data->blk, offset, buflen, buf, 0);
113 if (ret < 0) {
114 error_setg_errno(errp, -ret, "Could not write encryption header");
115 return ret;
116 }
117 return 0;
118}
119
120static int block_crypto_create_init_func(QCryptoBlock *block,
121 size_t headerlen,
122 void *opaque,
123 Error **errp)
124{
125 struct BlockCryptoCreateData *data = opaque;
126 Error *local_error = NULL;
127 int ret;
128
129 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
130 ret = -EFBIG;
131 goto error;
132 }
133
134
135
136
137
138 ret = blk_truncate(data->blk, data->size + headerlen, false,
139 data->prealloc, 0, &local_error);
140
141 if (ret >= 0) {
142 return 0;
143 }
144
145error:
146 if (ret == -EFBIG) {
147
148 error_free(local_error);
149 error_setg(errp, "The requested file size is too large");
150 } else {
151 error_propagate(errp, local_error);
152 }
153
154 return ret;
155}
156
157
158static QemuOptsList block_crypto_runtime_opts_luks = {
159 .name = "crypto",
160 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
161 .desc = {
162 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
163 { }
164 },
165};
166
167
168static QemuOptsList block_crypto_create_opts_luks = {
169 .name = "crypto",
170 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
171 .desc = {
172 {
173 .name = BLOCK_OPT_SIZE,
174 .type = QEMU_OPT_SIZE,
175 .help = "Virtual disk size"
176 },
177 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
178 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
179 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
180 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
181 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
182 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
183 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
184 { }
185 },
186};
187
188
189static QemuOptsList block_crypto_amend_opts_luks = {
190 .name = "crypto",
191 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
192 .desc = {
193 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""),
194 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""),
195 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""),
196 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""),
197 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
198 { }
199 },
200};
201
202QCryptoBlockOpenOptions *
203block_crypto_open_opts_init(QDict *opts, Error **errp)
204{
205 Visitor *v;
206 QCryptoBlockOpenOptions *ret;
207
208 v = qobject_input_visitor_new_flat_confused(opts, errp);
209 if (!v) {
210 return NULL;
211 }
212
213 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp);
214
215 visit_free(v);
216 return ret;
217}
218
219
220QCryptoBlockCreateOptions *
221block_crypto_create_opts_init(QDict *opts, Error **errp)
222{
223 Visitor *v;
224 QCryptoBlockCreateOptions *ret;
225
226 v = qobject_input_visitor_new_flat_confused(opts, errp);
227 if (!v) {
228 return NULL;
229 }
230
231 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp);
232
233 visit_free(v);
234 return ret;
235}
236
237QCryptoBlockAmendOptions *
238block_crypto_amend_opts_init(QDict *opts, Error **errp)
239{
240 Visitor *v;
241 QCryptoBlockAmendOptions *ret;
242
243 v = qobject_input_visitor_new_flat_confused(opts, errp);
244 if (!v) {
245 return NULL;
246 }
247
248 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
249
250 visit_free(v);
251 return ret;
252}
253
254
255static int block_crypto_open_generic(QCryptoBlockFormat format,
256 QemuOptsList *opts_spec,
257 BlockDriverState *bs,
258 QDict *options,
259 int flags,
260 Error **errp)
261{
262 BlockCrypto *crypto = bs->opaque;
263 QemuOpts *opts = NULL;
264 int ret;
265 QCryptoBlockOpenOptions *open_opts = NULL;
266 unsigned int cflags = 0;
267 QDict *cryptoopts = NULL;
268
269 ret = bdrv_open_file_child(NULL, options, "file", bs, errp);
270 if (ret < 0) {
271 return ret;
272 }
273
274 bs->supported_write_flags = BDRV_REQ_FUA &
275 bs->file->bs->supported_write_flags;
276
277 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
278 if (!qemu_opts_absorb_qdict(opts, options, errp)) {
279 ret = -EINVAL;
280 goto cleanup;
281 }
282
283 cryptoopts = qemu_opts_to_qdict(opts, NULL);
284 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format));
285
286 open_opts = block_crypto_open_opts_init(cryptoopts, errp);
287 if (!open_opts) {
288 ret = -EINVAL;
289 goto cleanup;
290 }
291
292 if (flags & BDRV_O_NO_IO) {
293 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
294 }
295 crypto->block = qcrypto_block_open(open_opts, NULL,
296 block_crypto_read_func,
297 bs,
298 cflags,
299 1,
300 errp);
301
302 if (!crypto->block) {
303 ret = -EIO;
304 goto cleanup;
305 }
306
307 bs->encrypted = true;
308
309 ret = 0;
310 cleanup:
311 qobject_unref(cryptoopts);
312 qapi_free_QCryptoBlockOpenOptions(open_opts);
313 return ret;
314}
315
316
317static int block_crypto_co_create_generic(BlockDriverState *bs,
318 int64_t size,
319 QCryptoBlockCreateOptions *opts,
320 PreallocMode prealloc,
321 Error **errp)
322{
323 int ret;
324 BlockBackend *blk;
325 QCryptoBlock *crypto = NULL;
326 struct BlockCryptoCreateData data;
327
328 blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL,
329 errp);
330 if (!blk) {
331 ret = -EPERM;
332 goto cleanup;
333 }
334
335 if (prealloc == PREALLOC_MODE_METADATA) {
336 prealloc = PREALLOC_MODE_OFF;
337 }
338
339 data = (struct BlockCryptoCreateData) {
340 .blk = blk,
341 .size = size,
342 .prealloc = prealloc,
343 };
344
345 crypto = qcrypto_block_create(opts, NULL,
346 block_crypto_create_init_func,
347 block_crypto_create_write_func,
348 &data,
349 errp);
350
351 if (!crypto) {
352 ret = -EIO;
353 goto cleanup;
354 }
355
356 ret = 0;
357 cleanup:
358 qcrypto_block_free(crypto);
359 blk_unref(blk);
360 return ret;
361}
362
363static int coroutine_fn
364block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact,
365 PreallocMode prealloc, BdrvRequestFlags flags,
366 Error **errp)
367{
368 BlockCrypto *crypto = bs->opaque;
369 uint64_t payload_offset =
370 qcrypto_block_get_payload_offset(crypto->block);
371
372 if (payload_offset > INT64_MAX - offset) {
373 error_setg(errp, "The requested file size is too large");
374 return -EFBIG;
375 }
376
377 offset += payload_offset;
378
379 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp);
380}
381
382static void block_crypto_close(BlockDriverState *bs)
383{
384 BlockCrypto *crypto = bs->opaque;
385 qcrypto_block_free(crypto->block);
386}
387
388static int block_crypto_reopen_prepare(BDRVReopenState *state,
389 BlockReopenQueue *queue, Error **errp)
390{
391
392 return 0;
393}
394
395
396
397
398
399#define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024)
400
401static coroutine_fn int
402block_crypto_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
403 QEMUIOVector *qiov, BdrvRequestFlags flags)
404{
405 BlockCrypto *crypto = bs->opaque;
406 uint64_t cur_bytes;
407 uint64_t bytes_done = 0;
408 uint8_t *cipher_data = NULL;
409 QEMUIOVector hd_qiov;
410 int ret = 0;
411 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
412 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
413
414 assert(payload_offset < INT64_MAX);
415 assert(QEMU_IS_ALIGNED(offset, sector_size));
416 assert(QEMU_IS_ALIGNED(bytes, sector_size));
417
418 qemu_iovec_init(&hd_qiov, qiov->niov);
419
420
421
422
423 cipher_data =
424 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
425 qiov->size));
426 if (cipher_data == NULL) {
427 ret = -ENOMEM;
428 goto cleanup;
429 }
430
431 while (bytes) {
432 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
433
434 qemu_iovec_reset(&hd_qiov);
435 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
436
437 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done,
438 cur_bytes, &hd_qiov, 0);
439 if (ret < 0) {
440 goto cleanup;
441 }
442
443 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done,
444 cipher_data, cur_bytes, NULL) < 0) {
445 ret = -EIO;
446 goto cleanup;
447 }
448
449 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes);
450
451 bytes -= cur_bytes;
452 bytes_done += cur_bytes;
453 }
454
455 cleanup:
456 qemu_iovec_destroy(&hd_qiov);
457 qemu_vfree(cipher_data);
458
459 return ret;
460}
461
462
463static coroutine_fn int
464block_crypto_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
465 QEMUIOVector *qiov, BdrvRequestFlags flags)
466{
467 BlockCrypto *crypto = bs->opaque;
468 uint64_t cur_bytes;
469 uint64_t bytes_done = 0;
470 uint8_t *cipher_data = NULL;
471 QEMUIOVector hd_qiov;
472 int ret = 0;
473 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
474 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
475
476 flags &= ~BDRV_REQ_REGISTERED_BUF;
477
478 assert(payload_offset < INT64_MAX);
479 assert(QEMU_IS_ALIGNED(offset, sector_size));
480 assert(QEMU_IS_ALIGNED(bytes, sector_size));
481
482 qemu_iovec_init(&hd_qiov, qiov->niov);
483
484
485
486
487 cipher_data =
488 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
489 qiov->size));
490 if (cipher_data == NULL) {
491 ret = -ENOMEM;
492 goto cleanup;
493 }
494
495 while (bytes) {
496 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
497
498 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes);
499
500 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done,
501 cipher_data, cur_bytes, NULL) < 0) {
502 ret = -EIO;
503 goto cleanup;
504 }
505
506 qemu_iovec_reset(&hd_qiov);
507 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
508
509 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done,
510 cur_bytes, &hd_qiov, flags);
511 if (ret < 0) {
512 goto cleanup;
513 }
514
515 bytes -= cur_bytes;
516 bytes_done += cur_bytes;
517 }
518
519 cleanup:
520 qemu_iovec_destroy(&hd_qiov);
521 qemu_vfree(cipher_data);
522
523 return ret;
524}
525
526static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp)
527{
528 BlockCrypto *crypto = bs->opaque;
529 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
530 bs->bl.request_alignment = sector_size;
531}
532
533
534static int64_t block_crypto_getlength(BlockDriverState *bs)
535{
536 BlockCrypto *crypto = bs->opaque;
537 int64_t len = bdrv_getlength(bs->file->bs);
538
539 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block);
540 assert(offset < INT64_MAX);
541
542 if (offset > len) {
543 return -EIO;
544 }
545
546 len -= offset;
547
548 return len;
549}
550
551
552static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts,
553 BlockDriverState *in_bs,
554 Error **errp)
555{
556 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL;
557 Error *local_err = NULL;
558 BlockMeasureInfo *info;
559 uint64_t size;
560 size_t luks_payload_size;
561 QDict *cryptoopts;
562
563
564
565
566
567 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC));
568
569 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
570
571 if (in_bs) {
572 int64_t ssize = bdrv_getlength(in_bs);
573
574 if (ssize < 0) {
575 error_setg_errno(&local_err, -ssize,
576 "Unable to get image virtual_size");
577 goto err;
578 }
579
580 size = ssize;
581 }
582
583 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
584 &block_crypto_create_opts_luks, true);
585 qdict_put_str(cryptoopts, "format", "luks");
586 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err);
587 qobject_unref(cryptoopts);
588 if (!create_opts) {
589 goto err;
590 }
591
592 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL,
593 &luks_payload_size,
594 &local_err)) {
595 goto err;
596 }
597
598
599
600
601
602 info = g_new0(BlockMeasureInfo, 1);
603 info->fully_allocated = luks_payload_size + size;
604 info->required = luks_payload_size + size;
605 return info;
606
607err:
608 error_propagate(errp, local_err);
609 return NULL;
610}
611
612
613static int block_crypto_probe_luks(const uint8_t *buf,
614 int buf_size,
615 const char *filename) {
616 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
617 buf, buf_size, filename);
618}
619
620static int block_crypto_open_luks(BlockDriverState *bs,
621 QDict *options,
622 int flags,
623 Error **errp)
624{
625 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
626 &block_crypto_runtime_opts_luks,
627 bs, options, flags, errp);
628}
629
630static int coroutine_fn
631block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
632{
633 BlockdevCreateOptionsLUKS *luks_opts;
634 BlockDriverState *bs = NULL;
635 QCryptoBlockCreateOptions create_opts;
636 PreallocMode preallocation = PREALLOC_MODE_OFF;
637 int ret;
638
639 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS);
640 luks_opts = &create_options->u.luks;
641
642 bs = bdrv_open_blockdev_ref(luks_opts->file, errp);
643 if (bs == NULL) {
644 return -EIO;
645 }
646
647 create_opts = (QCryptoBlockCreateOptions) {
648 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
649 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts),
650 };
651
652 if (luks_opts->has_preallocation) {
653 preallocation = luks_opts->preallocation;
654 }
655
656 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts,
657 preallocation, errp);
658 if (ret < 0) {
659 goto fail;
660 }
661
662 ret = 0;
663fail:
664 bdrv_unref(bs);
665 return ret;
666}
667
668static int coroutine_fn block_crypto_co_create_opts_luks(BlockDriver *drv,
669 const char *filename,
670 QemuOpts *opts,
671 Error **errp)
672{
673 QCryptoBlockCreateOptions *create_opts = NULL;
674 BlockDriverState *bs = NULL;
675 QDict *cryptoopts;
676 PreallocMode prealloc;
677 char *buf = NULL;
678 int64_t size;
679 int ret;
680 Error *local_err = NULL;
681
682
683 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
684
685 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
686 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
687 PREALLOC_MODE_OFF, &local_err);
688 g_free(buf);
689 if (local_err) {
690 error_propagate(errp, local_err);
691 return -EINVAL;
692 }
693
694 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
695 &block_crypto_create_opts_luks,
696 true);
697
698 qdict_put_str(cryptoopts, "format", "luks");
699 create_opts = block_crypto_create_opts_init(cryptoopts, errp);
700 if (!create_opts) {
701 ret = -EINVAL;
702 goto fail;
703 }
704
705
706 ret = bdrv_create_file(filename, opts, errp);
707 if (ret < 0) {
708 goto fail;
709 }
710
711 bs = bdrv_open(filename, NULL, NULL,
712 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp);
713 if (!bs) {
714 ret = -EINVAL;
715 goto fail;
716 }
717
718
719 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp);
720 if (ret < 0) {
721 goto fail;
722 }
723
724 ret = 0;
725fail:
726
727
728
729
730 if (ret) {
731 bdrv_co_delete_file_noerr(bs);
732 }
733
734 bdrv_unref(bs);
735 qapi_free_QCryptoBlockCreateOptions(create_opts);
736 qobject_unref(cryptoopts);
737 return ret;
738}
739
740static int block_crypto_get_info_luks(BlockDriverState *bs,
741 BlockDriverInfo *bdi)
742{
743 BlockDriverInfo subbdi;
744 int ret;
745
746 ret = bdrv_get_info(bs->file->bs, &subbdi);
747 if (ret != 0) {
748 return ret;
749 }
750
751 bdi->cluster_size = subbdi.cluster_size;
752
753 return 0;
754}
755
756static ImageInfoSpecific *
757block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
758{
759 BlockCrypto *crypto = bs->opaque;
760 ImageInfoSpecific *spec_info;
761 QCryptoBlockInfo *info;
762
763 info = qcrypto_block_get_info(crypto->block, errp);
764 if (!info) {
765 return NULL;
766 }
767 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);
768
769 spec_info = g_new(ImageInfoSpecific, 1);
770 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
771 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1);
772 *spec_info->u.luks.data = info->u.luks;
773
774
775 memset(&info->u.luks, 0, sizeof(info->u.luks));
776
777 qapi_free_QCryptoBlockInfo(info);
778
779 return spec_info;
780}
781
782static int
783block_crypto_amend_prepare(BlockDriverState *bs, Error **errp)
784{
785 BlockCrypto *crypto = bs->opaque;
786 int ret;
787
788
789 crypto->updating_keys = true;
790 ret = bdrv_child_refresh_perms(bs, bs->file, errp);
791 if (ret < 0) {
792
793 crypto->updating_keys = false;
794 }
795 return ret;
796}
797
798static void
799block_crypto_amend_cleanup(BlockDriverState *bs)
800{
801 BlockCrypto *crypto = bs->opaque;
802 Error *errp = NULL;
803
804
805 crypto->updating_keys = false;
806 bdrv_child_refresh_perms(bs, bs->file, &errp);
807
808 if (errp) {
809 error_report_err(errp);
810 }
811}
812
813static int
814block_crypto_amend_options_generic_luks(BlockDriverState *bs,
815 QCryptoBlockAmendOptions *amend_options,
816 bool force,
817 Error **errp)
818{
819 BlockCrypto *crypto = bs->opaque;
820
821 assert(crypto);
822 assert(crypto->block);
823
824 return qcrypto_block_amend_options(crypto->block,
825 block_crypto_read_func,
826 block_crypto_write_func,
827 bs,
828 amend_options,
829 force,
830 errp);
831}
832
833static int
834block_crypto_amend_options_luks(BlockDriverState *bs,
835 QemuOpts *opts,
836 BlockDriverAmendStatusCB *status_cb,
837 void *cb_opaque,
838 bool force,
839 Error **errp)
840{
841 BlockCrypto *crypto = bs->opaque;
842 QDict *cryptoopts = NULL;
843 QCryptoBlockAmendOptions *amend_options = NULL;
844 int ret = -EINVAL;
845
846 assert(crypto);
847 assert(crypto->block);
848
849 cryptoopts = qemu_opts_to_qdict(opts, NULL);
850 qdict_put_str(cryptoopts, "format", "luks");
851 amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
852 qobject_unref(cryptoopts);
853 if (!amend_options) {
854 goto cleanup;
855 }
856
857 ret = block_crypto_amend_prepare(bs, errp);
858 if (ret) {
859 goto perm_cleanup;
860 }
861 ret = block_crypto_amend_options_generic_luks(bs, amend_options,
862 force, errp);
863
864perm_cleanup:
865 block_crypto_amend_cleanup(bs);
866cleanup:
867 qapi_free_QCryptoBlockAmendOptions(amend_options);
868 return ret;
869}
870
871static int
872coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs,
873 BlockdevAmendOptions *opts,
874 bool force,
875 Error **errp)
876{
877 QCryptoBlockAmendOptions amend_opts;
878
879 amend_opts = (QCryptoBlockAmendOptions) {
880 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
881 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
882 };
883 return block_crypto_amend_options_generic_luks(bs, &amend_opts,
884 force, errp);
885}
886
887static void
888block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
889 const BdrvChildRole role,
890 BlockReopenQueue *reopen_queue,
891 uint64_t perm, uint64_t shared,
892 uint64_t *nperm, uint64_t *nshared)
893{
894
895 BlockCrypto *crypto = bs->opaque;
896
897 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared);
898
899
900
901
902
903 *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
904
905
906
907
908
909 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
910 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
911
912
913
914
915
916
917
918
919
920
921
922
923
924 if (crypto->updating_keys) {
925
926 *nperm |= BLK_PERM_WRITE;
927
928 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE);
929 }
930}
931
932
933static const char *const block_crypto_strong_runtime_opts[] = {
934 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
935
936 NULL
937};
938
939static BlockDriver bdrv_crypto_luks = {
940 .format_name = "luks",
941 .instance_size = sizeof(BlockCrypto),
942 .bdrv_probe = block_crypto_probe_luks,
943 .bdrv_open = block_crypto_open_luks,
944 .bdrv_close = block_crypto_close,
945 .bdrv_child_perm = block_crypto_child_perms,
946 .bdrv_co_create = block_crypto_co_create_luks,
947 .bdrv_co_create_opts = block_crypto_co_create_opts_luks,
948 .bdrv_co_truncate = block_crypto_co_truncate,
949 .create_opts = &block_crypto_create_opts_luks,
950 .amend_opts = &block_crypto_amend_opts_luks,
951
952 .bdrv_reopen_prepare = block_crypto_reopen_prepare,
953 .bdrv_refresh_limits = block_crypto_refresh_limits,
954 .bdrv_co_preadv = block_crypto_co_preadv,
955 .bdrv_co_pwritev = block_crypto_co_pwritev,
956 .bdrv_getlength = block_crypto_getlength,
957 .bdrv_measure = block_crypto_measure,
958 .bdrv_get_info = block_crypto_get_info_luks,
959 .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
960 .bdrv_amend_options = block_crypto_amend_options_luks,
961 .bdrv_co_amend = block_crypto_co_amend_luks,
962 .bdrv_amend_pre_run = block_crypto_amend_prepare,
963 .bdrv_amend_clean = block_crypto_amend_cleanup,
964
965 .is_format = true,
966
967 .strong_runtime_opts = block_crypto_strong_runtime_opts,
968};
969
970static void block_crypto_init(void)
971{
972 bdrv_register(&bdrv_crypto_luks);
973}
974
975block_init(block_crypto_init);
976