1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22
23#include "block/block_int.h"
24#include "block/qdict.h"
25#include "sysemu/block-backend.h"
26#include "crypto/block.h"
27#include "qapi/opts-visitor.h"
28#include "qapi/qapi-visit-crypto.h"
29#include "qapi/qobject-input-visitor.h"
30#include "qapi/error.h"
31#include "qemu/module.h"
32#include "qemu/option.h"
33#include "qemu/cutils.h"
34#include "qemu/memalign.h"
35#include "crypto.h"
36
37typedef struct BlockCrypto BlockCrypto;
38
39struct BlockCrypto {
40 QCryptoBlock *block;
41 bool updating_keys;
42};
43
44
45static int block_crypto_probe_generic(QCryptoBlockFormat format,
46 const uint8_t *buf,
47 int buf_size,
48 const char *filename)
49{
50 if (qcrypto_block_has_format(format, buf, buf_size)) {
51 return 100;
52 } else {
53 return 0;
54 }
55}
56
57
58static int block_crypto_read_func(QCryptoBlock *block,
59 size_t offset,
60 uint8_t *buf,
61 size_t buflen,
62 void *opaque,
63 Error **errp)
64{
65 BlockDriverState *bs = opaque;
66 ssize_t ret;
67
68 ret = bdrv_pread(bs->file, offset, buflen, buf, 0);
69 if (ret < 0) {
70 error_setg_errno(errp, -ret, "Could not read encryption header");
71 return ret;
72 }
73 return 0;
74}
75
76static int block_crypto_write_func(QCryptoBlock *block,
77 size_t offset,
78 const uint8_t *buf,
79 size_t buflen,
80 void *opaque,
81 Error **errp)
82{
83 BlockDriverState *bs = opaque;
84 ssize_t ret;
85
86 ret = bdrv_pwrite(bs->file, offset, buflen, buf, 0);
87 if (ret < 0) {
88 error_setg_errno(errp, -ret, "Could not write encryption header");
89 return ret;
90 }
91 return 0;
92}
93
94
95struct BlockCryptoCreateData {
96 BlockBackend *blk;
97 uint64_t size;
98 PreallocMode prealloc;
99};
100
101
102static int block_crypto_create_write_func(QCryptoBlock *block,
103 size_t offset,
104 const uint8_t *buf,
105 size_t buflen,
106 void *opaque,
107 Error **errp)
108{
109 struct BlockCryptoCreateData *data = opaque;
110 ssize_t ret;
111
112 ret = blk_pwrite(data->blk, offset, buflen, buf, 0);
113 if (ret < 0) {
114 error_setg_errno(errp, -ret, "Could not write encryption header");
115 return ret;
116 }
117 return 0;
118}
119
120static int block_crypto_create_init_func(QCryptoBlock *block,
121 size_t headerlen,
122 void *opaque,
123 Error **errp)
124{
125 struct BlockCryptoCreateData *data = opaque;
126 Error *local_error = NULL;
127 int ret;
128
129 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
130 ret = -EFBIG;
131 goto error;
132 }
133
134
135
136
137
138 ret = blk_truncate(data->blk, data->size + headerlen, false,
139 data->prealloc, 0, &local_error);
140
141 if (ret >= 0) {
142 return 0;
143 }
144
145error:
146 if (ret == -EFBIG) {
147
148 error_free(local_error);
149 error_setg(errp, "The requested file size is too large");
150 } else {
151 error_propagate(errp, local_error);
152 }
153
154 return ret;
155}
156
157
158static QemuOptsList block_crypto_runtime_opts_luks = {
159 .name = "crypto",
160 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
161 .desc = {
162 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
163 { }
164 },
165};
166
167
168static QemuOptsList block_crypto_create_opts_luks = {
169 .name = "crypto",
170 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
171 .desc = {
172 {
173 .name = BLOCK_OPT_SIZE,
174 .type = QEMU_OPT_SIZE,
175 .help = "Virtual disk size"
176 },
177 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
178 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
179 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
180 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
181 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
182 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
183 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
184 { }
185 },
186};
187
188
189static QemuOptsList block_crypto_amend_opts_luks = {
190 .name = "crypto",
191 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
192 .desc = {
193 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""),
194 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""),
195 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""),
196 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""),
197 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
198 { }
199 },
200};
201
202QCryptoBlockOpenOptions *
203block_crypto_open_opts_init(QDict *opts, Error **errp)
204{
205 Visitor *v;
206 QCryptoBlockOpenOptions *ret;
207
208 v = qobject_input_visitor_new_flat_confused(opts, errp);
209 if (!v) {
210 return NULL;
211 }
212
213 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp);
214
215 visit_free(v);
216 return ret;
217}
218
219
220QCryptoBlockCreateOptions *
221block_crypto_create_opts_init(QDict *opts, Error **errp)
222{
223 Visitor *v;
224 QCryptoBlockCreateOptions *ret;
225
226 v = qobject_input_visitor_new_flat_confused(opts, errp);
227 if (!v) {
228 return NULL;
229 }
230
231 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp);
232
233 visit_free(v);
234 return ret;
235}
236
237QCryptoBlockAmendOptions *
238block_crypto_amend_opts_init(QDict *opts, Error **errp)
239{
240 Visitor *v;
241 QCryptoBlockAmendOptions *ret;
242
243 v = qobject_input_visitor_new_flat_confused(opts, errp);
244 if (!v) {
245 return NULL;
246 }
247
248 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
249
250 visit_free(v);
251 return ret;
252}
253
254
255static int block_crypto_open_generic(QCryptoBlockFormat format,
256 QemuOptsList *opts_spec,
257 BlockDriverState *bs,
258 QDict *options,
259 int flags,
260 Error **errp)
261{
262 BlockCrypto *crypto = bs->opaque;
263 QemuOpts *opts = NULL;
264 int ret;
265 QCryptoBlockOpenOptions *open_opts = NULL;
266 unsigned int cflags = 0;
267 QDict *cryptoopts = NULL;
268
269 ret = bdrv_open_file_child(NULL, options, "file", bs, errp);
270 if (ret < 0) {
271 return ret;
272 }
273
274 bs->supported_write_flags = BDRV_REQ_FUA &
275 bs->file->bs->supported_write_flags;
276
277 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
278 if (!qemu_opts_absorb_qdict(opts, options, errp)) {
279 ret = -EINVAL;
280 goto cleanup;
281 }
282
283 cryptoopts = qemu_opts_to_qdict(opts, NULL);
284 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format));
285
286 open_opts = block_crypto_open_opts_init(cryptoopts, errp);
287 if (!open_opts) {
288 ret = -EINVAL;
289 goto cleanup;
290 }
291
292 if (flags & BDRV_O_NO_IO) {
293 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
294 }
295 crypto->block = qcrypto_block_open(open_opts, NULL,
296 block_crypto_read_func,
297 bs,
298 cflags,
299 1,
300 errp);
301
302 if (!crypto->block) {
303 ret = -EIO;
304 goto cleanup;
305 }
306
307 bs->encrypted = true;
308
309 ret = 0;
310 cleanup:
311 qobject_unref(cryptoopts);
312 qapi_free_QCryptoBlockOpenOptions(open_opts);
313 return ret;
314}
315
316
317static int coroutine_fn
318block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
319 QCryptoBlockCreateOptions *opts,
320 PreallocMode prealloc, Error **errp)
321{
322 int ret;
323 BlockBackend *blk;
324 QCryptoBlock *crypto = NULL;
325 struct BlockCryptoCreateData data;
326
327 blk = blk_co_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL,
328 errp);
329 if (!blk) {
330 ret = -EPERM;
331 goto cleanup;
332 }
333
334 if (prealloc == PREALLOC_MODE_METADATA) {
335 prealloc = PREALLOC_MODE_OFF;
336 }
337
338 data = (struct BlockCryptoCreateData) {
339 .blk = blk,
340 .size = size,
341 .prealloc = prealloc,
342 };
343
344 crypto = qcrypto_block_create(opts, NULL,
345 block_crypto_create_init_func,
346 block_crypto_create_write_func,
347 &data,
348 errp);
349
350 if (!crypto) {
351 ret = -EIO;
352 goto cleanup;
353 }
354
355 ret = 0;
356 cleanup:
357 qcrypto_block_free(crypto);
358 blk_co_unref(blk);
359 return ret;
360}
361
362static int coroutine_fn GRAPH_RDLOCK
363block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact,
364 PreallocMode prealloc, BdrvRequestFlags flags,
365 Error **errp)
366{
367 BlockCrypto *crypto = bs->opaque;
368 uint64_t payload_offset =
369 qcrypto_block_get_payload_offset(crypto->block);
370
371 if (payload_offset > INT64_MAX - offset) {
372 error_setg(errp, "The requested file size is too large");
373 return -EFBIG;
374 }
375
376 offset += payload_offset;
377
378 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp);
379}
380
381static void block_crypto_close(BlockDriverState *bs)
382{
383 BlockCrypto *crypto = bs->opaque;
384 qcrypto_block_free(crypto->block);
385}
386
387static int block_crypto_reopen_prepare(BDRVReopenState *state,
388 BlockReopenQueue *queue, Error **errp)
389{
390
391 return 0;
392}
393
394
395
396
397
398#define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024)
399
400static int coroutine_fn GRAPH_RDLOCK
401block_crypto_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
402 QEMUIOVector *qiov, BdrvRequestFlags flags)
403{
404 BlockCrypto *crypto = bs->opaque;
405 uint64_t cur_bytes;
406 uint64_t bytes_done = 0;
407 uint8_t *cipher_data = NULL;
408 QEMUIOVector hd_qiov;
409 int ret = 0;
410 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
411 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
412
413 assert(payload_offset < INT64_MAX);
414 assert(QEMU_IS_ALIGNED(offset, sector_size));
415 assert(QEMU_IS_ALIGNED(bytes, sector_size));
416
417 qemu_iovec_init(&hd_qiov, qiov->niov);
418
419
420
421
422 cipher_data =
423 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
424 qiov->size));
425 if (cipher_data == NULL) {
426 ret = -ENOMEM;
427 goto cleanup;
428 }
429
430 while (bytes) {
431 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
432
433 qemu_iovec_reset(&hd_qiov);
434 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
435
436 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done,
437 cur_bytes, &hd_qiov, 0);
438 if (ret < 0) {
439 goto cleanup;
440 }
441
442 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done,
443 cipher_data, cur_bytes, NULL) < 0) {
444 ret = -EIO;
445 goto cleanup;
446 }
447
448 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes);
449
450 bytes -= cur_bytes;
451 bytes_done += cur_bytes;
452 }
453
454 cleanup:
455 qemu_iovec_destroy(&hd_qiov);
456 qemu_vfree(cipher_data);
457
458 return ret;
459}
460
461
462static int coroutine_fn GRAPH_RDLOCK
463block_crypto_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
464 QEMUIOVector *qiov, BdrvRequestFlags flags)
465{
466 BlockCrypto *crypto = bs->opaque;
467 uint64_t cur_bytes;
468 uint64_t bytes_done = 0;
469 uint8_t *cipher_data = NULL;
470 QEMUIOVector hd_qiov;
471 int ret = 0;
472 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
473 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
474
475 flags &= ~BDRV_REQ_REGISTERED_BUF;
476
477 assert(payload_offset < INT64_MAX);
478 assert(QEMU_IS_ALIGNED(offset, sector_size));
479 assert(QEMU_IS_ALIGNED(bytes, sector_size));
480
481 qemu_iovec_init(&hd_qiov, qiov->niov);
482
483
484
485
486 cipher_data =
487 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
488 qiov->size));
489 if (cipher_data == NULL) {
490 ret = -ENOMEM;
491 goto cleanup;
492 }
493
494 while (bytes) {
495 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
496
497 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes);
498
499 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done,
500 cipher_data, cur_bytes, NULL) < 0) {
501 ret = -EIO;
502 goto cleanup;
503 }
504
505 qemu_iovec_reset(&hd_qiov);
506 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
507
508 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done,
509 cur_bytes, &hd_qiov, flags);
510 if (ret < 0) {
511 goto cleanup;
512 }
513
514 bytes -= cur_bytes;
515 bytes_done += cur_bytes;
516 }
517
518 cleanup:
519 qemu_iovec_destroy(&hd_qiov);
520 qemu_vfree(cipher_data);
521
522 return ret;
523}
524
525static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp)
526{
527 BlockCrypto *crypto = bs->opaque;
528 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
529 bs->bl.request_alignment = sector_size;
530}
531
532
533static int64_t coroutine_fn GRAPH_RDLOCK
534block_crypto_co_getlength(BlockDriverState *bs)
535{
536 BlockCrypto *crypto = bs->opaque;
537 int64_t len = bdrv_co_getlength(bs->file->bs);
538
539 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block);
540 assert(offset < INT64_MAX);
541
542 if (offset > len) {
543 return -EIO;
544 }
545
546 len -= offset;
547
548 return len;
549}
550
551
552static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts,
553 BlockDriverState *in_bs,
554 Error **errp)
555{
556 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL;
557 Error *local_err = NULL;
558 BlockMeasureInfo *info;
559 uint64_t size;
560 size_t luks_payload_size;
561 QDict *cryptoopts;
562
563
564
565
566
567 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC));
568
569 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
570
571 if (in_bs) {
572 int64_t ssize = bdrv_getlength(in_bs);
573
574 if (ssize < 0) {
575 error_setg_errno(&local_err, -ssize,
576 "Unable to get image virtual_size");
577 goto err;
578 }
579
580 size = ssize;
581 }
582
583 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
584 &block_crypto_create_opts_luks, true);
585 qdict_put_str(cryptoopts, "format", "luks");
586 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err);
587 qobject_unref(cryptoopts);
588 if (!create_opts) {
589 goto err;
590 }
591
592 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL,
593 &luks_payload_size,
594 &local_err)) {
595 goto err;
596 }
597
598
599
600
601
602 info = g_new0(BlockMeasureInfo, 1);
603 info->fully_allocated = luks_payload_size + size;
604 info->required = luks_payload_size + size;
605 return info;
606
607err:
608 error_propagate(errp, local_err);
609 return NULL;
610}
611
612
613static int block_crypto_probe_luks(const uint8_t *buf,
614 int buf_size,
615 const char *filename) {
616 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
617 buf, buf_size, filename);
618}
619
620static int block_crypto_open_luks(BlockDriverState *bs,
621 QDict *options,
622 int flags,
623 Error **errp)
624{
625 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
626 &block_crypto_runtime_opts_luks,
627 bs, options, flags, errp);
628}
629
630static int coroutine_fn
631block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
632{
633 BlockdevCreateOptionsLUKS *luks_opts;
634 BlockDriverState *bs = NULL;
635 QCryptoBlockCreateOptions create_opts;
636 PreallocMode preallocation = PREALLOC_MODE_OFF;
637 int ret;
638
639 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS);
640 luks_opts = &create_options->u.luks;
641
642 bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp);
643 if (bs == NULL) {
644 return -EIO;
645 }
646
647 create_opts = (QCryptoBlockCreateOptions) {
648 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
649 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts),
650 };
651
652 if (luks_opts->has_preallocation) {
653 preallocation = luks_opts->preallocation;
654 }
655
656 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts,
657 preallocation, errp);
658 if (ret < 0) {
659 goto fail;
660 }
661
662 ret = 0;
663fail:
664 bdrv_co_unref(bs);
665 return ret;
666}
667
668static int coroutine_fn GRAPH_RDLOCK
669block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename,
670 QemuOpts *opts, Error **errp)
671{
672 QCryptoBlockCreateOptions *create_opts = NULL;
673 BlockDriverState *bs = NULL;
674 QDict *cryptoopts;
675 PreallocMode prealloc;
676 char *buf = NULL;
677 int64_t size;
678 int ret;
679 Error *local_err = NULL;
680
681
682 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
683
684 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
685 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
686 PREALLOC_MODE_OFF, &local_err);
687 g_free(buf);
688 if (local_err) {
689 error_propagate(errp, local_err);
690 return -EINVAL;
691 }
692
693 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
694 &block_crypto_create_opts_luks,
695 true);
696
697 qdict_put_str(cryptoopts, "format", "luks");
698 create_opts = block_crypto_create_opts_init(cryptoopts, errp);
699 if (!create_opts) {
700 ret = -EINVAL;
701 goto fail;
702 }
703
704
705 ret = bdrv_co_create_file(filename, opts, errp);
706 if (ret < 0) {
707 goto fail;
708 }
709
710 bs = bdrv_co_open(filename, NULL, NULL,
711 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp);
712 if (!bs) {
713 ret = -EINVAL;
714 goto fail;
715 }
716
717
718 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp);
719 if (ret < 0) {
720 goto fail;
721 }
722
723 ret = 0;
724fail:
725
726
727
728
729 if (ret) {
730 bdrv_co_delete_file_noerr(bs);
731 }
732
733 bdrv_co_unref(bs);
734 qapi_free_QCryptoBlockCreateOptions(create_opts);
735 qobject_unref(cryptoopts);
736 return ret;
737}
738
739static int coroutine_fn
740block_crypto_co_get_info_luks(BlockDriverState *bs, BlockDriverInfo *bdi)
741{
742 BlockDriverInfo subbdi;
743 int ret;
744
745 ret = bdrv_co_get_info(bs->file->bs, &subbdi);
746 if (ret != 0) {
747 return ret;
748 }
749
750 bdi->cluster_size = subbdi.cluster_size;
751
752 return 0;
753}
754
755static ImageInfoSpecific *
756block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
757{
758 BlockCrypto *crypto = bs->opaque;
759 ImageInfoSpecific *spec_info;
760 QCryptoBlockInfo *info;
761
762 info = qcrypto_block_get_info(crypto->block, errp);
763 if (!info) {
764 return NULL;
765 }
766 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);
767
768 spec_info = g_new(ImageInfoSpecific, 1);
769 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
770 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1);
771 *spec_info->u.luks.data = info->u.luks;
772
773
774 memset(&info->u.luks, 0, sizeof(info->u.luks));
775
776 qapi_free_QCryptoBlockInfo(info);
777
778 return spec_info;
779}
780
781static int
782block_crypto_amend_prepare(BlockDriverState *bs, Error **errp)
783{
784 BlockCrypto *crypto = bs->opaque;
785 int ret;
786
787
788 crypto->updating_keys = true;
789 ret = bdrv_child_refresh_perms(bs, bs->file, errp);
790 if (ret < 0) {
791
792 crypto->updating_keys = false;
793 }
794 return ret;
795}
796
797static void
798block_crypto_amend_cleanup(BlockDriverState *bs)
799{
800 BlockCrypto *crypto = bs->opaque;
801 Error *errp = NULL;
802
803
804 crypto->updating_keys = false;
805 bdrv_child_refresh_perms(bs, bs->file, &errp);
806
807 if (errp) {
808 error_report_err(errp);
809 }
810}
811
812static int
813block_crypto_amend_options_generic_luks(BlockDriverState *bs,
814 QCryptoBlockAmendOptions *amend_options,
815 bool force,
816 Error **errp)
817{
818 BlockCrypto *crypto = bs->opaque;
819
820 assert(crypto);
821 assert(crypto->block);
822
823 return qcrypto_block_amend_options(crypto->block,
824 block_crypto_read_func,
825 block_crypto_write_func,
826 bs,
827 amend_options,
828 force,
829 errp);
830}
831
832static int
833block_crypto_amend_options_luks(BlockDriverState *bs,
834 QemuOpts *opts,
835 BlockDriverAmendStatusCB *status_cb,
836 void *cb_opaque,
837 bool force,
838 Error **errp)
839{
840 BlockCrypto *crypto = bs->opaque;
841 QDict *cryptoopts = NULL;
842 QCryptoBlockAmendOptions *amend_options = NULL;
843 int ret = -EINVAL;
844
845 assert(crypto);
846 assert(crypto->block);
847
848 cryptoopts = qemu_opts_to_qdict(opts, NULL);
849 qdict_put_str(cryptoopts, "format", "luks");
850 amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
851 qobject_unref(cryptoopts);
852 if (!amend_options) {
853 goto cleanup;
854 }
855
856 ret = block_crypto_amend_prepare(bs, errp);
857 if (ret) {
858 goto perm_cleanup;
859 }
860 ret = block_crypto_amend_options_generic_luks(bs, amend_options,
861 force, errp);
862
863perm_cleanup:
864 block_crypto_amend_cleanup(bs);
865cleanup:
866 qapi_free_QCryptoBlockAmendOptions(amend_options);
867 return ret;
868}
869
870static int
871coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs,
872 BlockdevAmendOptions *opts,
873 bool force,
874 Error **errp)
875{
876 QCryptoBlockAmendOptions amend_opts;
877
878 amend_opts = (QCryptoBlockAmendOptions) {
879 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
880 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
881 };
882 return block_crypto_amend_options_generic_luks(bs, &amend_opts,
883 force, errp);
884}
885
886static void
887block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
888 const BdrvChildRole role,
889 BlockReopenQueue *reopen_queue,
890 uint64_t perm, uint64_t shared,
891 uint64_t *nperm, uint64_t *nshared)
892{
893
894 BlockCrypto *crypto = bs->opaque;
895
896 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared);
897
898
899
900
901
902 *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
903
904
905
906
907
908 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
909 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
910
911
912
913
914
915
916
917
918
919
920
921
922
923 if (crypto->updating_keys) {
924
925 *nperm |= BLK_PERM_WRITE;
926
927 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE);
928 }
929}
930
931
932static const char *const block_crypto_strong_runtime_opts[] = {
933 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
934
935 NULL
936};
937
938static BlockDriver bdrv_crypto_luks = {
939 .format_name = "luks",
940 .instance_size = sizeof(BlockCrypto),
941 .bdrv_probe = block_crypto_probe_luks,
942 .bdrv_open = block_crypto_open_luks,
943 .bdrv_close = block_crypto_close,
944 .bdrv_child_perm = block_crypto_child_perms,
945 .bdrv_co_create = block_crypto_co_create_luks,
946 .bdrv_co_create_opts = block_crypto_co_create_opts_luks,
947 .bdrv_co_truncate = block_crypto_co_truncate,
948 .create_opts = &block_crypto_create_opts_luks,
949 .amend_opts = &block_crypto_amend_opts_luks,
950
951 .bdrv_reopen_prepare = block_crypto_reopen_prepare,
952 .bdrv_refresh_limits = block_crypto_refresh_limits,
953 .bdrv_co_preadv = block_crypto_co_preadv,
954 .bdrv_co_pwritev = block_crypto_co_pwritev,
955 .bdrv_co_getlength = block_crypto_co_getlength,
956 .bdrv_measure = block_crypto_measure,
957 .bdrv_co_get_info = block_crypto_co_get_info_luks,
958 .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
959 .bdrv_amend_options = block_crypto_amend_options_luks,
960 .bdrv_co_amend = block_crypto_co_amend_luks,
961 .bdrv_amend_pre_run = block_crypto_amend_prepare,
962 .bdrv_amend_clean = block_crypto_amend_cleanup,
963
964 .is_format = true,
965
966 .strong_runtime_opts = block_crypto_strong_runtime_opts,
967};
968
969static void block_crypto_init(void)
970{
971 bdrv_register(&bdrv_crypto_luks);
972}
973
974block_init(block_crypto_init);
975
