1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22
23#include "block/block_int.h"
24#include "block/qdict.h"
25#include "sysemu/block-backend.h"
26#include "crypto/block.h"
27#include "qapi/opts-visitor.h"
28#include "qapi/qapi-visit-crypto.h"
29#include "qapi/qobject-input-visitor.h"
30#include "qapi/error.h"
31#include "qemu/module.h"
32#include "qemu/option.h"
33#include "qemu/cutils.h"
34#include "qemu/memalign.h"
35#include "crypto.h"
36
37typedef struct BlockCrypto BlockCrypto;
38
39struct BlockCrypto {
40 QCryptoBlock *block;
41 bool updating_keys;
42};
43
44
45static int block_crypto_probe_generic(QCryptoBlockFormat format,
46 const uint8_t *buf,
47 int buf_size,
48 const char *filename)
49{
50 if (qcrypto_block_has_format(format, buf, buf_size)) {
51 return 100;
52 } else {
53 return 0;
54 }
55}
56
57
58static int block_crypto_read_func(QCryptoBlock *block,
59 size_t offset,
60 uint8_t *buf,
61 size_t buflen,
62 void *opaque,
63 Error **errp)
64{
65 BlockDriverState *bs = opaque;
66 ssize_t ret;
67
68 ret = bdrv_pread(bs->file, offset, buflen, buf, 0);
69 if (ret < 0) {
70 error_setg_errno(errp, -ret, "Could not read encryption header");
71 return ret;
72 }
73 return 0;
74}
75
76static int block_crypto_write_func(QCryptoBlock *block,
77 size_t offset,
78 const uint8_t *buf,
79 size_t buflen,
80 void *opaque,
81 Error **errp)
82{
83 BlockDriverState *bs = opaque;
84 ssize_t ret;
85
86 ret = bdrv_pwrite(bs->file, offset, buflen, buf, 0);
87 if (ret < 0) {
88 error_setg_errno(errp, -ret, "Could not write encryption header");
89 return ret;
90 }
91 return 0;
92}
93
94
95struct BlockCryptoCreateData {
96 BlockBackend *blk;
97 uint64_t size;
98 PreallocMode prealloc;
99};
100
101
102static int coroutine_fn GRAPH_UNLOCKED
103block_crypto_create_write_func(QCryptoBlock *block, size_t offset,
104 const uint8_t *buf, size_t buflen, void *opaque,
105 Error **errp)
106{
107 struct BlockCryptoCreateData *data = opaque;
108 ssize_t ret;
109
110 ret = blk_pwrite(data->blk, offset, buflen, buf, 0);
111 if (ret < 0) {
112 error_setg_errno(errp, -ret, "Could not write encryption header");
113 return ret;
114 }
115 return 0;
116}
117
118static int coroutine_fn GRAPH_UNLOCKED
119block_crypto_create_init_func(QCryptoBlock *block, size_t headerlen,
120 void *opaque, Error **errp)
121{
122 struct BlockCryptoCreateData *data = opaque;
123 Error *local_error = NULL;
124 int ret;
125
126 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
127 ret = -EFBIG;
128 goto error;
129 }
130
131
132
133
134
135 ret = blk_truncate(data->blk, data->size + headerlen, false,
136 data->prealloc, 0, &local_error);
137
138 if (ret >= 0) {
139 return 0;
140 }
141
142error:
143 if (ret == -EFBIG) {
144
145 error_free(local_error);
146 error_setg(errp, "The requested file size is too large");
147 } else {
148 error_propagate(errp, local_error);
149 }
150
151 return ret;
152}
153
154
155static QemuOptsList block_crypto_runtime_opts_luks = {
156 .name = "crypto",
157 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
158 .desc = {
159 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
160 { }
161 },
162};
163
164
165static QemuOptsList block_crypto_create_opts_luks = {
166 .name = "crypto",
167 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
168 .desc = {
169 {
170 .name = BLOCK_OPT_SIZE,
171 .type = QEMU_OPT_SIZE,
172 .help = "Virtual disk size"
173 },
174 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
175 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
176 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
177 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
178 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
179 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
180 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
181 { }
182 },
183};
184
185
186static QemuOptsList block_crypto_amend_opts_luks = {
187 .name = "crypto",
188 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
189 .desc = {
190 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""),
191 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""),
192 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""),
193 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""),
194 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
195 { }
196 },
197};
198
199QCryptoBlockOpenOptions *
200block_crypto_open_opts_init(QDict *opts, Error **errp)
201{
202 Visitor *v;
203 QCryptoBlockOpenOptions *ret;
204
205 v = qobject_input_visitor_new_flat_confused(opts, errp);
206 if (!v) {
207 return NULL;
208 }
209
210 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp);
211
212 visit_free(v);
213 return ret;
214}
215
216
217QCryptoBlockCreateOptions *
218block_crypto_create_opts_init(QDict *opts, Error **errp)
219{
220 Visitor *v;
221 QCryptoBlockCreateOptions *ret;
222
223 v = qobject_input_visitor_new_flat_confused(opts, errp);
224 if (!v) {
225 return NULL;
226 }
227
228 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp);
229
230 visit_free(v);
231 return ret;
232}
233
234QCryptoBlockAmendOptions *
235block_crypto_amend_opts_init(QDict *opts, Error **errp)
236{
237 Visitor *v;
238 QCryptoBlockAmendOptions *ret;
239
240 v = qobject_input_visitor_new_flat_confused(opts, errp);
241 if (!v) {
242 return NULL;
243 }
244
245 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
246
247 visit_free(v);
248 return ret;
249}
250
251
252static int block_crypto_open_generic(QCryptoBlockFormat format,
253 QemuOptsList *opts_spec,
254 BlockDriverState *bs,
255 QDict *options,
256 int flags,
257 Error **errp)
258{
259 BlockCrypto *crypto = bs->opaque;
260 QemuOpts *opts = NULL;
261 int ret;
262 QCryptoBlockOpenOptions *open_opts = NULL;
263 unsigned int cflags = 0;
264 QDict *cryptoopts = NULL;
265
266 ret = bdrv_open_file_child(NULL, options, "file", bs, errp);
267 if (ret < 0) {
268 return ret;
269 }
270
271 bs->supported_write_flags = BDRV_REQ_FUA &
272 bs->file->bs->supported_write_flags;
273
274 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
275 if (!qemu_opts_absorb_qdict(opts, options, errp)) {
276 ret = -EINVAL;
277 goto cleanup;
278 }
279
280 cryptoopts = qemu_opts_to_qdict(opts, NULL);
281 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format));
282
283 open_opts = block_crypto_open_opts_init(cryptoopts, errp);
284 if (!open_opts) {
285 ret = -EINVAL;
286 goto cleanup;
287 }
288
289 if (flags & BDRV_O_NO_IO) {
290 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
291 }
292 crypto->block = qcrypto_block_open(open_opts, NULL,
293 block_crypto_read_func,
294 bs,
295 cflags,
296 1,
297 errp);
298
299 if (!crypto->block) {
300 ret = -EIO;
301 goto cleanup;
302 }
303
304 bs->encrypted = true;
305
306 ret = 0;
307 cleanup:
308 qobject_unref(cryptoopts);
309 qapi_free_QCryptoBlockOpenOptions(open_opts);
310 return ret;
311}
312
313
314static int coroutine_fn GRAPH_UNLOCKED
315block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
316 QCryptoBlockCreateOptions *opts,
317 PreallocMode prealloc, Error **errp)
318{
319 int ret;
320 BlockBackend *blk;
321 QCryptoBlock *crypto = NULL;
322 struct BlockCryptoCreateData data;
323
324 blk = blk_co_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL,
325 errp);
326 if (!blk) {
327 ret = -EPERM;
328 goto cleanup;
329 }
330
331 if (prealloc == PREALLOC_MODE_METADATA) {
332 prealloc = PREALLOC_MODE_OFF;
333 }
334
335 data = (struct BlockCryptoCreateData) {
336 .blk = blk,
337 .size = size,
338 .prealloc = prealloc,
339 };
340
341 crypto = qcrypto_block_create(opts, NULL,
342 block_crypto_create_init_func,
343 block_crypto_create_write_func,
344 &data,
345 errp);
346
347 if (!crypto) {
348 ret = -EIO;
349 goto cleanup;
350 }
351
352 ret = 0;
353 cleanup:
354 qcrypto_block_free(crypto);
355 blk_co_unref(blk);
356 return ret;
357}
358
359static int coroutine_fn GRAPH_RDLOCK
360block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact,
361 PreallocMode prealloc, BdrvRequestFlags flags,
362 Error **errp)
363{
364 BlockCrypto *crypto = bs->opaque;
365 uint64_t payload_offset =
366 qcrypto_block_get_payload_offset(crypto->block);
367
368 if (payload_offset > INT64_MAX - offset) {
369 error_setg(errp, "The requested file size is too large");
370 return -EFBIG;
371 }
372
373 offset += payload_offset;
374
375 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp);
376}
377
378static void block_crypto_close(BlockDriverState *bs)
379{
380 BlockCrypto *crypto = bs->opaque;
381 qcrypto_block_free(crypto->block);
382}
383
384static int block_crypto_reopen_prepare(BDRVReopenState *state,
385 BlockReopenQueue *queue, Error **errp)
386{
387
388 return 0;
389}
390
391
392
393
394
395#define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024)
396
397static int coroutine_fn GRAPH_RDLOCK
398block_crypto_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
399 QEMUIOVector *qiov, BdrvRequestFlags flags)
400{
401 BlockCrypto *crypto = bs->opaque;
402 uint64_t cur_bytes;
403 uint64_t bytes_done = 0;
404 uint8_t *cipher_data = NULL;
405 QEMUIOVector hd_qiov;
406 int ret = 0;
407 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
408 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
409
410 assert(payload_offset < INT64_MAX);
411 assert(QEMU_IS_ALIGNED(offset, sector_size));
412 assert(QEMU_IS_ALIGNED(bytes, sector_size));
413
414 qemu_iovec_init(&hd_qiov, qiov->niov);
415
416
417
418
419 cipher_data =
420 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
421 qiov->size));
422 if (cipher_data == NULL) {
423 ret = -ENOMEM;
424 goto cleanup;
425 }
426
427 while (bytes) {
428 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
429
430 qemu_iovec_reset(&hd_qiov);
431 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
432
433 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done,
434 cur_bytes, &hd_qiov, 0);
435 if (ret < 0) {
436 goto cleanup;
437 }
438
439 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done,
440 cipher_data, cur_bytes, NULL) < 0) {
441 ret = -EIO;
442 goto cleanup;
443 }
444
445 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes);
446
447 bytes -= cur_bytes;
448 bytes_done += cur_bytes;
449 }
450
451 cleanup:
452 qemu_iovec_destroy(&hd_qiov);
453 qemu_vfree(cipher_data);
454
455 return ret;
456}
457
458
459static int coroutine_fn GRAPH_RDLOCK
460block_crypto_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
461 QEMUIOVector *qiov, BdrvRequestFlags flags)
462{
463 BlockCrypto *crypto = bs->opaque;
464 uint64_t cur_bytes;
465 uint64_t bytes_done = 0;
466 uint8_t *cipher_data = NULL;
467 QEMUIOVector hd_qiov;
468 int ret = 0;
469 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
470 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
471
472 flags &= ~BDRV_REQ_REGISTERED_BUF;
473
474 assert(payload_offset < INT64_MAX);
475 assert(QEMU_IS_ALIGNED(offset, sector_size));
476 assert(QEMU_IS_ALIGNED(bytes, sector_size));
477
478 qemu_iovec_init(&hd_qiov, qiov->niov);
479
480
481
482
483 cipher_data =
484 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
485 qiov->size));
486 if (cipher_data == NULL) {
487 ret = -ENOMEM;
488 goto cleanup;
489 }
490
491 while (bytes) {
492 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
493
494 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes);
495
496 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done,
497 cipher_data, cur_bytes, NULL) < 0) {
498 ret = -EIO;
499 goto cleanup;
500 }
501
502 qemu_iovec_reset(&hd_qiov);
503 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
504
505 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done,
506 cur_bytes, &hd_qiov, flags);
507 if (ret < 0) {
508 goto cleanup;
509 }
510
511 bytes -= cur_bytes;
512 bytes_done += cur_bytes;
513 }
514
515 cleanup:
516 qemu_iovec_destroy(&hd_qiov);
517 qemu_vfree(cipher_data);
518
519 return ret;
520}
521
522static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp)
523{
524 BlockCrypto *crypto = bs->opaque;
525 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
526 bs->bl.request_alignment = sector_size;
527}
528
529
530static int64_t coroutine_fn GRAPH_RDLOCK
531block_crypto_co_getlength(BlockDriverState *bs)
532{
533 BlockCrypto *crypto = bs->opaque;
534 int64_t len = bdrv_co_getlength(bs->file->bs);
535
536 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block);
537 assert(offset < INT64_MAX);
538
539 if (offset > len) {
540 return -EIO;
541 }
542
543 len -= offset;
544
545 return len;
546}
547
548
549static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts,
550 BlockDriverState *in_bs,
551 Error **errp)
552{
553 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL;
554 Error *local_err = NULL;
555 BlockMeasureInfo *info;
556 uint64_t size;
557 size_t luks_payload_size;
558 QDict *cryptoopts;
559
560
561
562
563
564 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC));
565
566 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
567
568 if (in_bs) {
569 int64_t ssize = bdrv_getlength(in_bs);
570
571 if (ssize < 0) {
572 error_setg_errno(&local_err, -ssize,
573 "Unable to get image virtual_size");
574 goto err;
575 }
576
577 size = ssize;
578 }
579
580 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
581 &block_crypto_create_opts_luks, true);
582 qdict_put_str(cryptoopts, "format", "luks");
583 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err);
584 qobject_unref(cryptoopts);
585 if (!create_opts) {
586 goto err;
587 }
588
589 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL,
590 &luks_payload_size,
591 &local_err)) {
592 goto err;
593 }
594
595
596
597
598
599 info = g_new0(BlockMeasureInfo, 1);
600 info->fully_allocated = luks_payload_size + size;
601 info->required = luks_payload_size + size;
602 return info;
603
604err:
605 error_propagate(errp, local_err);
606 return NULL;
607}
608
609
610static int block_crypto_probe_luks(const uint8_t *buf,
611 int buf_size,
612 const char *filename) {
613 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
614 buf, buf_size, filename);
615}
616
617static int block_crypto_open_luks(BlockDriverState *bs,
618 QDict *options,
619 int flags,
620 Error **errp)
621{
622 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
623 &block_crypto_runtime_opts_luks,
624 bs, options, flags, errp);
625}
626
627static int coroutine_fn GRAPH_UNLOCKED
628block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
629{
630 BlockdevCreateOptionsLUKS *luks_opts;
631 BlockDriverState *bs = NULL;
632 QCryptoBlockCreateOptions create_opts;
633 PreallocMode preallocation = PREALLOC_MODE_OFF;
634 int ret;
635
636 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS);
637 luks_opts = &create_options->u.luks;
638
639 bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp);
640 if (bs == NULL) {
641 return -EIO;
642 }
643
644 create_opts = (QCryptoBlockCreateOptions) {
645 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
646 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts),
647 };
648
649 if (luks_opts->has_preallocation) {
650 preallocation = luks_opts->preallocation;
651 }
652
653 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts,
654 preallocation, errp);
655 if (ret < 0) {
656 goto fail;
657 }
658
659 ret = 0;
660fail:
661 bdrv_co_unref(bs);
662 return ret;
663}
664
665static int coroutine_fn GRAPH_UNLOCKED
666block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename,
667 QemuOpts *opts, Error **errp)
668{
669 QCryptoBlockCreateOptions *create_opts = NULL;
670 BlockDriverState *bs = NULL;
671 QDict *cryptoopts;
672 PreallocMode prealloc;
673 char *buf = NULL;
674 int64_t size;
675 int ret;
676 Error *local_err = NULL;
677
678
679 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
680
681 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
682 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
683 PREALLOC_MODE_OFF, &local_err);
684 g_free(buf);
685 if (local_err) {
686 error_propagate(errp, local_err);
687 return -EINVAL;
688 }
689
690 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
691 &block_crypto_create_opts_luks,
692 true);
693
694 qdict_put_str(cryptoopts, "format", "luks");
695 create_opts = block_crypto_create_opts_init(cryptoopts, errp);
696 if (!create_opts) {
697 ret = -EINVAL;
698 goto fail;
699 }
700
701
702 ret = bdrv_co_create_file(filename, opts, errp);
703 if (ret < 0) {
704 goto fail;
705 }
706
707 bs = bdrv_co_open(filename, NULL, NULL,
708 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp);
709 if (!bs) {
710 ret = -EINVAL;
711 goto fail;
712 }
713
714
715 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp);
716 if (ret < 0) {
717 goto fail;
718 }
719
720 ret = 0;
721fail:
722
723
724
725
726 if (ret) {
727 bdrv_graph_co_rdlock();
728 bdrv_co_delete_file_noerr(bs);
729 bdrv_graph_co_rdunlock();
730 }
731
732 bdrv_co_unref(bs);
733 qapi_free_QCryptoBlockCreateOptions(create_opts);
734 qobject_unref(cryptoopts);
735 return ret;
736}
737
738static int coroutine_fn GRAPH_RDLOCK
739block_crypto_co_get_info_luks(BlockDriverState *bs, BlockDriverInfo *bdi)
740{
741 BlockDriverInfo subbdi;
742 int ret;
743
744 ret = bdrv_co_get_info(bs->file->bs, &subbdi);
745 if (ret != 0) {
746 return ret;
747 }
748
749 bdi->cluster_size = subbdi.cluster_size;
750
751 return 0;
752}
753
754static ImageInfoSpecific *
755block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
756{
757 BlockCrypto *crypto = bs->opaque;
758 ImageInfoSpecific *spec_info;
759 QCryptoBlockInfo *info;
760
761 info = qcrypto_block_get_info(crypto->block, errp);
762 if (!info) {
763 return NULL;
764 }
765 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);
766
767 spec_info = g_new(ImageInfoSpecific, 1);
768 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
769 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1);
770 *spec_info->u.luks.data = info->u.luks;
771
772
773 memset(&info->u.luks, 0, sizeof(info->u.luks));
774
775 qapi_free_QCryptoBlockInfo(info);
776
777 return spec_info;
778}
779
780static int
781block_crypto_amend_prepare(BlockDriverState *bs, Error **errp)
782{
783 BlockCrypto *crypto = bs->opaque;
784 int ret;
785
786
787 crypto->updating_keys = true;
788 ret = bdrv_child_refresh_perms(bs, bs->file, errp);
789 if (ret < 0) {
790
791 crypto->updating_keys = false;
792 }
793 return ret;
794}
795
796static void
797block_crypto_amend_cleanup(BlockDriverState *bs)
798{
799 BlockCrypto *crypto = bs->opaque;
800 Error *errp = NULL;
801
802
803 crypto->updating_keys = false;
804 bdrv_child_refresh_perms(bs, bs->file, &errp);
805
806 if (errp) {
807 error_report_err(errp);
808 }
809}
810
811static int
812block_crypto_amend_options_generic_luks(BlockDriverState *bs,
813 QCryptoBlockAmendOptions *amend_options,
814 bool force,
815 Error **errp)
816{
817 BlockCrypto *crypto = bs->opaque;
818
819 assert(crypto);
820 assert(crypto->block);
821
822 return qcrypto_block_amend_options(crypto->block,
823 block_crypto_read_func,
824 block_crypto_write_func,
825 bs,
826 amend_options,
827 force,
828 errp);
829}
830
831static int
832block_crypto_amend_options_luks(BlockDriverState *bs,
833 QemuOpts *opts,
834 BlockDriverAmendStatusCB *status_cb,
835 void *cb_opaque,
836 bool force,
837 Error **errp)
838{
839 BlockCrypto *crypto = bs->opaque;
840 QDict *cryptoopts = NULL;
841 QCryptoBlockAmendOptions *amend_options = NULL;
842 int ret = -EINVAL;
843
844 assert(crypto);
845 assert(crypto->block);
846
847 cryptoopts = qemu_opts_to_qdict(opts, NULL);
848 qdict_put_str(cryptoopts, "format", "luks");
849 amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
850 qobject_unref(cryptoopts);
851 if (!amend_options) {
852 goto cleanup;
853 }
854
855 ret = block_crypto_amend_prepare(bs, errp);
856 if (ret) {
857 goto perm_cleanup;
858 }
859 ret = block_crypto_amend_options_generic_luks(bs, amend_options,
860 force, errp);
861
862perm_cleanup:
863 block_crypto_amend_cleanup(bs);
864cleanup:
865 qapi_free_QCryptoBlockAmendOptions(amend_options);
866 return ret;
867}
868
869static int
870coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs,
871 BlockdevAmendOptions *opts,
872 bool force,
873 Error **errp)
874{
875 QCryptoBlockAmendOptions amend_opts;
876
877 amend_opts = (QCryptoBlockAmendOptions) {
878 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
879 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
880 };
881 return block_crypto_amend_options_generic_luks(bs, &amend_opts,
882 force, errp);
883}
884
885static void
886block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
887 const BdrvChildRole role,
888 BlockReopenQueue *reopen_queue,
889 uint64_t perm, uint64_t shared,
890 uint64_t *nperm, uint64_t *nshared)
891{
892
893 BlockCrypto *crypto = bs->opaque;
894
895 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared);
896
897
898
899
900
901 *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
902
903
904
905
906
907 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
908 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
909
910
911
912
913
914
915
916
917
918
919
920
921
922 if (crypto->updating_keys) {
923
924 *nperm |= BLK_PERM_WRITE;
925
926 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE);
927 }
928}
929
930
931static const char *const block_crypto_strong_runtime_opts[] = {
932 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
933
934 NULL
935};
936
937static BlockDriver bdrv_crypto_luks = {
938 .format_name = "luks",
939 .instance_size = sizeof(BlockCrypto),
940 .bdrv_probe = block_crypto_probe_luks,
941 .bdrv_open = block_crypto_open_luks,
942 .bdrv_close = block_crypto_close,
943 .bdrv_child_perm = block_crypto_child_perms,
944 .bdrv_co_create = block_crypto_co_create_luks,
945 .bdrv_co_create_opts = block_crypto_co_create_opts_luks,
946 .bdrv_co_truncate = block_crypto_co_truncate,
947 .create_opts = &block_crypto_create_opts_luks,
948 .amend_opts = &block_crypto_amend_opts_luks,
949
950 .bdrv_reopen_prepare = block_crypto_reopen_prepare,
951 .bdrv_refresh_limits = block_crypto_refresh_limits,
952 .bdrv_co_preadv = block_crypto_co_preadv,
953 .bdrv_co_pwritev = block_crypto_co_pwritev,
954 .bdrv_co_getlength = block_crypto_co_getlength,
955 .bdrv_measure = block_crypto_measure,
956 .bdrv_co_get_info = block_crypto_co_get_info_luks,
957 .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
958 .bdrv_amend_options = block_crypto_amend_options_luks,
959 .bdrv_co_amend = block_crypto_co_amend_luks,
960 .bdrv_amend_pre_run = block_crypto_amend_prepare,
961 .bdrv_amend_clean = block_crypto_amend_cleanup,
962
963 .is_format = true,
964
965 .strong_runtime_opts = block_crypto_strong_runtime_opts,
966};
967
968static void block_crypto_init(void)
969{
970 bdrv_register(&bdrv_crypto_luks);
971}
972
973block_init(block_crypto_init);
974
