aboutsummaryrefslogtreecommitdiff
path: root/qapi
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2020-07-07 19:47:26 +0100
committerPeter Maydell <peter.maydell@linaro.org>2020-07-07 19:47:26 +0100
commiteb2c66b10efd2b914b56b20ae90655914310c925 (patch)
treea38137749a29cbce8fa744a8fbf1866465962b68 /qapi
parentc8eaf81fd22638691c5bdcc7d723d31fbb80ff6f (diff)
parent365fed5111b06d31c1632af63c7528dfe49d62a2 (diff)
downloadqemu-eb2c66b10efd2b914b56b20ae90655914310c925.zip
qemu-eb2c66b10efd2b914b56b20ae90655914310c925.tar.gz
qemu-eb2c66b10efd2b914b56b20ae90655914310c925.tar.bz2
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-07-06' into staging
Block patches for 5.1: - LUKS keyslot amendment (+ patches to make the iotests pass on non-Linux systems, and to keep the tests passing for qcow v1, and to skip LUKS tests (including qcow2 LUKS) when the built qemu does not support it) - Refactoring in the block layer: Drop the basically unnecessary unallocated_blocks_are_zero field from BlockDriverInfo - Fix qcow2 preallocation when the image size is not a multiple of the cluster size - Fix in block-copy code # gpg: Signature made Mon 06 Jul 2020 11:02:53 BST # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-07-06: (31 commits) qed: Simplify backing reads block: drop unallocated_blocks_are_zero block/vhdx: drop unallocated_blocks_are_zero block/file-posix: drop unallocated_blocks_are_zero block/iscsi: drop unallocated_blocks_are_zero block/crypto: drop unallocated_blocks_are_zero block/vpc: return ZERO block-status when appropriate block/vdi: return ZERO block-status when appropriate block: inline bdrv_unallocated_blocks_are_zero() qemu-img: convert: don't use unallocated_blocks_are_zero iotests: add tests for blockdev-amend block/qcow2: implement blockdev-amend block/crypto: implement blockdev-amend block/core: add generic infrastructure for x-blockdev-amend qmp command iotests: qemu-img tests for luks key management block/qcow2: extend qemu-img amend interface with crypto options block/crypto: implement the encryption key management block/crypto: rename two functions block/amend: refactor qcow2 amend options block/amend: separate amend and create options for qemu-img ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qapi')
-rw-r--r--qapi/block-core.json68
-rw-r--r--qapi/crypto.json73
-rw-r--r--qapi/job.json4
3 files changed, 143 insertions, 2 deletions
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 0e1c6a5..b20332e 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4675,6 +4675,74 @@
'options': 'BlockdevCreateOptions' } }
##
+# @BlockdevAmendOptionsLUKS:
+#
+# Driver specific image amend options for LUKS.
+#
+# Since: 5.1
+##
+{ 'struct': 'BlockdevAmendOptionsLUKS',
+ 'base': 'QCryptoBlockAmendOptionsLUKS',
+ 'data': { }
+}
+
+##
+# @BlockdevAmendOptionsQcow2:
+#
+# Driver specific image amend options for qcow2.
+# For now, only encryption options can be amended
+#
+# @encrypt Encryption options to be amended
+#
+# Since: 5.1
+##
+{ 'struct': 'BlockdevAmendOptionsQcow2',
+ 'data': { '*encrypt': 'QCryptoBlockAmendOptions' } }
+
+##
+# @BlockdevAmendOptions:
+#
+# Options for amending an image format
+#
+# @driver: Block driver of the node to amend.
+#
+# Since: 5.1
+##
+{ 'union': 'BlockdevAmendOptions',
+ 'base': {
+ 'driver': 'BlockdevDriver' },
+ 'discriminator': 'driver',
+ 'data': {
+ 'luks': 'BlockdevAmendOptionsLUKS',
+ 'qcow2': 'BlockdevAmendOptionsQcow2' } }
+
+##
+# @x-blockdev-amend:
+#
+# Starts a job to amend format specific options of an existing open block device
+# The job is automatically finalized, but a manual job-dismiss is required.
+#
+# @job-id: Identifier for the newly created job.
+#
+# @node-name: Name of the block node to work on
+#
+# @options: Options (driver specific)
+#
+# @force: Allow unsafe operations, format specific
+# For luks that allows erase of the last active keyslot
+# (permanent loss of data),
+# and replacement of an active keyslot
+# (possible loss of data if IO error happens)
+#
+# Since: 5.1
+##
+{ 'command': 'x-blockdev-amend',
+ 'data': { 'job-id': 'str',
+ 'node-name': 'str',
+ 'options': 'BlockdevAmendOptions',
+ '*force': 'bool' } }
+
+##
# @BlockErrorAction:
#
# An enumeration of action that has been taken when a DISK I/O occurs
diff --git a/qapi/crypto.json b/qapi/crypto.json
index b2a4cff..5a68e0d 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -297,7 +297,6 @@
'uuid': 'str',
'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
-
##
# @QCryptoBlockInfo:
#
@@ -309,3 +308,75 @@
'base': 'QCryptoBlockInfoBase',
'discriminator': 'format',
'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
+
+##
+# @QCryptoBlockLUKSKeyslotState:
+#
+# Defines state of keyslots that are affected by the update
+#
+# @active: The slots contain the given password and marked as active
+# @inactive: The slots are erased (contain garbage) and marked as inactive
+#
+# Since: 5.1
+##
+{ 'enum': 'QCryptoBlockLUKSKeyslotState',
+ 'data': [ 'active', 'inactive' ] }
+
+
+##
+# @QCryptoBlockAmendOptionsLUKS:
+#
+# This struct defines the update parameters that activate/de-activate set
+# of keyslots
+#
+# @state: the desired state of the keyslots
+#
+# @new-secret: The ID of a QCryptoSecret object providing the password to be
+# written into added active keyslots
+#
+# @old-secret: Optional (for deactivation only)
+# If given will deactive all keyslots that
+# match password located in QCryptoSecret with this ID
+#
+# @iter-time: Optional (for activation only)
+# Number of milliseconds to spend in
+# PBKDF passphrase processing for the newly activated keyslot.
+# Currently defaults to 2000.
+#
+# @keyslot: Optional. ID of the keyslot to activate/deactivate.
+# For keyslot activation, keyslot should not be active already
+# (this is unsafe to update an active keyslot),
+# but possible if 'force' parameter is given.
+# If keyslot is not given, first free keyslot will be written.
+#
+# For keyslot deactivation, this parameter specifies the exact
+# keyslot to deactivate
+#
+# @secret: Optional. The ID of a QCryptoSecret object providing the
+# password to use to retrive current master key.
+# Defaults to the same secret that was used to open the image
+#
+#
+# Since 5.1
+##
+{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
+ 'data': { 'state': 'QCryptoBlockLUKSKeyslotState',
+ '*new-secret': 'str',
+ '*old-secret': 'str',
+ '*keyslot': 'int',
+ '*iter-time': 'int',
+ '*secret': 'str' } }
+
+##
+# @QCryptoBlockAmendOptions:
+#
+# The options that are available for all encryption formats
+# when amending encryption settings
+#
+# Since: 5.1
+##
+{ 'union': 'QCryptoBlockAmendOptions',
+ 'base': 'QCryptoBlockOptionsBase',
+ 'discriminator': 'format',
+ 'data': {
+ 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
diff --git a/qapi/job.json b/qapi/job.json
index 5e65828..c48a0c3 100644
--- a/qapi/job.json
+++ b/qapi/job.json
@@ -19,10 +19,12 @@
#
# @create: image creation job type, see "blockdev-create" (since 3.0)
#
+# @amend: image options amend job type, see "x-blockdev-amend" (since 5.1)
+#
# Since: 1.7
##
{ 'enum': 'JobType',
- 'data': ['commit', 'stream', 'mirror', 'backup', 'create'] }
+ 'data': ['commit', 'stream', 'mirror', 'backup', 'create', 'amend'] }
##
# @JobStatus: