diff options
| -rw-r--r-- | block/crypto.c | 49 | ||||
| -rw-r--r-- | block/mirror.c | 10 | ||||
| -rw-r--r-- | block/qcow.c | 2 | ||||
| -rw-r--r-- | block/qcow2.c | 2 | ||||
| -rw-r--r-- | crypto/block-luks.c | 67 | ||||
| -rw-r--r-- | crypto/block.c | 17 | ||||
| -rw-r--r-- | crypto/blockpriv.h | 4 | ||||
| -rw-r--r-- | hw/virtio/virtio.c | 5 | ||||
| -rw-r--r-- | include/block/aio.h | 2 | ||||
| -rw-r--r-- | include/crypto/block.h | 16 | ||||
| -rw-r--r-- | qapi/block-core.json | 12 | ||||
| -rw-r--r-- | qapi/crypto.json | 87 | ||||
| -rw-r--r-- | scripts/qemu.py | 32 | ||||
| -rw-r--r-- | scripts/qtest.py | 19 | ||||
| -rw-r--r-- | tests/qemu-iotests/iotests.py | 24 |
15 files changed, 306 insertions, 42 deletions
diff --git a/block/crypto.c b/block/crypto.c index 7eaa057..7f61e12 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -563,6 +563,53 @@ static int block_crypto_create_luks(const char *filename, filename, opts, errp); } +static int block_crypto_get_info_luks(BlockDriverState *bs, + BlockDriverInfo *bdi) +{ + BlockDriverInfo subbdi; + int ret; + + ret = bdrv_get_info(bs->file->bs, &subbdi); + if (ret != 0) { + return ret; + } + + bdi->unallocated_blocks_are_zero = false; + bdi->can_write_zeroes_with_unmap = false; + bdi->cluster_size = subbdi.cluster_size; + + return 0; +} + +static ImageInfoSpecific * +block_crypto_get_specific_info_luks(BlockDriverState *bs) +{ + BlockCrypto *crypto = bs->opaque; + ImageInfoSpecific *spec_info; + QCryptoBlockInfo *info; + + info = qcrypto_block_get_info(crypto->block, NULL); + if (!info) { + return NULL; + } + if (info->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) { + qapi_free_QCryptoBlockInfo(info); + return NULL; + } + + spec_info = g_new(ImageInfoSpecific, 1); + spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS; + spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1); + *spec_info->u.luks.data = info->u.luks; + + /* Blank out pointers we've just stolen to avoid double free */ + memset(&info->u.luks, 0, sizeof(info->u.luks)); + + qapi_free_QCryptoBlockInfo(info); + + return spec_info; +} + BlockDriver bdrv_crypto_luks = { .format_name = "luks", .instance_size = sizeof(BlockCrypto), @@ -576,6 +623,8 @@ BlockDriver bdrv_crypto_luks = { .bdrv_co_readv = block_crypto_co_readv, .bdrv_co_writev = block_crypto_co_writev, .bdrv_getlength = block_crypto_getlength, + .bdrv_get_info = block_crypto_get_info_luks, + .bdrv_get_specific_info = block_crypto_get_specific_info_luks, }; static void block_crypto_init(void) diff --git a/block/mirror.c b/block/mirror.c index 69a1a7c..d6034f5 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -23,7 +23,9 @@ #define SLICE_TIME 100000000ULL /* ns */ #define MAX_IN_FLIGHT 16 -#define DEFAULT_MIRROR_BUF_SIZE (10 << 20) +#define MAX_IO_SECTORS ((1 << 20) >> BDRV_SECTOR_BITS) /* 1 Mb */ +#define DEFAULT_MIRROR_BUF_SIZE \ + (MAX_IN_FLIGHT * MAX_IO_SECTORS * BDRV_SECTOR_SIZE) /* The mirroring buffer is a list of granularity-sized chunks. * Free chunks are organized in a list. @@ -325,6 +327,8 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s) int64_t end = s->bdev_length / BDRV_SECTOR_SIZE; int sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS; bool write_zeroes_ok = bdrv_can_write_zeroes_with_unmap(blk_bs(s->target)); + int max_io_sectors = MAX((s->buf_size >> BDRV_SECTOR_BITS) / MAX_IN_FLIGHT, + MAX_IO_SECTORS); sector_num = hbitmap_iter_next(&s->hbi); if (sector_num < 0) { @@ -388,7 +392,9 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s) nb_chunks * sectors_per_chunk, &io_sectors, &file); if (ret < 0) { - io_sectors = nb_chunks * sectors_per_chunk; + io_sectors = MIN(nb_chunks * sectors_per_chunk, max_io_sectors); + } else if (ret & BDRV_BLOCK_DATA) { + io_sectors = MIN(io_sectors, max_io_sectors); } io_sectors -= io_sectors % sectors_per_chunk; diff --git a/block/qcow.c b/block/qcow.c index 0c7b75b..6f9b2e2 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -983,7 +983,7 @@ static int qcow_write_compressed(BlockDriverState *bs, int64_t sector_num, return ret; } - out_buf = g_malloc(s->cluster_size + (s->cluster_size / 1000) + 128); + out_buf = g_malloc(s->cluster_size); /* best compression, small window, no zlib header */ memset(&strm, 0, sizeof(strm)); diff --git a/block/qcow2.c b/block/qcow2.c index d620d0a..91ef4df 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -2612,7 +2612,7 @@ static int qcow2_write_compressed(BlockDriverState *bs, int64_t sector_num, return ret; } - out_buf = g_malloc(s->cluster_size + (s->cluster_size / 1000) + 128); + out_buf = g_malloc(s->cluster_size); /* best compression, small window, no zlib header */ memset(&strm, 0, sizeof(strm)); diff --git a/crypto/block-luks.c b/crypto/block-luks.c index fcf3b04..aba4455 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -201,6 +201,15 @@ QEMU_BUILD_BUG_ON(sizeof(struct QCryptoBlockLUKSHeader) != 592); struct QCryptoBlockLUKS { QCryptoBlockLUKSHeader header; + + /* Cache parsed versions of what's in header fields, + * as we can't rely on QCryptoBlock.cipher being + * non-NULL */ + QCryptoCipherAlgorithm cipher_alg; + QCryptoCipherMode cipher_mode; + QCryptoIVGenAlgorithm ivgen_alg; + QCryptoHashAlgorithm ivgen_hash_alg; + QCryptoHashAlgorithm hash_alg; }; @@ -847,6 +856,12 @@ qcrypto_block_luks_open(QCryptoBlock *block, block->payload_offset = luks->header.payload_offset * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; + luks->cipher_alg = cipheralg; + luks->cipher_mode = ciphermode; + luks->ivgen_alg = ivalg; + luks->ivgen_hash_alg = ivhash; + luks->hash_alg = hash; + g_free(masterkey); g_free(password); @@ -1271,6 +1286,12 @@ qcrypto_block_luks_create(QCryptoBlock *block, goto error; } + luks->cipher_alg = luks_opts.cipher_alg; + luks->cipher_mode = luks_opts.cipher_mode; + luks->ivgen_alg = luks_opts.ivgen_alg; + luks->ivgen_hash_alg = luks_opts.ivgen_hash_alg; + luks->hash_alg = luks_opts.hash_alg; + memset(masterkey, 0, luks->header.key_bytes); g_free(masterkey); memset(slotkey, 0, luks->header.key_bytes); @@ -1305,6 +1326,51 @@ qcrypto_block_luks_create(QCryptoBlock *block, } +static int qcrypto_block_luks_get_info(QCryptoBlock *block, + QCryptoBlockInfo *info, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + QCryptoBlockInfoLUKSSlot *slot; + QCryptoBlockInfoLUKSSlotList *slots = NULL, **prev = &info->u.luks.slots; + size_t i; + + info->u.luks.cipher_alg = luks->cipher_alg; + info->u.luks.cipher_mode = luks->cipher_mode; + info->u.luks.ivgen_alg = luks->ivgen_alg; + if (info->u.luks.ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) { + info->u.luks.has_ivgen_hash_alg = true; + info->u.luks.ivgen_hash_alg = luks->ivgen_hash_alg; + } + info->u.luks.hash_alg = luks->hash_alg; + info->u.luks.payload_offset = block->payload_offset; + info->u.luks.master_key_iters = luks->header.master_key_iterations; + info->u.luks.uuid = g_strndup((const char *)luks->header.uuid, + sizeof(luks->header.uuid)); + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + slots = g_new0(QCryptoBlockInfoLUKSSlotList, 1); + *prev = slots; + + slots->value = slot = g_new0(QCryptoBlockInfoLUKSSlot, 1); + slot->active = luks->header.key_slots[i].active == + QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED; + slot->key_offset = luks->header.key_slots[i].key_offset + * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; + if (slot->active) { + slot->has_iters = true; + slot->iters = luks->header.key_slots[i].iterations; + slot->has_stripes = true; + slot->stripes = luks->header.key_slots[i].stripes; + } + + prev = &slots->next; + } + + return 0; +} + + static void qcrypto_block_luks_cleanup(QCryptoBlock *block) { g_free(block->opaque); @@ -1342,6 +1408,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, const QCryptoBlockDriver qcrypto_block_driver_luks = { .open = qcrypto_block_luks_open, .create = qcrypto_block_luks_create, + .get_info = qcrypto_block_luks_get_info, .cleanup = qcrypto_block_luks_cleanup, .decrypt = qcrypto_block_luks_decrypt, .encrypt = qcrypto_block_luks_encrypt, diff --git a/crypto/block.c b/crypto/block.c index da60eba..be823ee 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -105,6 +105,23 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, } +QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, + Error **errp) +{ + QCryptoBlockInfo *info = g_new0(QCryptoBlockInfo, 1); + + info->format = block->format; + + if (block->driver->get_info && + block->driver->get_info(block, info, errp) < 0) { + g_free(info); + return NULL; + } + + return info; +} + + int qcrypto_block_decrypt(QCryptoBlock *block, uint64_t startsector, uint8_t *buf, diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 15b547d..68f0f06 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -53,6 +53,10 @@ struct QCryptoBlockDriver { void *opaque, Error **errp); + int (*get_info)(QCryptoBlock *block, + QCryptoBlockInfo *info, + Error **errp); + void (*cleanup)(QCryptoBlock *block); int (*encrypt)(QCryptoBlock *block, diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 752b271..28cf504 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -562,6 +562,11 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz) max = vq->vring.num; + if (vq->inuse >= vq->vring.num) { + error_report("Virtqueue size exceeded"); + exit(1); + } + i = head = virtqueue_get_head(vq, vq->last_avail_idx++); if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) { vring_set_avail_event(vq, vq->last_avail_idx); diff --git a/include/block/aio.h b/include/block/aio.h index 209551d..173c1ed 100644 --- a/include/block/aio.h +++ b/include/block/aio.h @@ -74,7 +74,7 @@ struct AioContext { * event_notifier_set necessary. * * Bit 0 is reserved for GSource usage of the AioContext, and is 1 - * between a call to aio_ctx_check and the next call to aio_ctx_dispatch. + * between a call to aio_ctx_prepare and the next call to aio_ctx_check. * Bits 1-31 simply count the number of active calls to aio_poll * that are in the prepare or poll phase. * diff --git a/include/crypto/block.h b/include/crypto/block.h index 8955211..b6971de 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -138,6 +138,22 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, void *opaque, Error **errp); + +/** + * qcrypto_block_get_info: + * @block: the block encryption object + * @errp: pointer to a NULL-initialized error object + * + * Get information about the configuration options for the + * block encryption object. This includes details such as + * the cipher algorithms, modes, and initialization vector + * generators. + * + * Returns: a block encryption info object, or NULL on error + */ +QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, + Error **errp); + /** * @qcrypto_block_decrypt: * @block: the block encryption object diff --git a/qapi/block-core.json b/qapi/block-core.json index f462345..2bbc027 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -85,7 +85,11 @@ { 'union': 'ImageInfoSpecific', 'data': { 'qcow2': 'ImageInfoSpecificQCow2', - 'vmdk': 'ImageInfoSpecificVmdk' + 'vmdk': 'ImageInfoSpecificVmdk', + # If we need to add block driver specific parameters for + # LUKS in future, then we'll subclass QCryptoBlockInfoLUKS + # to define a ImageInfoSpecificLUKS + 'luks': 'QCryptoBlockInfoLUKS' } } ## @@ -1688,9 +1692,9 @@ # Drivers that are supported in block device operations. # # @host_device, @host_cdrom: Since 2.1 +# @gluster: Since 2.7 # # Since: 2.0 -# @gluster: Since 2.7 ## { 'enum': 'BlockdevDriver', 'data': [ 'archipelago', 'blkdebug', 'blkverify', 'bochs', 'cloop', @@ -2134,7 +2138,7 @@ # # @path: absolute path to image file in gluster volume # -# @server: gluster server description +# @server: gluster servers description # # @debug-level: #optional libgfapi log level (default '4' which is Error) # @@ -2144,7 +2148,7 @@ 'data': { 'volume': 'str', 'path': 'str', 'server': ['GlusterServer'], - '*debug_level': 'int' } } + '*debug-level': 'int' } } ## # @BlockdevOptions diff --git a/qapi/crypto.json b/qapi/crypto.json index 4c4a3e0..34d2583 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -224,3 +224,90 @@ 'discriminator': 'format', 'data': { 'qcow': 'QCryptoBlockOptionsQCow', 'luks': 'QCryptoBlockCreateOptionsLUKS' } } + + +## +# QCryptoBlockInfoBase: +# +# The common information that applies to all full disk +# encryption formats +# +# @format: the encryption format +# +# Since: 2.7 +## +{ 'struct': 'QCryptoBlockInfoBase', + 'data': { 'format': 'QCryptoBlockFormat' }} + + +## +# QCryptoBlockInfoLUKSSlot: +# +# Information about the LUKS block encryption key +# slot options +# +# @active: whether the key slot is currently in use +# @key-offset: offset to the key material in bytes +# @iters: #optional number of PBKDF2 iterations for key material +# @stripes: #optional number of stripes for splitting key material +# +# Since: 2.7 +## +{ 'struct': 'QCryptoBlockInfoLUKSSlot', + 'data': {'active': 'bool', + '*iters': 'int', + '*stripes': 'int', + 'key-offset': 'int' } } + + +## +# QCryptoBlockInfoLUKS: +# +# Information about the LUKS block encryption options +# +# @cipher-alg: the cipher algorithm for data encryption +# @cipher-mode: the cipher mode for data encryption +# @ivgen-alg: the initialization vector generator +# @ivgen-hash-alg: #optional the initialization vector generator hash +# @hash-alg: the master key hash algorithm +# @payload-offset: offset to the payload data in bytes +# @master-key-iters: number of PBKDF2 iterations for key material +# @uuid: unique identifier for the volume +# @slots: information about each key slot +# +# Since: 2.7 +## +{ 'struct': 'QCryptoBlockInfoLUKS', + 'data': {'cipher-alg': 'QCryptoCipherAlgorithm', + 'cipher-mode': 'QCryptoCipherMode', + 'ivgen-alg': 'QCryptoIVGenAlgorithm', + '*ivgen-hash-alg': 'QCryptoHashAlgorithm', + 'hash-alg': 'QCryptoHashAlgorithm', + 'payload-offset': 'int', + 'master-key-iters': 'int', + 'uuid': 'str', + 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }} + +## +# QCryptoBlockInfoQCow: +# +# Information about the QCow block encryption options +# +# Since: 2.7 +## +{ 'struct': 'QCryptoBlockInfoQCow', + 'data': { }} + + +## +# QCryptoBlockInfo: +# +# Information about the block encryption options +# +# Since: 2.7 +## +{ 'union': 'QCryptoBlockInfo', + 'base': 'QCryptoBlockInfoBase', + 'discriminator': 'format', + 'data': { 'qcow': 'QCryptoBlockInfoQCow', + 'luks': 'QCryptoBlockInfoLUKS' } } diff --git a/scripts/qemu.py b/scripts/qemu.py index 9cdad24..6d1b623 100644 --- a/scripts/qemu.py +++ b/scripts/qemu.py @@ -24,7 +24,7 @@ class QEMUMachine(object): '''A QEMU VM''' def __init__(self, binary, args=[], wrapper=[], name=None, test_dir="/var/tmp", - monitor_address=None, debug=False): + monitor_address=None, socket_scm_helper=None, debug=False): if name is None: name = "qemu-%d" % os.getpid() if monitor_address is None: @@ -33,10 +33,11 @@ class QEMUMachine(object): self._qemu_log_path = os.path.join(test_dir, name + ".log") self._popen = None self._binary = binary - self._args = args + self._args = list(args) # Force copy args in case we modify them self._wrapper = wrapper self._events = [] self._iolog = None + self._socket_scm_helper = socket_scm_helper self._debug = debug # This can be used to add an unused monitor instance. @@ -60,11 +61,13 @@ class QEMUMachine(object): def send_fd_scm(self, fd_file_path): # In iotest.py, the qmp should always use unix socket. assert self._qmp.is_scm_available() - bin = socket_scm_helper - if os.path.exists(bin) == False: - print "Scm help program does not present, path '%s'." % bin + if self._socket_scm_helper is None: + print >>sys.stderr, "No path to socket_scm_helper set" return -1 - fd_param = ["%s" % bin, + if os.path.exists(self._socket_scm_helper) == False: + print >>sys.stderr, "%s does not exist" % self._socket_scm_helper + return -1 + fd_param = ["%s" % self._socket_scm_helper, "%d" % self._qmp.get_sock_fd(), "%s" % fd_file_path] devnull = open('/dev/null', 'rb') @@ -183,6 +186,23 @@ class QEMUMachine(object): return events def event_wait(self, name, timeout=60.0, match=None): + # Test if 'match' is a recursive subset of 'event' + def event_match(event, match=None): + if match is None: + return True + + for key in match: + if key in event: + if isinstance(event[key], dict): + if not event_match(event[key], match[key]): + return False + elif event[key] != match[key]: + return False + else: + return False + + return True + # Search cached events for event in self._events: if (event['event'] == name) and event_match(event, match): diff --git a/scripts/qtest.py b/scripts/qtest.py index 03bc7f6..d5aecb5 100644 --- a/scripts/qtest.py +++ b/scripts/qtest.py @@ -79,25 +79,30 @@ class QEMUQtestProtocol(object): class QEMUQtestMachine(qemu.QEMUMachine): '''A QEMU VM''' - def __init__(self, binary, args=[], name=None, test_dir="/var/tmp"): - super(self, QEMUQtestMachine).__init__(binary, args, name, test_dir) + def __init__(self, binary, args=[], name=None, test_dir="/var/tmp", + socket_scm_helper=None): + if name is None: + name = "qemu-%d" % os.getpid() + super(QEMUQtestMachine, self).__init__(binary, args, name=name, test_dir=test_dir, + socket_scm_helper=socket_scm_helper) self._qtest_path = os.path.join(test_dir, name + "-qtest.sock") def _base_args(self): - args = super(self, QEMUQtestMachine)._base_args() - args.extend(['-qtest', 'unix:path=' + self._qtest_path]) + args = super(QEMUQtestMachine, self)._base_args() + args.extend(['-qtest', 'unix:path=' + self._qtest_path, + '-machine', 'accel=qtest']) return args def _pre_launch(self): - super(self, QEMUQtestMachine)._pre_launch() + super(QEMUQtestMachine, self)._pre_launch() self._qtest = QEMUQtestProtocol(self._qtest_path, server=True) def _post_launch(self): - super(self, QEMUQtestMachine)._post_launch() + super(QEMUQtestMachine, self)._post_launch() self._qtest.accept() def _post_shutdown(self): - super(self, QEMUQtestMachine)._post_shutdown() + super(QEMUQtestMachine, self)._post_shutdown() self._remove_if_exists(self._qtest_path) def qtest(self, cmd): diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py index 14427f4..dbe0ee5 100644 --- a/tests/qemu-iotests/iotests.py +++ b/tests/qemu-iotests/iotests.py @@ -39,7 +39,7 @@ qemu_io_args = [os.environ.get('QEMU_IO_PROG', 'qemu-io')] if os.environ.get('QEMU_IO_OPTIONS'): qemu_io_args += os.environ['QEMU_IO_OPTIONS'].strip().split(' ') -qemu_prog = [os.environ.get('QEMU_PROG', 'qemu')] +qemu_prog = os.environ.get('QEMU_PROG', 'qemu') qemu_opts = os.environ.get('QEMU_OPTIONS', '').strip().split(' ') imgfmt = os.environ.get('IMGFMT', 'raw') @@ -128,28 +128,12 @@ def log(msg, filters=[]): msg = flt(msg) print msg -# Test if 'match' is a recursive subset of 'event' -def event_match(event, match=None): - if match is None: - return True - - for key in match: - if key in event: - if isinstance(event[key], dict): - if not event_match(event[key], match[key]): - return False - elif event[key] != match[key]: - return False - else: - return False - - return True - -class VM(qtest.QEMUMachine): +class VM(qtest.QEMUQtestMachine): '''A QEMU VM''' def __init__(self): - super(self, VM).__init__(qemu_prog, qemu_opts, test_dir) + super(VM, self).__init__(qemu_prog, qemu_opts, test_dir=test_dir, + socket_scm_helper=socket_scm_helper) self._num_drives = 0 def add_drive_raw(self, opts): |