From d85f4222b4681da7ebf8a90b26e085a68fa2c55a Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 23 Jun 2017 17:24:08 +0100 Subject: qcow: convert QCow to use QCryptoBlock for encryption This converts the qcow driver to make use of the QCryptoBlock APIs for encrypting image content. This is only wired up to permit use of the legacy QCow encryption format. Users who wish to have the strong LUKS format should switch to qcow2 instead. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=sec0,file=/home/berrange/encrypted.pw \ -drive file=/home/berrange/encrypted.qcow,encrypt.format=aes,\ encrypt.key-secret=sec0 Though note that running QEMU system emulators with the AES encryption is no longer supported, so while the above syntax is valid, QEMU will refuse to actually run the VM in this particular example. Likewise when creating images with the legacy AES-CBC format qemu-img create -f qcow \ --object secret,id=sec0,file=/home/berrange/encrypted.pw \ -o encrypt.format=aes,encrypt.key-secret=sec0 \ /home/berrange/encrypted.qcow 64M Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-10-berrange@redhat.com Signed-off-by: Max Reitz --- qapi/block-core.json | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index f85c223..c4b7e6e 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2282,6 +2282,42 @@ 'mode': 'Qcow2OverlapCheckMode' } } ## +# @BlockdevQcowEncryptionFormat: +# +# @aes: AES-CBC with plain64 initialization vectors +# +# Since: 2.10 +## +{ 'enum': 'BlockdevQcowEncryptionFormat', + 'data': [ 'aes' ] } + +## +# @BlockdevQcowEncryption: +# +# Since: 2.10 +## +{ 'union': 'BlockdevQcowEncryption', + 'base': { 'format': 'BlockdevQcowEncryptionFormat' }, + 'discriminator': 'format', + 'data': { 'aes': 'QCryptoBlockOptionsQCow' } } + +## +# @BlockdevOptionsQcow: +# +# Driver specific block device options for qcow. +# +# @encrypt: Image decryption options. Mandatory for +# encrypted images, except when doing a metadata-only +# probe of the image. +# +# Since: 2.10 +## +{ 'struct': 'BlockdevOptionsQcow', + 'base': 'BlockdevOptionsGenericCOWFormat', + 'data': { '*encrypt': 'BlockdevQcowEncryption' } } + + +## # @BlockdevOptionsQcow2: # # Driver specific block device options for qcow2. @@ -2976,7 +3012,7 @@ 'null-co': 'BlockdevOptionsNull', 'parallels': 'BlockdevOptionsGenericFormat', 'qcow2': 'BlockdevOptionsQcow2', - 'qcow': 'BlockdevOptionsGenericCOWFormat', + 'qcow': 'BlockdevOptionsQcow', 'qed': 'BlockdevOptionsGenericCOWFormat', 'quorum': 'BlockdevOptionsQuorum', 'raw': 'BlockdevOptionsRaw', -- cgit v1.1 From b25b387fa5928e516cb2c9e7fde68e958bd7e50a Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 23 Jun 2017 17:24:10 +0100 Subject: qcow2: convert QCow2 to use QCryptoBlock for encryption This converts the qcow2 driver to make use of the QCryptoBlock APIs for encrypting image content, using the legacy QCow2 AES scheme. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=sec0,file=/home/berrange/encrypted.pw \ -drive file=/home/berrange/encrypted.qcow2,encrypt.key-secret=sec0 The test 087 could be simplified since there is no longer a difference in behaviour when using blockdev_add with encrypted images for the running vs stopped CPU state. Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-12-berrange@redhat.com Reviewed-by: Alberto Garcia Signed-off-by: Max Reitz --- qapi/block-core.json | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index c4b7e6e..1f268ee 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2317,6 +2317,26 @@ 'data': { '*encrypt': 'BlockdevQcowEncryption' } } + +## +# @BlockdevQcow2EncryptionFormat: +# @aes: AES-CBC with plain64 initialization venctors +# +# Since: 2.10 +## +{ 'enum': 'BlockdevQcow2EncryptionFormat', + 'data': [ 'aes' ] } + +## +# @BlockdevQcow2Encryption: +# +# Since: 2.10 +## +{ 'union': 'BlockdevQcow2Encryption', + 'base': { 'format': 'BlockdevQcow2EncryptionFormat' }, + 'discriminator': 'format', + 'data': { 'aes': 'QCryptoBlockOptionsQCow' } } + ## # @BlockdevOptionsQcow2: # @@ -2351,6 +2371,9 @@ # @cache-clean-interval: clean unused entries in the L2 and refcount # caches. The interval is in seconds. The default value # is 0 and it disables this feature (since 2.5) +# @encrypt: Image decryption options. Mandatory for +# encrypted images, except when doing a metadata-only +# probe of the image. (since 2.10) # # Since: 2.9 ## @@ -2364,8 +2387,8 @@ '*cache-size': 'int', '*l2-cache-size': 'int', '*refcount-cache-size': 'int', - '*cache-clean-interval': 'int' } } - + '*cache-clean-interval': 'int', + '*encrypt': 'BlockdevQcow2Encryption' } } ## # @BlockdevOptionsSsh: -- cgit v1.1 From 4652b8f3e1ec91bb9d6f00e40df7f96d1f1aafee Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 23 Jun 2017 17:24:12 +0100 Subject: qcow2: add support for LUKS encryption format This adds support for using LUKS as an encryption format with the qcow2 file, using the new encrypt.format parameter to request "luks" format. e.g. # qemu-img create --object secret,data=123456,id=sec0 \ -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 \ test.qcow2 10G The legacy "encryption=on" parameter still results in creation of the old qcow2 AES format (and is equivalent to the new 'encryption-format=aes'). e.g. the following are equivalent: # qemu-img create --object secret,data=123456,id=sec0 \ -f qcow2 -o encryption=on,encrypt.key-secret=sec0 \ test.qcow2 10G # qemu-img create --object secret,data=123456,id=sec0 \ -f qcow2 -o encryption-format=aes,encrypt.key-secret=sec0 \ test.qcow2 10G With the LUKS format it is necessary to store the LUKS partition header and key material in the QCow2 file. This data can be many MB in size, so cannot go into the QCow2 header region directly. Thus the spec defines a FDE (Full Disk Encryption) header extension that specifies the offset of a set of clusters to hold the FDE headers, as well as the length of that region. The LUKS header is thus stored in these extra allocated clusters before the main image payload. Aside from all the cryptographic differences implied by use of the LUKS format, there is one further key difference between the use of legacy AES and LUKS encryption in qcow2. For LUKS, the initialiazation vectors are generated using the host physical sector as the input, rather than the guest virtual sector. This guarantees unique initialization vectors for all sectors when qcow2 internal snapshots are used, thus giving stronger protection against watermarking attacks. Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-14-berrange@redhat.com Reviewed-by: Alberto Garcia Signed-off-by: Max Reitz --- qapi/block-core.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index 1f268ee..bb075c0 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2325,7 +2325,7 @@ # Since: 2.10 ## { 'enum': 'BlockdevQcow2EncryptionFormat', - 'data': [ 'aes' ] } + 'data': [ 'aes', 'luks' ] } ## # @BlockdevQcow2Encryption: @@ -2335,7 +2335,8 @@ { 'union': 'BlockdevQcow2Encryption', 'base': { 'format': 'BlockdevQcow2EncryptionFormat' }, 'discriminator': 'format', - 'data': { 'aes': 'QCryptoBlockOptionsQCow' } } + 'data': { 'aes': 'QCryptoBlockOptionsQCow', + 'luks': 'QCryptoBlockOptionsLUKS'} } ## # @BlockdevOptionsQcow2: -- cgit v1.1 From c01c214b691d2f9c54a15ea7e486b1750f20fbf8 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 23 Jun 2017 17:24:16 +0100 Subject: block: remove all encryption handling APIs Now that all encryption keys must be provided upfront via the QCryptoSecret API and associated block driver properties there is no need for any explicit encryption handling APIs in the block layer. Encryption can be handled transparently within the block driver. We only retain an API for querying whether an image is encrypted or not, since that is a potentially useful piece of metadata to report to the user. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-18-berrange@redhat.com Signed-off-by: Max Reitz --- qapi/block-core.json | 37 ++----------------------------------- qapi/common.json | 5 +---- 2 files changed, 3 insertions(+), 39 deletions(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index bb075c0..d04d277 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -259,8 +259,7 @@ # # @encrypted: true if the backing device is encrypted # -# @encryption_key_missing: true if the backing device is encrypted but an -# valid encryption key is missing +# @encryption_key_missing: Deprecated; always false # # @detect_zeroes: detect and optimize zero writes (Since 2.1) # @@ -946,39 +945,7 @@ # This command sets the password of a block device that has not been open # with a password and requires one. # -# The two cases where this can happen are a block device is created through -# QEMU's initial command line or a block device is changed through the legacy -# @change interface. -# -# In the event that the block device is created through the initial command -# line, the VM will start in the stopped state regardless of whether '-S' is -# used. The intention is for a management tool to query the block devices to -# determine which ones are encrypted, set the passwords with this command, and -# then start the guest with the @cont command. -# -# Either @device or @node-name must be set but not both. -# -# @device: the name of the block backend device to set the password on -# -# @node-name: graph node name to set the password on (Since 2.0) -# -# @password: the password to use for the device -# -# Returns: nothing on success -# If @device is not a valid block device, DeviceNotFound -# If @device is not encrypted, DeviceNotEncrypted -# -# Notes: Not all block formats support encryption and some that do are not -# able to validate that a password is correct. Disk corruption may -# occur if an invalid password is specified. -# -# Since: 0.14.0 -# -# Example: -# -# -> { "execute": "block_passwd", "arguments": { "device": "ide0-hd0", -# "password": "12345" } } -# <- { "return": {} } +# This command is now obsolete and will always return an error since 2.10 # ## { 'command': 'block_passwd', 'data': {'*device': 'str', diff --git a/qapi/common.json b/qapi/common.json index b626647..8355d5a 100644 --- a/qapi/common.json +++ b/qapi/common.json @@ -14,9 +14,6 @@ # # @CommandNotFound: the requested command has not been found # -# @DeviceEncrypted: the requested operation can't be fulfilled because the -# selected device is encrypted -# # @DeviceNotActive: a device has failed to be become active # # @DeviceNotFound: the requested device has not been found @@ -28,7 +25,7 @@ ## { 'enum': 'QapiErrorClass', # Keep this in sync with ErrorClass in error.h - 'data': [ 'GenericError', 'CommandNotFound', 'DeviceEncrypted', + 'data': [ 'GenericError', 'CommandNotFound', 'DeviceNotActive', 'DeviceNotFound', 'KVMMissingCap' ] } ## -- cgit v1.1 From 0a12f6f80eeebeebd492db7d8c4237fe5c712f68 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 23 Jun 2017 17:24:18 +0100 Subject: qcow2: report encryption specific image information Currently 'qemu-img info' reports a simple "encrypted: yes" field. This is not very useful now that qcow2 can support multiple encryption formats. Users want to know which format is in use and some data related to it. Wire up usage of the qcrypto_block_get_info() method so that 'qemu-img info' can report about the encryption format and parameters in use $ qemu-img create \ --object secret,id=sec0,data=123456 \ -o encrypt.format=luks,encrypt.key-secret=sec0 \ -f qcow2 demo.qcow2 1G Formatting 'demo.qcow2', fmt=qcow2 size=1073741824 \ encryption=off encrypt.format=luks encrypt.key-secret=sec0 \ cluster_size=65536 lazy_refcounts=off refcount_bits=16 $ qemu-img info demo.qcow2 image: demo.qcow2 file format: qcow2 virtual size: 1.0G (1073741824 bytes) disk size: 480K encrypted: yes cluster_size: 65536 Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 encrypt: ivgen alg: plain64 hash alg: sha256 cipher alg: aes-256 uuid: 3fa930c4-58c8-4ef7-b3c5-314bb5af21f3 format: luks cipher mode: xts slots: [0]: active: true iters: 1839058 key offset: 4096 stripes: 4000 [1]: active: false key offset: 262144 [2]: active: false key offset: 520192 [3]: active: false key offset: 778240 [4]: active: false key offset: 1036288 [5]: active: false key offset: 1294336 [6]: active: false key offset: 1552384 [7]: active: false key offset: 1810432 payload offset: 2068480 master key iters: 438487 corrupt: false With the legacy "AES" encryption we just report the format name $ qemu-img create \ --object secret,id=sec0,data=123456 \ -o encrypt.format=aes,encrypt.key-secret=sec0 \ -f qcow2 demo.qcow2 1G Formatting 'demo.qcow2', fmt=qcow2 size=1073741824 \ encryption=off encrypt.format=aes encrypt.key-secret=sec0 \ cluster_size=65536 lazy_refcounts=off refcount_bits=16 $ ./qemu-img info demo.qcow2 image: demo.qcow2 file format: qcow2 virtual size: 1.0G (1073741824 bytes) disk size: 196K encrypted: yes cluster_size: 65536 Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 encrypt: format: aes corrupt: false Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-20-berrange@redhat.com Signed-off-by: Max Reitz --- qapi/block-core.json | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index d04d277..9570963 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -33,6 +33,27 @@ 'vm-clock-sec': 'int', 'vm-clock-nsec': 'int' } } ## +# @ImageInfoSpecificQCow2EncryptionBase: +# +# @format: The encryption format +# +# Since: 2.10 +## +{ 'struct': 'ImageInfoSpecificQCow2EncryptionBase', + 'data': { 'format': 'BlockdevQcow2EncryptionFormat'}} + +## +# @ImageInfoSpecificQCow2Encryption: +# +# Since: 2.10 +## +{ 'union': 'ImageInfoSpecificQCow2Encryption', + 'base': 'ImageInfoSpecificQCow2EncryptionBase', + 'discriminator': 'format', + 'data': { 'aes': 'QCryptoBlockInfoQCow', + 'luks': 'QCryptoBlockInfoLUKS' } } + +## # @ImageInfoSpecificQCow2: # # @compat: compatibility level @@ -44,6 +65,9 @@ # # @refcount-bits: width of a refcount entry in bits (since 2.3) # +# @encrypt: details about encryption parameters; only set if image +# is encrypted (since 2.10) +# # Since: 1.7 ## { 'struct': 'ImageInfoSpecificQCow2', @@ -51,7 +75,8 @@ 'compat': 'str', '*lazy-refcounts': 'bool', '*corrupt': 'bool', - 'refcount-bits': 'int' + 'refcount-bits': 'int', + '*encrypt': 'ImageInfoSpecificQCow2Encryption' } } ## -- cgit v1.1 From fd5ae4ccbea17971e4202bbdaba4501627b15f70 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Wed, 28 Jun 2017 15:05:23 +0300 Subject: qmp: add persistent flag to block-dirty-bitmap-add Add optional 'persistent' flag to qmp command block-dirty-bitmap-add. Default is false. Signed-off-by: Vladimir Sementsov-Ogievskiy Signed-off-by: Denis V. Lunev Reviewed-by: Max Reitz Reviewed-by: John Snow Message-id: 20170628120530.31251-24-vsementsov@virtuozzo.com Signed-off-by: Max Reitz --- qapi/block-core.json | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index 9570963..907ac9d 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1553,10 +1553,16 @@ # @granularity: the bitmap granularity, default is 64k for # block-dirty-bitmap-add # +# @persistent: the bitmap is persistent, i.e. it will be saved to the +# corresponding block device image file on its close. For now only +# Qcow2 disks support persistent bitmaps. Default is false for +# block-dirty-bitmap-add. (Since: 2.10) +# # Since: 2.4 ## { 'struct': 'BlockDirtyBitmapAdd', - 'data': { 'node': 'str', 'name': 'str', '*granularity': 'uint32' } } + 'data': { 'node': 'str', 'name': 'str', '*granularity': 'uint32', + '*persistent': 'bool' } } ## # @block-dirty-bitmap-add: -- cgit v1.1 From eb738bb50f216db5edbbf0a59c488cd685ef9e61 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Wed, 28 Jun 2017 15:05:24 +0300 Subject: qmp: add autoload parameter to block-dirty-bitmap-add Optional. Default is false. Signed-off-by: Vladimir Sementsov-Ogievskiy Signed-off-by: Denis V. Lunev Reviewed-by: Max Reitz Reviewed-by: John Snow Message-id: 20170628120530.31251-25-vsementsov@virtuozzo.com Signed-off-by: Max Reitz --- qapi/block-core.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index 907ac9d..fb69efe 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1558,11 +1558,15 @@ # Qcow2 disks support persistent bitmaps. Default is false for # block-dirty-bitmap-add. (Since: 2.10) # +# @autoload: the bitmap will be automatically loaded when the image it is stored +# in is opened. This flag may only be specified for persistent +# bitmaps. Default is false for block-dirty-bitmap-add. (Since: 2.10) +# # Since: 2.4 ## { 'struct': 'BlockDirtyBitmapAdd', 'data': { 'node': 'str', 'name': 'str', '*granularity': 'uint32', - '*persistent': 'bool' } } + '*persistent': 'bool', '*autoload': 'bool' } } ## # @block-dirty-bitmap-add: -- cgit v1.1 From a3b52535e8a577d9b12887a34183fe9077ea24d8 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Wed, 28 Jun 2017 15:05:25 +0300 Subject: qmp: add x-debug-block-dirty-bitmap-sha256 Signed-off-by: Vladimir Sementsov-Ogievskiy Message-id: 20170628120530.31251-26-vsementsov@virtuozzo.com Signed-off-by: Max Reitz --- qapi/block-core.json | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index fb69efe..9b5047d 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1636,6 +1636,33 @@ 'data': 'BlockDirtyBitmap' } ## +# @BlockDirtyBitmapSha256: +# +# SHA256 hash of dirty bitmap data +# +# @sha256: ASCII representation of SHA256 bitmap hash +# +# Since: 2.10 +## + { 'struct': 'BlockDirtyBitmapSha256', + 'data': {'sha256': 'str'} } + +## +# @x-debug-block-dirty-bitmap-sha256: +# +# Get bitmap SHA256 +# +# Returns: BlockDirtyBitmapSha256 on success +# If @node is not a valid block device, DeviceNotFound +# If @name is not found or if hashing has failed, GenericError with an +# explanation +# +# Since: 2.10 +## + { 'command': 'x-debug-block-dirty-bitmap-sha256', + 'data': 'BlockDirtyBitmap', 'returns': 'BlockDirtyBitmapSha256' } + +## # @blockdev-mirror: # # Start mirroring a block device's writes to a new destination. -- cgit v1.1 From 5c36c1af274a66e92305d2c33534337552c6bff3 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Wed, 28 Jun 2017 15:05:29 +0300 Subject: qmp: block-dirty-bitmap-remove: remove persistent Remove persistent bitmap from the storage on block-dirty-bitmap-remove. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Max Reitz Reviewed-by: John Snow Message-id: 20170628120530.31251-30-vsementsov@virtuozzo.com Signed-off-by: Max Reitz --- qapi/block-core.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index 9b5047d..4bf11e8 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1593,7 +1593,8 @@ # @block-dirty-bitmap-remove: # # Stop write tracking and remove the dirty bitmap that was created -# with block-dirty-bitmap-add. +# with block-dirty-bitmap-add. If the bitmap is persistent, remove it from its +# storage too. # # Returns: nothing on success # If @node is not a valid block device or node, DeviceNotFound -- cgit v1.1 From 90880ff107ecaada2a06a823dc5fa652f6e37a62 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 5 Jul 2017 13:57:30 +0100 Subject: block: add bdrv_measure() API bdrv_measure() provides a conservative maximum for the size of a new image. This information is handy if storage needs to be allocated (e.g. a SAN or an LVM volume) ahead of time. Signed-off-by: Stefan Hajnoczi Reviewed-by: Alberto Garcia Message-id: 20170705125738.8777-2-stefanha@redhat.com Signed-off-by: Max Reitz --- qapi/block-core.json | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'qapi') diff --git a/qapi/block-core.json b/qapi/block-core.json index 4bf11e8..c437aa5 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -488,6 +488,31 @@ '*dirty-bitmaps': ['BlockDirtyInfo'] } } ## +# @BlockMeasureInfo: +# +# Image file size calculation information. This structure describes the size +# requirements for creating a new image file. +# +# The size requirements depend on the new image file format. File size always +# equals virtual disk size for the 'raw' format, even for sparse POSIX files. +# Compact formats such as 'qcow2' represent unallocated and zero regions +# efficiently so file size may be smaller than virtual disk size. +# +# The values are upper bounds that are guaranteed to fit the new image file. +# Subsequent modification, such as internal snapshot or bitmap creation, may +# require additional space and is not covered here. +# +# @required: Size required for a new image file, in bytes. +# +# @fully-allocated: Image file size, in bytes, once data has been written +# to all sectors. +# +# Since: 2.10 +## +{ 'struct': 'BlockMeasureInfo', + 'data': {'required': 'int', 'fully-allocated': 'int'} } + +## # @query-block: # # Get a list of BlockInfo for all virtual block devices. -- cgit v1.1