From nobody Wed May 1 11:04:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1490367406128279.5009578323187; Fri, 24 Mar 2017 07:56:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E7C72C04BD4D; Fri, 24 Mar 2017 14:56:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B892C7D675; Fri, 24 Mar 2017 14:56:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2B2B941284; Fri, 24 Mar 2017 14:56:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2OEuhf4016341 for ; Fri, 24 Mar 2017 10:56:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5660C84002; Fri, 24 Mar 2017 14:56:43 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-76.phx2.redhat.com [10.3.116.76]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1506F84010 for ; Fri, 24 Mar 2017 14:56:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E7C72C04BD4D Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E7C72C04BD4D From: John Ferlan To: libvir-list@redhat.com Date: Fri, 24 Mar 2017 10:56:38 -0400 Message-Id: <20170324145638.19069-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] storage: Fix capacity value for LUKS encrypted volumes X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 24 Mar 2017 14:56:45 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1371892 The 'capacity' value (e.g. guest logical size) for a LUKS volume is smaller than the 'physical' value of the file in the file system, so we need to account for that. When peeking at the encryption information about the volume add a fetch of the payload_offset which is described as the offset to the start of the volume data (in 512 byte sectors) in QEMU's QCryptoBlockLUKSHeader. Then adjust the ->capacity appropriately when we determine that the volume target encryption has a payload_offset value. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 3 +++ src/util/virstorageencryption.h | 1 + src/util/virstoragefile.c | 39 +++++++++++++++++++++++++++++++++++++= ++ 3 files changed, 43 insertions(+) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 38d373e..213f173 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -3436,6 +3436,9 @@ storageBackendProbeTarget(virStorageSourcePtr target, target->capacity =3D meta->capacity; =20 if (encryption && meta->encryption) { + if (meta->encryption->payload_offset !=3D -1) + target->capacity -=3D meta->encryption->payload_offset * 512; + *encryption =3D meta->encryption; meta->encryption =3D NULL; =20 diff --git a/src/util/virstorageencryption.h b/src/util/virstorageencryptio= n.h index fa439fb..42f990c 100644 --- a/src/util/virstorageencryption.h +++ b/src/util/virstorageencryption.h @@ -70,6 +70,7 @@ typedef struct _virStorageEncryption virStorageEncryption; typedef virStorageEncryption *virStorageEncryptionPtr; struct _virStorageEncryption { int format; /* virStorageEncryptionFormatType */ + int payload_offset; =20 size_t nsecrets; virStorageEncryptionSecretPtr *secrets; diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index c9420fd..7b30143 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -133,6 +133,8 @@ struct FileEncryptionInfo { =20 int modeOffset; /* Byte offset of the format native encryption mode */ char modeValue; /* Value expected at offset */ + + int payloadOffset; /* start offset of the volume data (in 512 byte sec= tors) */ }; =20 /* Either 'magic' or 'extension' *must* be provided */ @@ -212,9 +214,18 @@ qedGetBackingStore(char **, int *, const char *, size_= t); =20 #define LUKS_HDR_MAGIC_LEN 6 #define LUKS_HDR_VERSION_LEN 2 +#define LUKS_HDR_CIPHER_NAME_LEN 32 +#define LUKS_HDR_CIPHER_MODE_LEN 32 +#define LUKS_HDR_HASH_SPEC_LEN 32 +#define LUKS_HDR_PAYLOAD_LEN 4 =20 /* Format described by qemu commit id '3e308f20e' */ #define LUKS_HDR_VERSION_OFFSET LUKS_HDR_MAGIC_LEN +#define LUKS_HDR_PAYLOAD_OFFSET (LUKS_HDR_MAGIC_LEN+\ + LUKS_HDR_VERSION_LEN+\ + LUKS_HDR_CIPHER_NAME_LEN+\ + LUKS_HDR_CIPHER_MODE_LEN+\ + LUKS_HDR_HASH_SPEC_LEN) =20 static struct FileEncryptionInfo const luksEncryptionInfo[] =3D { { @@ -231,6 +242,8 @@ static struct FileEncryptionInfo const luksEncryptionIn= fo[] =3D { =20 .modeOffset =3D -1, .modeValue =3D -1, + + .payloadOffset =3D LUKS_HDR_PAYLOAD_OFFSET, }, { 0 } }; @@ -249,6 +262,8 @@ static struct FileEncryptionInfo const qcow1EncryptionI= nfo[] =3D { =20 .modeOffset =3D QCOW1_HDR_CRYPT, .modeValue =3D 1, + + .payloadOffset =3D -1, }, { 0 } }; @@ -267,6 +282,8 @@ static struct FileEncryptionInfo const qcow2EncryptionI= nfo[] =3D { =20 .modeOffset =3D QCOW2_HDR_CRYPT, .modeValue =3D 1, + + .payloadOffset =3D -1, }, { 0 } }; @@ -921,6 +938,23 @@ virStorageFileHasEncryptionFormat(const struct FileEnc= ryptionInfo *info, } =20 =20 +static int +virStorageFileGetEncryptionPayloadOffset(const struct FileEncryptionInfo *= info, + char *buf) +{ + int payload_offset =3D -1; + + if (info->payloadOffset !=3D -1) { + if (info->endian =3D=3D LV_LITTLE_ENDIAN) + payload_offset =3D virReadBufInt32LE(buf + info->payloadOffset= ); + else + payload_offset =3D virReadBufInt32BE(buf + info->payloadOffset= ); + } + + return payload_offset; +} + + /* Given a header in BUF with length LEN, as parsed from the storage file * assuming it has the given FORMAT, populate information into META * with information about the file and its backing store. Return format @@ -967,6 +1001,8 @@ virStorageFileGetMetadataInternal(virStorageSourcePtr = meta, goto cleanup; } } + meta->encryption->payload_offset =3D + virStorageFileGetEncryptionPayloadOffset(&fileTypeInfo= [meta->format].cryptInfo[i], buf); } } } @@ -3372,6 +3408,9 @@ virStorageSourceUpdateCapacity(virStorageSourcePtr sr= c, else goto cleanup; =20 + if (src->encryption && src->encryption->payload_offset !=3D -1) + src->capacity -=3D src->encryption->payload_offset * 512; + ret =3D 0; =20 cleanup: --=20 2.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list