From nobody Mon Feb 9 09:51:55 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1568395796; cv=none; d=zoho.com; s=zohoarc; b=fFOlRLIv8BYeDhXgvknWBLYovLW5uX1ERQjZuihsGEoq97fS+pGXM/xl9Pje981IPLgsExnfRSFimpgI9uRkDxkpQG/HcGJC+97H6c6WsvYhRiXuuGWsIYXLIaJRnK6ZvtYPK+nUO4gnaHFqCwsYPNHVepqsjoKIO9qztySeuPs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1568395796; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=xJvCEQW98ptbbNJSbeR6Ol0DZkr0k1F/F5nyybvaDGU=; b=OAg6+7rr4a7q0eHhNp/MukWgn4nweq1XLmKcifOv4UGYV612fXhzO69OTlMUeyspY3ZQJ1SMJHBQHh8BSmJiGuKvIneuo8hGwXjXdVC+DR+hse71S26zpOqF48nNfagFQzngq3EgFvhFy9uZ2nbJSn1jwaSClLfkUHiOnHHWXZ0= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 15683957964701001.5760587236664; Fri, 13 Sep 2019 10:29:56 -0700 (PDT) Received: from localhost ([::1]:46448 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8pOI-00049o-84 for importer@patchew.org; Fri, 13 Sep 2019 13:29:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42997) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8pMT-00029T-4m for qemu-devel@nongnu.org; Fri, 13 Sep 2019 13:27:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i8pMR-000483-HM for qemu-devel@nongnu.org; Fri, 13 Sep 2019 13:27:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:53875) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i8pMO-00042t-C1; Fri, 13 Sep 2019 13:27:52 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ABC6B3082E72; Fri, 13 Sep 2019 17:27:51 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.39]) by smtp.corp.redhat.com (Postfix) with ESMTP id 776625C231; Fri, 13 Sep 2019 17:27:49 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 13 Sep 2019 20:27:40 +0300 Message-Id: <20190913172741.5662-3-mlevitsk@redhat.com> In-Reply-To: <20190913172741.5662-1-mlevitsk@redhat.com> References: <20190913172741.5662-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Fri, 13 Sep 2019 17:27:51 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 2/3] block/qcow2: refactor threaded encryption code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Vladimir Sementsov-Ogievskiy , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , qemu-block@nongnu.org, qemu-stable , Max Reitz , Maxim Levitsky Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Change the qcow2_co_encrypt to just receive full host and guest offsets and in pariticular remove the offset_in_cluster parameter of do_perform_cow_encrypt, since it is misleading, because that offset can be larger than cluster size currently. Remove the do_perform_cow_encrypt by merging it with qcow2_co_encrypt Also document the qcow2_co_encrypt arguments to prevent that bug from happening again Signed-off-by: Maxim Levitsky Reviewed-by: Vladimir Sementsov-Ogievskiy --- block/qcow2-cluster.c | 35 +++++-------------- block/qcow2-threads.c | 81 ++++++++++++++++++++++++++++++++++++------- block/qcow2.c | 5 +-- block/qcow2.h | 8 ++--- 4 files changed, 83 insertions(+), 46 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index bfeb0241d7..f42b8a404c 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -462,28 +462,6 @@ static int coroutine_fn do_perform_cow_read(BlockDrive= rState *bs, return 0; } =20 -static bool coroutine_fn do_perform_cow_encrypt(BlockDriverState *bs, - uint64_t src_cluster_offse= t, - uint64_t cluster_offset, - unsigned offset_in_cluster, - uint8_t *buffer, - unsigned bytes) -{ - if (bytes && bs->encrypted) { - BDRVQcow2State *s =3D bs->opaque; - assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); - assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); - assert(s->crypto); - if (qcow2_co_encrypt(bs, - start_of_cluster(s, cluster_offset + offset_in_cluster), - src_cluster_offset + offset_in_cluster, - buffer, bytes) < 0) { - return false; - } - } - return true; -} - static int coroutine_fn do_perform_cow_write(BlockDriverState *bs, uint64_t cluster_offset, unsigned offset_in_cluster, @@ -891,11 +869,14 @@ static int perform_cow(BlockDriverState *bs, QCowL2Me= ta *m) =20 /* Encrypt the data if necessary before writing it */ if (bs->encrypted) { - if (!do_perform_cow_encrypt(bs, m->offset, m->alloc_offset, - start->offset, start_buffer, - start->nb_bytes) || - !do_perform_cow_encrypt(bs, m->offset, m->alloc_offset, - end->offset, end_buffer, end->nb_bytes= )) { + if (!qcow2_co_encrypt(bs, + m->offset + start->offset, + m->alloc_offset + start->offset, + start_buffer, start->nb_bytes) || + !qcow2_co_encrypt(bs, + m->offset + end->offset, + m->alloc_offset + end->offset, + end_buffer, end->nb_bytes)) { ret =3D -EIO; goto fail; } diff --git a/block/qcow2-threads.c b/block/qcow2-threads.c index 3b1e63fe41..b31d45fb2b 100644 --- a/block/qcow2-threads.c +++ b/block/qcow2-threads.c @@ -234,15 +234,15 @@ static int qcow2_encdec_pool_func(void *opaque) } =20 static int coroutine_fn -qcow2_co_encdec(BlockDriverState *bs, uint64_t file_cluster_offset, - uint64_t offset, void *buf, size_t len, Qcow2EncDecFunc = func) +qcow2_co_encdec(BlockDriverState *bs, uint64_t host_offset, + uint64_t guest_offset, void *buf, size_t len, + Qcow2EncDecFunc func) { BDRVQcow2State *s =3D bs->opaque; + Qcow2EncDecData arg =3D { .block =3D s->crypto, - .offset =3D s->crypt_physical_offset ? - file_cluster_offset + offset_into_cluster(s, offset)= : - offset, + .offset =3D s->crypt_physical_offset ? host_offset : guest_offset, .buf =3D buf, .len =3D len, .func =3D func, @@ -251,18 +251,73 @@ qcow2_co_encdec(BlockDriverState *bs, uint64_t file_c= luster_offset, return qcow2_co_process(bs, qcow2_encdec_pool_func, &arg); } =20 + +/* + * qcow2_co_encrypt() + * + * Encrypts one or more contiguous aligned sectors + * + * @host_offset - underlying storage offset of the first sector of the + * data to be encrypted + * + * @guest_offset - guest (virtual) offset of the first sector of the + * data to be encrypted + * + * @buf - buffer with the data to encrypt, that after encryption + * will be written to the underlying storage device at + * @host_offset + * + * @len - length of the buffer (must be a BDRV_SECTOR_SIZE multiple) + * + * Depending on the encryption method, @host_offset and/or @guest_offset + * may be used for generating the initialization vector for + * encryption. + * + * Note that while the whole range must be aligned on sectors, it + * does not have to be aligned on clusters and can also cross cluster + * boundaries + */ int coroutine_fn -qcow2_co_encrypt(BlockDriverState *bs, uint64_t file_cluster_offset, - uint64_t offset, void *buf, size_t len) +qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset, + uint64_t guest_offset, void *buf, size_t len) { - return qcow2_co_encdec(bs, file_cluster_offset, offset, buf, len, - qcrypto_block_encrypt); + + BDRVQcow2State *s =3D bs->opaque; + assert(QEMU_IS_ALIGNED(guest_offset, BDRV_SECTOR_SIZE)); + assert(QEMU_IS_ALIGNED(host_offset, BDRV_SECTOR_SIZE)); + assert(QEMU_IS_ALIGNED(len, BDRV_SECTOR_SIZE)); + assert(s->crypto); + + if (!len) { + return 0; + } + + return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len, + qcrypto_block_encrypt); } =20 + +/* + * qcow2_co_decrypt() + * + * Decrypts one or more contiguous aligned sectors + * Similar to qcow2_co_encrypt + */ + int coroutine_fn -qcow2_co_decrypt(BlockDriverState *bs, uint64_t file_cluster_offset, - uint64_t offset, void *buf, size_t len) +qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset, + uint64_t guest_offset, void *buf, size_t len) { - return qcow2_co_encdec(bs, file_cluster_offset, offset, buf, len, - qcrypto_block_decrypt); + BDRVQcow2State *s =3D bs->opaque; + assert(QEMU_IS_ALIGNED(guest_offset, BDRV_SECTOR_SIZE)); + assert(QEMU_IS_ALIGNED(host_offset, BDRV_SECTOR_SIZE)); + assert(QEMU_IS_ALIGNED(len, BDRV_SECTOR_SIZE)); + assert(s->crypto); + + if (!len) { + return 0; + } + + return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len, + qcrypto_block_decrypt); } diff --git a/block/qcow2.c b/block/qcow2.c index 57734f20cf..ac768092bb 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -2069,7 +2069,8 @@ static coroutine_fn int qcow2_co_preadv_part(BlockDri= verState *bs, =20 assert((offset & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); - if (qcow2_co_decrypt(bs, cluster_offset, offset, + if (qcow2_co_decrypt(bs, cluster_offset + offset_in_cluste= r, + offset, cluster_data, cur_bytes) < 0) { ret =3D -EIO; goto fail; @@ -2288,7 +2289,7 @@ static coroutine_fn int qcow2_co_pwritev_part( qemu_iovec_to_buf(qiov, qiov_offset + bytes_done, cluster_data, cur_bytes); =20 - if (qcow2_co_encrypt(bs, cluster_offset, offset, + if (qcow2_co_encrypt(bs, cluster_offset + offset_in_cluster, o= ffset, cluster_data, cur_bytes) < 0) { ret =3D -EIO; goto out_unlocked; diff --git a/block/qcow2.h b/block/qcow2.h index 998bcdaef1..a488d761ff 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -758,10 +758,10 @@ ssize_t coroutine_fn qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size, const void *src, size_t src_size); int coroutine_fn -qcow2_co_encrypt(BlockDriverState *bs, uint64_t file_cluster_offset, - uint64_t offset, void *buf, size_t len); +qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset, + uint64_t guest_offset, void *buf, size_t len); int coroutine_fn -qcow2_co_decrypt(BlockDriverState *bs, uint64_t file_cluster_offset, - uint64_t offset, void *buf, size_t len); +qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset, + uint64_t guest_offset, void *buf, size_t len); =20 #endif --=20 2.17.2