[PULL 00/18] Block patches
[PULL for-8.1 0/1] Block patches
1
The following changes since commit bae31bfa48b9caecee25da3d5333901a126a06b4:
1
The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637:
2
2
3
Merge remote-tracking branch 'remotes/kraxel/tags/audio-20200619-pull-request' into staging (2020-06-19 22:56:59 +0100)
3
Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100)
4
4
5
are available in the Git repository at:
5
are available in the Git repository at:
6
6
7
https://github.com/XanClic/qemu.git tags/pull-block-2020-06-22
7
https://gitlab.com/stefanha/qemu.git tags/block-pull-request
8
8
9
for you to fetch changes up to 74c55e4142a7bb835c38d3770c74210cbb1e4fab:
9
for you to fetch changes up to 66547f416a61e0cb711dc76821890242432ba193:
10
10
11
iotests: don't test qcow2.py inside 291 (2020-06-22 16:05:23 +0200)
11
block/nvme: invoke blk_io_plug_call() outside q->lock (2023-07-17 09:17:41 -0400)
12
12
13
----------------------------------------------------------------
13
----------------------------------------------------------------
14
Block patches:
14
Pull request
15
- Support modifying a LUKS-encrypted image's keyslots
15
16
- iotest fixes
16
Fix the hang in the nvme:// block driver during startup.
17
17
18
----------------------------------------------------------------
18
----------------------------------------------------------------
19
Max Reitz (1):
20
iotests: Make _filter_img_create more active
21
19
22
Maxim Levitsky (14):
20
Stefan Hajnoczi (1):
23
iotests: filter few more luks specific create options
21
block/nvme: invoke blk_io_plug_call() outside q->lock
24
qcrypto/core: add generic infrastructure for crypto options amendment
25
qcrypto/luks: implement encryption key management
26
block/amend: add 'force' option
27
block/amend: separate amend and create options for qemu-img
28
block/amend: refactor qcow2 amend options
29
block/crypto: rename two functions
30
block/crypto: implement the encryption key management
31
block/qcow2: extend qemu-img amend interface with crypto options
32
iotests: qemu-img tests for luks key management
33
block/core: add generic infrastructure for x-blockdev-amend qmp
34
command
35
block/crypto: implement blockdev-amend
36
block/qcow2: implement blockdev-amend
37
iotests: add tests for blockdev-amend
38
22
39
Philippe Mathieu-Daudé (1):
23
block/nvme.c | 3 ++-
40
iotests: Fix 051 output after qdev_init_nofail() removal
24
1 file changed, 2 insertions(+), 1 deletion(-)
41
42
Vladimir Sementsov-Ogievskiy (2):
43
block/block-copy: block_copy_dirty_clusters: fix failure check
44
iotests: don't test qcow2.py inside 291
45
46
docs/tools/qemu-img.rst | 5 +-
47
qapi/block-core.json | 68 +++++
48
qapi/crypto.json | 73 +++++-
49
qapi/job.json | 4 +-
50
block/crypto.h | 37 +++
51
crypto/blockpriv.h | 8 +
52
include/block/block.h | 1 +
53
include/block/block_int.h | 24 +-
54
include/crypto/block.h | 22 ++
55
block.c | 4 +-
56
block/amend.c | 113 +++++++++
57
block/block-copy.c | 4 +-
58
block/crypto.c | 206 +++++++++++++--
59
block/qcow2.c | 332 +++++++++++++-----------
60
crypto/block-luks.c | 416 ++++++++++++++++++++++++++++++-
61
crypto/block.c | 29 +++
62
qemu-img.c | 44 +++-
63
block/Makefile.objs | 2 +-
64
qemu-img-cmds.hx | 4 +-
65
tests/qemu-iotests/049.out | 102 ++++----
66
tests/qemu-iotests/051.pc.out | 4 +-
67
tests/qemu-iotests/061.out | 12 +-
68
tests/qemu-iotests/082.out | 185 ++++----------
69
tests/qemu-iotests/085.out | 38 +--
70
tests/qemu-iotests/087.out | 6 +-
71
tests/qemu-iotests/112.out | 2 +-
72
tests/qemu-iotests/134.out | 2 +-
73
tests/qemu-iotests/141 | 2 +-
74
tests/qemu-iotests/144.out | 4 +-
75
tests/qemu-iotests/153 | 9 +-
76
tests/qemu-iotests/158.out | 4 +-
77
tests/qemu-iotests/182.out | 2 +-
78
tests/qemu-iotests/185.out | 8 +-
79
tests/qemu-iotests/188.out | 2 +-
80
tests/qemu-iotests/189.out | 4 +-
81
tests/qemu-iotests/198.out | 4 +-
82
tests/qemu-iotests/255.out | 8 +-
83
tests/qemu-iotests/263.out | 4 +-
84
tests/qemu-iotests/274.out | 46 ++--
85
tests/qemu-iotests/280.out | 2 +-
86
tests/qemu-iotests/284.out | 6 +-
87
tests/qemu-iotests/291 | 4 -
88
tests/qemu-iotests/291.out | 33 ---
89
tests/qemu-iotests/293 | 207 +++++++++++++++
90
tests/qemu-iotests/293.out | 99 ++++++++
91
tests/qemu-iotests/294 | 90 +++++++
92
tests/qemu-iotests/294.out | 30 +++
93
tests/qemu-iotests/295 | 279 +++++++++++++++++++++
94
tests/qemu-iotests/295.out | 40 +++
95
tests/qemu-iotests/296 | 234 +++++++++++++++++
96
tests/qemu-iotests/296.out | 33 +++
97
tests/qemu-iotests/common.filter | 93 +++++--
98
tests/qemu-iotests/group | 4 +
99
53 files changed, 2482 insertions(+), 516 deletions(-)
100
create mode 100644 block/amend.c
101
create mode 100755 tests/qemu-iotests/293
102
create mode 100644 tests/qemu-iotests/293.out
103
create mode 100755 tests/qemu-iotests/294
104
create mode 100644 tests/qemu-iotests/294.out
105
create mode 100755 tests/qemu-iotests/295
106
create mode 100644 tests/qemu-iotests/295.out
107
create mode 100755 tests/qemu-iotests/296
108
create mode 100644 tests/qemu-iotests/296.out
109
25
110
--
26
--
111
2.26.2
27
2.40.1
112
113
diff view generated by jsdifflib
[PULL 01/18] iotests: Make _filter_img_create more active
[PULL for-8.1 1/1] block/nvme: invoke blk_io_plug_call() outside q->lock
1
Right now, _filter_img_create just filters out everything that looks
1
blk_io_plug_call() is invoked outside a blk_io_plug()/blk_io_unplug()
2
format-dependent, and applies some filename filters. That means that we
2
section while opening the NVMe drive from:
3
have to add another filter line every time some format gets a new
4
creation option. This can be avoided by instead discarding everything
5
and just keeping what we know is format-independent (format, size,
6
backing file, encryption information[1], preallocation) or just
7
interesting to have in the reference output (external data file path).
8
3
9
Furthermore, we probably want to sort these options. Format drivers are
4
nvme_file_open() ->
10
not required to define them in any specific order, so the output is
5
nvme_init() ->
11
effectively random (although this has never bothered us until now). We
6
nvme_identify() ->
12
need a specific order for our reference outputs, though. Unfortunately,
7
nvme_admin_cmd_sync() ->
13
just using a plain "sort" would change a lot of existing reference
8
nvme_submit_command() ->
14
outputs, so we have to pre-filter the option keys to keep our existing
9
blk_io_plug_call()
15
order (fmt, size, backing*, data, encryption info, preallocation).
16
10
17
Finally, this makes it difficult for _filter_img_create to automagically
11
blk_io_plug_call() immediately invokes the given callback when the
18
work for QMP output. Thus, this patch adds a separate
12
current thread is not plugged, as is the case during nvme_file_open().
19
_filter_img_create_for_qmp function that echos every line verbatim that
20
does not start with "Formatting", and pipes those "Formatting" lines to
21
_filter_img_create.
22
13
23
[1] Actually, the only thing that is really important is whether
14
Unfortunately, nvme_submit_command() calls blk_io_plug_call() with
24
encryption is enabled or not. A patch by Maxim thus removes all
15
q->lock still held:
25
other "encrypt.*" options from the output:
26
https://lists.nongnu.org/archive/html/qemu-block/2020-06/msg00339.html
27
But that patch needs to come later so we can get away with changing
28
as few reference outputs in this patch here as possible.
29
16
30
Signed-off-by: Max Reitz <mreitz@redhat.com>
17
...
31
Message-Id: <20200618150628.2169239-2-mreitz@redhat.com>
18
q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
19
q->need_kick++;
20
blk_io_plug_call(nvme_unplug_fn, q);
21
qemu_mutex_unlock(&q->lock);
22
^^^^^^^^^^^^^^^^^^^^^^^^^^^
23
24
nvme_unplug_fn() deadlocks trying to acquire q->lock because the lock is
25
already acquired by the same thread. The symptom is that QEMU hangs
26
during startup while opening the NVMe drive.
27
28
Fix this by moving the blk_io_plug_call() outside q->lock. This is safe
29
because no other thread runs code related to this queue and
30
blk_io_plug_call()'s internal state is immune to thread safety issues
31
since it is thread-local.
32
33
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
34
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
35
Tested-by: Lukas Doktor <ldoktor@redhat.com>
36
Message-id: 20230712191628.252806-1-stefanha@redhat.com
37
Fixes: f2e590002bd6 ("block/nvme: convert to blk_io_plug_call() API")
38
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
32
---
39
---
33
tests/qemu-iotests/112.out | 2 +-
40
block/nvme.c | 3 ++-
34
tests/qemu-iotests/141 | 2 +-
41
1 file changed, 2 insertions(+), 1 deletion(-)
35
tests/qemu-iotests/153 | 9 ++-
36
tests/qemu-iotests/common.filter | 96 ++++++++++++++++++++++++--------
37
4 files changed, 78 insertions(+), 31 deletions(-)
38
42
39
diff --git a/tests/qemu-iotests/112.out b/tests/qemu-iotests/112.out
43
diff --git a/block/nvme.c b/block/nvme.c
40
index XXXXXXX..XXXXXXX 100644
44
index XXXXXXX..XXXXXXX 100644
41
--- a/tests/qemu-iotests/112.out
45
--- a/block/nvme.c
42
+++ b/tests/qemu-iotests/112.out
46
+++ b/block/nvme.c
43
@@ -XXX,XX +XXX,XX @@ QA output created by 112
47
@@ -XXX,XX +XXX,XX @@ static void nvme_submit_command(NVMeQueuePair *q, NVMeRequest *req,
44
qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not exceed 64 bits
48
q->sq.tail * NVME_SQ_ENTRY_BYTES, cmd, sizeof(*cmd));
45
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
49
q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
46
qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not exceed 64 bits
50
q->need_kick++;
47
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 refcount_bits=-1
51
+ qemu_mutex_unlock(&q->lock);
48
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
49
qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not exceed 64 bits
50
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
51
qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not exceed 64 bits
52
diff --git a/tests/qemu-iotests/141 b/tests/qemu-iotests/141
53
index XXXXXXX..XXXXXXX 100755
54
--- a/tests/qemu-iotests/141
55
+++ b/tests/qemu-iotests/141
56
@@ -XXX,XX +XXX,XX @@ test_blockjob()
57
_send_qemu_cmd $QEMU_HANDLE \
58
"$1" \
59
"$2" \
60
- | _filter_img_create | _filter_qmp_empty_return
61
+ | _filter_img_create_in_qmp | _filter_qmp_empty_return
62
63
# We want this to return an error because the block job is still running
64
_send_qemu_cmd $QEMU_HANDLE \
65
diff --git a/tests/qemu-iotests/153 b/tests/qemu-iotests/153
66
index XXXXXXX..XXXXXXX 100755
67
--- a/tests/qemu-iotests/153
68
+++ b/tests/qemu-iotests/153
69
@@ -XXX,XX +XXX,XX @@ done
70
71
echo
72
echo "== Creating ${TEST_IMG}.[abc] ==" | _filter_testdir
73
-(
74
- $QEMU_IMG create -f qcow2 "${TEST_IMG}.a" -b "${TEST_IMG}"
75
- $QEMU_IMG create -f qcow2 "${TEST_IMG}.b" -b "${TEST_IMG}"
76
- $QEMU_IMG create -f qcow2 "${TEST_IMG}.c" -b "${TEST_IMG}.b"
77
-) | _filter_img_create
78
+$QEMU_IMG create -f qcow2 "${TEST_IMG}.a" -b "${TEST_IMG}" | _filter_img_create
79
+$QEMU_IMG create -f qcow2 "${TEST_IMG}.b" -b "${TEST_IMG}" | _filter_img_create
80
+$QEMU_IMG create -f qcow2 "${TEST_IMG}.c" -b "${TEST_IMG}.b" \
81
+ | _filter_img_create
82
83
echo
84
echo "== Two devices sharing the same file in backing chain =="
85
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
86
index XXXXXXX..XXXXXXX 100644
87
--- a/tests/qemu-iotests/common.filter
88
+++ b/tests/qemu-iotests/common.filter
89
@@ -XXX,XX +XXX,XX @@ _filter_actual_image_size()
90
# replace driver-specific options in the "Formatting..." line
91
_filter_img_create()
92
{
93
- data_file_filter=()
94
- if data_file=$(_get_data_file "$TEST_IMG"); then
95
- data_file_filter=(-e "s# data_file=$data_file##")
96
+ # Split the line into the pre-options part ($filename_part, which
97
+ # precedes ", fmt=") and the options part ($options, which starts
98
+ # with "fmt=")
99
+ readarray -td '' formatting_line < <(sed -e 's/, fmt=/\x0/')
100
+
52
+
101
+ filename_part=${formatting_line[0]}
53
blk_io_plug_call(nvme_unplug_fn, q);
102
+ if [ -n "${formatting_line[1]}" ]; then
54
- qemu_mutex_unlock(&q->lock);
103
+ options="fmt=${formatting_line[1]}"
104
+ else
105
+ options=''
106
+ fi
107
+
108
+ # Set grep_data_file to '\|data_file' to keep it; make it empty
109
+ # to drop it.
110
+ # We want to drop it if it is part of the global $IMGOPTS, and we
111
+ # want to keep it otherwise (if the test specifically wants to
112
+ # test data files).
113
+ grep_data_file='\|data_file'
114
+ if _get_data_file "$TEST_IMG" > /dev/null; then
115
+ grep_data_file=''
116
fi
117
118
- $SED "${data_file_filter[@]}" \
119
+ filename_filters=(
120
-e "s#$REMOTE_TEST_DIR#TEST_DIR#g" \
121
-e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
122
-e "s#$TEST_DIR#TEST_DIR#g" \
123
-e "s#$SOCK_DIR#SOCK_DIR#g" \
124
-e "s#$IMGFMT#IMGFMT#g" \
125
-e 's#nbd:127.0.0.1:[0-9]\\+#TEST_DIR/t.IMGFMT#g' \
126
- -e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g' \
127
- -e "s# encryption=off##g" \
128
- -e "s# cluster_size=[0-9]\\+##g" \
129
- -e "s# table_size=[0-9]\\+##g" \
130
- -e "s# compat=[^ ]*##g" \
131
- -e "s# compat6=\\(on\\|off\\)##g" \
132
- -e "s# static=\\(on\\|off\\)##g" \
133
- -e "s# zeroed_grain=\\(on\\|off\\)##g" \
134
- -e "s# subformat=[^ ]*##g" \
135
- -e "s# adapter_type=[^ ]*##g" \
136
- -e "s# hwversion=[^ ]*##g" \
137
- -e "s# lazy_refcounts=\\(on\\|off\\)##g" \
138
- -e "s# block_size=[0-9]\\+##g" \
139
- -e "s# block_state_zero=\\(on\\|off\\)##g" \
140
- -e "s# log_size=[0-9]\\+##g" \
141
- -e "s# refcount_bits=[0-9]\\+##g" \
142
- -e "s# key-secret=[a-zA-Z0-9]\\+##g" \
143
- -e "s# iter-time=[0-9]\\+##g" \
144
- -e "s# force_size=\\(on\\|off\\)##g" \
145
- -e "s# compression_type=[a-zA-Z0-9]\\+##g"
146
+ -e 's#nbd+unix:///\??socket=SOCK_DIR/nbd#TEST_DIR/t.IMGFMT#g'
147
+ )
148
+
149
+ filename_part=$(echo "$filename_part" | $SED "${filename_filters[@]}")
150
+
151
+ # Break the option line before each option (preserving pre-existing
152
+ # line breaks by replacing them by \0 and restoring them at the end),
153
+ # then filter out the options we want to keep and sort them according
154
+ # to some order that all block drivers used at the time of writing
155
+ # this function.
156
+ options=$(
157
+ echo "$options" \
158
+ | tr '\n' '\0' \
159
+ | $SED -e 's/\x0$//' -e 's/ \([a-z0-9_.-]*\)=/\n\1=/g' \
160
+ | grep -ae "^\(fmt\\|size\\|backing\\|preallocation\\|encrypt$grep_data_file\\)" \
161
+ | $SED "${filename_filters[@]}" \
162
+ -e 's/^\(fmt\)/0-\1/' \
163
+ -e 's/^\(size\)/1-\1/' \
164
+ -e 's/^\(backing\)/2-\1/' \
165
+ -e 's/^\(data_file\)/3-\1/' \
166
+ -e 's/^\(encryption\)/4-\1/' \
167
+ -e 's/^\(encrypt\.format\)/5-\1/' \
168
+ -e 's/^\(encrypt\.key-secret\)/6-\1/' \
169
+ -e 's/^\(encrypt\.iter-time\)/7-\1/' \
170
+ -e 's/^\(preallocation\)/8-\1/' \
171
+ | sort \
172
+ | $SED -e 's/^[0-9]-//' \
173
+ | tr '\n\0' ' \n' \
174
+ | $SED -e 's/^ *$//' -e 's/ *$//'
175
+ )
176
+
177
+ if [ -n "$options" ]; then
178
+ echo "$filename_part, $options"
179
+ elif [ -n "$filename_part" ]; then
180
+ echo "$filename_part"
181
+ fi
182
+}
183
+
184
+# Filter the "Formatting..." line in QMP output (leaving the QMP output
185
+# untouched)
186
+# (In contrast to _filter_img_create(), this function does not support
187
+# multi-line Formatting output)
188
+_filter_img_create_in_qmp()
189
+{
190
+ while read -r line; do
191
+ if echo "$line" | grep -q '^Formatting'; then
192
+ echo "$line" | _filter_img_create
193
+ else
194
+ echo "$line"
195
+ fi
196
+ done
197
}
55
}
198
56
199
_filter_img_create_size()
57
static void nvme_admin_cmd_sync_cb(void *opaque, int ret)
200
--
58
--
201
2.26.2
59
2.40.1
202
60
203
61
diff view generated by jsdifflib
[PULL 02/18] iotests: filter few more luks specific create options
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
This allows more tests to be able to have same output on both qcow2 luks encrypted images
4
and raw luks images
5
6
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
7
Signed-off-by: Max Reitz <mreitz@redhat.com>
8
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
9
Message-Id: <20200618150628.2169239-3-mreitz@redhat.com>
10
---
11
tests/qemu-iotests/087.out | 6 +++---
12
tests/qemu-iotests/134.out | 2 +-
13
tests/qemu-iotests/158.out | 4 ++--
14
tests/qemu-iotests/188.out | 2 +-
15
tests/qemu-iotests/189.out | 4 ++--
16
tests/qemu-iotests/198.out | 4 ++--
17
tests/qemu-iotests/263.out | 4 ++--
18
tests/qemu-iotests/284.out | 6 +++---
19
tests/qemu-iotests/common.filter | 5 +----
20
9 files changed, 17 insertions(+), 20 deletions(-)
21
22
diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out
23
index XXXXXXX..XXXXXXX 100644
24
--- a/tests/qemu-iotests/087.out
25
+++ b/tests/qemu-iotests/087.out
26
@@ -XXX,XX +XXX,XX @@ QMP_VERSION
27
28
=== Encrypted image QCow ===
29
30
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
31
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
32
Testing:
33
QMP_VERSION
34
{"return": {}}
35
@@ -XXX,XX +XXX,XX @@ QMP_VERSION
36
37
=== Encrypted image LUKS ===
38
39
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encrypt.format=luks encrypt.key-secret=sec0
40
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
41
Testing:
42
QMP_VERSION
43
{"return": {}}
44
@@ -XXX,XX +XXX,XX @@ QMP_VERSION
45
46
=== Missing driver ===
47
48
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
49
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
50
Testing: -S
51
QMP_VERSION
52
{"return": {}}
53
diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out
54
index XXXXXXX..XXXXXXX 100644
55
--- a/tests/qemu-iotests/134.out
56
+++ b/tests/qemu-iotests/134.out
57
@@ -XXX,XX +XXX,XX @@
58
QA output created by 134
59
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
60
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
61
62
== reading whole image ==
63
read 134217728/134217728 bytes at offset 0
64
diff --git a/tests/qemu-iotests/158.out b/tests/qemu-iotests/158.out
65
index XXXXXXX..XXXXXXX 100644
66
--- a/tests/qemu-iotests/158.out
67
+++ b/tests/qemu-iotests/158.out
68
@@ -XXX,XX +XXX,XX @@
69
QA output created by 158
70
== create base ==
71
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
72
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on
73
74
== writing whole image ==
75
wrote 134217728/134217728 bytes at offset 0
76
@@ -XXX,XX +XXX,XX @@ wrote 134217728/134217728 bytes at offset 0
77
read 134217728/134217728 bytes at offset 0
78
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
79
== create overlay ==
80
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base encryption=on encrypt.key-secret=sec0
81
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base encryption=on
82
83
== writing part of a cluster ==
84
wrote 1024/1024 bytes at offset 0
85
diff --git a/tests/qemu-iotests/188.out b/tests/qemu-iotests/188.out
86
index XXXXXXX..XXXXXXX 100644
87
--- a/tests/qemu-iotests/188.out
88
+++ b/tests/qemu-iotests/188.out
89
@@ -XXX,XX +XXX,XX @@
90
QA output created by 188
91
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
92
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216
93
94
== reading whole image ==
95
read 16777216/16777216 bytes at offset 0
96
diff --git a/tests/qemu-iotests/189.out b/tests/qemu-iotests/189.out
97
index XXXXXXX..XXXXXXX 100644
98
--- a/tests/qemu-iotests/189.out
99
+++ b/tests/qemu-iotests/189.out
100
@@ -XXX,XX +XXX,XX @@
101
QA output created by 189
102
== create base ==
103
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
104
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216
105
106
== writing whole image ==
107
wrote 16777216/16777216 bytes at offset 0
108
@@ -XXX,XX +XXX,XX @@ wrote 16777216/16777216 bytes at offset 0
109
read 16777216/16777216 bytes at offset 0
110
16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
111
== create overlay ==
112
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base encrypt.format=luks encrypt.key-secret=sec1 encrypt.iter-time=10
113
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base
114
115
== writing part of a cluster ==
116
wrote 1024/1024 bytes at offset 0
117
diff --git a/tests/qemu-iotests/198.out b/tests/qemu-iotests/198.out
118
index XXXXXXX..XXXXXXX 100644
119
--- a/tests/qemu-iotests/198.out
120
+++ b/tests/qemu-iotests/198.out
121
@@ -XXX,XX +XXX,XX @@
122
QA output created by 198
123
== create base ==
124
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
125
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216
126
127
== writing whole image base ==
128
wrote 16777216/16777216 bytes at offset 0
129
16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
130
== create overlay ==
131
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base encrypt.format=luks encrypt.key-secret=sec1 encrypt.iter-time=10
132
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base
133
134
== writing whole image layer ==
135
wrote 16777216/16777216 bytes at offset 0
136
diff --git a/tests/qemu-iotests/263.out b/tests/qemu-iotests/263.out
137
index XXXXXXX..XXXXXXX 100644
138
--- a/tests/qemu-iotests/263.out
139
+++ b/tests/qemu-iotests/263.out
140
@@ -XXX,XX +XXX,XX @@ QA output created by 263
141
142
testing LUKS qcow2 encryption
143
144
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
145
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
146
== reading the whole image ==
147
read 1048576/1048576 bytes at offset 0
148
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
149
@@ -XXX,XX +XXX,XX @@ read 982528/982528 bytes at offset 66048
150
151
testing legacy AES qcow2 encryption
152
153
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 encrypt.format=aes encrypt.key-secret=sec0
154
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
155
== reading the whole image ==
156
read 1048576/1048576 bytes at offset 0
157
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
158
diff --git a/tests/qemu-iotests/284.out b/tests/qemu-iotests/284.out
159
index XXXXXXX..XXXXXXX 100644
160
--- a/tests/qemu-iotests/284.out
161
+++ b/tests/qemu-iotests/284.out
162
@@ -XXX,XX +XXX,XX @@ QA output created by 284
163
164
testing LUKS qcow2 encryption
165
166
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
167
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
168
169
== cluster size 512
170
== checking image refcounts ==
171
@@ -XXX,XX +XXX,XX @@ wrote 1/1 bytes at offset 512
172
173
== rechecking image refcounts ==
174
No errors were found on the image.
175
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
176
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
177
178
== cluster size 2048
179
== checking image refcounts ==
180
@@ -XXX,XX +XXX,XX @@ wrote 1/1 bytes at offset 2048
181
182
== rechecking image refcounts ==
183
No errors were found on the image.
184
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
185
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
186
187
== cluster size 32768
188
== checking image refcounts ==
189
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
190
index XXXXXXX..XXXXXXX 100644
191
--- a/tests/qemu-iotests/common.filter
192
+++ b/tests/qemu-iotests/common.filter
193
@@ -XXX,XX +XXX,XX @@ _filter_img_create()
194
echo "$options" \
195
| tr '\n' '\0' \
196
| $SED -e 's/\x0$//' -e 's/ \([a-z0-9_.-]*\)=/\n\1=/g' \
197
- | grep -ae "^\(fmt\\|size\\|backing\\|preallocation\\|encrypt$grep_data_file\\)" \
198
+ | grep -ae "^\(fmt\\|size\\|backing\\|preallocation\\|encryption$grep_data_file\\)" \
199
| $SED "${filename_filters[@]}" \
200
-e 's/^\(fmt\)/0-\1/' \
201
-e 's/^\(size\)/1-\1/' \
202
-e 's/^\(backing\)/2-\1/' \
203
-e 's/^\(data_file\)/3-\1/' \
204
-e 's/^\(encryption\)/4-\1/' \
205
- -e 's/^\(encrypt\.format\)/5-\1/' \
206
- -e 's/^\(encrypt\.key-secret\)/6-\1/' \
207
- -e 's/^\(encrypt\.iter-time\)/7-\1/' \
208
-e 's/^\(preallocation\)/8-\1/' \
209
| sort \
210
| $SED -e 's/^[0-9]-//' \
211
--
212
2.26.2
213
214
diff view generated by jsdifflib
[PULL 03/18] block/block-copy: block_copy_dirty_clusters: fix failure check
Deleted patch
1
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2
1
3
ret may be > 0 on success path at this point. Fix assertion, which may
4
crash currently.
5
6
Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
7
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
8
Message-Id: <20200526181347.489557-1-vsementsov@virtuozzo.com>
9
Signed-off-by: Max Reitz <mreitz@redhat.com>
10
---
11
block/block-copy.c | 4 +++-
12
1 file changed, 3 insertions(+), 1 deletion(-)
13
14
diff --git a/block/block-copy.c b/block/block-copy.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/block/block-copy.c
17
+++ b/block/block-copy.c
18
@@ -XXX,XX +XXX,XX @@ out:
19
* block_copy_task_run. If it fails, it means some task already failed
20
* for real reason, let's return first failure.
21
* Still, assert that we don't rewrite failure by success.
22
+ *
23
+ * Note: ret may be positive here because of block-status result.
24
*/
25
- assert(ret == 0 || aio_task_pool_status(aio) < 0);
26
+ assert(ret >= 0 || aio_task_pool_status(aio) < 0);
27
ret = aio_task_pool_status(aio);
28
29
aio_task_pool_free(aio);
30
--
31
2.26.2
32
33
diff view generated by jsdifflib
[PULL 04/18] qcrypto/core: add generic infrastructure for crypto options amendment
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
This will be used first to implement luks keyslot management.
4
5
block_crypto_amend_opts_init will be used to convert
6
qemu-img cmdline to QCryptoBlockAmendOptions
7
8
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
9
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
10
Message-Id: <20200608094030.670121-2-mlevitsk@redhat.com>
11
Signed-off-by: Max Reitz <mreitz@redhat.com>
12
---
13
qapi/crypto.json | 16 ++++++++++++++++
14
block/crypto.h | 3 +++
15
crypto/blockpriv.h | 8 ++++++++
16
include/crypto/block.h | 22 ++++++++++++++++++++++
17
block/crypto.c | 17 +++++++++++++++++
18
crypto/block.c | 29 +++++++++++++++++++++++++++++
19
6 files changed, 95 insertions(+)
20
21
diff --git a/qapi/crypto.json b/qapi/crypto.json
22
index XXXXXXX..XXXXXXX 100644
23
--- a/qapi/crypto.json
24
+++ b/qapi/crypto.json
25
@@ -XXX,XX +XXX,XX @@
26
'base': 'QCryptoBlockInfoBase',
27
'discriminator': 'format',
28
'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
29
+
30
+
31
+
32
+##
33
+# @QCryptoBlockAmendOptions:
34
+#
35
+# The options that are available for all encryption formats
36
+# when amending encryption settings
37
+#
38
+# Since: 5.1
39
+##
40
+{ 'union': 'QCryptoBlockAmendOptions',
41
+ 'base': 'QCryptoBlockOptionsBase',
42
+ 'discriminator': 'format',
43
+ 'data': {
44
+ } }
45
diff --git a/block/crypto.h b/block/crypto.h
46
index XXXXXXX..XXXXXXX 100644
47
--- a/block/crypto.h
48
+++ b/block/crypto.h
49
@@ -XXX,XX +XXX,XX @@
50
QCryptoBlockCreateOptions *
51
block_crypto_create_opts_init(QDict *opts, Error **errp);
52
53
+QCryptoBlockAmendOptions *
54
+block_crypto_amend_opts_init(QDict *opts, Error **errp);
55
+
56
QCryptoBlockOpenOptions *
57
block_crypto_open_opts_init(QDict *opts, Error **errp);
58
59
diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h
60
index XXXXXXX..XXXXXXX 100644
61
--- a/crypto/blockpriv.h
62
+++ b/crypto/blockpriv.h
63
@@ -XXX,XX +XXX,XX @@ struct QCryptoBlockDriver {
64
void *opaque,
65
Error **errp);
66
67
+ int (*amend)(QCryptoBlock *block,
68
+ QCryptoBlockReadFunc readfunc,
69
+ QCryptoBlockWriteFunc writefunc,
70
+ void *opaque,
71
+ QCryptoBlockAmendOptions *options,
72
+ bool force,
73
+ Error **errp);
74
+
75
int (*get_info)(QCryptoBlock *block,
76
QCryptoBlockInfo *info,
77
Error **errp);
78
diff --git a/include/crypto/block.h b/include/crypto/block.h
79
index XXXXXXX..XXXXXXX 100644
80
--- a/include/crypto/block.h
81
+++ b/include/crypto/block.h
82
@@ -XXX,XX +XXX,XX @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
83
void *opaque,
84
Error **errp);
85
86
+/**
87
+ * qcrypto_block_amend_options:
88
+ * @block: the block encryption object
89
+ *
90
+ * @readfunc: callback for reading data from the volume header
91
+ * @writefunc: callback for writing data to the volume header
92
+ * @opaque: data to pass to @readfunc and @writefunc
93
+ * @options: the new/amended encryption options
94
+ * @force: hint for the driver to allow unsafe operation
95
+ * @errp: error pointer
96
+ *
97
+ * Changes the crypto options of the encryption format
98
+ *
99
+ */
100
+int qcrypto_block_amend_options(QCryptoBlock *block,
101
+ QCryptoBlockReadFunc readfunc,
102
+ QCryptoBlockWriteFunc writefunc,
103
+ void *opaque,
104
+ QCryptoBlockAmendOptions *options,
105
+ bool force,
106
+ Error **errp);
107
+
108
109
/**
110
* qcrypto_block_calculate_payload_offset:
111
diff --git a/block/crypto.c b/block/crypto.c
112
index XXXXXXX..XXXXXXX 100644
113
--- a/block/crypto.c
114
+++ b/block/crypto.c
115
@@ -XXX,XX +XXX,XX @@ block_crypto_create_opts_init(QDict *opts, Error **errp)
116
return ret;
117
}
118
119
+QCryptoBlockAmendOptions *
120
+block_crypto_amend_opts_init(QDict *opts, Error **errp)
121
+{
122
+ Visitor *v;
123
+ QCryptoBlockAmendOptions *ret;
124
+
125
+ v = qobject_input_visitor_new_flat_confused(opts, errp);
126
+ if (!v) {
127
+ return NULL;
128
+ }
129
+
130
+ visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
131
+
132
+ visit_free(v);
133
+ return ret;
134
+}
135
+
136
137
static int block_crypto_open_generic(QCryptoBlockFormat format,
138
QemuOptsList *opts_spec,
139
diff --git a/crypto/block.c b/crypto/block.c
140
index XXXXXXX..XXXXXXX 100644
141
--- a/crypto/block.c
142
+++ b/crypto/block.c
143
@@ -XXX,XX +XXX,XX @@ qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_opts,
144
return crypto != NULL;
145
}
146
147
+int qcrypto_block_amend_options(QCryptoBlock *block,
148
+ QCryptoBlockReadFunc readfunc,
149
+ QCryptoBlockWriteFunc writefunc,
150
+ void *opaque,
151
+ QCryptoBlockAmendOptions *options,
152
+ bool force,
153
+ Error **errp)
154
+{
155
+ if (options->format != block->format) {
156
+ error_setg(errp,
157
+ "Cannot amend encryption format");
158
+ return -1;
159
+ }
160
+
161
+ if (!block->driver->amend) {
162
+ error_setg(errp,
163
+ "Crypto format %s doesn't support format options amendment",
164
+ QCryptoBlockFormat_str(block->format));
165
+ return -1;
166
+ }
167
+
168
+ return block->driver->amend(block,
169
+ readfunc,
170
+ writefunc,
171
+ opaque,
172
+ options,
173
+ force,
174
+ errp);
175
+}
176
177
QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block,
178
Error **errp)
179
--
180
2.26.2
181
182
diff view generated by jsdifflib
[PULL 05/18] qcrypto/luks: implement encryption key management
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
Next few patches will expose that functionality to the user.
4
5
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
6
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
7
Message-Id: <20200608094030.670121-3-mlevitsk@redhat.com>
8
Signed-off-by: Max Reitz <mreitz@redhat.com>
9
---
10
qapi/crypto.json | 59 ++++++-
11
crypto/block-luks.c | 416 +++++++++++++++++++++++++++++++++++++++++++-
12
2 files changed, 469 insertions(+), 6 deletions(-)
13
14
diff --git a/qapi/crypto.json b/qapi/crypto.json
15
index XXXXXXX..XXXXXXX 100644
16
--- a/qapi/crypto.json
17
+++ b/qapi/crypto.json
18
@@ -XXX,XX +XXX,XX @@
19
'uuid': 'str',
20
'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
21
22
-
23
##
24
# @QCryptoBlockInfo:
25
#
26
@@ -XXX,XX +XXX,XX @@
27
'discriminator': 'format',
28
'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
29
30
+##
31
+# @QCryptoBlockLUKSKeyslotState:
32
+#
33
+# Defines state of keyslots that are affected by the update
34
+#
35
+# @active: The slots contain the given password and marked as active
36
+# @inactive: The slots are erased (contain garbage) and marked as inactive
37
+#
38
+# Since: 5.1
39
+##
40
+{ 'enum': 'QCryptoBlockLUKSKeyslotState',
41
+ 'data': [ 'active', 'inactive' ] }
42
+
43
44
+##
45
+# @QCryptoBlockAmendOptionsLUKS:
46
+#
47
+# This struct defines the update parameters that activate/de-activate set
48
+# of keyslots
49
+#
50
+# @state: the desired state of the keyslots
51
+#
52
+# @new-secret: The ID of a QCryptoSecret object providing the password to be
53
+# written into added active keyslots
54
+#
55
+# @old-secret: Optional (for deactivation only)
56
+# If given will deactive all keyslots that
57
+# match password located in QCryptoSecret with this ID
58
+#
59
+# @iter-time: Optional (for activation only)
60
+# Number of milliseconds to spend in
61
+# PBKDF passphrase processing for the newly activated keyslot.
62
+# Currently defaults to 2000.
63
+#
64
+# @keyslot: Optional. ID of the keyslot to activate/deactivate.
65
+# For keyslot activation, keyslot should not be active already
66
+# (this is unsafe to update an active keyslot),
67
+# but possible if 'force' parameter is given.
68
+# If keyslot is not given, first free keyslot will be written.
69
+#
70
+# For keyslot deactivation, this parameter specifies the exact
71
+# keyslot to deactivate
72
+#
73
+# @secret: Optional. The ID of a QCryptoSecret object providing the
74
+# password to use to retrive current master key.
75
+# Defaults to the same secret that was used to open the image
76
+#
77
+#
78
+# Since 5.1
79
+##
80
+{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
81
+ 'data': { 'state': 'QCryptoBlockLUKSKeyslotState',
82
+ '*new-secret': 'str',
83
+ '*old-secret': 'str',
84
+ '*keyslot': 'int',
85
+ '*iter-time': 'int',
86
+ '*secret': 'str' } }
87
88
##
89
# @QCryptoBlockAmendOptions:
90
@@ -XXX,XX +XXX,XX @@
91
'base': 'QCryptoBlockOptionsBase',
92
'discriminator': 'format',
93
'data': {
94
- } }
95
+ 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
96
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
97
index XXXXXXX..XXXXXXX 100644
98
--- a/crypto/block-luks.c
99
+++ b/crypto/block-luks.c
100
@@ -XXX,XX +XXX,XX @@
101
#include "qemu/uuid.h"
102
103
#include "qemu/coroutine.h"
104
+#include "qemu/bitmap.h"
105
106
/*
107
* Reference for the LUKS format implemented here is
108
@@ -XXX,XX +XXX,XX @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot;
109
110
#define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
111
112
+#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000
113
+#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
114
+
115
static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
116
'L', 'U', 'K', 'S', 0xBA, 0xBE
117
};
118
@@ -XXX,XX +XXX,XX @@ struct QCryptoBlockLUKS {
119
120
/* Hash algorithm used in pbkdf2 function */
121
QCryptoHashAlgorithm hash_alg;
122
+
123
+ /* Name of the secret that was used to open the image */
124
+ char *secret;
125
};
126
127
128
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_store_key(QCryptoBlock *block,
129
Error **errp)
130
{
131
QCryptoBlockLUKS *luks = block->opaque;
132
- QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
133
+ QCryptoBlockLUKSKeySlot *slot;
134
g_autofree uint8_t *splitkey = NULL;
135
size_t splitkeylen;
136
g_autofree uint8_t *slotkey = NULL;
137
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_store_key(QCryptoBlock *block,
138
uint64_t iters;
139
int ret = -1;
140
141
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
142
+ slot = &luks->header.key_slots[slot_idx];
143
if (qcrypto_random_bytes(slot->salt,
144
QCRYPTO_BLOCK_LUKS_SALT_LEN,
145
errp) < 0) {
146
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
147
Error **errp)
148
{
149
QCryptoBlockLUKS *luks = block->opaque;
150
- const QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
151
+ const QCryptoBlockLUKSKeySlot *slot;
152
g_autofree uint8_t *splitkey = NULL;
153
size_t splitkeylen;
154
g_autofree uint8_t *possiblekey = NULL;
155
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
156
g_autoptr(QCryptoIVGen) ivgen = NULL;
157
size_t niv;
158
159
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
160
+ slot = &luks->header.key_slots[slot_idx];
161
if (slot->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) {
162
return 0;
163
}
164
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
165
return -1;
166
}
167
168
+/*
169
+ * Returns true if a slot i is marked as active
170
+ * (contains encrypted copy of the master key)
171
+ */
172
+static bool
173
+qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
174
+ unsigned int slot_idx)
175
+{
176
+ uint32_t val;
177
+
178
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
179
+ val = luks->header.key_slots[slot_idx].active;
180
+ return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
181
+}
182
+
183
+/*
184
+ * Returns the number of slots that are marked as active
185
+ * (slots that contain encrypted copy of the master key)
186
+ */
187
+static unsigned int
188
+qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks)
189
+{
190
+ size_t i = 0;
191
+ unsigned int ret = 0;
192
+
193
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
194
+ if (qcrypto_block_luks_slot_active(luks, i)) {
195
+ ret++;
196
+ }
197
+ }
198
+ return ret;
199
+}
200
+
201
+/*
202
+ * Finds first key slot which is not active
203
+ * Returns the key slot index, or -1 if it doesn't exist
204
+ */
205
+static int
206
+qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks)
207
+{
208
+ size_t i;
209
+
210
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
211
+ if (!qcrypto_block_luks_slot_active(luks, i)) {
212
+ return i;
213
+ }
214
+ }
215
+ return -1;
216
+}
217
+
218
+/*
219
+ * Erases an keyslot given its index
220
+ * Returns:
221
+ * 0 if the keyslot was erased successfully
222
+ * -1 if a error occurred while erasing the keyslot
223
+ *
224
+ */
225
+static int
226
+qcrypto_block_luks_erase_key(QCryptoBlock *block,
227
+ unsigned int slot_idx,
228
+ QCryptoBlockWriteFunc writefunc,
229
+ void *opaque,
230
+ Error **errp)
231
+{
232
+ QCryptoBlockLUKS *luks = block->opaque;
233
+ QCryptoBlockLUKSKeySlot *slot;
234
+ g_autofree uint8_t *garbagesplitkey = NULL;
235
+ size_t splitkeylen;
236
+ size_t i;
237
+ Error *local_err = NULL;
238
+ int ret;
239
+
240
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
241
+ slot = &luks->header.key_slots[slot_idx];
242
+
243
+ splitkeylen = luks->header.master_key_len * slot->stripes;
244
+ assert(splitkeylen > 0);
245
+
246
+ garbagesplitkey = g_new0(uint8_t, splitkeylen);
247
+
248
+ /* Reset the key slot header */
249
+ memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
250
+ slot->iterations = 0;
251
+ slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
252
+
253
+ ret = qcrypto_block_luks_store_header(block, writefunc,
254
+ opaque, &local_err);
255
+
256
+ if (ret < 0) {
257
+ error_propagate(errp, local_err);
258
+ }
259
+ /*
260
+ * Now try to erase the key material, even if the header
261
+ * update failed
262
+ */
263
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS; i++) {
264
+ if (qcrypto_random_bytes(garbagesplitkey,
265
+ splitkeylen, &local_err) < 0) {
266
+ /*
267
+ * If we failed to get the random data, still write
268
+ * at least zeros to the key slot at least once
269
+ */
270
+ error_propagate(errp, local_err);
271
+
272
+ if (i > 0) {
273
+ return -1;
274
+ }
275
+ }
276
+ if (writefunc(block,
277
+ slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
278
+ garbagesplitkey,
279
+ splitkeylen,
280
+ opaque,
281
+ &local_err) != splitkeylen) {
282
+ error_propagate(errp, local_err);
283
+ return -1;
284
+ }
285
+ }
286
+ return ret;
287
+}
288
289
static int
290
qcrypto_block_luks_open(QCryptoBlock *block,
291
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_open(QCryptoBlock *block,
292
293
luks = g_new0(QCryptoBlockLUKS, 1);
294
block->opaque = luks;
295
+ luks->secret = g_strdup(options->u.luks.key_secret);
296
297
if (qcrypto_block_luks_load_header(block, readfunc, opaque, errp) < 0) {
298
goto fail;
299
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_open(QCryptoBlock *block,
300
fail:
301
qcrypto_block_free_cipher(block);
302
qcrypto_ivgen_free(block->ivgen);
303
+ g_free(luks->secret);
304
g_free(luks);
305
return -1;
306
}
307
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_create(QCryptoBlock *block,
308
309
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
310
if (!luks_opts.has_iter_time) {
311
- luks_opts.iter_time = 2000;
312
+ luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
313
}
314
if (!luks_opts.has_cipher_alg) {
315
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
316
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_create(QCryptoBlock *block,
317
optprefix ? optprefix : "");
318
goto error;
319
}
320
+ luks->secret = g_strdup(options->u.luks.key_secret);
321
+
322
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
323
if (!password) {
324
goto error;
325
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_create(QCryptoBlock *block,
326
qcrypto_block_free_cipher(block);
327
qcrypto_ivgen_free(block->ivgen);
328
329
+ g_free(luks->secret);
330
g_free(luks);
331
return -1;
332
}
333
334
+static int
335
+qcrypto_block_luks_amend_add_keyslot(QCryptoBlock *block,
336
+ QCryptoBlockReadFunc readfunc,
337
+ QCryptoBlockWriteFunc writefunc,
338
+ void *opaque,
339
+ QCryptoBlockAmendOptionsLUKS *opts_luks,
340
+ bool force,
341
+ Error **errp)
342
+{
343
+ QCryptoBlockLUKS *luks = block->opaque;
344
+ uint64_t iter_time = opts_luks->has_iter_time ?
345
+ opts_luks->iter_time :
346
+ QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
347
+ int keyslot;
348
+ g_autofree char *old_password = NULL;
349
+ g_autofree char *new_password = NULL;
350
+ g_autofree uint8_t *master_key = NULL;
351
+
352
+ char *secret = opts_luks->has_secret ? opts_luks->secret : luks->secret;
353
+
354
+ if (!opts_luks->has_new_secret) {
355
+ error_setg(errp, "'new-secret' is required to activate a keyslot");
356
+ return -1;
357
+ }
358
+ if (opts_luks->has_old_secret) {
359
+ error_setg(errp,
360
+ "'old-secret' must not be given when activating keyslots");
361
+ return -1;
362
+ }
363
+
364
+ if (opts_luks->has_keyslot) {
365
+ keyslot = opts_luks->keyslot;
366
+ if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
367
+ error_setg(errp,
368
+ "Invalid keyslot %u specified, must be between 0 and %u",
369
+ keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1);
370
+ return -1;
371
+ }
372
+ } else {
373
+ keyslot = qcrypto_block_luks_find_free_keyslot(luks);
374
+ if (keyslot == -1) {
375
+ error_setg(errp,
376
+ "Can't add a keyslot - all keyslots are in use");
377
+ return -1;
378
+ }
379
+ }
380
+
381
+ if (!force && qcrypto_block_luks_slot_active(luks, keyslot)) {
382
+ error_setg(errp,
383
+ "Refusing to overwrite active keyslot %i - "
384
+ "please erase it first",
385
+ keyslot);
386
+ return -1;
387
+ }
388
+
389
+ /* Locate the password that will be used to retrieve the master key */
390
+ old_password = qcrypto_secret_lookup_as_utf8(secret, errp);
391
+ if (!old_password) {
392
+ return -1;
393
+ }
394
+
395
+ /* Retrieve the master key */
396
+ master_key = g_new0(uint8_t, luks->header.master_key_len);
397
+
398
+ if (qcrypto_block_luks_find_key(block, old_password, master_key,
399
+ readfunc, opaque, errp) < 0) {
400
+ error_append_hint(errp, "Failed to retrieve the master key");
401
+ return -1;
402
+ }
403
+
404
+ /* Locate the new password*/
405
+ new_password = qcrypto_secret_lookup_as_utf8(opts_luks->new_secret, errp);
406
+ if (!new_password) {
407
+ return -1;
408
+ }
409
+
410
+ /* Now set the new keyslots */
411
+ if (qcrypto_block_luks_store_key(block, keyslot, new_password, master_key,
412
+ iter_time, writefunc, opaque, errp)) {
413
+ error_append_hint(errp, "Failed to write to keyslot %i", keyslot);
414
+ return -1;
415
+ }
416
+ return 0;
417
+}
418
+
419
+static int
420
+qcrypto_block_luks_amend_erase_keyslots(QCryptoBlock *block,
421
+ QCryptoBlockReadFunc readfunc,
422
+ QCryptoBlockWriteFunc writefunc,
423
+ void *opaque,
424
+ QCryptoBlockAmendOptionsLUKS *opts_luks,
425
+ bool force,
426
+ Error **errp)
427
+{
428
+ QCryptoBlockLUKS *luks = block->opaque;
429
+ g_autofree uint8_t *tmpkey = NULL;
430
+ g_autofree char *old_password = NULL;
431
+
432
+ if (opts_luks->has_new_secret) {
433
+ error_setg(errp,
434
+ "'new-secret' must not be given when erasing keyslots");
435
+ return -1;
436
+ }
437
+ if (opts_luks->has_iter_time) {
438
+ error_setg(errp,
439
+ "'iter-time' must not be given when erasing keyslots");
440
+ return -1;
441
+ }
442
+ if (opts_luks->has_secret) {
443
+ error_setg(errp,
444
+ "'secret' must not be given when erasing keyslots");
445
+ return -1;
446
+ }
447
+
448
+ /* Load the old password if given */
449
+ if (opts_luks->has_old_secret) {
450
+ old_password = qcrypto_secret_lookup_as_utf8(opts_luks->old_secret,
451
+ errp);
452
+ if (!old_password) {
453
+ return -1;
454
+ }
455
+
456
+ /*
457
+ * Allocate a temporary key buffer that we will need when
458
+ * checking if slot matches the given old password
459
+ */
460
+ tmpkey = g_new0(uint8_t, luks->header.master_key_len);
461
+ }
462
+
463
+ /* Erase an explicitly given keyslot */
464
+ if (opts_luks->has_keyslot) {
465
+ int keyslot = opts_luks->keyslot;
466
+
467
+ if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
468
+ error_setg(errp,
469
+ "Invalid keyslot %i specified, must be between 0 and %i",
470
+ keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1);
471
+ return -1;
472
+ }
473
+
474
+ if (opts_luks->has_old_secret) {
475
+ int rv = qcrypto_block_luks_load_key(block,
476
+ keyslot,
477
+ old_password,
478
+ tmpkey,
479
+ readfunc,
480
+ opaque,
481
+ errp);
482
+ if (rv == -1) {
483
+ return -1;
484
+ } else if (rv == 0) {
485
+ error_setg(errp,
486
+ "Given keyslot %i doesn't contain the given "
487
+ "old password for erase operation",
488
+ keyslot);
489
+ return -1;
490
+ }
491
+ }
492
+
493
+ if (!force && !qcrypto_block_luks_slot_active(luks, keyslot)) {
494
+ error_setg(errp,
495
+ "Given keyslot %i is already erased (inactive) ",
496
+ keyslot);
497
+ return -1;
498
+ }
499
+
500
+ if (!force && qcrypto_block_luks_count_active_slots(luks) == 1) {
501
+ error_setg(errp,
502
+ "Attempt to erase the only active keyslot %i "
503
+ "which will erase all the data in the image "
504
+ "irreversibly - refusing operation",
505
+ keyslot);
506
+ return -1;
507
+ }
508
+
509
+ if (qcrypto_block_luks_erase_key(block, keyslot,
510
+ writefunc, opaque, errp)) {
511
+ error_append_hint(errp, "Failed to erase keyslot %i", keyslot);
512
+ return -1;
513
+ }
514
+
515
+ /* Erase all keyslots that match the given old password */
516
+ } else if (opts_luks->has_old_secret) {
517
+
518
+ unsigned long slots_to_erase_bitmap = 0;
519
+ size_t i;
520
+ int slot_count;
521
+
522
+ assert(QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS <=
523
+ sizeof(slots_to_erase_bitmap) * 8);
524
+
525
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
526
+ int rv = qcrypto_block_luks_load_key(block,
527
+ i,
528
+ old_password,
529
+ tmpkey,
530
+ readfunc,
531
+ opaque,
532
+ errp);
533
+ if (rv == -1) {
534
+ return -1;
535
+ } else if (rv == 1) {
536
+ bitmap_set(&slots_to_erase_bitmap, i, 1);
537
+ }
538
+ }
539
+
540
+ slot_count = bitmap_count_one(&slots_to_erase_bitmap,
541
+ QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
542
+ if (slot_count == 0) {
543
+ error_setg(errp,
544
+ "No keyslots match given (old) password for erase operation");
545
+ return -1;
546
+ }
547
+
548
+ if (!force &&
549
+ slot_count == qcrypto_block_luks_count_active_slots(luks)) {
550
+ error_setg(errp,
551
+ "All the active keyslots match the (old) password that "
552
+ "was given and erasing them will erase all the data in "
553
+ "the image irreversibly - refusing operation");
554
+ return -1;
555
+ }
556
+
557
+ /* Now apply the update */
558
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
559
+ if (!test_bit(i, &slots_to_erase_bitmap)) {
560
+ continue;
561
+ }
562
+ if (qcrypto_block_luks_erase_key(block, i, writefunc,
563
+ opaque, errp)) {
564
+ error_append_hint(errp, "Failed to erase keyslot %zu", i);
565
+ return -1;
566
+ }
567
+ }
568
+ } else {
569
+ error_setg(errp,
570
+ "To erase keyslot(s), either explicit keyslot index "
571
+ "or the password currently contained in them must be given");
572
+ return -1;
573
+ }
574
+ return 0;
575
+}
576
+
577
+static int
578
+qcrypto_block_luks_amend_options(QCryptoBlock *block,
579
+ QCryptoBlockReadFunc readfunc,
580
+ QCryptoBlockWriteFunc writefunc,
581
+ void *opaque,
582
+ QCryptoBlockAmendOptions *options,
583
+ bool force,
584
+ Error **errp)
585
+{
586
+ QCryptoBlockAmendOptionsLUKS *opts_luks = &options->u.luks;
587
+
588
+ switch (opts_luks->state) {
589
+ case Q_CRYPTO_BLOCKLUKS_KEYSLOT_STATE_ACTIVE:
590
+ return qcrypto_block_luks_amend_add_keyslot(block, readfunc,
591
+ writefunc, opaque,
592
+ opts_luks, force, errp);
593
+ case Q_CRYPTO_BLOCKLUKS_KEYSLOT_STATE_INACTIVE:
594
+ return qcrypto_block_luks_amend_erase_keyslots(block, readfunc,
595
+ writefunc, opaque,
596
+ opts_luks, force, errp);
597
+ default:
598
+ g_assert_not_reached();
599
+ }
600
+}
601
602
static int qcrypto_block_luks_get_info(QCryptoBlock *block,
603
QCryptoBlockInfo *info,
604
@@ -XXX,XX +XXX,XX @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
605
606
static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
607
{
608
- g_free(block->opaque);
609
+ QCryptoBlockLUKS *luks = block->opaque;
610
+ if (luks) {
611
+ g_free(luks->secret);
612
+ g_free(luks);
613
+ }
614
}
615
616
617
@@ -XXX,XX +XXX,XX @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
618
const QCryptoBlockDriver qcrypto_block_driver_luks = {
619
.open = qcrypto_block_luks_open,
620
.create = qcrypto_block_luks_create,
621
+ .amend = qcrypto_block_luks_amend_options,
622
.get_info = qcrypto_block_luks_get_info,
623
.cleanup = qcrypto_block_luks_cleanup,
624
.decrypt = qcrypto_block_luks_decrypt,
625
--
626
2.26.2
627
628
diff view generated by jsdifflib
[PULL 06/18] block/amend: add 'force' option
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
'force' option will be used for some unsafe amend operations.
4
5
This includes things like erasing last keyslot in luks based formats
6
(which destroys the data, unless the master key is backed up
7
by external means), but that _might_ be desired result.
8
9
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
10
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
11
Reviewed-by: Max Reitz <mreitz@redhat.com>
12
Message-Id: <20200608094030.670121-4-mlevitsk@redhat.com>
13
Signed-off-by: Max Reitz <mreitz@redhat.com>
14
---
15
docs/tools/qemu-img.rst | 5 ++++-
16
include/block/block.h | 1 +
17
include/block/block_int.h | 1 +
18
block.c | 4 +++-
19
block/qcow2.c | 1 +
20
qemu-img.c | 8 +++++++-
21
qemu-img-cmds.hx | 4 ++--
22
7 files changed, 19 insertions(+), 5 deletions(-)
23
24
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
25
index XXXXXXX..XXXXXXX 100644
26
--- a/docs/tools/qemu-img.rst
27
+++ b/docs/tools/qemu-img.rst
28
@@ -XXX,XX +XXX,XX @@ Command description:
29
30
.. program:: qemu-img-commands
31
32
-.. option:: amend [--object OBJECTDEF] [--image-opts] [-p] [-q] [-f FMT] [-t CACHE] -o OPTIONS FILENAME
33
+.. option:: amend [--object OBJECTDEF] [--image-opts] [-p] [-q] [-f FMT] [-t CACHE] [--force] -o OPTIONS FILENAME
34
35
Amends the image format specific *OPTIONS* for the image file
36
*FILENAME*. Not all file formats support this operation.
37
38
+ --force allows some unsafe operations. Currently for -f luks, it allows to
39
+ erase the last encryption key, and to overwrite an active encryption key.
40
+
41
.. option:: bench [-c COUNT] [-d DEPTH] [-f FMT] [--flush-interval=FLUSH_INTERVAL] [-i AIO] [-n] [--no-drain] [-o OFFSET] [--pattern=PATTERN] [-q] [-s BUFFER_SIZE] [-S STEP_SIZE] [-t CACHE] [-w] [-U] FILENAME
42
43
Run a simple sequential I/O benchmark on the specified image. If ``-w`` is
44
diff --git a/include/block/block.h b/include/block/block.h
45
index XXXXXXX..XXXXXXX 100644
46
--- a/include/block/block.h
47
+++ b/include/block/block.h
48
@@ -XXX,XX +XXX,XX @@ typedef void BlockDriverAmendStatusCB(BlockDriverState *bs, int64_t offset,
49
int64_t total_work_size, void *opaque);
50
int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts,
51
BlockDriverAmendStatusCB *status_cb, void *cb_opaque,
52
+ bool force,
53
Error **errp);
54
55
/* check if a named node can be replaced when doing drive-mirror */
56
diff --git a/include/block/block_int.h b/include/block/block_int.h
57
index XXXXXXX..XXXXXXX 100644
58
--- a/include/block/block_int.h
59
+++ b/include/block/block_int.h
60
@@ -XXX,XX +XXX,XX @@ struct BlockDriver {
61
int (*bdrv_amend_options)(BlockDriverState *bs, QemuOpts *opts,
62
BlockDriverAmendStatusCB *status_cb,
63
void *cb_opaque,
64
+ bool force,
65
Error **errp);
66
67
void (*bdrv_debug_event)(BlockDriverState *bs, BlkdebugEvent event);
68
diff --git a/block.c b/block.c
69
index XXXXXXX..XXXXXXX 100644
70
--- a/block.c
71
+++ b/block.c
72
@@ -XXX,XX +XXX,XX @@ void bdrv_remove_aio_context_notifier(BlockDriverState *bs,
73
74
int bdrv_amend_options(BlockDriverState *bs, QemuOpts *opts,
75
BlockDriverAmendStatusCB *status_cb, void *cb_opaque,
76
+ bool force,
77
Error **errp)
78
{
79
if (!bs->drv) {
80
@@ -XXX,XX +XXX,XX @@ int bdrv_amend_options(BlockDriverState *bs, QemuOpts *opts,
81
bs->drv->format_name);
82
return -ENOTSUP;
83
}
84
- return bs->drv->bdrv_amend_options(bs, opts, status_cb, cb_opaque, errp);
85
+ return bs->drv->bdrv_amend_options(bs, opts, status_cb,
86
+ cb_opaque, force, errp);
87
}
88
89
/*
90
diff --git a/block/qcow2.c b/block/qcow2.c
91
index XXXXXXX..XXXXXXX 100644
92
--- a/block/qcow2.c
93
+++ b/block/qcow2.c
94
@@ -XXX,XX +XXX,XX @@ static void qcow2_amend_helper_cb(BlockDriverState *bs,
95
static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
96
BlockDriverAmendStatusCB *status_cb,
97
void *cb_opaque,
98
+ bool force,
99
Error **errp)
100
{
101
BDRVQcow2State *s = bs->opaque;
102
diff --git a/qemu-img.c b/qemu-img.c
103
index XXXXXXX..XXXXXXX 100644
104
--- a/qemu-img.c
105
+++ b/qemu-img.c
106
@@ -XXX,XX +XXX,XX @@ enum {
107
OPTION_DISABLE = 273,
108
OPTION_MERGE = 274,
109
OPTION_BITMAPS = 275,
110
+ OPTION_FORCE = 276,
111
};
112
113
typedef enum OutputFormat {
114
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
115
BlockBackend *blk = NULL;
116
BlockDriverState *bs = NULL;
117
bool image_opts = false;
118
+ bool force = false;
119
120
cache = BDRV_DEFAULT_CACHE;
121
for (;;) {
122
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
123
{"help", no_argument, 0, 'h'},
124
{"object", required_argument, 0, OPTION_OBJECT},
125
{"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
126
+ {"force", no_argument, 0, OPTION_FORCE},
127
{0, 0, 0, 0}
128
};
129
c = getopt_long(argc, argv, ":ho:f:t:pq",
130
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
131
case OPTION_IMAGE_OPTS:
132
image_opts = true;
133
break;
134
+ case OPTION_FORCE:
135
+ force = true;
136
+ break;
137
}
138
}
139
140
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
141
142
/* In case the driver does not call amend_status_cb() */
143
qemu_progress_print(0.f, 0);
144
- ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, &err);
145
+ ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, force, &err);
146
qemu_progress_print(100.f, 0);
147
if (ret < 0) {
148
error_report_err(err);
149
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
150
index XXXXXXX..XXXXXXX 100644
151
--- a/qemu-img-cmds.hx
152
+++ b/qemu-img-cmds.hx
153
@@ -XXX,XX +XXX,XX @@ HXCOMM When amending the rST sections, please remember to copy the usage
154
HXCOMM over to the per-command sections in docs/tools/qemu-img.rst.
155
156
DEF("amend", img_amend,
157
- "amend [--object objectdef] [--image-opts] [-p] [-q] [-f fmt] [-t cache] -o options filename")
158
+ "amend [--object objectdef] [--image-opts] [-p] [-q] [-f fmt] [-t cache] [--force] -o options filename")
159
SRST
160
-.. option:: amend [--object OBJECTDEF] [--image-opts] [-p] [-q] [-f FMT] [-t CACHE] -o OPTIONS FILENAME
161
+.. option:: amend [--object OBJECTDEF] [--image-opts] [-p] [-q] [-f FMT] [-t CACHE] [--force] -o OPTIONS FILENAME
162
ERST
163
164
DEF("bench", img_bench,
165
--
166
2.26.2
167
168
diff view generated by jsdifflib
[PULL 07/18] block/amend: separate amend and create options for qemu-img
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
Some options are only useful for creation
4
(or hard to be amended, like cluster size for qcow2), while some other
5
options are only useful for amend, like upcoming keyslot management
6
options for luks
7
8
Since currently only qcow2 supports amend, move all its options
9
to a common macro and then include it in each action option list.
10
11
In future it might be useful to remove some options which are
12
not supported anyway from amend list, which currently
13
cause an error message if amended.
14
15
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
16
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
17
Reviewed-by: Max Reitz <mreitz@redhat.com>
18
Message-Id: <20200608094030.670121-5-mlevitsk@redhat.com>
19
Signed-off-by: Max Reitz <mreitz@redhat.com>
20
---
21
include/block/block_int.h | 4 +
22
block/qcow2.c | 173 +++++++++++++++++++++-----------------
23
qemu-img.c | 18 ++--
24
3 files changed, 107 insertions(+), 88 deletions(-)
25
26
diff --git a/include/block/block_int.h b/include/block/block_int.h
27
index XXXXXXX..XXXXXXX 100644
28
--- a/include/block/block_int.h
29
+++ b/include/block/block_int.h
30
@@ -XXX,XX +XXX,XX @@ struct BlockDriver {
31
32
/* List of options for creating images, terminated by name == NULL */
33
QemuOptsList *create_opts;
34
+
35
+ /* List of options for image amend */
36
+ QemuOptsList *amend_opts;
37
+
38
/*
39
* If this driver supports reopening images this contains a
40
* NULL-terminated list of the runtime options that can be
41
diff --git a/block/qcow2.c b/block/qcow2.c
42
index XXXXXXX..XXXXXXX 100644
43
--- a/block/qcow2.c
44
+++ b/block/qcow2.c
45
@@ -XXX,XX +XXX,XX @@ void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset,
46
s->signaled_corruption = true;
47
}
48
49
+#define QCOW_COMMON_OPTIONS \
50
+ { \
51
+ .name = BLOCK_OPT_SIZE, \
52
+ .type = QEMU_OPT_SIZE, \
53
+ .help = "Virtual disk size" \
54
+ }, \
55
+ { \
56
+ .name = BLOCK_OPT_COMPAT_LEVEL, \
57
+ .type = QEMU_OPT_STRING, \
58
+ .help = "Compatibility level (v2 [0.10] or v3 [1.1])" \
59
+ }, \
60
+ { \
61
+ .name = BLOCK_OPT_BACKING_FILE, \
62
+ .type = QEMU_OPT_STRING, \
63
+ .help = "File name of a base image" \
64
+ }, \
65
+ { \
66
+ .name = BLOCK_OPT_BACKING_FMT, \
67
+ .type = QEMU_OPT_STRING, \
68
+ .help = "Image format of the base image" \
69
+ }, \
70
+ { \
71
+ .name = BLOCK_OPT_DATA_FILE, \
72
+ .type = QEMU_OPT_STRING, \
73
+ .help = "File name of an external data file" \
74
+ }, \
75
+ { \
76
+ .name = BLOCK_OPT_DATA_FILE_RAW, \
77
+ .type = QEMU_OPT_BOOL, \
78
+ .help = "The external data file must stay valid " \
79
+ "as a raw image" \
80
+ }, \
81
+ { \
82
+ .name = BLOCK_OPT_ENCRYPT, \
83
+ .type = QEMU_OPT_BOOL, \
84
+ .help = "Encrypt the image with format 'aes'. (Deprecated " \
85
+ "in favor of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)", \
86
+ }, \
87
+ { \
88
+ .name = BLOCK_OPT_ENCRYPT_FORMAT, \
89
+ .type = QEMU_OPT_STRING, \
90
+ .help = "Encrypt the image, format choices: 'aes', 'luks'", \
91
+ }, \
92
+ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.", \
93
+ "ID of secret providing qcow AES key or LUKS passphrase"), \
94
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("encrypt."), \
95
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("encrypt."), \
96
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("encrypt."), \
97
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."), \
98
+ BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."), \
99
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."), \
100
+ { \
101
+ .name = BLOCK_OPT_CLUSTER_SIZE, \
102
+ .type = QEMU_OPT_SIZE, \
103
+ .help = "qcow2 cluster size", \
104
+ .def_value_str = stringify(DEFAULT_CLUSTER_SIZE) \
105
+ }, \
106
+ { \
107
+ .name = BLOCK_OPT_PREALLOC, \
108
+ .type = QEMU_OPT_STRING, \
109
+ .help = "Preallocation mode (allowed values: off, " \
110
+ "metadata, falloc, full)" \
111
+ }, \
112
+ { \
113
+ .name = BLOCK_OPT_LAZY_REFCOUNTS, \
114
+ .type = QEMU_OPT_BOOL, \
115
+ .help = "Postpone refcount updates", \
116
+ .def_value_str = "off" \
117
+ }, \
118
+ { \
119
+ .name = BLOCK_OPT_REFCOUNT_BITS, \
120
+ .type = QEMU_OPT_NUMBER, \
121
+ .help = "Width of a reference count entry in bits", \
122
+ .def_value_str = "16" \
123
+ }, \
124
+ { \
125
+ .name = BLOCK_OPT_COMPRESSION_TYPE, \
126
+ .type = QEMU_OPT_STRING, \
127
+ .help = "Compression method used for image cluster " \
128
+ "compression", \
129
+ .def_value_str = "zlib" \
130
+ }
131
+
132
static QemuOptsList qcow2_create_opts = {
133
.name = "qcow2-create-opts",
134
.head = QTAILQ_HEAD_INITIALIZER(qcow2_create_opts.head),
135
.desc = {
136
- {
137
- .name = BLOCK_OPT_SIZE,
138
- .type = QEMU_OPT_SIZE,
139
- .help = "Virtual disk size"
140
- },
141
- {
142
- .name = BLOCK_OPT_COMPAT_LEVEL,
143
- .type = QEMU_OPT_STRING,
144
- .help = "Compatibility level (v2 [0.10] or v3 [1.1])"
145
- },
146
- {
147
- .name = BLOCK_OPT_BACKING_FILE,
148
- .type = QEMU_OPT_STRING,
149
- .help = "File name of a base image"
150
- },
151
- {
152
- .name = BLOCK_OPT_BACKING_FMT,
153
- .type = QEMU_OPT_STRING,
154
- .help = "Image format of the base image"
155
- },
156
- {
157
- .name = BLOCK_OPT_DATA_FILE,
158
- .type = QEMU_OPT_STRING,
159
- .help = "File name of an external data file"
160
- },
161
- {
162
- .name = BLOCK_OPT_DATA_FILE_RAW,
163
- .type = QEMU_OPT_BOOL,
164
- .help = "The external data file must stay valid as a raw image"
165
- },
166
- {
167
- .name = BLOCK_OPT_ENCRYPT,
168
- .type = QEMU_OPT_BOOL,
169
- .help = "Encrypt the image with format 'aes'. (Deprecated "
170
- "in favor of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)",
171
- },
172
- {
173
- .name = BLOCK_OPT_ENCRYPT_FORMAT,
174
- .type = QEMU_OPT_STRING,
175
- .help = "Encrypt the image, format choices: 'aes', 'luks'",
176
- },
177
- BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.",
178
- "ID of secret providing qcow AES key or LUKS passphrase"),
179
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("encrypt."),
180
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("encrypt."),
181
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("encrypt."),
182
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."),
183
- BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."),
184
- BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."),
185
- {
186
- .name = BLOCK_OPT_CLUSTER_SIZE,
187
- .type = QEMU_OPT_SIZE,
188
- .help = "qcow2 cluster size",
189
- .def_value_str = stringify(DEFAULT_CLUSTER_SIZE)
190
- },
191
- {
192
- .name = BLOCK_OPT_PREALLOC,
193
- .type = QEMU_OPT_STRING,
194
- .help = "Preallocation mode (allowed values: off, metadata, "
195
- "falloc, full)"
196
- },
197
- {
198
- .name = BLOCK_OPT_LAZY_REFCOUNTS,
199
- .type = QEMU_OPT_BOOL,
200
- .help = "Postpone refcount updates",
201
- .def_value_str = "off"
202
- },
203
- {
204
- .name = BLOCK_OPT_REFCOUNT_BITS,
205
- .type = QEMU_OPT_NUMBER,
206
- .help = "Width of a reference count entry in bits",
207
- .def_value_str = "16"
208
- },
209
- {
210
- .name = BLOCK_OPT_COMPRESSION_TYPE,
211
- .type = QEMU_OPT_STRING,
212
- .help = "Compression method used for image cluster compression",
213
- .def_value_str = "zlib"
214
- },
215
+ QCOW_COMMON_OPTIONS,
216
+ { /* end of list */ }
217
+ }
218
+};
219
+
220
+static QemuOptsList qcow2_amend_opts = {
221
+ .name = "qcow2-amend-opts",
222
+ .head = QTAILQ_HEAD_INITIALIZER(qcow2_amend_opts.head),
223
+ .desc = {
224
+ QCOW_COMMON_OPTIONS,
225
{ /* end of list */ }
226
}
227
};
228
@@ -XXX,XX +XXX,XX @@ BlockDriver bdrv_qcow2 = {
229
.bdrv_inactivate = qcow2_inactivate,
230
231
.create_opts = &qcow2_create_opts,
232
+ .amend_opts = &qcow2_amend_opts,
233
.strong_runtime_opts = qcow2_strong_runtime_opts,
234
.mutable_opts = mutable_opts,
235
.bdrv_co_check = qcow2_co_check,
236
diff --git a/qemu-img.c b/qemu-img.c
237
index XXXXXXX..XXXXXXX 100644
238
--- a/qemu-img.c
239
+++ b/qemu-img.c
240
@@ -XXX,XX +XXX,XX @@ static int print_amend_option_help(const char *format)
241
return 1;
242
}
243
244
- /* Every driver supporting amendment must have create_opts */
245
- assert(drv->create_opts);
246
+ /* Every driver supporting amendment must have amend_opts */
247
+ assert(drv->amend_opts);
248
249
printf("Creation options for '%s':\n", format);
250
- qemu_opts_print_help(drv->create_opts, false);
251
+ qemu_opts_print_help(drv->amend_opts, false);
252
printf("\nNote that not all of these options may be amendable.\n");
253
return 0;
254
}
255
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
256
Error *err = NULL;
257
int c, ret = 0;
258
char *options = NULL;
259
- QemuOptsList *create_opts = NULL;
260
+ QemuOptsList *amend_opts = NULL;
261
QemuOpts *opts = NULL;
262
const char *fmt = NULL, *filename, *cache;
263
int flags;
264
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
265
goto out;
266
}
267
268
- /* Every driver supporting amendment must have create_opts */
269
- assert(bs->drv->create_opts);
270
+ /* Every driver supporting amendment must have amend_opts */
271
+ assert(bs->drv->amend_opts);
272
273
- create_opts = qemu_opts_append(create_opts, bs->drv->create_opts);
274
- opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
275
+ amend_opts = qemu_opts_append(amend_opts, bs->drv->amend_opts);
276
+ opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
277
qemu_opts_do_parse(opts, options, NULL, &err);
278
if (err) {
279
error_report_err(err);
280
@@ -XXX,XX +XXX,XX @@ out:
281
out_no_progress:
282
blk_unref(blk);
283
qemu_opts_del(opts);
284
- qemu_opts_free(create_opts);
285
+ qemu_opts_free(amend_opts);
286
g_free(options);
287
288
if (ret) {
289
--
290
2.26.2
291
292
diff view generated by jsdifflib
[PULL 08/18] block/amend: refactor qcow2 amend options
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
Some qcow2 create options can't be used for amend.
4
Remove them from the qcow2 create options and add generic logic to detect
5
such options in qemu-img
6
7
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
8
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
9
Message-Id: <20200608094030.670121-6-mlevitsk@redhat.com>
10
[mreitz: Dropped some iotests reference output hunks that became
11
unnecessary thanks to
12
"iotests: Make _filter_img_create more active"]
13
Signed-off-by: Max Reitz <mreitz@redhat.com>
14
---
15
block/qcow2.c | 138 +++++++++-----------------------
16
qemu-img.c | 18 ++++-
17
tests/qemu-iotests/049.out | 102 ++++++++++++------------
18
tests/qemu-iotests/061.out | 12 ++-
19
tests/qemu-iotests/082.out | 158 ++++---------------------------------
20
tests/qemu-iotests/085.out | 38 ++++-----
21
tests/qemu-iotests/144.out | 4 +-
22
tests/qemu-iotests/182.out | 2 +-
23
tests/qemu-iotests/185.out | 8 +-
24
tests/qemu-iotests/255.out | 8 +-
25
tests/qemu-iotests/274.out | 46 +++++------
26
tests/qemu-iotests/280.out | 2 +-
27
12 files changed, 183 insertions(+), 353 deletions(-)
28
29
diff --git a/block/qcow2.c b/block/qcow2.c
30
index XXXXXXX..XXXXXXX 100644
31
--- a/block/qcow2.c
32
+++ b/block/qcow2.c
33
@@ -XXX,XX +XXX,XX @@ static int qcow2_change_backing_file(BlockDriverState *bs,
34
return qcow2_update_header(bs);
35
}
36
37
-static int qcow2_crypt_method_from_format(const char *encryptfmt)
38
-{
39
- if (g_str_equal(encryptfmt, "luks")) {
40
- return QCOW_CRYPT_LUKS;
41
- } else if (g_str_equal(encryptfmt, "aes")) {
42
- return QCOW_CRYPT_AES;
43
- } else {
44
- return -EINVAL;
45
- }
46
-}
47
-
48
static int qcow2_set_up_encryption(BlockDriverState *bs,
49
QCryptoBlockCreateOptions *cryptoopts,
50
Error **errp)
51
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
52
bool lazy_refcounts = s->use_lazy_refcounts;
53
bool data_file_raw = data_file_is_raw(bs);
54
const char *compat = NULL;
55
- uint64_t cluster_size = s->cluster_size;
56
- bool encrypt;
57
- int encformat;
58
int refcount_bits = s->refcount_bits;
59
int ret;
60
QemuOptDesc *desc = opts->list->desc;
61
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
62
error_setg(errp, "Unknown compatibility level %s", compat);
63
return -EINVAL;
64
}
65
- } else if (!strcmp(desc->name, BLOCK_OPT_PREALLOC)) {
66
- error_setg(errp, "Cannot change preallocation mode");
67
- return -ENOTSUP;
68
} else if (!strcmp(desc->name, BLOCK_OPT_SIZE)) {
69
new_size = qemu_opt_get_size(opts, BLOCK_OPT_SIZE, 0);
70
} else if (!strcmp(desc->name, BLOCK_OPT_BACKING_FILE)) {
71
backing_file = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
72
} else if (!strcmp(desc->name, BLOCK_OPT_BACKING_FMT)) {
73
backing_format = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);
74
- } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT)) {
75
- encrypt = qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT,
76
- !!s->crypto);
77
-
78
- if (encrypt != !!s->crypto) {
79
- error_setg(errp,
80
- "Changing the encryption flag is not supported");
81
- return -ENOTSUP;
82
- }
83
- } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT_FORMAT)) {
84
- encformat = qcow2_crypt_method_from_format(
85
- qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT));
86
-
87
- if (encformat != s->crypt_method_header) {
88
- error_setg(errp,
89
- "Changing the encryption format is not supported");
90
- return -ENOTSUP;
91
- }
92
- } else if (g_str_has_prefix(desc->name, "encrypt.")) {
93
- error_setg(errp,
94
- "Changing the encryption parameters is not supported");
95
- return -ENOTSUP;
96
- } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) {
97
- cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
98
- cluster_size);
99
- if (cluster_size != s->cluster_size) {
100
- error_setg(errp, "Changing the cluster size is not supported");
101
- return -ENOTSUP;
102
- }
103
} else if (!strcmp(desc->name, BLOCK_OPT_LAZY_REFCOUNTS)) {
104
lazy_refcounts = qemu_opt_get_bool(opts, BLOCK_OPT_LAZY_REFCOUNTS,
105
lazy_refcounts);
106
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
107
"images");
108
return -EINVAL;
109
}
110
- } else if (!strcmp(desc->name, BLOCK_OPT_COMPRESSION_TYPE)) {
111
- const char *ct_name =
112
- qemu_opt_get(opts, BLOCK_OPT_COMPRESSION_TYPE);
113
- int compression_type =
114
- qapi_enum_parse(&Qcow2CompressionType_lookup, ct_name, -1,
115
- NULL);
116
- if (compression_type == -1) {
117
- error_setg(errp, "Unknown compression type: %s", ct_name);
118
- return -ENOTSUP;
119
- }
120
-
121
- if (compression_type != s->compression_type) {
122
- error_setg(errp, "Changing the compression type "
123
- "is not supported");
124
- return -ENOTSUP;
125
- }
126
} else {
127
/* if this point is reached, this probably means a new option was
128
* added without having it covered here */
129
@@ -XXX,XX +XXX,XX @@ void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset,
130
.help = "The external data file must stay valid " \
131
"as a raw image" \
132
}, \
133
- { \
134
- .name = BLOCK_OPT_ENCRYPT, \
135
- .type = QEMU_OPT_BOOL, \
136
- .help = "Encrypt the image with format 'aes'. (Deprecated " \
137
- "in favor of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)", \
138
- }, \
139
- { \
140
- .name = BLOCK_OPT_ENCRYPT_FORMAT, \
141
- .type = QEMU_OPT_STRING, \
142
- .help = "Encrypt the image, format choices: 'aes', 'luks'", \
143
- }, \
144
- BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.", \
145
- "ID of secret providing qcow AES key or LUKS passphrase"), \
146
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("encrypt."), \
147
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("encrypt."), \
148
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("encrypt."), \
149
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."), \
150
- BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."), \
151
- BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."), \
152
- { \
153
- .name = BLOCK_OPT_CLUSTER_SIZE, \
154
- .type = QEMU_OPT_SIZE, \
155
- .help = "qcow2 cluster size", \
156
- .def_value_str = stringify(DEFAULT_CLUSTER_SIZE) \
157
- }, \
158
- { \
159
- .name = BLOCK_OPT_PREALLOC, \
160
- .type = QEMU_OPT_STRING, \
161
- .help = "Preallocation mode (allowed values: off, " \
162
- "metadata, falloc, full)" \
163
- }, \
164
{ \
165
.name = BLOCK_OPT_LAZY_REFCOUNTS, \
166
.type = QEMU_OPT_BOOL, \
167
@@ -XXX,XX +XXX,XX @@ void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset,
168
.type = QEMU_OPT_NUMBER, \
169
.help = "Width of a reference count entry in bits", \
170
.def_value_str = "16" \
171
- }, \
172
- { \
173
- .name = BLOCK_OPT_COMPRESSION_TYPE, \
174
- .type = QEMU_OPT_STRING, \
175
- .help = "Compression method used for image cluster " \
176
- "compression", \
177
- .def_value_str = "zlib" \
178
}
179
180
static QemuOptsList qcow2_create_opts = {
181
.name = "qcow2-create-opts",
182
.head = QTAILQ_HEAD_INITIALIZER(qcow2_create_opts.head),
183
.desc = {
184
+ { \
185
+ .name = BLOCK_OPT_ENCRYPT, \
186
+ .type = QEMU_OPT_BOOL, \
187
+ .help = "Encrypt the image with format 'aes'. (Deprecated " \
188
+ "in favor of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)", \
189
+ }, \
190
+ { \
191
+ .name = BLOCK_OPT_ENCRYPT_FORMAT, \
192
+ .type = QEMU_OPT_STRING, \
193
+ .help = "Encrypt the image, format choices: 'aes', 'luks'", \
194
+ }, \
195
+ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.", \
196
+ "ID of secret providing qcow AES key or LUKS passphrase"), \
197
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("encrypt."), \
198
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("encrypt."), \
199
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("encrypt."), \
200
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."), \
201
+ BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."), \
202
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."), \
203
+ { \
204
+ .name = BLOCK_OPT_CLUSTER_SIZE, \
205
+ .type = QEMU_OPT_SIZE, \
206
+ .help = "qcow2 cluster size", \
207
+ .def_value_str = stringify(DEFAULT_CLUSTER_SIZE) \
208
+ }, \
209
+ { \
210
+ .name = BLOCK_OPT_PREALLOC, \
211
+ .type = QEMU_OPT_STRING, \
212
+ .help = "Preallocation mode (allowed values: off, " \
213
+ "metadata, falloc, full)" \
214
+ }, \
215
+ { \
216
+ .name = BLOCK_OPT_COMPRESSION_TYPE, \
217
+ .type = QEMU_OPT_STRING, \
218
+ .help = "Compression method used for image cluster " \
219
+ "compression", \
220
+ .def_value_str = "zlib" \
221
+ },
222
QCOW_COMMON_OPTIONS,
223
{ /* end of list */ }
224
}
225
diff --git a/qemu-img.c b/qemu-img.c
226
index XXXXXXX..XXXXXXX 100644
227
--- a/qemu-img.c
228
+++ b/qemu-img.c
229
@@ -XXX,XX +XXX,XX @@ static int print_amend_option_help(const char *format)
230
/* Every driver supporting amendment must have amend_opts */
231
assert(drv->amend_opts);
232
233
- printf("Creation options for '%s':\n", format);
234
+ printf("Amend options for '%s':\n", format);
235
qemu_opts_print_help(drv->amend_opts, false);
236
- printf("\nNote that not all of these options may be amendable.\n");
237
return 0;
238
}
239
240
@@ -XXX,XX +XXX,XX @@ static int img_amend(int argc, char **argv)
241
amend_opts = qemu_opts_append(amend_opts, bs->drv->amend_opts);
242
opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
243
qemu_opts_do_parse(opts, options, NULL, &err);
244
+
245
if (err) {
246
+ /* Try to parse options using the create options */
247
+ Error *err1 = NULL;
248
+ amend_opts = qemu_opts_append(amend_opts, bs->drv->create_opts);
249
+ qemu_opts_del(opts);
250
+ opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
251
+ qemu_opts_do_parse(opts, options, NULL, &err1);
252
+
253
+ if (!err1) {
254
+ error_append_hint(&err,
255
+ "This option is only supported for image creation\n");
256
+ } else {
257
+ error_free(err1);
258
+ }
259
+
260
error_report_err(err);
261
ret = -1;
262
goto out;
263
diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
264
index XXXXXXX..XXXXXXX 100644
265
--- a/tests/qemu-iotests/049.out
266
+++ b/tests/qemu-iotests/049.out
267
@@ -XXX,XX +XXX,XX @@ QA output created by 049
268
== 1. Traditional size parameter ==
269
270
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1024
271
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
272
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
273
274
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1024b
275
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
276
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
277
278
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1k
279
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
280
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
281
282
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1K
283
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
284
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
285
286
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1M
287
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1048576 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
288
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1048576 lazy_refcounts=off refcount_bits=16
289
290
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1G
291
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1073741824 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
292
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1073741824 lazy_refcounts=off refcount_bits=16
293
294
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1T
295
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1099511627776 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
296
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1099511627776 lazy_refcounts=off refcount_bits=16
297
298
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1024.0
299
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
300
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
301
302
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1024.0b
303
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
304
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
305
306
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1.5k
307
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1536 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
308
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1536 lazy_refcounts=off refcount_bits=16
309
310
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1.5K
311
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1536 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
312
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1536 lazy_refcounts=off refcount_bits=16
313
314
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1.5M
315
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1572864 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
316
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1572864 lazy_refcounts=off refcount_bits=16
317
318
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1.5G
319
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1610612736 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
320
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1610612736 lazy_refcounts=off refcount_bits=16
321
322
qemu-img create -f qcow2 TEST_DIR/t.qcow2 1.5T
323
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1649267441664 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
324
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1649267441664 lazy_refcounts=off refcount_bits=16
325
326
== 2. Specifying size via -o ==
327
328
qemu-img create -f qcow2 -o size=1024 TEST_DIR/t.qcow2
329
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
330
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
331
332
qemu-img create -f qcow2 -o size=1024b TEST_DIR/t.qcow2
333
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
334
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
335
336
qemu-img create -f qcow2 -o size=1k TEST_DIR/t.qcow2
337
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
338
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
339
340
qemu-img create -f qcow2 -o size=1K TEST_DIR/t.qcow2
341
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
342
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
343
344
qemu-img create -f qcow2 -o size=1M TEST_DIR/t.qcow2
345
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1048576 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
346
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1048576 lazy_refcounts=off refcount_bits=16
347
348
qemu-img create -f qcow2 -o size=1G TEST_DIR/t.qcow2
349
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1073741824 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
350
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1073741824 lazy_refcounts=off refcount_bits=16
351
352
qemu-img create -f qcow2 -o size=1T TEST_DIR/t.qcow2
353
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1099511627776 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
354
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1099511627776 lazy_refcounts=off refcount_bits=16
355
356
qemu-img create -f qcow2 -o size=1024.0 TEST_DIR/t.qcow2
357
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
358
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
359
360
qemu-img create -f qcow2 -o size=1024.0b TEST_DIR/t.qcow2
361
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
362
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1024 lazy_refcounts=off refcount_bits=16
363
364
qemu-img create -f qcow2 -o size=1.5k TEST_DIR/t.qcow2
365
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1536 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
366
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1536 lazy_refcounts=off refcount_bits=16
367
368
qemu-img create -f qcow2 -o size=1.5K TEST_DIR/t.qcow2
369
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1536 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
370
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1536 lazy_refcounts=off refcount_bits=16
371
372
qemu-img create -f qcow2 -o size=1.5M TEST_DIR/t.qcow2
373
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1572864 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
374
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1572864 lazy_refcounts=off refcount_bits=16
375
376
qemu-img create -f qcow2 -o size=1.5G TEST_DIR/t.qcow2
377
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1610612736 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
378
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1610612736 lazy_refcounts=off refcount_bits=16
379
380
qemu-img create -f qcow2 -o size=1.5T TEST_DIR/t.qcow2
381
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1649267441664 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
382
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1649267441664 lazy_refcounts=off refcount_bits=16
383
384
== 3. Invalid sizes ==
385
386
@@ -XXX,XX +XXX,XX @@ qemu-img: TEST_DIR/t.qcow2: The image size must be specified only once
387
== Check correct interpretation of suffixes for cluster size ==
388
389
qemu-img create -f qcow2 -o cluster_size=1024 TEST_DIR/t.qcow2 64M
390
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1024 lazy_refcounts=off refcount_bits=16 compression_type=zlib
391
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1024 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
392
393
qemu-img create -f qcow2 -o cluster_size=1024b TEST_DIR/t.qcow2 64M
394
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1024 lazy_refcounts=off refcount_bits=16 compression_type=zlib
395
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1024 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
396
397
qemu-img create -f qcow2 -o cluster_size=1k TEST_DIR/t.qcow2 64M
398
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1024 lazy_refcounts=off refcount_bits=16 compression_type=zlib
399
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1024 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
400
401
qemu-img create -f qcow2 -o cluster_size=1K TEST_DIR/t.qcow2 64M
402
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1024 lazy_refcounts=off refcount_bits=16 compression_type=zlib
403
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1024 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
404
405
qemu-img create -f qcow2 -o cluster_size=1M TEST_DIR/t.qcow2 64M
406
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1048576 lazy_refcounts=off refcount_bits=16 compression_type=zlib
407
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1048576 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
408
409
qemu-img create -f qcow2 -o cluster_size=1024.0 TEST_DIR/t.qcow2 64M
410
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1024 lazy_refcounts=off refcount_bits=16 compression_type=zlib
411
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1024 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
412
413
qemu-img create -f qcow2 -o cluster_size=1024.0b TEST_DIR/t.qcow2 64M
414
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=1024 lazy_refcounts=off refcount_bits=16 compression_type=zlib
415
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=1024 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
416
417
qemu-img create -f qcow2 -o cluster_size=0.5k TEST_DIR/t.qcow2 64M
418
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=512 lazy_refcounts=off refcount_bits=16 compression_type=zlib
419
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=512 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
420
421
qemu-img create -f qcow2 -o cluster_size=0.5K TEST_DIR/t.qcow2 64M
422
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=512 lazy_refcounts=off refcount_bits=16 compression_type=zlib
423
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=512 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
424
425
qemu-img create -f qcow2 -o cluster_size=0.5M TEST_DIR/t.qcow2 64M
426
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=524288 lazy_refcounts=off refcount_bits=16 compression_type=zlib
427
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=524288 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
428
429
== Check compat level option ==
430
431
qemu-img create -f qcow2 -o compat=0.10 TEST_DIR/t.qcow2 64M
432
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=0.10 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
433
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=0.10 lazy_refcounts=off refcount_bits=16
434
435
qemu-img create -f qcow2 -o compat=1.1 TEST_DIR/t.qcow2 64M
436
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=1.1 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
437
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=1.1 lazy_refcounts=off refcount_bits=16
438
439
qemu-img create -f qcow2 -o compat=0.42 TEST_DIR/t.qcow2 64M
440
qemu-img: TEST_DIR/t.qcow2: Invalid parameter '0.42'
441
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=0.42 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
442
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=0.42 lazy_refcounts=off refcount_bits=16
443
444
qemu-img create -f qcow2 -o compat=foobar TEST_DIR/t.qcow2 64M
445
qemu-img: TEST_DIR/t.qcow2: Invalid parameter 'foobar'
446
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=foobar cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
447
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=foobar lazy_refcounts=off refcount_bits=16
448
449
== Check preallocation option ==
450
451
qemu-img create -f qcow2 -o preallocation=off TEST_DIR/t.qcow2 64M
452
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=65536 preallocation=off lazy_refcounts=off refcount_bits=16 compression_type=zlib
453
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 preallocation=off compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
454
455
qemu-img create -f qcow2 -o preallocation=metadata TEST_DIR/t.qcow2 64M
456
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=65536 preallocation=metadata lazy_refcounts=off refcount_bits=16 compression_type=zlib
457
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 preallocation=metadata compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
458
459
qemu-img create -f qcow2 -o preallocation=1234 TEST_DIR/t.qcow2 64M
460
qemu-img: TEST_DIR/t.qcow2: Invalid parameter '1234'
461
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 cluster_size=65536 preallocation=1234 lazy_refcounts=off refcount_bits=16 compression_type=zlib
462
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 preallocation=1234 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
463
464
== Check encryption option ==
465
466
qemu-img create -f qcow2 -o encryption=off TEST_DIR/t.qcow2 64M
467
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
468
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 encryption=off cluster_size=65536 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
469
470
qemu-img create -f qcow2 --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 TEST_DIR/t.qcow2 64M
471
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on encrypt.key-secret=sec0 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
472
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 encryption=on encrypt.key-secret=sec0 cluster_size=65536 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
473
474
== Check lazy_refcounts option (only with v3) ==
475
476
qemu-img create -f qcow2 -o compat=1.1,lazy_refcounts=off TEST_DIR/t.qcow2 64M
477
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=1.1 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
478
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=1.1 lazy_refcounts=off refcount_bits=16
479
480
qemu-img create -f qcow2 -o compat=1.1,lazy_refcounts=on TEST_DIR/t.qcow2 64M
481
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=1.1 cluster_size=65536 lazy_refcounts=on refcount_bits=16 compression_type=zlib
482
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=1.1 lazy_refcounts=on refcount_bits=16
483
484
qemu-img create -f qcow2 -o compat=0.10,lazy_refcounts=off TEST_DIR/t.qcow2 64M
485
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=0.10 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
486
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=0.10 lazy_refcounts=off refcount_bits=16
487
488
qemu-img create -f qcow2 -o compat=0.10,lazy_refcounts=on TEST_DIR/t.qcow2 64M
489
qemu-img: TEST_DIR/t.qcow2: Lazy refcounts only supported with compatibility level 1.1 and above (use version=v3 or greater)
490
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 compat=0.10 cluster_size=65536 lazy_refcounts=on refcount_bits=16 compression_type=zlib
491
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 compat=0.10 lazy_refcounts=on refcount_bits=16
492
493
*** done
494
diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out
495
index XXXXXXX..XXXXXXX 100644
496
--- a/tests/qemu-iotests/061.out
497
+++ b/tests/qemu-iotests/061.out
498
@@ -XXX,XX +XXX,XX @@ qemu-img: Lazy refcounts only supported with compatibility level 1.1 and above (
499
qemu-img: Lazy refcounts only supported with compatibility level 1.1 and above (use compat=1.1 or greater)
500
qemu-img: Unknown compatibility level 0.42
501
qemu-img: Invalid parameter 'foo'
502
-qemu-img: Changing the cluster size is not supported
503
-qemu-img: Changing the encryption flag is not supported
504
-qemu-img: Cannot change preallocation mode
505
+qemu-img: Invalid parameter 'cluster_size'
506
+This option is only supported for image creation
507
+qemu-img: Invalid parameter 'encryption'
508
+This option is only supported for image creation
509
+qemu-img: Invalid parameter 'preallocation'
510
+This option is only supported for image creation
511
512
=== Testing correct handling of unset value ===
513
514
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
515
Should work:
516
Should not work:
517
-qemu-img: Changing the cluster size is not supported
518
+qemu-img: Invalid parameter 'cluster_size'
519
+This option is only supported for image creation
520
521
=== Testing zero expansion on inactive clusters ===
522
523
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
524
index XXXXXXX..XXXXXXX 100644
525
--- a/tests/qemu-iotests/082.out
526
+++ b/tests/qemu-iotests/082.out
527
@@ -XXX,XX +XXX,XX @@ QA output created by 082
528
=== create: Options specified more than once ===
529
530
Testing: create -f foo -f qcow2 TEST_DIR/t.qcow2 128M
531
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
532
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
533
image: TEST_DIR/t.IMGFMT
534
file format: IMGFMT
535
virtual size: 128 MiB (134217728 bytes)
536
cluster_size: 65536
537
538
Testing: create -f qcow2 -o cluster_size=4k -o lazy_refcounts=on TEST_DIR/t.qcow2 128M
539
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 cluster_size=4096 lazy_refcounts=on refcount_bits=16 compression_type=zlib
540
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=4096 compression_type=zlib size=134217728 lazy_refcounts=on refcount_bits=16
541
image: TEST_DIR/t.IMGFMT
542
file format: IMGFMT
543
virtual size: 128 MiB (134217728 bytes)
544
@@ -XXX,XX +XXX,XX @@ Format specific information:
545
corrupt: false
546
547
Testing: create -f qcow2 -o cluster_size=4k -o lazy_refcounts=on -o cluster_size=8k TEST_DIR/t.qcow2 128M
548
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 cluster_size=8192 lazy_refcounts=on refcount_bits=16 compression_type=zlib
549
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=8192 compression_type=zlib size=134217728 lazy_refcounts=on refcount_bits=16
550
image: TEST_DIR/t.IMGFMT
551
file format: IMGFMT
552
virtual size: 128 MiB (134217728 bytes)
553
@@ -XXX,XX +XXX,XX @@ Format specific information:
554
corrupt: false
555
556
Testing: create -f qcow2 -o cluster_size=4k,cluster_size=8k TEST_DIR/t.qcow2 128M
557
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 cluster_size=8192 lazy_refcounts=off refcount_bits=16 compression_type=zlib
558
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=8192 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
559
image: TEST_DIR/t.IMGFMT
560
file format: IMGFMT
561
virtual size: 128 MiB (134217728 bytes)
562
@@ -XXX,XX +XXX,XX @@ Supported options:
563
size=<size> - Virtual disk size
564
565
Testing: create -f qcow2 -u -o backing_file=TEST_DIR/t.qcow2,,help TEST_DIR/t.qcow2 128M
566
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/t.qcow2,,help cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
567
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/t.qcow2,,help lazy_refcounts=off refcount_bits=16
568
569
Testing: create -f qcow2 -u -o backing_file=TEST_DIR/t.qcow2,,? TEST_DIR/t.qcow2 128M
570
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/t.qcow2,,? cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
571
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/t.qcow2,,? lazy_refcounts=off refcount_bits=16
572
573
Testing: create -f qcow2 -o backing_file=TEST_DIR/t.qcow2, -o help TEST_DIR/t.qcow2 128M
574
qemu-img: Invalid option list: backing_file=TEST_DIR/t.qcow2,
575
@@ -XXX,XX +XXX,XX @@ qemu-img: Format driver 'bochs' does not support image creation
576
=== convert: Options specified more than once ===
577
578
Testing: create -f qcow2 TEST_DIR/t.qcow2 128M
579
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=134217728 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
580
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
581
582
Testing: convert -f foo -f qcow2 TEST_DIR/t.qcow2 TEST_DIR/t.qcow2.base
583
image: TEST_DIR/t.IMGFMT.base
584
@@ -XXX,XX +XXX,XX @@ cluster_size: 65536
585
=== amend: help for -o ===
586
587
Testing: amend -f qcow2 -o help TEST_DIR/t.qcow2
588
-Creation options for 'qcow2':
589
+Amend options for 'qcow2':
590
backing_file=<str> - File name of a base image
591
backing_fmt=<str> - Image format of the base image
592
- cluster_size=<size> - qcow2 cluster size
593
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
594
- compression_type=<str> - Compression method used for image cluster compression
595
data_file=<str> - File name of an external data file
596
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
597
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
598
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
599
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
600
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
601
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
602
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
603
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
604
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
605
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
606
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
607
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
608
refcount_bits=<num> - Width of a reference count entry in bits
609
size=<size> - Virtual disk size
610
611
-Note that not all of these options may be amendable.
612
-
613
Testing: amend -f qcow2 -o ? TEST_DIR/t.qcow2
614
-Creation options for 'qcow2':
615
+Amend options for 'qcow2':
616
backing_file=<str> - File name of a base image
617
backing_fmt=<str> - Image format of the base image
618
- cluster_size=<size> - qcow2 cluster size
619
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
620
- compression_type=<str> - Compression method used for image cluster compression
621
data_file=<str> - File name of an external data file
622
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
623
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
624
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
625
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
626
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
627
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
628
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
629
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
630
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
631
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
632
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
633
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
634
refcount_bits=<num> - Width of a reference count entry in bits
635
size=<size> - Virtual disk size
636
637
-Note that not all of these options may be amendable.
638
-
639
Testing: amend -f qcow2 -o cluster_size=4k,help TEST_DIR/t.qcow2
640
-Creation options for 'qcow2':
641
+Amend options for 'qcow2':
642
backing_file=<str> - File name of a base image
643
backing_fmt=<str> - Image format of the base image
644
- cluster_size=<size> - qcow2 cluster size
645
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
646
- compression_type=<str> - Compression method used for image cluster compression
647
data_file=<str> - File name of an external data file
648
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
649
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
650
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
651
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
652
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
653
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
654
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
655
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
656
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
657
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
658
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
659
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
660
refcount_bits=<num> - Width of a reference count entry in bits
661
size=<size> - Virtual disk size
662
663
-Note that not all of these options may be amendable.
664
-
665
Testing: amend -f qcow2 -o cluster_size=4k,? TEST_DIR/t.qcow2
666
-Creation options for 'qcow2':
667
+Amend options for 'qcow2':
668
backing_file=<str> - File name of a base image
669
backing_fmt=<str> - Image format of the base image
670
- cluster_size=<size> - qcow2 cluster size
671
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
672
- compression_type=<str> - Compression method used for image cluster compression
673
data_file=<str> - File name of an external data file
674
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
675
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
676
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
677
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
678
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
679
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
680
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
681
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
682
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
683
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
684
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
685
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
686
refcount_bits=<num> - Width of a reference count entry in bits
687
size=<size> - Virtual disk size
688
689
-Note that not all of these options may be amendable.
690
-
691
Testing: amend -f qcow2 -o help,cluster_size=4k TEST_DIR/t.qcow2
692
-Creation options for 'qcow2':
693
+Amend options for 'qcow2':
694
backing_file=<str> - File name of a base image
695
backing_fmt=<str> - Image format of the base image
696
- cluster_size=<size> - qcow2 cluster size
697
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
698
- compression_type=<str> - Compression method used for image cluster compression
699
data_file=<str> - File name of an external data file
700
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
701
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
702
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
703
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
704
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
705
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
706
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
707
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
708
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
709
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
710
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
711
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
712
refcount_bits=<num> - Width of a reference count entry in bits
713
size=<size> - Virtual disk size
714
715
-Note that not all of these options may be amendable.
716
-
717
Testing: amend -f qcow2 -o ?,cluster_size=4k TEST_DIR/t.qcow2
718
-Creation options for 'qcow2':
719
+Amend options for 'qcow2':
720
backing_file=<str> - File name of a base image
721
backing_fmt=<str> - Image format of the base image
722
- cluster_size=<size> - qcow2 cluster size
723
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
724
- compression_type=<str> - Compression method used for image cluster compression
725
data_file=<str> - File name of an external data file
726
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
727
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
728
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
729
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
730
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
731
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
732
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
733
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
734
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
735
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
736
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
737
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
738
refcount_bits=<num> - Width of a reference count entry in bits
739
size=<size> - Virtual disk size
740
741
-Note that not all of these options may be amendable.
742
-
743
Testing: amend -f qcow2 -o cluster_size=4k -o help TEST_DIR/t.qcow2
744
-Creation options for 'qcow2':
745
+Amend options for 'qcow2':
746
backing_file=<str> - File name of a base image
747
backing_fmt=<str> - Image format of the base image
748
- cluster_size=<size> - qcow2 cluster size
749
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
750
- compression_type=<str> - Compression method used for image cluster compression
751
data_file=<str> - File name of an external data file
752
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
753
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
754
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
755
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
756
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
757
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
758
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
759
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
760
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
761
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
762
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
763
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
764
refcount_bits=<num> - Width of a reference count entry in bits
765
size=<size> - Virtual disk size
766
767
-Note that not all of these options may be amendable.
768
-
769
Testing: amend -f qcow2 -o cluster_size=4k -o ? TEST_DIR/t.qcow2
770
-Creation options for 'qcow2':
771
+Amend options for 'qcow2':
772
backing_file=<str> - File name of a base image
773
backing_fmt=<str> - Image format of the base image
774
- cluster_size=<size> - qcow2 cluster size
775
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
776
- compression_type=<str> - Compression method used for image cluster compression
777
data_file=<str> - File name of an external data file
778
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
779
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
780
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
781
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
782
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
783
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
784
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
785
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
786
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
787
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
788
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
789
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
790
refcount_bits=<num> - Width of a reference count entry in bits
791
size=<size> - Virtual disk size
792
793
-Note that not all of these options may be amendable.
794
-
795
Testing: amend -f qcow2 -o backing_file=TEST_DIR/t.qcow2,,help TEST_DIR/t.qcow2
796
797
Testing: rebase -u -b -f qcow2 TEST_DIR/t.qcow2
798
@@ -XXX,XX +XXX,XX @@ Testing: amend -f qcow2 -o backing_file=TEST_DIR/t.qcow2 -o ,, -o help TEST_DIR/
799
qemu-img: Invalid option list: ,,
800
801
Testing: amend -f qcow2 -o help
802
-Creation options for 'qcow2':
803
+Amend options for 'qcow2':
804
backing_file=<str> - File name of a base image
805
backing_fmt=<str> - Image format of the base image
806
- cluster_size=<size> - qcow2 cluster size
807
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
808
- compression_type=<str> - Compression method used for image cluster compression
809
data_file=<str> - File name of an external data file
810
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
811
- encrypt.cipher-alg=<str> - Name of encryption cipher algorithm
812
- encrypt.cipher-mode=<str> - Name of encryption cipher mode
813
- encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
814
- encrypt.hash-alg=<str> - Name of encryption hash algorithm
815
- encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
816
- encrypt.ivgen-alg=<str> - Name of IV generator algorithm
817
- encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
818
- encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
819
- encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
820
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
821
- preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
822
refcount_bits=<num> - Width of a reference count entry in bits
823
size=<size> - Virtual disk size
824
825
-Note that not all of these options may be amendable.
826
-
827
Testing: amend -o help
828
qemu-img: Expecting one image file name
829
830
diff --git a/tests/qemu-iotests/085.out b/tests/qemu-iotests/085.out
831
index XXXXXXX..XXXXXXX 100644
832
--- a/tests/qemu-iotests/085.out
833
+++ b/tests/qemu-iotests/085.out
834
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/t.IMGFMT.2', fmt=IMGFMT size=134217728
835
=== Create a single snapshot on virtio0 ===
836
837
{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'snapshot-file':'TEST_DIR/1-snapshot-v0.IMGFMT', 'format': 'IMGFMT' } }
838
-Formatting 'TEST_DIR/1-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/t.qcow2.1 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
839
+Formatting 'TEST_DIR/1-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/t.qcow2.1 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
840
{"return": {}}
841
842
=== Invalid command - missing device and nodename ===
843
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/1-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file
844
=== Create several transactional group snapshots ===
845
846
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/2-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/2-snapshot-v1.IMGFMT' } } ] } }
847
-Formatting 'TEST_DIR/2-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/1-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
848
-Formatting 'TEST_DIR/2-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/t.qcow2.2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
849
+Formatting 'TEST_DIR/2-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/1-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
850
+Formatting 'TEST_DIR/2-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/t.qcow2.2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
851
{"return": {}}
852
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/3-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/3-snapshot-v1.IMGFMT' } } ] } }
853
-Formatting 'TEST_DIR/3-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/2-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
854
-Formatting 'TEST_DIR/3-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/2-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
855
+Formatting 'TEST_DIR/3-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/2-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
856
+Formatting 'TEST_DIR/3-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/2-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
857
{"return": {}}
858
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/4-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/4-snapshot-v1.IMGFMT' } } ] } }
859
-Formatting 'TEST_DIR/4-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/3-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
860
-Formatting 'TEST_DIR/4-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/3-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
861
+Formatting 'TEST_DIR/4-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/3-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
862
+Formatting 'TEST_DIR/4-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/3-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
863
{"return": {}}
864
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/5-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/5-snapshot-v1.IMGFMT' } } ] } }
865
-Formatting 'TEST_DIR/5-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/4-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
866
-Formatting 'TEST_DIR/5-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/4-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
867
+Formatting 'TEST_DIR/5-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/4-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
868
+Formatting 'TEST_DIR/5-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/4-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
869
{"return": {}}
870
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/6-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/6-snapshot-v1.IMGFMT' } } ] } }
871
-Formatting 'TEST_DIR/6-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/5-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
872
-Formatting 'TEST_DIR/6-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/5-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
873
+Formatting 'TEST_DIR/6-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/5-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
874
+Formatting 'TEST_DIR/6-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/5-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
875
{"return": {}}
876
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/7-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/7-snapshot-v1.IMGFMT' } } ] } }
877
-Formatting 'TEST_DIR/7-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/6-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
878
-Formatting 'TEST_DIR/7-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/6-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
879
+Formatting 'TEST_DIR/7-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/6-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
880
+Formatting 'TEST_DIR/7-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/6-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
881
{"return": {}}
882
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/8-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/8-snapshot-v1.IMGFMT' } } ] } }
883
-Formatting 'TEST_DIR/8-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/7-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
884
-Formatting 'TEST_DIR/8-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/7-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
885
+Formatting 'TEST_DIR/8-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/7-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
886
+Formatting 'TEST_DIR/8-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/7-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
887
{"return": {}}
888
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/9-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/9-snapshot-v1.IMGFMT' } } ] } }
889
-Formatting 'TEST_DIR/9-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/8-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
890
-Formatting 'TEST_DIR/9-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/8-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
891
+Formatting 'TEST_DIR/9-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/8-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
892
+Formatting 'TEST_DIR/9-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/8-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
893
{"return": {}}
894
{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/10-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/10-snapshot-v1.IMGFMT' } } ] } }
895
-Formatting 'TEST_DIR/10-snapshot-v0.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/9-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
896
-Formatting 'TEST_DIR/10-snapshot-v1.qcow2', fmt=qcow2 size=134217728 backing_file=TEST_DIR/9-snapshot-v1.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
897
+Formatting 'TEST_DIR/10-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/9-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
898
+Formatting 'TEST_DIR/10-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 backing_file=TEST_DIR/9-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
899
{"return": {}}
900
901
=== Create a couple of snapshots using blockdev-snapshot ===
902
diff --git a/tests/qemu-iotests/144.out b/tests/qemu-iotests/144.out
903
index XXXXXXX..XXXXXXX 100644
904
--- a/tests/qemu-iotests/144.out
905
+++ b/tests/qemu-iotests/144.out
906
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=536870912
907
{ 'execute': 'qmp_capabilities' }
908
{"return": {}}
909
{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'snapshot-file':'TEST_DIR/tmp.IMGFMT', 'format': 'IMGFMT' } }
910
-Formatting 'TEST_DIR/tmp.qcow2', fmt=qcow2 size=536870912 backing_file=TEST_DIR/t.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
911
+Formatting 'TEST_DIR/tmp.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=536870912 backing_file=TEST_DIR/t.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
912
{"return": {}}
913
914
=== Performing block-commit on active layer ===
915
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/tmp.qcow2', fmt=qcow2 size=536870912 backing_file=TEST_DIR/
916
=== Performing Live Snapshot 2 ===
917
918
{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'snapshot-file':'TEST_DIR/tmp2.IMGFMT', 'format': 'IMGFMT' } }
919
-Formatting 'TEST_DIR/tmp2.qcow2', fmt=qcow2 size=536870912 backing_file=TEST_DIR/t.qcow2 backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
920
+Formatting 'TEST_DIR/tmp2.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=536870912 backing_file=TEST_DIR/t.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
921
{"return": {}}
922
*** done
923
diff --git a/tests/qemu-iotests/182.out b/tests/qemu-iotests/182.out
924
index XXXXXXX..XXXXXXX 100644
925
--- a/tests/qemu-iotests/182.out
926
+++ b/tests/qemu-iotests/182.out
927
@@ -XXX,XX +XXX,XX @@ Is another process using the image [TEST_DIR/t.qcow2]?
928
{'execute': 'blockdev-add', 'arguments': { 'node-name': 'node0', 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT', 'locking': 'on' } }
929
{"return": {}}
930
{'execute': 'blockdev-snapshot-sync', 'arguments': { 'node-name': 'node0', 'snapshot-file': 'TEST_DIR/t.IMGFMT.overlay', 'snapshot-node-name': 'node1' } }
931
-Formatting 'TEST_DIR/t.qcow2.overlay', fmt=qcow2 size=197120 backing_file=TEST_DIR/t.qcow2 backing_fmt=file cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
932
+Formatting 'TEST_DIR/t.qcow2.overlay', fmt=qcow2 cluster_size=65536 compression_type=zlib size=197120 backing_file=TEST_DIR/t.qcow2 backing_fmt=file lazy_refcounts=off refcount_bits=16
933
{"return": {}}
934
{'execute': 'blockdev-add', 'arguments': { 'node-name': 'node1', 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT', 'locking': 'on' } }
935
{"return": {}}
936
diff --git a/tests/qemu-iotests/185.out b/tests/qemu-iotests/185.out
937
index XXXXXXX..XXXXXXX 100644
938
--- a/tests/qemu-iotests/185.out
939
+++ b/tests/qemu-iotests/185.out
940
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=67108864
941
=== Creating backing chain ===
942
943
{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'disk', 'snapshot-file': 'TEST_DIR/t.IMGFMT.mid', 'format': 'IMGFMT', 'mode': 'absolute-paths' } }
944
-Formatting 'TEST_DIR/t.qcow2.mid', fmt=qcow2 size=67108864 backing_file=TEST_DIR/t.qcow2.base backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
945
+Formatting 'TEST_DIR/t.qcow2.mid', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 backing_file=TEST_DIR/t.qcow2.base backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
946
{"return": {}}
947
{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io disk "write 0 4M"' } }
948
wrote 4194304/4194304 bytes at offset 0
949
4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
950
{"return": ""}
951
{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'disk', 'snapshot-file': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'absolute-paths' } }
952
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 backing_file=TEST_DIR/t.qcow2.mid backing_fmt=qcow2 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
953
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 backing_file=TEST_DIR/t.qcow2.mid backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
954
{"return": {}}
955
956
=== Start commit job and exit qemu ===
957
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 backing_file=TEST_DIR/t.q
958
{ 'execute': 'qmp_capabilities' }
959
{"return": {}}
960
{ 'execute': 'drive-mirror', 'arguments': { 'device': 'disk', 'target': 'TEST_DIR/t.IMGFMT.copy', 'format': 'IMGFMT', 'sync': 'full', 'speed': 65536 } }
961
-Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 size=67108864 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
962
+Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
963
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}}
964
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}}
965
{"return": {}}
966
@@ -XXX,XX +XXX,XX @@ Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 size=67108864 cluster_size=65536 l
967
{ 'execute': 'qmp_capabilities' }
968
{"return": {}}
969
{ 'execute': 'drive-backup', 'arguments': { 'device': 'disk', 'target': 'TEST_DIR/t.IMGFMT.copy', 'format': 'IMGFMT', 'sync': 'full', 'speed': 65536 } }
970
-Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 size=67108864 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
971
+Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
972
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}}
973
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}}
974
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "paused", "id": "disk"}}
975
diff --git a/tests/qemu-iotests/255.out b/tests/qemu-iotests/255.out
976
index XXXXXXX..XXXXXXX 100644
977
--- a/tests/qemu-iotests/255.out
978
+++ b/tests/qemu-iotests/255.out
979
@@ -XXX,XX +XXX,XX @@ Finishing a commit job with background reads
980
981
=== Create backing chain and start VM ===
982
983
-Formatting 'TEST_DIR/PID-t.qcow2.mid', fmt=qcow2 size=134217728 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
984
+Formatting 'TEST_DIR/PID-t.qcow2.mid', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
985
986
-Formatting 'TEST_DIR/PID-t.qcow2', fmt=qcow2 size=134217728 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
987
+Formatting 'TEST_DIR/PID-t.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
988
989
=== Start background read requests ===
990
991
@@ -XXX,XX +XXX,XX @@ Closing the VM while a job is being cancelled
992
993
=== Create images and start VM ===
994
995
-Formatting 'TEST_DIR/PID-src.qcow2', fmt=qcow2 size=134217728 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
996
+Formatting 'TEST_DIR/PID-src.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
997
998
-Formatting 'TEST_DIR/PID-dst.qcow2', fmt=qcow2 size=134217728 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
999
+Formatting 'TEST_DIR/PID-dst.qcow2', fmt=qcow2 cluster_size=65536 compression_type=zlib size=134217728 lazy_refcounts=off refcount_bits=16
1000
1001
wrote 1048576/1048576 bytes at offset 0
1002
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1003
diff --git a/tests/qemu-iotests/274.out b/tests/qemu-iotests/274.out
1004
index XXXXXXX..XXXXXXX 100644
1005
--- a/tests/qemu-iotests/274.out
1006
+++ b/tests/qemu-iotests/274.out
1007
@@ -XXX,XX +XXX,XX @@
1008
== Commit tests ==
1009
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=2097152 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1010
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=2097152 lazy_refcounts=off refcount_bits=16
1011
1012
-Formatting 'TEST_DIR/PID-mid', fmt=qcow2 size=1048576 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1013
+Formatting 'TEST_DIR/PID-mid', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1048576 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1014
1015
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=2097152 backing_file=TEST_DIR/PID-mid cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1016
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=2097152 backing_file=TEST_DIR/PID-mid lazy_refcounts=off refcount_bits=16
1017
1018
wrote 2097152/2097152 bytes at offset 0
1019
2 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1020
@@ -XXX,XX +XXX,XX @@ read 1048576/1048576 bytes at offset 1048576
1021
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1022
1023
=== Testing HMP commit (top -> mid) ===
1024
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=2097152 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1025
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=2097152 lazy_refcounts=off refcount_bits=16
1026
1027
-Formatting 'TEST_DIR/PID-mid', fmt=qcow2 size=1048576 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1028
+Formatting 'TEST_DIR/PID-mid', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1048576 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1029
1030
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=2097152 backing_file=TEST_DIR/PID-mid cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1031
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=2097152 backing_file=TEST_DIR/PID-mid lazy_refcounts=off refcount_bits=16
1032
1033
wrote 2097152/2097152 bytes at offset 0
1034
2 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1035
@@ -XXX,XX +XXX,XX @@ read 1048576/1048576 bytes at offset 1048576
1036
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1037
1038
=== Testing QMP active commit (top -> mid) ===
1039
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=2097152 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1040
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=2097152 lazy_refcounts=off refcount_bits=16
1041
1042
-Formatting 'TEST_DIR/PID-mid', fmt=qcow2 size=1048576 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1043
+Formatting 'TEST_DIR/PID-mid', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1048576 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1044
1045
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=2097152 backing_file=TEST_DIR/PID-mid cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1046
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=2097152 backing_file=TEST_DIR/PID-mid lazy_refcounts=off refcount_bits=16
1047
1048
wrote 2097152/2097152 bytes at offset 0
1049
2 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1050
@@ -XXX,XX +XXX,XX @@ read 1048576/1048576 bytes at offset 1048576
1051
1052
== Resize tests ==
1053
=== preallocation=off ===
1054
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=6442450944 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1055
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=6442450944 lazy_refcounts=off refcount_bits=16
1056
1057
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=1073741824 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1058
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=1073741824 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1059
1060
wrote 65536/65536 bytes at offset 5368709120
1061
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1062
@@ -XXX,XX +XXX,XX @@ read 65536/65536 bytes at offset 5368709120
1063
{ "start": 1073741824, "length": 7516192768, "depth": 0, "zero": true, "data": false}]
1064
1065
=== preallocation=metadata ===
1066
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1067
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=34359738368 lazy_refcounts=off refcount_bits=16
1068
1069
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=32212254720 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1070
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=32212254720 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1071
1072
wrote 65536/65536 bytes at offset 33285996544
1073
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1074
@@ -XXX,XX +XXX,XX @@ read 65536/65536 bytes at offset 33285996544
1075
{ "start": 34896609280, "length": 536870912, "depth": 0, "zero": true, "data": false, "offset": 2685075456}]
1076
1077
=== preallocation=falloc ===
1078
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=10485760 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1079
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=10485760 lazy_refcounts=off refcount_bits=16
1080
1081
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=5242880 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1082
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=5242880 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1083
1084
wrote 65536/65536 bytes at offset 9437184
1085
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1086
@@ -XXX,XX +XXX,XX @@ read 65536/65536 bytes at offset 9437184
1087
{ "start": 5242880, "length": 10485760, "depth": 0, "zero": false, "data": true, "offset": 327680}]
1088
1089
=== preallocation=full ===
1090
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=16777216 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1091
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=16777216 lazy_refcounts=off refcount_bits=16
1092
1093
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=8388608 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1094
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=8388608 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1095
1096
wrote 65536/65536 bytes at offset 11534336
1097
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1098
@@ -XXX,XX +XXX,XX @@ read 65536/65536 bytes at offset 11534336
1099
{ "start": 8388608, "length": 4194304, "depth": 0, "zero": false, "data": true, "offset": 327680}]
1100
1101
=== preallocation=off ===
1102
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=393216 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1103
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=393216 lazy_refcounts=off refcount_bits=16
1104
1105
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=259072 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1106
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=259072 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1107
1108
wrote 65536/65536 bytes at offset 259072
1109
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1110
@@ -XXX,XX +XXX,XX @@ read 65536/65536 bytes at offset 259072
1111
{ "start": 262144, "length": 262144, "depth": 0, "zero": true, "data": false}]
1112
1113
=== preallocation=off ===
1114
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=409600 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1115
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=409600 lazy_refcounts=off refcount_bits=16
1116
1117
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=262144 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1118
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=262144 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1119
1120
wrote 65536/65536 bytes at offset 344064
1121
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1122
@@ -XXX,XX +XXX,XX @@ read 65536/65536 bytes at offset 344064
1123
{ "start": 262144, "length": 262144, "depth": 0, "zero": true, "data": false}]
1124
1125
=== preallocation=off ===
1126
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=524288 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1127
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=524288 lazy_refcounts=off refcount_bits=16
1128
1129
-Formatting 'TEST_DIR/PID-top', fmt=qcow2 size=262144 backing_file=TEST_DIR/PID-base cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1130
+Formatting 'TEST_DIR/PID-top', fmt=qcow2 cluster_size=65536 compression_type=zlib size=262144 backing_file=TEST_DIR/PID-base lazy_refcounts=off refcount_bits=16
1131
1132
wrote 65536/65536 bytes at offset 446464
1133
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
1134
diff --git a/tests/qemu-iotests/280.out b/tests/qemu-iotests/280.out
1135
index XXXXXXX..XXXXXXX 100644
1136
--- a/tests/qemu-iotests/280.out
1137
+++ b/tests/qemu-iotests/280.out
1138
@@ -XXX,XX +XXX,XX @@
1139
-Formatting 'TEST_DIR/PID-base', fmt=qcow2 size=67108864 cluster_size=65536 lazy_refcounts=off refcount_bits=16 compression_type=zlib
1140
+Formatting 'TEST_DIR/PID-base', fmt=qcow2 cluster_size=65536 compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16
1141
1142
=== Launch VM ===
1143
Enabling migration QMP events on VM...
1144
--
1145
2.26.2
1146
1147
diff view generated by jsdifflib
[PULL 09/18] block/crypto: rename two functions
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
rename the write_func to create_write_func, and init_func to create_init_func.
4
This is preparation for other write_func that will be used to update the encryption keys.
5
6
No functional changes
7
8
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
9
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
10
Message-Id: <20200608094030.670121-7-mlevitsk@redhat.com>
11
Signed-off-by: Max Reitz <mreitz@redhat.com>
12
---
13
block/crypto.c | 25 ++++++++++++-------------
14
1 file changed, 12 insertions(+), 13 deletions(-)
15
16
diff --git a/block/crypto.c b/block/crypto.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/block/crypto.c
19
+++ b/block/crypto.c
20
@@ -XXX,XX +XXX,XX @@ struct BlockCryptoCreateData {
21
};
22
23
24
-static ssize_t block_crypto_write_func(QCryptoBlock *block,
25
- size_t offset,
26
- const uint8_t *buf,
27
- size_t buflen,
28
- void *opaque,
29
- Error **errp)
30
+static ssize_t block_crypto_create_write_func(QCryptoBlock *block,
31
+ size_t offset,
32
+ const uint8_t *buf,
33
+ size_t buflen,
34
+ void *opaque,
35
+ Error **errp)
36
{
37
struct BlockCryptoCreateData *data = opaque;
38
ssize_t ret;
39
@@ -XXX,XX +XXX,XX @@ static ssize_t block_crypto_write_func(QCryptoBlock *block,
40
return ret;
41
}
42
43
-
44
-static ssize_t block_crypto_init_func(QCryptoBlock *block,
45
- size_t headerlen,
46
- void *opaque,
47
- Error **errp)
48
+static ssize_t block_crypto_create_init_func(QCryptoBlock *block,
49
+ size_t headerlen,
50
+ void *opaque,
51
+ Error **errp)
52
{
53
struct BlockCryptoCreateData *data = opaque;
54
Error *local_error = NULL;
55
@@ -XXX,XX +XXX,XX @@ static int block_crypto_co_create_generic(BlockDriverState *bs,
56
};
57
58
crypto = qcrypto_block_create(opts, NULL,
59
- block_crypto_init_func,
60
- block_crypto_write_func,
61
+ block_crypto_create_init_func,
62
+ block_crypto_create_write_func,
63
&data,
64
errp);
65
66
--
67
2.26.2
68
69
diff view generated by jsdifflib
[PULL 10/18] block/crypto: implement the encryption key management
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
This implements the encryption key management using the generic code in
4
qcrypto layer and exposes it to the user via qemu-img
5
6
This code adds another 'write_func' because the initialization
7
write_func works directly on the underlying file, and amend
8
works on instance of luks device.
9
10
This commit also adds a 'hack/workaround' I and Kevin Wolf (thanks)
11
made to make the driver both support write sharing (to avoid breaking the users),
12
and be safe against concurrent metadata update (the keyslots)
13
14
Eventually the write sharing for luks driver will be deprecated
15
and removed together with this hack.
16
17
The hack is that we ask (as a format driver) for BLK_PERM_CONSISTENT_READ
18
and then when we want to update the keys, we unshare that permission.
19
So if someone else has the image open, even readonly, encryption
20
key update will fail gracefully.
21
22
Also thanks to Daniel Berrange for the idea of
23
unsharing read, rather that write permission which allows
24
to avoid cases when the other user had opened the image read-only.
25
26
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
27
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
28
Reviewed-by: Max Reitz <mreitz@redhat.com>
29
Message-Id: <20200608094030.670121-8-mlevitsk@redhat.com>
30
Signed-off-by: Max Reitz <mreitz@redhat.com>
31
---
32
block/crypto.h | 34 +++++++++++++
33
block/crypto.c | 130 +++++++++++++++++++++++++++++++++++++++++++++++--
34
2 files changed, 161 insertions(+), 3 deletions(-)
35
36
diff --git a/block/crypto.h b/block/crypto.h
37
index XXXXXXX..XXXXXXX 100644
38
--- a/block/crypto.h
39
+++ b/block/crypto.h
40
@@ -XXX,XX +XXX,XX @@
41
#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
42
#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
43
#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
44
+#define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot"
45
+#define BLOCK_CRYPTO_OPT_LUKS_STATE "state"
46
+#define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret"
47
+#define BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET "new-secret"
48
+
49
50
#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
51
BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
52
@@ -XXX,XX +XXX,XX @@
53
.help = "Time to spend in PBKDF in milliseconds", \
54
}
55
56
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(prefix) \
57
+ { \
58
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_STATE, \
59
+ .type = QEMU_OPT_STRING, \
60
+ .help = "Select new state of affected keyslots (active/inactive)",\
61
+ }
62
+
63
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \
64
+ { \
65
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \
66
+ .type = QEMU_OPT_NUMBER, \
67
+ .help = "Select a single keyslot to modify explicitly",\
68
+ }
69
+
70
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(prefix) \
71
+ { \
72
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET, \
73
+ .type = QEMU_OPT_STRING, \
74
+ .help = "Select all keyslots that match this password", \
75
+ }
76
+
77
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(prefix) \
78
+ { \
79
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET, \
80
+ .type = QEMU_OPT_STRING, \
81
+ .help = "New secret to set in the matching keyslots. " \
82
+ "Empty string to erase", \
83
+ }
84
+
85
QCryptoBlockCreateOptions *
86
block_crypto_create_opts_init(QDict *opts, Error **errp);
87
88
diff --git a/block/crypto.c b/block/crypto.c
89
index XXXXXXX..XXXXXXX 100644
90
--- a/block/crypto.c
91
+++ b/block/crypto.c
92
@@ -XXX,XX +XXX,XX @@ typedef struct BlockCrypto BlockCrypto;
93
94
struct BlockCrypto {
95
QCryptoBlock *block;
96
+ bool updating_keys;
97
};
98
99
100
@@ -XXX,XX +XXX,XX @@ static ssize_t block_crypto_read_func(QCryptoBlock *block,
101
return ret;
102
}
103
104
+static ssize_t block_crypto_write_func(QCryptoBlock *block,
105
+ size_t offset,
106
+ const uint8_t *buf,
107
+ size_t buflen,
108
+ void *opaque,
109
+ Error **errp)
110
+{
111
+ BlockDriverState *bs = opaque;
112
+ ssize_t ret;
113
+
114
+ ret = bdrv_pwrite(bs->file, offset, buf, buflen);
115
+ if (ret < 0) {
116
+ error_setg_errno(errp, -ret, "Could not write encryption header");
117
+ return ret;
118
+ }
119
+ return ret;
120
+}
121
+
122
123
struct BlockCryptoCreateData {
124
BlockBackend *blk;
125
@@ -XXX,XX +XXX,XX @@ static QemuOptsList block_crypto_create_opts_luks = {
126
};
127
128
129
+static QemuOptsList block_crypto_amend_opts_luks = {
130
+ .name = "crypto",
131
+ .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
132
+ .desc = {
133
+ BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""),
134
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""),
135
+ BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""),
136
+ BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""),
137
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
138
+ { /* end of list */ }
139
+ },
140
+};
141
+
142
QCryptoBlockOpenOptions *
143
block_crypto_open_opts_init(QDict *opts, Error **errp)
144
{
145
@@ -XXX,XX +XXX,XX @@ block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
146
return spec_info;
147
}
148
149
+static int
150
+block_crypto_amend_options_luks(BlockDriverState *bs,
151
+ QemuOpts *opts,
152
+ BlockDriverAmendStatusCB *status_cb,
153
+ void *cb_opaque,
154
+ bool force,
155
+ Error **errp)
156
+{
157
+ BlockCrypto *crypto = bs->opaque;
158
+ QDict *cryptoopts = NULL;
159
+ QCryptoBlockAmendOptions *amend_options = NULL;
160
+ int ret;
161
+
162
+ assert(crypto);
163
+ assert(crypto->block);
164
+ crypto->updating_keys = true;
165
+
166
+ ret = bdrv_child_refresh_perms(bs, bs->file, errp);
167
+ if (ret < 0) {
168
+ goto cleanup;
169
+ }
170
+
171
+ cryptoopts = qemu_opts_to_qdict(opts, NULL);
172
+ qdict_put_str(cryptoopts, "format", "luks");
173
+ amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
174
+ if (!amend_options) {
175
+ ret = -EINVAL;
176
+ goto cleanup;
177
+ }
178
+
179
+ ret = qcrypto_block_amend_options(crypto->block,
180
+ block_crypto_read_func,
181
+ block_crypto_write_func,
182
+ bs,
183
+ amend_options,
184
+ force,
185
+ errp);
186
+cleanup:
187
+ crypto->updating_keys = false;
188
+ bdrv_child_refresh_perms(bs, bs->file, errp);
189
+ qapi_free_QCryptoBlockAmendOptions(amend_options);
190
+ qobject_unref(cryptoopts);
191
+ return ret;
192
+}
193
+
194
+
195
+static void
196
+block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
197
+ const BdrvChildRole role,
198
+ BlockReopenQueue *reopen_queue,
199
+ uint64_t perm, uint64_t shared,
200
+ uint64_t *nperm, uint64_t *nshared)
201
+{
202
+
203
+ BlockCrypto *crypto = bs->opaque;
204
+
205
+ bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared);
206
+
207
+ /*
208
+ * For backward compatibility, manually share the write
209
+ * and resize permission
210
+ */
211
+ *nshared |= (BLK_PERM_WRITE | BLK_PERM_RESIZE);
212
+ /*
213
+ * Since we are not fully a format driver, don't always request
214
+ * the read/resize permission but only when explicitly
215
+ * requested
216
+ */
217
+ *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
218
+ *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
219
+
220
+ /*
221
+ * This driver doesn't modify LUKS metadata except
222
+ * when updating the encryption slots.
223
+ * Thus unlike a proper format driver we don't ask for
224
+ * shared write/read permission. However we need it
225
+ * when we are updating the keys, to ensure that only we
226
+ * have access to the device.
227
+ *
228
+ * Encryption update will set the crypto->updating_keys
229
+ * during that period and refresh permissions
230
+ *
231
+ */
232
+ if (crypto->updating_keys) {
233
+ /* need exclusive write access for header update */
234
+ *nperm |= BLK_PERM_WRITE;
235
+ /* unshare read and write permission */
236
+ *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE);
237
+ }
238
+}
239
+
240
+
241
static const char *const block_crypto_strong_runtime_opts[] = {
242
BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
243
244
@@ -XXX,XX +XXX,XX @@ static BlockDriver bdrv_crypto_luks = {
245
.bdrv_probe = block_crypto_probe_luks,
246
.bdrv_open = block_crypto_open_luks,
247
.bdrv_close = block_crypto_close,
248
- /* This driver doesn't modify LUKS metadata except when creating image.
249
- * Allow share-rw=on as a special case. */
250
- .bdrv_child_perm = bdrv_default_perms,
251
+ .bdrv_child_perm = block_crypto_child_perms,
252
.bdrv_co_create = block_crypto_co_create_luks,
253
.bdrv_co_create_opts = block_crypto_co_create_opts_luks,
254
.bdrv_co_truncate = block_crypto_co_truncate,
255
.create_opts = &block_crypto_create_opts_luks,
256
+ .amend_opts = &block_crypto_amend_opts_luks,
257
258
.bdrv_reopen_prepare = block_crypto_reopen_prepare,
259
.bdrv_refresh_limits = block_crypto_refresh_limits,
260
@@ -XXX,XX +XXX,XX @@ static BlockDriver bdrv_crypto_luks = {
261
.bdrv_measure = block_crypto_measure,
262
.bdrv_get_info = block_crypto_get_info_luks,
263
.bdrv_get_specific_info = block_crypto_get_specific_info_luks,
264
+ .bdrv_amend_options = block_crypto_amend_options_luks,
265
266
.is_format = true,
267
268
--
269
2.26.2
270
271
diff view generated by jsdifflib
[PULL 11/18] block/qcow2: extend qemu-img amend interface with crypto options
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
Now that we have all the infrastructure in place,
4
wire it in the qcow2 driver and expose this to the user.
5
6
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
7
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
8
Reviewed-by: Max Reitz <mreitz@redhat.com>
9
Message-Id: <20200608094030.670121-9-mlevitsk@redhat.com>
10
Signed-off-by: Max Reitz <mreitz@redhat.com>
11
---
12
block/qcow2.c | 71 +++++++++++++++++++++++++++++++++-----
13
tests/qemu-iotests/082.out | 45 ++++++++++++++++++++++++
14
2 files changed, 107 insertions(+), 9 deletions(-)
15
16
diff --git a/block/qcow2.c b/block/qcow2.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/block/qcow2.c
19
+++ b/block/qcow2.c
20
@@ -XXX,XX +XXX,XX @@ static ssize_t qcow2_crypto_hdr_write_func(QCryptoBlock *block, size_t offset,
21
return ret;
22
}
23
24
+static QDict*
25
+qcow2_extract_crypto_opts(QemuOpts *opts, const char *fmt, Error **errp)
26
+{
27
+ QDict *cryptoopts_qdict;
28
+ QDict *opts_qdict;
29
+
30
+ /* Extract "encrypt." options into a qdict */
31
+ opts_qdict = qemu_opts_to_qdict(opts, NULL);
32
+ qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt.");
33
+ qobject_unref(opts_qdict);
34
+ qdict_put_str(cryptoopts_qdict, "format", fmt);
35
+ return cryptoopts_qdict;
36
+}
37
38
/*
39
* read qcow2 extension and fill bs
40
@@ -XXX,XX +XXX,XX @@ static BlockMeasureInfo *qcow2_measure(QemuOpts *opts, BlockDriverState *in_bs,
41
42
if (has_luks) {
43
g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL;
44
- QDict *opts_qdict;
45
- QDict *cryptoopts;
46
+ QDict *cryptoopts = qcow2_extract_crypto_opts(opts, "luks", errp);
47
size_t headerlen;
48
49
- opts_qdict = qemu_opts_to_qdict(opts, NULL);
50
- qdict_extract_subqdict(opts_qdict, &cryptoopts, "encrypt.");
51
- qobject_unref(opts_qdict);
52
-
53
- qdict_put_str(cryptoopts, "format", "luks");
54
-
55
create_opts = block_crypto_create_opts_init(cryptoopts, errp);
56
qobject_unref(cryptoopts);
57
if (!create_opts) {
58
@@ -XXX,XX +XXX,XX @@ typedef enum Qcow2AmendOperation {
59
QCOW2_NO_OPERATION = 0,
60
61
QCOW2_UPGRADING,
62
+ QCOW2_UPDATING_ENCRYPTION,
63
QCOW2_CHANGING_REFCOUNT_ORDER,
64
QCOW2_DOWNGRADING,
65
} Qcow2AmendOperation;
66
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
67
int ret;
68
QemuOptDesc *desc = opts->list->desc;
69
Qcow2AmendHelperCBInfo helper_cb_info;
70
+ bool encryption_update = false;
71
72
while (desc && desc->name) {
73
if (!qemu_opt_find(opts, desc->name)) {
74
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
75
backing_file = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
76
} else if (!strcmp(desc->name, BLOCK_OPT_BACKING_FMT)) {
77
backing_format = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);
78
+ } else if (g_str_has_prefix(desc->name, "encrypt.")) {
79
+ if (!s->crypto) {
80
+ error_setg(errp,
81
+ "Can't amend encryption options - encryption not present");
82
+ return -EINVAL;
83
+ }
84
+ if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
85
+ error_setg(errp,
86
+ "Only LUKS encryption options can be amended");
87
+ return -ENOTSUP;
88
+ }
89
+ encryption_update = true;
90
} else if (!strcmp(desc->name, BLOCK_OPT_LAZY_REFCOUNTS)) {
91
lazy_refcounts = qemu_opt_get_bool(opts, BLOCK_OPT_LAZY_REFCOUNTS,
92
lazy_refcounts);
93
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
94
.original_status_cb = status_cb,
95
.original_cb_opaque = cb_opaque,
96
.total_operations = (new_version != old_version)
97
- + (s->refcount_bits != refcount_bits)
98
+ + (s->refcount_bits != refcount_bits) +
99
+ (encryption_update == true)
100
};
101
102
/* Upgrade first (some features may require compat=1.1) */
103
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
104
}
105
}
106
107
+ if (encryption_update) {
108
+ QDict *amend_opts_dict;
109
+ QCryptoBlockAmendOptions *amend_opts;
110
+
111
+ helper_cb_info.current_operation = QCOW2_UPDATING_ENCRYPTION;
112
+ amend_opts_dict = qcow2_extract_crypto_opts(opts, "luks", errp);
113
+ if (!amend_opts_dict) {
114
+ return -EINVAL;
115
+ }
116
+ amend_opts = block_crypto_amend_opts_init(amend_opts_dict, errp);
117
+ qobject_unref(amend_opts_dict);
118
+ if (!amend_opts) {
119
+ return -EINVAL;
120
+ }
121
+ ret = qcrypto_block_amend_options(s->crypto,
122
+ qcow2_crypto_hdr_read_func,
123
+ qcow2_crypto_hdr_write_func,
124
+ bs,
125
+ amend_opts,
126
+ force,
127
+ errp);
128
+ qapi_free_QCryptoBlockAmendOptions(amend_opts);
129
+ if (ret < 0) {
130
+ return ret;
131
+ }
132
+ }
133
+
134
if (s->refcount_bits != refcount_bits) {
135
int refcount_order = ctz32(refcount_bits);
136
137
@@ -XXX,XX +XXX,XX @@ static QemuOptsList qcow2_amend_opts = {
138
.name = "qcow2-amend-opts",
139
.head = QTAILQ_HEAD_INITIALIZER(qcow2_amend_opts.head),
140
.desc = {
141
+ BLOCK_CRYPTO_OPT_DEF_LUKS_STATE("encrypt."),
142
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT("encrypt."),
143
+ BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET("encrypt."),
144
+ BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET("encrypt."),
145
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."),
146
QCOW_COMMON_OPTIONS,
147
{ /* end of list */ }
148
}
149
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
150
index XXXXXXX..XXXXXXX 100644
151
--- a/tests/qemu-iotests/082.out
152
+++ b/tests/qemu-iotests/082.out
153
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
154
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
155
data_file=<str> - File name of an external data file
156
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
157
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
158
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
159
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
160
+ encrypt.old-secret=<str> - Select all keyslots that match this password
161
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
162
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
163
refcount_bits=<num> - Width of a reference count entry in bits
164
size=<size> - Virtual disk size
165
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
166
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
167
data_file=<str> - File name of an external data file
168
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
169
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
170
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
171
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
172
+ encrypt.old-secret=<str> - Select all keyslots that match this password
173
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
174
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
175
refcount_bits=<num> - Width of a reference count entry in bits
176
size=<size> - Virtual disk size
177
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
178
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
179
data_file=<str> - File name of an external data file
180
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
181
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
182
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
183
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
184
+ encrypt.old-secret=<str> - Select all keyslots that match this password
185
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
186
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
187
refcount_bits=<num> - Width of a reference count entry in bits
188
size=<size> - Virtual disk size
189
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
190
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
191
data_file=<str> - File name of an external data file
192
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
193
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
194
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
195
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
196
+ encrypt.old-secret=<str> - Select all keyslots that match this password
197
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
198
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
199
refcount_bits=<num> - Width of a reference count entry in bits
200
size=<size> - Virtual disk size
201
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
202
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
203
data_file=<str> - File name of an external data file
204
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
205
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
206
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
207
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
208
+ encrypt.old-secret=<str> - Select all keyslots that match this password
209
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
210
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
211
refcount_bits=<num> - Width of a reference count entry in bits
212
size=<size> - Virtual disk size
213
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
214
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
215
data_file=<str> - File name of an external data file
216
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
217
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
218
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
219
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
220
+ encrypt.old-secret=<str> - Select all keyslots that match this password
221
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
222
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
223
refcount_bits=<num> - Width of a reference count entry in bits
224
size=<size> - Virtual disk size
225
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
226
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
227
data_file=<str> - File name of an external data file
228
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
229
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
230
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
231
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
232
+ encrypt.old-secret=<str> - Select all keyslots that match this password
233
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
234
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
235
refcount_bits=<num> - Width of a reference count entry in bits
236
size=<size> - Virtual disk size
237
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
238
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
239
data_file=<str> - File name of an external data file
240
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
241
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
242
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
243
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
244
+ encrypt.old-secret=<str> - Select all keyslots that match this password
245
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
246
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
247
refcount_bits=<num> - Width of a reference count entry in bits
248
size=<size> - Virtual disk size
249
@@ -XXX,XX +XXX,XX @@ Amend options for 'qcow2':
250
compat=<str> - Compatibility level (v2 [0.10] or v3 [1.1])
251
data_file=<str> - File name of an external data file
252
data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image
253
+ encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds
254
+ encrypt.keyslot=<num> - Select a single keyslot to modify explicitly
255
+ encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase
256
+ encrypt.old-secret=<str> - Select all keyslots that match this password
257
+ encrypt.state=<str> - Select new state of affected keyslots (active/inactive)
258
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
259
refcount_bits=<num> - Width of a reference count entry in bits
260
size=<size> - Virtual disk size
261
--
262
2.26.2
263
264
diff view generated by jsdifflib
[PULL 12/18] iotests: qemu-img tests for luks key management
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
This commit adds two tests, which test the new amend interface
4
of both luks raw images and qcow2 luks encrypted images.
5
6
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
7
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
8
Message-Id: <20200608094030.670121-11-mlevitsk@redhat.com>
9
Signed-off-by: Max Reitz <mreitz@redhat.com>
10
---
11
tests/qemu-iotests/293 | 207 +++++++++++++++++++++++++++++++++++++
12
tests/qemu-iotests/293.out | 99 ++++++++++++++++++
13
tests/qemu-iotests/294 | 90 ++++++++++++++++
14
tests/qemu-iotests/294.out | 30 ++++++
15
tests/qemu-iotests/group | 2 +
16
5 files changed, 428 insertions(+)
17
create mode 100755 tests/qemu-iotests/293
18
create mode 100644 tests/qemu-iotests/293.out
19
create mode 100755 tests/qemu-iotests/294
20
create mode 100644 tests/qemu-iotests/294.out
21
22
diff --git a/tests/qemu-iotests/293 b/tests/qemu-iotests/293
23
new file mode 100755
24
index XXXXXXX..XXXXXXX
25
--- /dev/null
26
+++ b/tests/qemu-iotests/293
27
@@ -XXX,XX +XXX,XX @@
28
+#!/usr/bin/env bash
29
+#
30
+# Test encryption key management with luks
31
+# Based on 134
32
+#
33
+# Copyright (C) 2019 Red Hat, Inc.
34
+#
35
+# This program is free software; you can redistribute it and/or modify
36
+# it under the terms of the GNU General Public License as published by
37
+# the Free Software Foundation; either version 2 of the License, or
38
+# (at your option) any later version.
39
+#
40
+# This program is distributed in the hope that it will be useful,
41
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
42
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
43
+# GNU General Public License for more details.
44
+#
45
+# You should have received a copy of the GNU General Public License
46
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
47
+#
48
+
49
+# creator
50
+owner=mlevitsk@redhat.com
51
+
52
+seq=`basename $0`
53
+echo "QA output created by $seq"
54
+
55
+status=1    # failure is the default!
56
+
57
+_cleanup()
58
+{
59
+    _cleanup_test_img
60
+}
61
+trap "_cleanup; exit \$status" 0 1 2 3 15
62
+
63
+# get standard environment, filters and checks
64
+. ./common.rc
65
+. ./common.filter
66
+
67
+_supported_fmt qcow2 luks
68
+_supported_proto file #TODO
69
+
70
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
71
+
72
+if [ "$IMGFMT" = "qcow2" ] ; then
73
+    PR="encrypt."
74
+    EXTRA_IMG_ARGS="-o encrypt.format=luks"
75
+fi
76
+
77
+
78
+# secrets: you are supposed to see the password as *******, see :-)
79
+S0="--object secret,id=sec0,data=hunter0"
80
+S1="--object secret,id=sec1,data=hunter1"
81
+S2="--object secret,id=sec2,data=hunter2"
82
+S3="--object secret,id=sec3,data=hunter3"
83
+S4="--object secret,id=sec4,data=hunter4"
84
+SECRETS="$S0 $S1 $S2 $S3 $S4"
85
+
86
+# image with given secret
87
+IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec0"
88
+IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec1"
89
+IMGS2="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec2"
90
+IMGS3="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec3"
91
+IMGS4="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec4"
92
+
93
+
94
+echo "== creating a test image =="
95
+_make_test_img $S0 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec0,${PR}iter-time=10 32M
96
+
97
+echo
98
+echo "== test that key 0 opens the image =="
99
+$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
100
+
101
+echo
102
+echo "== adding a password to slot 4 =="
103
+$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec4,${PR}iter-time=10,${PR}keyslot=4
104
+echo "== adding a password to slot 1 =="
105
+$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10
106
+echo "== adding a password to slot 3 =="
107
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10,${PR}keyslot=3
108
+
109
+echo "== adding a password to slot 2 =="
110
+$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
111
+
112
+
113
+echo "== erase slot 4 =="
114
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=4 | _filter_img_create
115
+
116
+
117
+echo
118
+echo "== all secrets should work =="
119
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
120
+    $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
121
+done
122
+
123
+echo
124
+echo "== erase slot 0 and try it =="
125
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 | _filter_img_create
126
+$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
127
+
128
+echo
129
+echo "== erase slot 2 and try it =="
130
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=2 | _filter_img_create
131
+$QEMU_IO $SECRETS -c "read 0 4096" $IMGS2 | _filter_qemu_io | _filter_testdir
132
+
133
+
134
+# at this point slots 1 and 3 should be active
135
+
136
+echo
137
+echo "== filling 4 slots with secret 2 =="
138
+for i in $(seq 0 3) ; do
139
+    $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
140
+done
141
+
142
+echo
143
+echo "== adding secret 0 =="
144
+    $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec0,${PR}iter-time=10
145
+
146
+echo
147
+echo "== adding secret 3 (last slot) =="
148
+    $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10
149
+
150
+echo
151
+echo "== trying to add another slot (should fail) =="
152
+$QEMU_IMG amend $SECRETS $IMGS2 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10
153
+
154
+echo
155
+echo "== all secrets should work again =="
156
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
157
+    $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
158
+done
159
+
160
+
161
+echo
162
+
163
+echo "== erase all keys of secret 2=="
164
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec2
165
+
166
+echo "== erase all keys of secret 1=="
167
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec1
168
+
169
+echo "== erase all keys of secret 0=="
170
+$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=inactive,${PR}old-secret=sec0
171
+
172
+echo "== erasing secret3 will fail now since it is the only secret (in 3 slots) =="
173
+$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=inactive,${PR}old-secret=sec3
174
+
175
+echo
176
+echo "== only secret3 should work now =="
177
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
178
+    $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
179
+done
180
+
181
+echo
182
+echo "== add secret0 =="
183
+$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec0,${PR}iter-time=10
184
+
185
+echo "== erase secret3 =="
186
+$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=inactive,${PR}old-secret=sec3
187
+
188
+echo
189
+echo "== only secret0 should work now =="
190
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
191
+    $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
192
+done
193
+
194
+echo
195
+echo "== replace secret0 with secret1 (should fail) =="
196
+$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}keyslot=0
197
+
198
+echo
199
+echo "== replace secret0 with secret1 with force (should work) =="
200
+$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10,${PR}keyslot=0 --force
201
+
202
+echo
203
+echo "== only secret1 should work now =="
204
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
205
+    $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
206
+done
207
+
208
+
209
+echo
210
+echo "== erase last secret (should fail) =="
211
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=0
212
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec1
213
+
214
+
215
+echo "== erase non existing secrets (should fail) =="
216
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec5 --force
217
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 --force
218
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=1 --force
219
+
220
+echo
221
+echo "== erase last secret with force by slot (should work) =="
222
+$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=0 --force
223
+
224
+echo
225
+echo "== we have no secrets now, data is lost forever =="
226
+for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
227
+    $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
228
+done
229
+
230
+# success, all done
231
+echo "*** done"
232
+rm -f $seq.full
233
+status=0
234
+
235
diff --git a/tests/qemu-iotests/293.out b/tests/qemu-iotests/293.out
236
new file mode 100644
237
index XXXXXXX..XXXXXXX
238
--- /dev/null
239
+++ b/tests/qemu-iotests/293.out
240
@@ -XXX,XX +XXX,XX @@
241
+QA output created by 293
242
+== creating a test image ==
243
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432
244
+
245
+== test that key 0 opens the image ==
246
+read 4096/4096 bytes at offset 0
247
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
248
+
249
+== adding a password to slot 4 ==
250
+== adding a password to slot 1 ==
251
+== adding a password to slot 3 ==
252
+== adding a password to slot 2 ==
253
+== erase slot 4 ==
254
+
255
+== all secrets should work ==
256
+read 4096/4096 bytes at offset 0
257
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
258
+read 4096/4096 bytes at offset 0
259
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
260
+read 4096/4096 bytes at offset 0
261
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
262
+read 4096/4096 bytes at offset 0
263
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
264
+
265
+== erase slot 0 and try it ==
266
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
267
+
268
+== erase slot 2 and try it ==
269
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
270
+
271
+== filling 4 slots with secret 2 ==
272
+
273
+== adding secret 0 ==
274
+
275
+== adding secret 3 (last slot) ==
276
+
277
+== trying to add another slot (should fail) ==
278
+qemu-img: Can't add a keyslot - all keyslots are in use
279
+
280
+== all secrets should work again ==
281
+read 4096/4096 bytes at offset 0
282
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
283
+read 4096/4096 bytes at offset 0
284
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
285
+read 4096/4096 bytes at offset 0
286
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
287
+read 4096/4096 bytes at offset 0
288
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
289
+
290
+== erase all keys of secret 2==
291
+== erase all keys of secret 1==
292
+== erase all keys of secret 0==
293
+== erasing secret3 will fail now since it is the only secret (in 3 slots) ==
294
+qemu-img: All the active keyslots match the (old) password that was given and erasing them will erase all the data in the image irreversibly - refusing operation
295
+
296
+== only secret3 should work now ==
297
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
298
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
299
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
300
+read 4096/4096 bytes at offset 0
301
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
302
+
303
+== add secret0 ==
304
+== erase secret3 ==
305
+
306
+== only secret0 should work now ==
307
+read 4096/4096 bytes at offset 0
308
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
309
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
310
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
311
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
312
+
313
+== replace secret0 with secret1 (should fail) ==
314
+qemu-img: Refusing to overwrite active keyslot 0 - please erase it first
315
+
316
+== replace secret0 with secret1 with force (should work) ==
317
+
318
+== only secret1 should work now ==
319
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
320
+read 4096/4096 bytes at offset 0
321
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
322
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
323
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
324
+
325
+== erase last secret (should fail) ==
326
+qemu-img: Attempt to erase the only active keyslot 0 which will erase all the data in the image irreversibly - refusing operation
327
+qemu-img: All the active keyslots match the (old) password that was given and erasing them will erase all the data in the image irreversibly - refusing operation
328
+== erase non existing secrets (should fail) ==
329
+qemu-img: No secret with id 'sec5'
330
+qemu-img: No keyslots match given (old) password for erase operation
331
+
332
+== erase last secret with force by slot (should work) ==
333
+
334
+== we have no secrets now, data is lost forever ==
335
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
336
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
337
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
338
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
339
+*** done
340
diff --git a/tests/qemu-iotests/294 b/tests/qemu-iotests/294
341
new file mode 100755
342
index XXXXXXX..XXXXXXX
343
--- /dev/null
344
+++ b/tests/qemu-iotests/294
345
@@ -XXX,XX +XXX,XX @@
346
+#
347
+# Copyright (C) 2019 Red Hat, Inc.
348
+#
349
+# This program is free software; you can redistribute it and/or modify
350
+# it under the terms of the GNU General Public License as published by
351
+# the Free Software Foundation; either version 2 of the License, or
352
+# (at your option) any later version.
353
+#
354
+# This program is distributed in the hope that it will be useful,
355
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
356
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
357
+# GNU General Public License for more details.
358
+#
359
+# You should have received a copy of the GNU General Public License
360
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
361
+#
362
+
363
+# creator
364
+owner=mlevitsk@redhat.com
365
+
366
+seq=`basename $0`
367
+echo "QA output created by $seq"
368
+
369
+status=1    # failure is the default!
370
+
371
+_cleanup()
372
+{
373
+    _cleanup_test_img
374
+}
375
+trap "_cleanup; exit \$status" 0 1 2 3 15
376
+
377
+# get standard environment, filters and checks
378
+. ./common.rc
379
+. ./common.filter
380
+
381
+_supported_fmt luks
382
+_supported_proto file #TODO
383
+
384
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
385
+
386
+# you are supposed to see the password as *******, see :-)
387
+S0="--object secret,id=sec0,data=hunter0"
388
+S1="--object secret,id=sec1,data=hunter1"
389
+SECRETS="$S0 $S1"
390
+
391
+
392
+IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec0"
393
+IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec1"
394
+
395
+echo "== creating a test image =="
396
+_make_test_img $S0 -o "key-secret=sec0,iter-time=10" 32M
397
+
398
+echo
399
+echo "== test that key 0 opens the image =="
400
+$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
401
+
402
+echo
403
+echo "== adding a password to slot 1 =="
404
+$QEMU_IMG amend $SECRETS $IMGS0 -o state=active,new-secret=sec1,keyslot=1,iter-time=10
405
+
406
+echo
407
+echo "== 'backup' the image header =="
408
+dd if=$TEST_IMG_FILE of=${TEST_IMG_FILE}.bk bs=4K skip=0 count=1
409
+
410
+echo
411
+echo "== erase slot 0 =="
412
+$QEMU_IMG amend $SECRETS $IMGS1 -o state=inactive,keyslot=0 | _filter_img_create
413
+
414
+echo
415
+echo "== test that key 0 doesn't open the image =="
416
+$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
417
+
418
+echo
419
+echo "== 'restore' the image header =="
420
+dd if=${TEST_IMG_FILE}.bk of=${TEST_IMG_FILE} bs=4K skip=0 count=1 conv=notrunc
421
+
422
+echo
423
+echo "== test that key 0 still doesn't open the image (key material is erased) =="
424
+$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
425
+
426
+echo
427
+echo "== test that key 1 still works =="
428
+$QEMU_IO $SECRETS -c "read 0 4096" $IMGS1 | _filter_qemu_io | _filter_testdir
429
+
430
+echo "*** done"
431
+rm -f $seq.full
432
+status=0
433
+
434
+
435
+exit 0
436
diff --git a/tests/qemu-iotests/294.out b/tests/qemu-iotests/294.out
437
new file mode 100644
438
index XXXXXXX..XXXXXXX
439
--- /dev/null
440
+++ b/tests/qemu-iotests/294.out
441
@@ -XXX,XX +XXX,XX @@
442
+QA output created by 294
443
+== creating a test image ==
444
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432
445
+
446
+== test that key 0 opens the image ==
447
+read 4096/4096 bytes at offset 0
448
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
449
+
450
+== adding a password to slot 1 ==
451
+
452
+== 'backup' the image header ==
453
+1+0 records in
454
+1+0 records out
455
+
456
+== erase slot 0 ==
457
+
458
+== test that key 0 doesn't open the image ==
459
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
460
+
461
+== 'restore' the image header ==
462
+1+0 records in
463
+1+0 records out
464
+
465
+== test that key 0 still doesn't open the image (key material is erased) ==
466
+qemu-io: can't open: Invalid password, cannot unlock any keyslot
467
+
468
+== test that key 1 still works ==
469
+read 4096/4096 bytes at offset 0
470
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
471
+*** done
472
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
473
index XXXXXXX..XXXXXXX 100644
474
--- a/tests/qemu-iotests/group
475
+++ b/tests/qemu-iotests/group
476
@@ -XXX,XX +XXX,XX @@
477
290 rw auto quick
478
291 rw quick
479
292 rw auto quick
480
+293 rw auto
481
+294 rw auto quick
482
297 meta
483
--
484
2.26.2
485
486
diff view generated by jsdifflib
[PULL 13/18] block/core: add generic infrastructure for x-blockdev-amend qmp command
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
blockdev-amend will be used similiar to blockdev-create
4
to allow on the fly changes of the structure of the format based block devices.
5
6
Current plan is to first support encryption keyslot management for luks
7
based formats (raw and embedded in qcow2)
8
9
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
10
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
11
Message-Id: <20200608094030.670121-12-mlevitsk@redhat.com>
12
Signed-off-by: Max Reitz <mreitz@redhat.com>
13
---
14
qapi/block-core.json | 42 ++++++++++++++
15
qapi/job.json | 4 +-
16
include/block/block_int.h | 21 +++++--
17
block/amend.c | 113 ++++++++++++++++++++++++++++++++++++++
18
block/Makefile.objs | 2 +-
19
5 files changed, 174 insertions(+), 8 deletions(-)
20
create mode 100644 block/amend.c
21
22
diff --git a/qapi/block-core.json b/qapi/block-core.json
23
index XXXXXXX..XXXXXXX 100644
24
--- a/qapi/block-core.json
25
+++ b/qapi/block-core.json
26
@@ -XXX,XX +XXX,XX @@
27
'data': { 'job-id': 'str',
28
'options': 'BlockdevCreateOptions' } }
29
30
+##
31
+# @BlockdevAmendOptions:
32
+#
33
+# Options for amending an image format
34
+#
35
+# @driver: Block driver of the node to amend.
36
+#
37
+# Since: 5.1
38
+##
39
+{ 'union': 'BlockdevAmendOptions',
40
+ 'base': {
41
+ 'driver': 'BlockdevDriver' },
42
+ 'discriminator': 'driver',
43
+ 'data': {
44
+ } }
45
+
46
+##
47
+# @x-blockdev-amend:
48
+#
49
+# Starts a job to amend format specific options of an existing open block device
50
+# The job is automatically finalized, but a manual job-dismiss is required.
51
+#
52
+# @job-id: Identifier for the newly created job.
53
+#
54
+# @node-name: Name of the block node to work on
55
+#
56
+# @options: Options (driver specific)
57
+#
58
+# @force: Allow unsafe operations, format specific
59
+# For luks that allows erase of the last active keyslot
60
+# (permanent loss of data),
61
+# and replacement of an active keyslot
62
+# (possible loss of data if IO error happens)
63
+#
64
+# Since: 5.1
65
+##
66
+{ 'command': 'x-blockdev-amend',
67
+ 'data': { 'job-id': 'str',
68
+ 'node-name': 'str',
69
+ 'options': 'BlockdevAmendOptions',
70
+ '*force': 'bool' } }
71
+
72
##
73
# @BlockErrorAction:
74
#
75
diff --git a/qapi/job.json b/qapi/job.json
76
index XXXXXXX..XXXXXXX 100644
77
--- a/qapi/job.json
78
+++ b/qapi/job.json
79
@@ -XXX,XX +XXX,XX @@
80
#
81
# @create: image creation job type, see "blockdev-create" (since 3.0)
82
#
83
+# @amend: image options amend job type, see "x-blockdev-amend" (since 5.1)
84
+#
85
# Since: 1.7
86
##
87
{ 'enum': 'JobType',
88
- 'data': ['commit', 'stream', 'mirror', 'backup', 'create'] }
89
+ 'data': ['commit', 'stream', 'mirror', 'backup', 'create', 'amend'] }
90
91
##
92
# @JobStatus:
93
diff --git a/include/block/block_int.h b/include/block/block_int.h
94
index XXXXXXX..XXXXXXX 100644
95
--- a/include/block/block_int.h
96
+++ b/include/block/block_int.h
97
@@ -XXX,XX +XXX,XX @@ struct BlockDriver {
98
int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags,
99
Error **errp);
100
void (*bdrv_close)(BlockDriverState *bs);
101
+
102
+
103
int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts,
104
Error **errp);
105
int coroutine_fn (*bdrv_co_create_opts)(BlockDriver *drv,
106
const char *filename,
107
QemuOpts *opts,
108
Error **errp);
109
+
110
+ int coroutine_fn (*bdrv_co_amend)(BlockDriverState *bs,
111
+ BlockdevAmendOptions *opts,
112
+ bool force,
113
+ Error **errp);
114
+
115
+ int (*bdrv_amend_options)(BlockDriverState *bs,
116
+ QemuOpts *opts,
117
+ BlockDriverAmendStatusCB *status_cb,
118
+ void *cb_opaque,
119
+ bool force,
120
+ Error **errp);
121
+
122
int (*bdrv_make_empty)(BlockDriverState *bs);
123
124
/*
125
@@ -XXX,XX +XXX,XX @@ struct BlockDriver {
126
BdrvCheckResult *result,
127
BdrvCheckMode fix);
128
129
- int (*bdrv_amend_options)(BlockDriverState *bs, QemuOpts *opts,
130
- BlockDriverAmendStatusCB *status_cb,
131
- void *cb_opaque,
132
- bool force,
133
- Error **errp);
134
-
135
void (*bdrv_debug_event)(BlockDriverState *bs, BlkdebugEvent event);
136
137
/* TODO Better pass a option string/QDict/QemuOpts to add any rule? */
138
diff --git a/block/amend.c b/block/amend.c
139
new file mode 100644
140
index XXXXXXX..XXXXXXX
141
--- /dev/null
142
+++ b/block/amend.c
143
@@ -XXX,XX +XXX,XX @@
144
+/*
145
+ * Block layer code related to image options amend
146
+ *
147
+ * Copyright (c) 2018 Kevin Wolf <kwolf@redhat.com>
148
+ * Copyright (c) 2020 Red Hat. Inc
149
+ *
150
+ * Heavily based on create.c
151
+ *
152
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
153
+ * of this software and associated documentation files (the "Software"), to deal
154
+ * in the Software without restriction, including without limitation the rights
155
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
156
+ * copies of the Software, and to permit persons to whom the Software is
157
+ * furnished to do so, subject to the following conditions:
158
+ *
159
+ * The above copyright notice and this permission notice shall be included in
160
+ * all copies or substantial portions of the Software.
161
+ *
162
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
163
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
164
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
165
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
166
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
167
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
168
+ * THE SOFTWARE.
169
+ */
170
+
171
+#include "qemu/osdep.h"
172
+#include "block/block_int.h"
173
+#include "qemu/job.h"
174
+#include "qemu/main-loop.h"
175
+#include "qapi/qapi-commands-block-core.h"
176
+#include "qapi/qapi-visit-block-core.h"
177
+#include "qapi/clone-visitor.h"
178
+#include "qapi/error.h"
179
+
180
+typedef struct BlockdevAmendJob {
181
+ Job common;
182
+ BlockdevAmendOptions *opts;
183
+ BlockDriverState *bs;
184
+ bool force;
185
+} BlockdevAmendJob;
186
+
187
+static int coroutine_fn blockdev_amend_run(Job *job, Error **errp)
188
+{
189
+ BlockdevAmendJob *s = container_of(job, BlockdevAmendJob, common);
190
+ int ret;
191
+
192
+ job_progress_set_remaining(&s->common, 1);
193
+ ret = s->bs->drv->bdrv_co_amend(s->bs, s->opts, s->force, errp);
194
+ job_progress_update(&s->common, 1);
195
+ qapi_free_BlockdevAmendOptions(s->opts);
196
+ return ret;
197
+}
198
+
199
+static const JobDriver blockdev_amend_job_driver = {
200
+ .instance_size = sizeof(BlockdevAmendJob),
201
+ .job_type = JOB_TYPE_AMEND,
202
+ .run = blockdev_amend_run,
203
+};
204
+
205
+void qmp_x_blockdev_amend(const char *job_id,
206
+ const char *node_name,
207
+ BlockdevAmendOptions *options,
208
+ bool has_force,
209
+ bool force,
210
+ Error **errp)
211
+{
212
+ BlockdevAmendJob *s;
213
+ const char *fmt = BlockdevDriver_str(options->driver);
214
+ BlockDriver *drv = bdrv_find_format(fmt);
215
+ BlockDriverState *bs = bdrv_find_node(node_name);
216
+
217
+
218
+ if (!drv) {
219
+ error_setg(errp, "Block driver '%s' not found or not supported", fmt);
220
+ return;
221
+ }
222
+
223
+ /*
224
+ * If the driver is in the schema, we know that it exists. But it may not
225
+ * be whitelisted.
226
+ */
227
+ if (bdrv_uses_whitelist() && !bdrv_is_whitelisted(drv, false)) {
228
+ error_setg(errp, "Driver is not whitelisted");
229
+ return;
230
+ }
231
+
232
+ if (bs->drv != drv) {
233
+ error_setg(errp,
234
+ "x-blockdev-amend doesn't support changing the block driver");
235
+ return;
236
+ }
237
+
238
+ /* Error out if the driver doesn't support .bdrv_co_amend */
239
+ if (!drv->bdrv_co_amend) {
240
+ error_setg(errp, "Driver does not support x-blockdev-amend");
241
+ return;
242
+ }
243
+
244
+ /* Create the block job */
245
+ s = job_create(job_id, &blockdev_amend_job_driver, NULL,
246
+ bdrv_get_aio_context(bs), JOB_DEFAULT | JOB_MANUAL_DISMISS,
247
+ NULL, NULL, errp);
248
+ if (!s) {
249
+ return;
250
+ }
251
+
252
+ s->bs = bs,
253
+ s->opts = QAPI_CLONE(BlockdevAmendOptions, options),
254
+ s->force = has_force ? force : false;
255
+ job_start(&s->common);
256
+}
257
diff --git a/block/Makefile.objs b/block/Makefile.objs
258
index XXXXXXX..XXXXXXX 100644
259
--- a/block/Makefile.objs
260
+++ b/block/Makefile.objs
261
@@ -XXX,XX +XXX,XX @@ block-obj-$(CONFIG_WIN32) += file-win32.o win32-aio.o
262
block-obj-$(CONFIG_POSIX) += file-posix.o
263
block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o
264
block-obj-$(CONFIG_LINUX_IO_URING) += io_uring.o
265
-block-obj-y += null.o mirror.o commit.o io.o create.o
266
+block-obj-y += null.o mirror.o commit.o io.o create.o amend.o
267
block-obj-y += throttle-groups.o
268
block-obj-$(CONFIG_LINUX) += nvme.o
269
270
--
271
2.26.2
272
273
diff view generated by jsdifflib
[PULL 14/18] block/crypto: implement blockdev-amend
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
4
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
5
Reviewed-by: Max Reitz <mreitz@redhat.com>
6
Message-Id: <20200608094030.670121-13-mlevitsk@redhat.com>
7
Signed-off-by: Max Reitz <mreitz@redhat.com>
8
---
9
qapi/block-core.json | 14 ++++++++-
10
block/crypto.c | 72 ++++++++++++++++++++++++++++++++------------
11
2 files changed, 66 insertions(+), 20 deletions(-)
12
13
diff --git a/qapi/block-core.json b/qapi/block-core.json
14
index XXXXXXX..XXXXXXX 100644
15
--- a/qapi/block-core.json
16
+++ b/qapi/block-core.json
17
@@ -XXX,XX +XXX,XX @@
18
'data': { 'job-id': 'str',
19
'options': 'BlockdevCreateOptions' } }
20
21
+##
22
+# @BlockdevAmendOptionsLUKS:
23
+#
24
+# Driver specific image amend options for LUKS.
25
+#
26
+# Since: 5.1
27
+##
28
+{ 'struct': 'BlockdevAmendOptionsLUKS',
29
+ 'base': 'QCryptoBlockAmendOptionsLUKS',
30
+ 'data': { }
31
+}
32
+
33
##
34
# @BlockdevAmendOptions:
35
#
36
@@ -XXX,XX +XXX,XX @@
37
'driver': 'BlockdevDriver' },
38
'discriminator': 'driver',
39
'data': {
40
- } }
41
+ 'luks': 'BlockdevAmendOptionsLUKS' } }
42
43
##
44
# @x-blockdev-amend:
45
diff --git a/block/crypto.c b/block/crypto.c
46
index XXXXXXX..XXXXXXX 100644
47
--- a/block/crypto.c
48
+++ b/block/crypto.c
49
@@ -XXX,XX +XXX,XX @@ block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
50
}
51
52
static int
53
-block_crypto_amend_options_luks(BlockDriverState *bs,
54
- QemuOpts *opts,
55
- BlockDriverAmendStatusCB *status_cb,
56
- void *cb_opaque,
57
- bool force,
58
- Error **errp)
59
+block_crypto_amend_options_generic_luks(BlockDriverState *bs,
60
+ QCryptoBlockAmendOptions *amend_options,
61
+ bool force,
62
+ Error **errp)
63
{
64
BlockCrypto *crypto = bs->opaque;
65
- QDict *cryptoopts = NULL;
66
- QCryptoBlockAmendOptions *amend_options = NULL;
67
int ret;
68
69
assert(crypto);
70
assert(crypto->block);
71
- crypto->updating_keys = true;
72
73
+ /* apply for exclusive read/write permissions to the underlying file*/
74
+ crypto->updating_keys = true;
75
ret = bdrv_child_refresh_perms(bs, bs->file, errp);
76
- if (ret < 0) {
77
- goto cleanup;
78
- }
79
-
80
- cryptoopts = qemu_opts_to_qdict(opts, NULL);
81
- qdict_put_str(cryptoopts, "format", "luks");
82
- amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
83
- if (!amend_options) {
84
- ret = -EINVAL;
85
+ if (ret) {
86
goto cleanup;
87
}
88
89
@@ -XXX,XX +XXX,XX @@ block_crypto_amend_options_luks(BlockDriverState *bs,
90
force,
91
errp);
92
cleanup:
93
+ /* release exclusive read/write permissions to the underlying file*/
94
crypto->updating_keys = false;
95
bdrv_child_refresh_perms(bs, bs->file, errp);
96
- qapi_free_QCryptoBlockAmendOptions(amend_options);
97
+ return ret;
98
+}
99
+
100
+static int
101
+block_crypto_amend_options_luks(BlockDriverState *bs,
102
+ QemuOpts *opts,
103
+ BlockDriverAmendStatusCB *status_cb,
104
+ void *cb_opaque,
105
+ bool force,
106
+ Error **errp)
107
+{
108
+ BlockCrypto *crypto = bs->opaque;
109
+ QDict *cryptoopts = NULL;
110
+ QCryptoBlockAmendOptions *amend_options = NULL;
111
+ int ret = -EINVAL;
112
+
113
+ assert(crypto);
114
+ assert(crypto->block);
115
+
116
+ cryptoopts = qemu_opts_to_qdict(opts, NULL);
117
+ qdict_put_str(cryptoopts, "format", "luks");
118
+ amend_options = block_crypto_amend_opts_init(cryptoopts, errp);
119
qobject_unref(cryptoopts);
120
+ if (!amend_options) {
121
+ goto cleanup;
122
+ }
123
+ ret = block_crypto_amend_options_generic_luks(bs, amend_options,
124
+ force, errp);
125
+cleanup:
126
+ qapi_free_QCryptoBlockAmendOptions(amend_options);
127
return ret;
128
}
129
130
+static int
131
+coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs,
132
+ BlockdevAmendOptions *opts,
133
+ bool force,
134
+ Error **errp)
135
+{
136
+ QCryptoBlockAmendOptions amend_opts;
137
+
138
+ amend_opts = (QCryptoBlockAmendOptions) {
139
+ .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
140
+ .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
141
+ };
142
+ return block_crypto_amend_options_generic_luks(bs, &amend_opts,
143
+ force, errp);
144
+}
145
146
static void
147
block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
148
@@ -XXX,XX +XXX,XX @@ static BlockDriver bdrv_crypto_luks = {
149
.bdrv_get_info = block_crypto_get_info_luks,
150
.bdrv_get_specific_info = block_crypto_get_specific_info_luks,
151
.bdrv_amend_options = block_crypto_amend_options_luks,
152
+ .bdrv_co_amend = block_crypto_co_amend_luks,
153
154
.is_format = true,
155
156
--
157
2.26.2
158
159
diff view generated by jsdifflib
[PULL 15/18] block/qcow2: implement blockdev-amend
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
Currently the implementation only supports amending the encryption
4
options, unlike the qemu-img version
5
6
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
7
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
8
Reviewed-by: Max Reitz <mreitz@redhat.com>
9
Message-Id: <20200608094030.670121-14-mlevitsk@redhat.com>
10
Signed-off-by: Max Reitz <mreitz@redhat.com>
11
---
12
qapi/block-core.json | 16 +++++++++++++++-
13
block/qcow2.c | 39 +++++++++++++++++++++++++++++++++++++++
14
2 files changed, 54 insertions(+), 1 deletion(-)
15
16
diff --git a/qapi/block-core.json b/qapi/block-core.json
17
index XXXXXXX..XXXXXXX 100644
18
--- a/qapi/block-core.json
19
+++ b/qapi/block-core.json
20
@@ -XXX,XX +XXX,XX @@
21
'data': { }
22
}
23
24
+##
25
+# @BlockdevAmendOptionsQcow2:
26
+#
27
+# Driver specific image amend options for qcow2.
28
+# For now, only encryption options can be amended
29
+#
30
+# @encrypt Encryption options to be amended
31
+#
32
+# Since: 5.1
33
+##
34
+{ 'struct': 'BlockdevAmendOptionsQcow2',
35
+ 'data': { '*encrypt': 'QCryptoBlockAmendOptions' } }
36
+
37
##
38
# @BlockdevAmendOptions:
39
#
40
@@ -XXX,XX +XXX,XX @@
41
'driver': 'BlockdevDriver' },
42
'discriminator': 'driver',
43
'data': {
44
- 'luks': 'BlockdevAmendOptionsLUKS' } }
45
+ 'luks': 'BlockdevAmendOptionsLUKS',
46
+ 'qcow2': 'BlockdevAmendOptionsQcow2' } }
47
48
##
49
# @x-blockdev-amend:
50
diff --git a/block/qcow2.c b/block/qcow2.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/block/qcow2.c
53
+++ b/block/qcow2.c
54
@@ -XXX,XX +XXX,XX @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
55
return 0;
56
}
57
58
+static int coroutine_fn qcow2_co_amend(BlockDriverState *bs,
59
+ BlockdevAmendOptions *opts,
60
+ bool force,
61
+ Error **errp)
62
+{
63
+ BlockdevAmendOptionsQcow2 *qopts = &opts->u.qcow2;
64
+ BDRVQcow2State *s = bs->opaque;
65
+ int ret = 0;
66
+
67
+ if (qopts->has_encrypt) {
68
+ if (!s->crypto) {
69
+ error_setg(errp, "image is not encrypted, can't amend");
70
+ return -EOPNOTSUPP;
71
+ }
72
+
73
+ if (qopts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) {
74
+ error_setg(errp,
75
+ "Amend can't be used to change the qcow2 encryption format");
76
+ return -EOPNOTSUPP;
77
+ }
78
+
79
+ if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
80
+ error_setg(errp,
81
+ "Only LUKS encryption options can be amended for qcow2 with blockdev-amend");
82
+ return -EOPNOTSUPP;
83
+ }
84
+
85
+ ret = qcrypto_block_amend_options(s->crypto,
86
+ qcow2_crypto_hdr_read_func,
87
+ qcow2_crypto_hdr_write_func,
88
+ bs,
89
+ qopts->encrypt,
90
+ force,
91
+ errp);
92
+ }
93
+ return ret;
94
+}
95
+
96
/*
97
* If offset or size are negative, respectively, they will not be included in
98
* the BLOCK_IMAGE_CORRUPTED event emitted.
99
@@ -XXX,XX +XXX,XX @@ BlockDriver bdrv_qcow2 = {
100
.mutable_opts = mutable_opts,
101
.bdrv_co_check = qcow2_co_check,
102
.bdrv_amend_options = qcow2_amend_options,
103
+ .bdrv_co_amend = qcow2_co_amend,
104
105
.bdrv_detach_aio_context = qcow2_detach_aio_context,
106
.bdrv_attach_aio_context = qcow2_attach_aio_context,
107
--
108
2.26.2
109
110
diff view generated by jsdifflib
[PULL 16/18] iotests: add tests for blockdev-amend
Deleted patch
1
From: Maxim Levitsky <mlevitsk@redhat.com>
2
1
3
This commit adds two tests that cover the
4
new blockdev-amend functionality of luks and qcow2 driver
5
6
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
7
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
8
Message-Id: <20200608094030.670121-15-mlevitsk@redhat.com>
9
Signed-off-by: Max Reitz <mreitz@redhat.com>
10
---
11
tests/qemu-iotests/295 | 279 +++++++++++++++++++++++++++++++++++++
12
tests/qemu-iotests/295.out | 40 ++++++
13
tests/qemu-iotests/296 | 234 +++++++++++++++++++++++++++++++
14
tests/qemu-iotests/296.out | 33 +++++
15
tests/qemu-iotests/group | 2 +
16
5 files changed, 588 insertions(+)
17
create mode 100755 tests/qemu-iotests/295
18
create mode 100644 tests/qemu-iotests/295.out
19
create mode 100755 tests/qemu-iotests/296
20
create mode 100644 tests/qemu-iotests/296.out
21
22
diff --git a/tests/qemu-iotests/295 b/tests/qemu-iotests/295
23
new file mode 100755
24
index XXXXXXX..XXXXXXX
25
--- /dev/null
26
+++ b/tests/qemu-iotests/295
27
@@ -XXX,XX +XXX,XX @@
28
+#!/usr/bin/env python3
29
+#
30
+# Test case QMP's encrypted key management
31
+#
32
+# Copyright (C) 2019 Red Hat, Inc.
33
+#
34
+# This program is free software; you can redistribute it and/or modify
35
+# it under the terms of the GNU General Public License as published by
36
+# the Free Software Foundation; either version 2 of the License, or
37
+# (at your option) any later version.
38
+#
39
+# This program is distributed in the hope that it will be useful,
40
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
41
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
42
+# GNU General Public License for more details.
43
+#
44
+# You should have received a copy of the GNU General Public License
45
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
46
+#
47
+
48
+import iotests
49
+import os
50
+import time
51
+import json
52
+
53
+test_img = os.path.join(iotests.test_dir, 'test.img')
54
+
55
+class Secret:
56
+ def __init__(self, index):
57
+ self._id = "keysec" + str(index)
58
+ # you are not supposed to see the password...
59
+ self._secret = "hunter" + str(index)
60
+
61
+ def id(self):
62
+ return self._id
63
+
64
+ def secret(self):
65
+ return self._secret
66
+
67
+ def to_cmdline_object(self):
68
+ return [ "secret,id=" + self._id + ",data=" + self._secret]
69
+
70
+ def to_qmp_object(self):
71
+ return { "qom_type" : "secret", "id": self.id(),
72
+ "props": { "data": self.secret() } }
73
+
74
+################################################################################
75
+class EncryptionSetupTestCase(iotests.QMPTestCase):
76
+
77
+ # test case startup
78
+ def setUp(self):
79
+ # start the VM
80
+ self.vm = iotests.VM()
81
+ self.vm.launch()
82
+
83
+ # create the secrets and load 'em into the VM
84
+ self.secrets = [ Secret(i) for i in range(0, 6) ]
85
+ for secret in self.secrets:
86
+ result = self.vm.qmp("object-add", **secret.to_qmp_object())
87
+ self.assert_qmp(result, 'return', {})
88
+
89
+ if iotests.imgfmt == "qcow2":
90
+ self.pfx = "encrypt."
91
+ self.img_opts = [ '-o', "encrypt.format=luks" ]
92
+ else:
93
+ self.pfx = ""
94
+ self.img_opts = []
95
+
96
+ # test case shutdown
97
+ def tearDown(self):
98
+ # stop the VM
99
+ self.vm.shutdown()
100
+
101
+ ###########################################################################
102
+ # create the encrypted block device
103
+ def createImg(self, file, secret):
104
+
105
+ iotests.qemu_img(
106
+ 'create',
107
+ '--object', *secret.to_cmdline_object(),
108
+ '-f', iotests.imgfmt,
109
+ '-o', self.pfx + 'key-secret=' + secret.id(),
110
+ '-o', self.pfx + 'iter-time=10',
111
+ *self.img_opts,
112
+ file,
113
+ '1M')
114
+
115
+ ###########################################################################
116
+ # open an encrypted block device
117
+ def openImageQmp(self, id, file, secret, read_only = False):
118
+
119
+ encrypt_options = {
120
+ 'key-secret' : secret.id()
121
+ }
122
+
123
+ if iotests.imgfmt == "qcow2":
124
+ encrypt_options = {
125
+ 'encrypt': {
126
+ 'format':'luks',
127
+ **encrypt_options
128
+ }
129
+ }
130
+
131
+ result = self.vm.qmp('blockdev-add', **
132
+ {
133
+ 'driver': iotests.imgfmt,
134
+ 'node-name': id,
135
+ 'read-only': read_only,
136
+
137
+ **encrypt_options,
138
+
139
+ 'file': {
140
+ 'driver': 'file',
141
+ 'filename': test_img,
142
+ }
143
+ }
144
+ )
145
+ self.assert_qmp(result, 'return', {})
146
+
147
+ # close the encrypted block device
148
+ def closeImageQmp(self, id):
149
+ result = self.vm.qmp('blockdev-del', **{ 'node-name': id })
150
+ self.assert_qmp(result, 'return', {})
151
+
152
+ ###########################################################################
153
+ # add a key to an encrypted block device
154
+ def addKeyQmp(self, id, new_secret, secret = None,
155
+ slot = None, force = False):
156
+
157
+ crypt_options = {
158
+ 'state' : 'active',
159
+ 'new-secret' : new_secret.id(),
160
+ 'iter-time' : 10
161
+ }
162
+
163
+ if slot != None:
164
+ crypt_options['keyslot'] = slot
165
+
166
+
167
+ if secret != None:
168
+ crypt_options['secret'] = secret.id()
169
+
170
+ if iotests.imgfmt == "qcow2":
171
+ crypt_options['format'] = 'luks'
172
+ crypt_options = {
173
+ 'encrypt': crypt_options
174
+ }
175
+
176
+ args = {
177
+ 'node-name': id,
178
+ 'job-id' : 'job_add_key',
179
+ 'options' : {
180
+ 'driver' : iotests.imgfmt,
181
+ **crypt_options
182
+ },
183
+ }
184
+
185
+ if force == True:
186
+ args['force'] = True
187
+
188
+ #TODO: check what jobs return
189
+ result = self.vm.qmp('x-blockdev-amend', **args)
190
+ assert result['return'] == {}
191
+ self.vm.run_job('job_add_key')
192
+
193
+ # erase a key from an encrypted block device
194
+ def eraseKeyQmp(self, id, old_secret = None, slot = None, force = False):
195
+
196
+ crypt_options = {
197
+ 'state' : 'inactive',
198
+ }
199
+
200
+ if slot != None:
201
+ crypt_options['keyslot'] = slot
202
+ if old_secret != None:
203
+ crypt_options['old-secret'] = old_secret.id()
204
+
205
+ if iotests.imgfmt == "qcow2":
206
+ crypt_options['format'] = 'luks'
207
+ crypt_options = {
208
+ 'encrypt': crypt_options
209
+ }
210
+
211
+ args = {
212
+ 'node-name': id,
213
+ 'job-id' : 'job_erase_key',
214
+ 'options' : {
215
+ 'driver' : iotests.imgfmt,
216
+ **crypt_options
217
+ },
218
+ }
219
+
220
+ if force == True:
221
+ args['force'] = True
222
+
223
+ result = self.vm.qmp('x-blockdev-amend', **args)
224
+ assert result['return'] == {}
225
+ self.vm.run_job('job_erase_key')
226
+
227
+ ###########################################################################
228
+ # create image, and change its key
229
+ def testChangeKey(self):
230
+
231
+ # create the image with secret0 and open it
232
+ self.createImg(test_img, self.secrets[0]);
233
+ self.openImageQmp("testdev", test_img, self.secrets[0])
234
+
235
+ # add key to slot 1
236
+ self.addKeyQmp("testdev", new_secret = self.secrets[1])
237
+
238
+ # add key to slot 5
239
+ self.addKeyQmp("testdev", new_secret = self.secrets[2], slot=5)
240
+
241
+ # erase key from slot 0
242
+ self.eraseKeyQmp("testdev", old_secret = self.secrets[0])
243
+
244
+ #reopen the image with secret1
245
+ self.closeImageQmp("testdev")
246
+ self.openImageQmp("testdev", test_img, self.secrets[1])
247
+
248
+ # close and erase the image for good
249
+ self.closeImageQmp("testdev")
250
+ os.remove(test_img)
251
+
252
+ # test that if we erase the old password,
253
+ # we can still change the encryption keys using 'old-secret'
254
+ def testOldPassword(self):
255
+
256
+ # create the image with secret0 and open it
257
+ self.createImg(test_img, self.secrets[0]);
258
+ self.openImageQmp("testdev", test_img, self.secrets[0])
259
+
260
+ # add key to slot 1
261
+ self.addKeyQmp("testdev", new_secret = self.secrets[1])
262
+
263
+ # erase key from slot 0
264
+ self.eraseKeyQmp("testdev", old_secret = self.secrets[0])
265
+
266
+ # this will fail as the old password is no longer valid
267
+ self.addKeyQmp("testdev", new_secret = self.secrets[2])
268
+
269
+ # this will work
270
+ self.addKeyQmp("testdev", new_secret = self.secrets[2], secret = self.secrets[1])
271
+
272
+ # close and erase the image for good
273
+ self.closeImageQmp("testdev")
274
+ os.remove(test_img)
275
+
276
+ def testUseForceLuke(self):
277
+
278
+ self.createImg(test_img, self.secrets[0]);
279
+ self.openImageQmp("testdev", test_img, self.secrets[0])
280
+
281
+ # Add bunch of secrets
282
+ self.addKeyQmp("testdev", new_secret = self.secrets[1], slot=4)
283
+ self.addKeyQmp("testdev", new_secret = self.secrets[4], slot=2)
284
+
285
+ # overwrite an active secret
286
+ self.addKeyQmp("testdev", new_secret = self.secrets[5], slot=2)
287
+ self.addKeyQmp("testdev", new_secret = self.secrets[5], slot=2, force=True)
288
+
289
+ self.addKeyQmp("testdev", new_secret = self.secrets[0])
290
+
291
+ # Now erase all the secrets
292
+ self.eraseKeyQmp("testdev", old_secret = self.secrets[5])
293
+ self.eraseKeyQmp("testdev", slot=4)
294
+
295
+ # erase last keyslot
296
+ self.eraseKeyQmp("testdev", old_secret = self.secrets[0])
297
+ self.eraseKeyQmp("testdev", old_secret = self.secrets[0], force=True)
298
+
299
+ self.closeImageQmp("testdev")
300
+ os.remove(test_img)
301
+
302
+
303
+if __name__ == '__main__':
304
+ # Encrypted formats support
305
+ iotests.activate_logging()
306
+ iotests.main(supported_fmts = ['qcow2', 'luks'])
307
diff --git a/tests/qemu-iotests/295.out b/tests/qemu-iotests/295.out
308
new file mode 100644
309
index XXXXXXX..XXXXXXX
310
--- /dev/null
311
+++ b/tests/qemu-iotests/295.out
312
@@ -XXX,XX +XXX,XX @@
313
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
314
+{"return": {}}
315
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
316
+{"return": {}}
317
+{"execute": "job-dismiss", "arguments": {"id": "job_erase_key"}}
318
+{"return": {}}
319
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
320
+{"return": {}}
321
+{"execute": "job-dismiss", "arguments": {"id": "job_erase_key"}}
322
+{"return": {}}
323
+Job failed: Invalid password, cannot unlock any keyslot
324
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
325
+{"return": {}}
326
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
327
+{"return": {}}
328
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
329
+{"return": {}}
330
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
331
+{"return": {}}
332
+Job failed: Refusing to overwrite active keyslot 2 - please erase it first
333
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
334
+{"return": {}}
335
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
336
+{"return": {}}
337
+{"execute": "job-dismiss", "arguments": {"id": "job_add_key"}}
338
+{"return": {}}
339
+{"execute": "job-dismiss", "arguments": {"id": "job_erase_key"}}
340
+{"return": {}}
341
+{"execute": "job-dismiss", "arguments": {"id": "job_erase_key"}}
342
+{"return": {}}
343
+Job failed: All the active keyslots match the (old) password that was given and erasing them will erase all the data in the image irreversibly - refusing operation
344
+{"execute": "job-dismiss", "arguments": {"id": "job_erase_key"}}
345
+{"return": {}}
346
+{"execute": "job-dismiss", "arguments": {"id": "job_erase_key"}}
347
+{"return": {}}
348
+...
349
+----------------------------------------------------------------------
350
+Ran 3 tests
351
+
352
+OK
353
diff --git a/tests/qemu-iotests/296 b/tests/qemu-iotests/296
354
new file mode 100755
355
index XXXXXXX..XXXXXXX
356
--- /dev/null
357
+++ b/tests/qemu-iotests/296
358
@@ -XXX,XX +XXX,XX @@
359
+#!/usr/bin/env python3
360
+#
361
+# Test case for encryption key management versus image sharing
362
+#
363
+# Copyright (C) 2019 Red Hat, Inc.
364
+#
365
+# This program is free software; you can redistribute it and/or modify
366
+# it under the terms of the GNU General Public License as published by
367
+# the Free Software Foundation; either version 2 of the License, or
368
+# (at your option) any later version.
369
+#
370
+# This program is distributed in the hope that it will be useful,
371
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
372
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
373
+# GNU General Public License for more details.
374
+#
375
+# You should have received a copy of the GNU General Public License
376
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
377
+#
378
+
379
+import iotests
380
+import os
381
+import time
382
+import json
383
+
384
+test_img = os.path.join(iotests.test_dir, 'test.img')
385
+
386
+class Secret:
387
+ def __init__(self, index):
388
+ self._id = "keysec" + str(index)
389
+ # you are not supposed to see the password...
390
+ self._secret = "hunter" + str(index)
391
+
392
+ def id(self):
393
+ return self._id
394
+
395
+ def secret(self):
396
+ return self._secret
397
+
398
+ def to_cmdline_object(self):
399
+ return [ "secret,id=" + self._id + ",data=" + self._secret]
400
+
401
+ def to_qmp_object(self):
402
+ return { "qom_type" : "secret", "id": self.id(),
403
+ "props": { "data": self.secret() } }
404
+
405
+################################################################################
406
+
407
+class EncryptionSetupTestCase(iotests.QMPTestCase):
408
+
409
+ # test case startup
410
+ def setUp(self):
411
+
412
+ # start the VMs
413
+ self.vm1 = iotests.VM(path_suffix = 'VM1')
414
+ self.vm2 = iotests.VM(path_suffix = 'VM2')
415
+ self.vm1.launch()
416
+ self.vm2.launch()
417
+
418
+ # create the secrets and load 'em into the VMs
419
+ self.secrets = [ Secret(i) for i in range(0, 4) ]
420
+ for secret in self.secrets:
421
+ result = self.vm1.qmp("object-add", **secret.to_qmp_object())
422
+ self.assert_qmp(result, 'return', {})
423
+ result = self.vm2.qmp("object-add", **secret.to_qmp_object())
424
+ self.assert_qmp(result, 'return', {})
425
+
426
+ # test case shutdown
427
+ def tearDown(self):
428
+ # stop the VM
429
+ self.vm1.shutdown()
430
+ self.vm2.shutdown()
431
+
432
+ ###########################################################################
433
+ # create the encrypted block device using qemu-img
434
+ def createImg(self, file, secret):
435
+
436
+ output = iotests.qemu_img_pipe(
437
+ 'create',
438
+ '--object', *secret.to_cmdline_object(),
439
+ '-f', iotests.imgfmt,
440
+ '-o', 'key-secret=' + secret.id(),
441
+ '-o', 'iter-time=10',
442
+ file,
443
+ '1M')
444
+
445
+ iotests.log(output, filters=[iotests.filter_test_dir])
446
+
447
+ # attempts to add a key using qemu-img
448
+ def addKey(self, file, secret, new_secret):
449
+
450
+ image_options = {
451
+ 'key-secret' : secret.id(),
452
+ 'driver' : iotests.imgfmt,
453
+ 'file' : {
454
+ 'driver':'file',
455
+ 'filename': file,
456
+ }
457
+ }
458
+
459
+ output = iotests.qemu_img_pipe(
460
+ 'amend',
461
+ '--object', *secret.to_cmdline_object(),
462
+ '--object', *new_secret.to_cmdline_object(),
463
+
464
+ '-o', 'state=active',
465
+ '-o', 'new-secret=' + new_secret.id(),
466
+ '-o', 'iter-time=10',
467
+
468
+ "json:" + json.dumps(image_options)
469
+ )
470
+
471
+ iotests.log(output, filters=[iotests.filter_test_dir])
472
+
473
+ ###########################################################################
474
+ # open an encrypted block device
475
+ def openImageQmp(self, vm, id, file, secret,
476
+ readOnly = False, reOpen = False):
477
+
478
+ command = 'x-blockdev-reopen' if reOpen else 'blockdev-add'
479
+
480
+ result = vm.qmp(command, **
481
+ {
482
+ 'driver': iotests.imgfmt,
483
+ 'node-name': id,
484
+ 'read-only': readOnly,
485
+ 'key-secret' : secret.id(),
486
+ 'file': {
487
+ 'driver': 'file',
488
+ 'filename': test_img,
489
+ }
490
+ }
491
+ )
492
+ self.assert_qmp(result, 'return', {})
493
+
494
+ # close the encrypted block device
495
+ def closeImageQmp(self, vm, id):
496
+ result = vm.qmp('blockdev-del', **{ 'node-name': id })
497
+ self.assert_qmp(result, 'return', {})
498
+
499
+ ###########################################################################
500
+
501
+ # add a key to an encrypted block device
502
+ def addKeyQmp(self, vm, id, new_secret):
503
+
504
+ args = {
505
+ 'node-name': id,
506
+ 'job-id' : 'job0',
507
+ 'options' : {
508
+ 'state' : 'active',
509
+ 'driver' : iotests.imgfmt,
510
+ 'new-secret': new_secret.id(),
511
+ 'iter-time' : 10
512
+ },
513
+ }
514
+
515
+ result = vm.qmp('x-blockdev-amend', **args)
516
+ assert result['return'] == {}
517
+ vm.run_job('job0')
518
+
519
+ # test that when the image opened by two qemu processes,
520
+ # neither of them can update the image
521
+ def test1(self):
522
+ self.createImg(test_img, self.secrets[0]);
523
+
524
+ # VM1 opens the image and adds a key
525
+ self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
526
+ self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[1])
527
+
528
+
529
+ # VM2 opens the image
530
+ self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
531
+
532
+
533
+ # neither VMs now should be able to add a key
534
+ self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])
535
+ self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])
536
+
537
+
538
+ # VM 1 closes the image
539
+ self.closeImageQmp(self.vm1, "testdev")
540
+
541
+
542
+ # now VM2 can add the key
543
+ self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])
544
+
545
+
546
+ # qemu-img should also not be able to add a key
547
+ self.addKey(test_img, self.secrets[0], self.secrets[2])
548
+
549
+ # cleanup
550
+ self.closeImageQmp(self.vm2, "testdev")
551
+ os.remove(test_img)
552
+
553
+
554
+ def test2(self):
555
+ self.createImg(test_img, self.secrets[0]);
556
+
557
+ # VM1 opens the image readonly
558
+ self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0],
559
+ readOnly = True)
560
+
561
+ # VM2 opens the image
562
+ self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
563
+
564
+ # VM1 can't add a key since image is readonly
565
+ self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])
566
+
567
+ # VM2 can't add a key since VM is has the image opened
568
+ self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])
569
+
570
+
571
+ #VM1 reopens the image read-write
572
+ self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0],
573
+ reOpen = True, readOnly = False)
574
+
575
+ # VM1 still can't add the key
576
+ self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])
577
+
578
+ # VM2 gets away
579
+ self.closeImageQmp(self.vm2, "testdev")
580
+
581
+ # VM1 now can add the key
582
+ self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])
583
+
584
+ self.closeImageQmp(self.vm1, "testdev")
585
+ os.remove(test_img)
586
+
587
+
588
+if __name__ == '__main__':
589
+ # support only raw luks since luks encrypted qcow2 is a proper
590
+ # format driver which doesn't allow any sharing
591
+ iotests.activate_logging()
592
+ iotests.main(supported_fmts = ['luks'])
593
diff --git a/tests/qemu-iotests/296.out b/tests/qemu-iotests/296.out
594
new file mode 100644
595
index XXXXXXX..XXXXXXX
596
--- /dev/null
597
+++ b/tests/qemu-iotests/296.out
598
@@ -XXX,XX +XXX,XX @@
599
+Formatting 'TEST_DIR/test.img', fmt=luks size=1048576 key-secret=keysec0 iter-time=10
600
+
601
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
602
+{"return": {}}
603
+Job failed: Failed to get shared "consistent read" lock
604
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
605
+{"return": {}}
606
+Job failed: Failed to get shared "consistent read" lock
607
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
608
+{"return": {}}
609
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
610
+{"return": {}}
611
+qemu-img: Failed to get shared "consistent read" lock
612
+Is another process using the image [TEST_DIR/test.img]?
613
+
614
+Formatting 'TEST_DIR/test.img', fmt=luks size=1048576 key-secret=keysec0 iter-time=10
615
+
616
+Job failed: Block node is read-only
617
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
618
+{"return": {}}
619
+Job failed: Failed to get shared "consistent read" lock
620
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
621
+{"return": {}}
622
+Job failed: Failed to get shared "consistent read" lock
623
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
624
+{"return": {}}
625
+{"execute": "job-dismiss", "arguments": {"id": "job0"}}
626
+{"return": {}}
627
+..
628
+----------------------------------------------------------------------
629
+Ran 2 tests
630
+
631
+OK
632
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
633
index XXXXXXX..XXXXXXX 100644
634
--- a/tests/qemu-iotests/group
635
+++ b/tests/qemu-iotests/group
636
@@ -XXX,XX +XXX,XX @@
637
292 rw auto quick
638
293 rw auto
639
294 rw auto quick
640
+295 rw auto
641
+296 rw auto
642
297 meta
643
--
644
2.26.2
645
646
diff view generated by jsdifflib
[PULL 17/18] iotests: Fix 051 output after qdev_init_nofail() removal
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Commit 96927c744 replaced qdev_init_nofail() call by
4
isa_realize_and_unref() which has a different error
5
message. Update the test output accordingly.
6
7
Gitlab CI error after merging b77b5b3dc7:
8
https://gitlab.com/qemu-project/qemu/-/jobs/597414772#L4375
9
10
Reported-by: Thomas Huth <thuth@redhat.com>
11
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
12
Message-Id: <20200616154949.6586-1-philmd@redhat.com>
13
Reviewed-by: Thomas Huth <thuth@redhat.com>
14
Signed-off-by: Max Reitz <mreitz@redhat.com>
15
---
16
tests/qemu-iotests/051.pc.out | 4 ++--
17
1 file changed, 2 insertions(+), 2 deletions(-)
18
19
diff --git a/tests/qemu-iotests/051.pc.out b/tests/qemu-iotests/051.pc.out
20
index XXXXXXX..XXXXXXX 100644
21
--- a/tests/qemu-iotests/051.pc.out
22
+++ b/tests/qemu-iotests/051.pc.out
23
@@ -XXX,XX +XXX,XX @@ QEMU X.Y.Z monitor - type 'help' for more information
24
25
Testing: -drive if=ide
26
QEMU X.Y.Z monitor - type 'help' for more information
27
-(qemu) QEMU_PROG: Initialization of device ide-hd failed: Device needs media, but drive is empty
28
+(qemu) QEMU_PROG: Device needs media, but drive is empty
29
30
Testing: -drive if=virtio
31
QEMU X.Y.Z monitor - type 'help' for more information
32
@@ -XXX,XX +XXX,XX @@ QEMU X.Y.Z monitor - type 'help' for more information
33
34
Testing: -drive file=TEST_DIR/t.qcow2,if=ide,readonly=on
35
QEMU X.Y.Z monitor - type 'help' for more information
36
-(qemu) QEMU_PROG: Initialization of device ide-hd failed: Block node is read-only
37
+(qemu) QEMU_PROG: Block node is read-only
38
39
Testing: -drive file=TEST_DIR/t.qcow2,if=virtio,readonly=on
40
QEMU X.Y.Z monitor - type 'help' for more information
41
--
42
2.26.2
43
44
diff view generated by jsdifflib
[PULL 18/18] iotests: don't test qcow2.py inside 291
Deleted patch
1
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2
1
3
820c6bee534ec3b added testing of qcow2.py into 291, and it breaks 291
4
with external data file. Actually, 291 is bad place for qcow2.py
5
testing, better add a separate test.
6
7
For now, drop qcow2.py testing from 291 to fix the regression.
8
9
Fixes: 820c6bee534ec3b
10
Reported-by: Max Reitz <mreitz@redhat.com>
11
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
12
Message-Id: <20200618154052.8629-1-vsementsov@virtuozzo.com>
13
Reviewed-by: Eric Blake <eblake@redhat.com>
14
Signed-off-by: Max Reitz <mreitz@redhat.com>
15
---
16
tests/qemu-iotests/291 | 4 ----
17
tests/qemu-iotests/291.out | 33 ---------------------------------
18
2 files changed, 37 deletions(-)
19
20
diff --git a/tests/qemu-iotests/291 b/tests/qemu-iotests/291
21
index XXXXXXX..XXXXXXX 100755
22
--- a/tests/qemu-iotests/291
23
+++ b/tests/qemu-iotests/291
24
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c 'w 1M 1M' -f $IMGFMT "$TEST_IMG" | _filter_qemu_io
25
$QEMU_IMG bitmap --disable -f $IMGFMT "$TEST_IMG" b1
26
$QEMU_IMG bitmap --enable -f $IMGFMT "$TEST_IMG" b2
27
$QEMU_IO -c 'w 2M 1M' -f $IMGFMT "$TEST_IMG" | _filter_qemu_io
28
-echo "Check resulting qcow2 header extensions:"
29
-$PYTHON qcow2.py "$TEST_IMG" dump-header-exts
30
31
echo
32
echo "=== Bitmap preservation not possible to non-qcow2 ==="
33
@@ -XXX,XX +XXX,XX @@ $QEMU_IMG bitmap --merge tmp -f $IMGFMT "$TEST_IMG" b0
34
$QEMU_IMG bitmap --remove --image-opts \
35
driver=$IMGFMT,file.driver=file,file.filename="$TEST_IMG" tmp
36
_img_info --format-specific
37
-echo "Check resulting qcow2 header extensions:"
38
-$PYTHON qcow2.py "$TEST_IMG" dump-header-exts
39
40
echo
41
echo "=== Check bitmap contents ==="
42
diff --git a/tests/qemu-iotests/291.out b/tests/qemu-iotests/291.out
43
index XXXXXXX..XXXXXXX 100644
44
--- a/tests/qemu-iotests/291.out
45
+++ b/tests/qemu-iotests/291.out
46
@@ -XXX,XX +XXX,XX @@ wrote 1048576/1048576 bytes at offset 1048576
47
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
48
wrote 1048576/1048576 bytes at offset 2097152
49
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
50
-Check resulting qcow2 header extensions:
51
-Header extension:
52
-magic 0xe2792aca (Backing format)
53
-length 5
54
-data 'qcow2'
55
-
56
-Header extension:
57
-magic 0x6803f857 (Feature table)
58
-length 336
59
-data <binary>
60
-
61
-Header extension:
62
-magic 0x23852875 (Bitmaps)
63
-length 24
64
-nb_bitmaps 2
65
-reserved32 0
66
-bitmap_directory_size 0x40
67
-bitmap_directory_offset 0x510000
68
-
69
70
=== Bitmap preservation not possible to non-qcow2 ===
71
72
@@ -XXX,XX +XXX,XX @@ Format specific information:
73
granularity: 65536
74
refcount bits: 16
75
corrupt: false
76
-Check resulting qcow2 header extensions:
77
-Header extension:
78
-magic 0x6803f857 (Feature table)
79
-length 336
80
-data <binary>
81
-
82
-Header extension:
83
-magic 0x23852875 (Bitmaps)
84
-length 24
85
-nb_bitmaps 3
86
-reserved32 0
87
-bitmap_directory_size 0x60
88
-bitmap_directory_offset 0x520000
89
-
90
91
=== Check bitmap contents ===
92
93
--
94
2.26.2
95
96
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.