From nobody Tue May 14 16:49:37 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1668940169; cv=none; d=zohomail.com; s=zohoarc; b=f/Xz3MEUq8u9ct7qJ0cH0KoXadFYFISwOVnYT2u88ijPBICagWpYF2RGKrdnIBNiKCtFwgLZqtxyvAIe5XXqjgHzTOetBkUq5epUN3nfZTwvhjfGb+ylComNWZKDHxlDn7XmKHM5+A7Ic5aYRF6VZ6lnfojLQObQAefdoxj7dC4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1668940169; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=xdWivcnzo+dsc0nLdCJCZCT/aNr71O6ES7nhLKMZBWY=; b=QAOTgCOT1SnB87jSefsYbGOWr0gUcFblraZ8cCjgJrzHde4RJ3GzLXoDKCOg6YJNHqbHXjZct3pTYdmVzn6cs0apBCD+1ynIxFCXI3uOJ4tSWTfcl2fs5TatV3fiscuxuO1DSPG0tP0xjxrFqG6OeD05HzD3j4oicuhtoaYRv48= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1668940169376132.40667134890577; Sun, 20 Nov 2022 02:29:29 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1owhZO-0004ze-S0; Sun, 20 Nov 2022 05:29:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owhZJ-0004yT-Bh; Sun, 20 Nov 2022 05:28:58 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owhZE-0000Cu-R4; Sun, 20 Nov 2022 05:28:55 -0500 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2AK6G1KL021664; Sun, 20 Nov 2022 10:28:48 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ky906fyjq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:48 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2AKAPQWq019089; Sun, 20 Nov 2022 10:28:48 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ky906fyjk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:48 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2AKAJcbx019163; Sun, 20 Nov 2022 10:28:47 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma02dal.us.ibm.com with ESMTP id 3kxps9rtpn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:47 +0000 Received: from smtpav06.dal12v.mail.ibm.com ([9.208.128.130]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2AKASfsm52429312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 20 Nov 2022 10:28:41 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 932E15805D; Sun, 20 Nov 2022 10:28:44 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C77FA58059; Sun, 20 Nov 2022 10:28:43 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Sun, 20 Nov 2022 10:28:43 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=xdWivcnzo+dsc0nLdCJCZCT/aNr71O6ES7nhLKMZBWY=; b=ctPr1iAwodvdQt6plEbOZaYyJb3Ct1Q6bkCyvTN3CMhJOM1P+9tY5svoqvII6USGX/hR CaSGsxfFk0qb8V6xY/3WuZGtZx2hqTr7Fb2Zsrq1Q6y096ZrRbvobCOEFHRIceRPgELY PJ9HaOL7BV0WYGrvCpTnpq6hWLyzxIw2wcjpVG2P5zDt47QNUzoopLH5EbglRZYzWdFm GcPGgdwoets/dWnzMKxPrAv/s+76Xxys8ue75RIgCNp//o65AIyJQTjqIYmplBq4NcTa XnWDKfBhX7PFgcjVKPKQtUTC8URwUUtyUtzigfHrUXeo9mBvnr8EPiEe3U4CX/lNb2Hf iQ== From: Or Ozeri To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, oro@il.ibm.com, dannyh@il.ibm.com, idryomov@gmail.com Subject: [PATCH v4 1/3] block/rbd: encryption nit fixes Date: Sun, 20 Nov 2022 04:28:34 -0600 Message-Id: <20221120102836.3174090-2-oro@il.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221120102836.3174090-1-oro@il.ibm.com> References: <20221120102836.3174090-1-oro@il.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: xnSqfUsDjvjq0kyzDymUuwWGzRzbxPhx X-Proofpoint-ORIG-GUID: W96pUy6KkdcCl937Ok_W8Y0eDSOlDynO X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-20_07,2022-11-18_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 malwarescore=0 phishscore=0 spamscore=0 clxscore=1015 mlxlogscore=798 mlxscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211200086 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=oro@il.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1668940171537100007 Content-Type: text/plain; charset="utf-8" Add const modifier to passphrases, and remove redundant stack variable passphrase_len. Signed-off-by: Or Ozeri --- block/rbd.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index f826410f40..e575105e6d 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -330,7 +330,7 @@ static int qemu_rbd_set_keypairs(rados_t cluster, const= char *keypairs_json, #ifdef LIBRBD_SUPPORTS_ENCRYPTION static int qemu_rbd_convert_luks_options( RbdEncryptionOptionsLUKSBase *luks_opts, - char **passphrase, + const char **passphrase, size_t *passphrase_len, Error **errp) { @@ -341,7 +341,7 @@ static int qemu_rbd_convert_luks_options( static int qemu_rbd_convert_luks_create_options( RbdEncryptionCreateOptionsLUKSBase *luks_opts, rbd_encryption_algorithm_t *alg, - char **passphrase, + const char **passphrase, size_t *passphrase_len, Error **errp) { @@ -384,8 +384,7 @@ static int qemu_rbd_encryption_format(rbd_image_t image, Error **errp) { int r =3D 0; - g_autofree char *passphrase =3D NULL; - size_t passphrase_len; + g_autofree const char *passphrase =3D NULL; rbd_encryption_format_t format; rbd_encryption_options_t opts; rbd_encryption_luks1_format_options_t luks_opts; @@ -407,12 +406,12 @@ static int qemu_rbd_encryption_format(rbd_image_t ima= ge, opts_size =3D sizeof(luks_opts); r =3D qemu_rbd_convert_luks_create_options( qapi_RbdEncryptionCreateOptionsLUKS_base(&encrypt->u.l= uks), - &luks_opts.alg, &passphrase, &passphrase_len, errp); + &luks_opts.alg, &passphrase, &luks_opts.passphrase_siz= e, + errp); if (r < 0) { return r; } luks_opts.passphrase =3D passphrase; - luks_opts.passphrase_size =3D passphrase_len; break; } case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: { @@ -423,12 +422,12 @@ static int qemu_rbd_encryption_format(rbd_image_t ima= ge, r =3D qemu_rbd_convert_luks_create_options( qapi_RbdEncryptionCreateOptionsLUKS2_base( &encrypt->u.luks2), - &luks2_opts.alg, &passphrase, &passphrase_len, errp); + &luks2_opts.alg, &passphrase, &luks2_opts.passphrase_s= ize, + errp); if (r < 0) { return r; } luks2_opts.passphrase =3D passphrase; - luks2_opts.passphrase_size =3D passphrase_len; break; } default: { @@ -466,8 +465,7 @@ static int qemu_rbd_encryption_load(rbd_image_t image, Error **errp) { int r =3D 0; - g_autofree char *passphrase =3D NULL; - size_t passphrase_len; + g_autofree const char *passphrase =3D NULL; rbd_encryption_luks1_format_options_t luks_opts; rbd_encryption_luks2_format_options_t luks2_opts; rbd_encryption_format_t format; @@ -482,12 +480,11 @@ static int qemu_rbd_encryption_load(rbd_image_t image, opts_size =3D sizeof(luks_opts); r =3D qemu_rbd_convert_luks_options( qapi_RbdEncryptionOptionsLUKS_base(&encrypt->u.luks), - &passphrase, &passphrase_len, errp); + &passphrase, &luks_opts.passphrase_size, errp); if (r < 0) { return r; } luks_opts.passphrase =3D passphrase; - luks_opts.passphrase_size =3D passphrase_len; break; } case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: { @@ -497,12 +494,11 @@ static int qemu_rbd_encryption_load(rbd_image_t image, opts_size =3D sizeof(luks2_opts); r =3D qemu_rbd_convert_luks_options( qapi_RbdEncryptionOptionsLUKS2_base(&encrypt->u.luks2), - &passphrase, &passphrase_len, errp); + &passphrase, &luks2_opts.passphrase_size, errp); if (r < 0) { return r; } luks2_opts.passphrase =3D passphrase; - luks2_opts.passphrase_size =3D passphrase_len; break; } default: { --=20 2.25.1 From nobody Tue May 14 16:49:37 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1668940181; cv=none; d=zohomail.com; s=zohoarc; b=CoKMGG0Q7VOjzWF0Mj8wbk0RNTZCA4jlO1oBTMQ4ZHuzdHcrzwDUtFkaZ5fMjchx1JwF+4RJHn7yi2ZpTZrFsxWo+eo93QqexgrmBbJK4phmqeUf7LzEEH55ckv4dz726yU7e/YSXSq3eDD9KQiDCqLnWcpNUssFf14DqlzX9Js= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1668940181; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=u8J5U7aJnmDMZmSQJM5o6V5ouGM2rZ+vseGoqxU0WUc=; b=MpcIvdOsX8y0fpJwAs7TNFmEWY/gAyUOK29KawKKpcSSbeO1sR+Nfzruk9qCKU9v8ArcFO7oE92R5CvuO34cG6WzWnB1RSzfBifsKNVPa5owrAchElTwT8jx9fsCFnHxD6y21QlCzsNJGfEv+vyVJtpWUhBOEibVXX4tQ7Sd6Wc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1668940181425435.752765553665; Sun, 20 Nov 2022 02:29:41 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1owhZQ-00050y-L3; Sun, 20 Nov 2022 05:29:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owhZH-0004yA-Ai; Sun, 20 Nov 2022 05:28:56 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owhZE-0000DE-Rn; Sun, 20 Nov 2022 05:28:54 -0500 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2AK6OZZe005032; Sun, 20 Nov 2022 10:28:49 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3ky930r39w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:49 +0000 Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2AKASmxt017070; Sun, 20 Nov 2022 10:28:48 GMT Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3ky930r39s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:48 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2AKAKYHj025194; Sun, 20 Nov 2022 10:28:48 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma02wdc.us.ibm.com with ESMTP id 3kxps9f33k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:48 +0000 Received: from smtpav06.dal12v.mail.ibm.com ([9.208.128.130]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2AKASl9V59572778 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 20 Nov 2022 10:28:47 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 93E7558043; Sun, 20 Nov 2022 10:28:45 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C7F675805E; Sun, 20 Nov 2022 10:28:44 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Sun, 20 Nov 2022 10:28:44 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=u8J5U7aJnmDMZmSQJM5o6V5ouGM2rZ+vseGoqxU0WUc=; b=F8KnR3/6CPXid2bxoHyU5/BpfxDjOtgRXuR3ZHZKwnSGOj12SEEmJVeSp8izkAEmfhV0 2tWoS7tDU9D5de167cE0oAwNbXfElJ97v3Os/Z3HsaaWlK8G1FjBqkV682iwOmTyCPWL hME6Tq9ioykRXnvOJFu4Niv8eVCO1gnGdaF0uP1Iypb03WISwVGwMhuUJZiqNNiSmcR8 MKqPdMYrWajLYoCgVbE3UL9+9dexrMnlxagOal9/+KG1aPByywoo0qXH13lYRp79XBX8 gCky9PIUbPsBhVh558nWapEY46vIcGK+LY7LBoQDsvimRk9CXLrQxPyM3wSvycd2D548 EA== From: Or Ozeri To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, oro@il.ibm.com, dannyh@il.ibm.com, idryomov@gmail.com Subject: [PATCH v4 2/3] block/rbd: Add luks-any encryption opening option Date: Sun, 20 Nov 2022 04:28:35 -0600 Message-Id: <20221120102836.3174090-3-oro@il.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221120102836.3174090-1-oro@il.ibm.com> References: <20221120102836.3174090-1-oro@il.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: mvMpO-yaXOXp8Htt-kbGN-B7OLHXwFpF X-Proofpoint-ORIG-GUID: TEYDU0EoTXLErqlgGBEOqtQ8EhzlLxRB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-20_07,2022-11-18_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxscore=0 impostorscore=0 mlxlogscore=979 lowpriorityscore=0 malwarescore=0 adultscore=0 clxscore=1015 bulkscore=0 suspectscore=0 priorityscore=1501 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211200086 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=oro@il.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1668940183829100003 Content-Type: text/plain; charset="utf-8" Ceph RBD encryption API required specifying the encryption format for loading encryption. The supported formats were LUKS (v1) and LUKS2. Starting from Reef release, RBD also supports loading with "luks-any" forma= t, which works for both versions of LUKS. This commit extends the qemu rbd driver API to enable qemu users to use this luks-any wildcard format. Signed-off-by: Or Ozeri Reviewed-by: Daniel P. Berrang=C3=A9 --- block/rbd.c | 19 +++++++++++++++++++ qapi/block-core.json | 20 ++++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index e575105e6d..7feae45e82 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -468,6 +468,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image, g_autofree const char *passphrase =3D NULL; rbd_encryption_luks1_format_options_t luks_opts; rbd_encryption_luks2_format_options_t luks2_opts; +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 + rbd_encryption_luks_format_options_t luks_any_opts; +#endif rbd_encryption_format_t format; rbd_encryption_options_t opts; size_t opts_size; @@ -501,6 +504,22 @@ static int qemu_rbd_encryption_load(rbd_image_t image, luks2_opts.passphrase =3D passphrase; break; } +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: { + memset(&luks_any_opts, 0, sizeof(luks_any_opts)); + format =3D RBD_ENCRYPTION_FORMAT_LUKS; + opts =3D &luks_any_opts; + opts_size =3D sizeof(luks_any_opts); + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKSAny_base(&encrypt->u.luks= _any), + &passphrase, &luks_any_opts.passphrase_size, errp); + if (r < 0) { + return r; + } + luks_any_opts.passphrase =3D passphrase; + break; + } +#endif default: { r =3D -ENOTSUP; error_setg_errno( diff --git a/qapi/block-core.json b/qapi/block-core.json index 882b266532..d064847d85 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3753,10 +3753,16 @@ ## # @RbdImageEncryptionFormat: # +# luks +# +# luks2 +# +# luks-any: Used for opening either luks or luks2. (Since 8.0) +# # Since: 6.1 ## { 'enum': 'RbdImageEncryptionFormat', - 'data': [ 'luks', 'luks2' ] } + 'data': [ 'luks', 'luks2', 'luks-any' ] } =20 ## # @RbdEncryptionOptionsLUKSBase: @@ -3798,6 +3804,15 @@ 'base': 'RbdEncryptionOptionsLUKSBase', 'data': { } } =20 +## +# @RbdEncryptionOptionsLUKSAny: +# +# Since: 8.0 +## +{ 'struct': 'RbdEncryptionOptionsLUKSAny', + 'base': 'RbdEncryptionOptionsLUKSBase', + 'data': { } } + ## # @RbdEncryptionCreateOptionsLUKS: # @@ -3825,7 +3840,8 @@ 'base': { 'format': 'RbdImageEncryptionFormat' }, 'discriminator': 'format', 'data': { 'luks': 'RbdEncryptionOptionsLUKS', - 'luks2': 'RbdEncryptionOptionsLUKS2' } } + 'luks2': 'RbdEncryptionOptionsLUKS2', + 'luks-any': 'RbdEncryptionOptionsLUKSAny'} } =20 ## # @RbdEncryptionCreateOptions: --=20 2.25.1 From nobody Tue May 14 16:49:37 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1668940221; cv=none; d=zohomail.com; s=zohoarc; b=L73TbuND/t1lLLR3x+xmUjzLryD8lPuFwpm2VP3Bu3Fbj9nPqWlVElpWTD17F70XTJ1f/SPYI4z5WLmF0s0wxOHNPSz0pX1rXKhWAAkObTlGpNpKb5MZ7z11SZzbcCFSFZYl/033O4nFRdFZpwpHOjLncT4vlqOXPdWmec/Aurs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1668940221; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=rIwTMarVdNWEhjbQgo+tJ7FLvmFGR23eEgSfB70NKgI=; b=C+PHsnmK6aqnYnntmPUVZHwnUeqCiTPE17THsqUIbGfXXNB7XM/Nm0odZGi8yHQk2ishKcxCwsxlXDiDmgTCW8hhr7NzJw9hpKBV9fcM+YTM0mmtVmkK1lO5iJ+3ELosqVXFQC7yKwdMmIn3e0yek1dRlSwfROLYRdk3Uyy9j7M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1668940221224487.7321066307618; Sun, 20 Nov 2022 02:30:21 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1owhZO-0004zR-MO; Sun, 20 Nov 2022 05:29:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owhZJ-0004yS-Ei; Sun, 20 Nov 2022 05:28:58 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owhZE-0000DJ-Ru; Sun, 20 Nov 2022 05:28:56 -0500 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2AK6G1KM021664; Sun, 20 Nov 2022 10:28:50 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ky906fyjy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:50 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2AKASnST028752; Sun, 20 Nov 2022 10:28:49 GMT Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ky906fyjw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:49 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2AKAKasp025217; Sun, 20 Nov 2022 10:28:49 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma02wdc.us.ibm.com with ESMTP id 3kxps9f33n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 Nov 2022 10:28:49 +0000 Received: from smtpav06.dal12v.mail.ibm.com ([9.208.128.130]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2AKASjEc31654492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 20 Nov 2022 10:28:45 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 949B35805D; Sun, 20 Nov 2022 10:28:46 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C8F6058059; Sun, 20 Nov 2022 10:28:45 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Sun, 20 Nov 2022 10:28:45 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=rIwTMarVdNWEhjbQgo+tJ7FLvmFGR23eEgSfB70NKgI=; b=TZnVAYbnDgLVPlg7hvgbmjzooJ6zcCSEEbhR2uOdWJ5UkRovDj70ghe21lLQaeQH1WSF weSsjdCVDTWGGkq2Oj/dj+k2fEy0eurENvS3rHxmvm8uU+MCELC74uw7AHQk1jGcRrs6 LK1VPYYpcLh97TPsSsnQdtTT+fmc8jahpUBMzaAV5qNw8r9EO8DeSy+WPEZepM0cAuvx kObwzP5eMFKXt7kGM5IM5VM8QcSqxMAOOKF9Kh59CTJns4LRrkswZlvF2MWHwes2gb49 3Vh1P+ngXNjsIy2He1Ly6W2aJlQQ1wxCyXwWY1yEWahUlr9naA+MF+ExwDQsKU69Ofrv ng== From: Or Ozeri To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, oro@il.ibm.com, dannyh@il.ibm.com, idryomov@gmail.com Subject: [PATCH v4 3/3] block/rbd: Add support for layered encryption Date: Sun, 20 Nov 2022 04:28:36 -0600 Message-Id: <20221120102836.3174090-4-oro@il.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221120102836.3174090-1-oro@il.ibm.com> References: <20221120102836.3174090-1-oro@il.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: WwA0KmPbqq7LdMsYHx1rb1V-we-vxuQL X-Proofpoint-ORIG-GUID: _frheCABbs10elnapd0jQmRwlbB8Ul8h X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-20_07,2022-11-18_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 malwarescore=0 phishscore=0 spamscore=0 clxscore=1015 mlxlogscore=971 mlxscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211200086 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=oro@il.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1668940221817100001 Content-Type: text/plain; charset="utf-8" Starting from ceph Reef, RBD has built-in support for layered encryption, where each ancestor image (in a cloned image setting) can be possibly encrypted using a unique passphrase. A new function, rbd_encryption_load2, was added to librbd API. This new function supports an array of passphrases (via "spec" structs). This commit extends the qemu rbd driver API to use this new librbd API, in order to support this new layered encryption feature. Signed-off-by: Or Ozeri --- block/rbd.c | 161 ++++++++++++++++++++++++++++++++++++++++++- qapi/block-core.json | 17 ++++- 2 files changed, 175 insertions(+), 3 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 7feae45e82..157922e23a 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -71,6 +71,16 @@ static const char rbd_luks2_header_verification[ 'L', 'U', 'K', 'S', 0xBA, 0xBE, 0, 2 }; =20 +static const char rbd_layered_luks_header_verification[ + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] =3D { + 'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 1 +}; + +static const char rbd_layered_luks2_header_verification[ + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] =3D { + 'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 2 +}; + typedef enum { RBD_AIO_READ, RBD_AIO_WRITE, @@ -537,6 +547,136 @@ static int qemu_rbd_encryption_load(rbd_image_t image, =20 return 0; } + +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 +static int qemu_rbd_encryption_load2(rbd_image_t image, + RbdEncryptionOptions *encrypt, + Error **errp) +{ + int r =3D 0; + int encrypt_count =3D 1; + int i; + RbdEncryptionOptions *curr_encrypt; + rbd_encryption_spec_t *specs; + rbd_encryption_luks1_format_options_t* luks_opts; + rbd_encryption_luks2_format_options_t* luks2_opts; + rbd_encryption_luks_format_options_t* luks_any_opts; + + /* count encryption options */ + for (curr_encrypt =3D encrypt; curr_encrypt->has_parent; + curr_encrypt =3D curr_encrypt->parent) { + ++encrypt_count; + } + + specs =3D g_new0(rbd_encryption_spec_t, encrypt_count); + + curr_encrypt =3D encrypt; + for (i =3D 0; i < encrypt_count; ++i) { + switch (curr_encrypt->format) { + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS: { + specs[i].format =3D RBD_ENCRYPTION_FORMAT_LUKS1; + specs[i].opts_size =3D + sizeof(rbd_encryption_luks1_format_options_t); + + luks_opts =3D g_new0(rbd_encryption_luks1_format_options_t= , 1); + specs[i].opts =3D luks_opts; + + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKS_base( + &curr_encrypt->u.luks), + &luks_opts->passphrase, + &luks_opts->passphrase_size, + errp); + break; + } + + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: { + specs[i].format =3D RBD_ENCRYPTION_FORMAT_LUKS2; + specs[i].opts_size =3D + sizeof(rbd_encryption_luks2_format_options_t); + + luks2_opts =3D g_new0(rbd_encryption_luks2_format_options_= t, 1); + specs[i].opts =3D luks2_opts; + + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKS2_base( + &curr_encrypt->u.luks2), + &luks2_opts->passphrase, + &luks2_opts->passphrase_size, + errp); + break; + } + + case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: { + specs[i].format =3D RBD_ENCRYPTION_FORMAT_LUKS; + specs[i].opts_size =3D + sizeof(rbd_encryption_luks_format_options_t); + + luks_any_opts =3D g_new0(rbd_encryption_luks_format_option= s_t, 1); + specs[i].opts =3D luks_any_opts; + + r =3D qemu_rbd_convert_luks_options( + qapi_RbdEncryptionOptionsLUKSAny_base( + &curr_encrypt->u.luks_any), + &luks_any_opts->passphrase, + &luks_any_opts->passphrase_size, + errp); + break; + } + + default: { + r =3D -ENOTSUP; + error_setg_errno( + errp, -r, "unknown image encryption format: %u", + curr_encrypt->format); + } + } + + if (r < 0) { + goto exit; + } + + curr_encrypt =3D curr_encrypt->parent; + } + + r =3D rbd_encryption_load2(image, specs, encrypt_count); + if (r < 0) { + error_setg_errno(errp, -r, "layered encryption load fail"); + goto exit; + } + +exit: + for (i =3D 0; i < encrypt_count; ++i) { + if (!specs[i].opts) { + break; + } + + switch (specs[i].format) { + case RBD_ENCRYPTION_FORMAT_LUKS1: { + luks_opts =3D specs[i].opts; + g_free((void*)luks_opts->passphrase); + break; + } + + case RBD_ENCRYPTION_FORMAT_LUKS2: { + luks2_opts =3D specs[i].opts; + g_free((void*)luks2_opts->passphrase); + break; + } + + case RBD_ENCRYPTION_FORMAT_LUKS: { + luks_any_opts =3D specs[i].opts; + g_free((void*)luks_any_opts->passphrase); + break; + } + } + + g_free(specs[i].opts); + } + g_free(specs); + return r; +} +#endif #endif =20 /* FIXME Deprecate and remove keypairs or make it available in QMP. */ @@ -1008,7 +1148,16 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict= *options, int flags, =20 if (opts->has_encrypt) { #ifdef LIBRBD_SUPPORTS_ENCRYPTION - r =3D qemu_rbd_encryption_load(s->image, opts->encrypt, errp); + if (opts->encrypt->has_parent) { +#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 + r =3D qemu_rbd_encryption_load2(s->image, opts->encrypt, errp); +#else + r =3D -ENOTSUP; + error_setg(errp, "RBD library does not support layered encrypt= ion"); +#endif + } else { + r =3D qemu_rbd_encryption_load(s->image, opts->encrypt, errp); + } if (r < 0) { goto failed_post_open; } @@ -1299,6 +1448,16 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info= (BlockDriverState *bs, spec_info->u.rbd.data->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; spec_info->u.rbd.data->has_encryption_format =3D true; + } else if (memcmp(buf, rbd_layered_luks_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + spec_info->u.rbd.data->encryption_format =3D + RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_LAYERED; + spec_info->u.rbd.data->has_encryption_format =3D true; + } else if (memcmp(buf, rbd_layered_luks2_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + spec_info->u.rbd.data->encryption_format =3D + RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2_LAYERED; + spec_info->u.rbd.data->has_encryption_format =3D true; } else { spec_info->u.rbd.data->has_encryption_format =3D false; } diff --git a/qapi/block-core.json b/qapi/block-core.json index d064847d85..68f8c7c203 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3759,10 +3759,14 @@ # # luks-any: Used for opening either luks or luks2. (Since 8.0) # +# luks-layered: Layered encryption. Only used for info. (Since 8.0) +# +# luks2-layered: Layered encryption. Only used for info. (Since 8.0) +# # Since: 6.1 ## { 'enum': 'RbdImageEncryptionFormat', - 'data': [ 'luks', 'luks2', 'luks-any' ] } + 'data': [ 'luks', 'luks2', 'luks-any', 'luks-layered', 'luks2-layered' ]= } =20 ## # @RbdEncryptionOptionsLUKSBase: @@ -3834,10 +3838,19 @@ ## # @RbdEncryptionOptions: # +# @format: Encryption format. +# +# @parent: Parent image encryption options (for cloned images). +# Can be left unspecified if this cloned image is encrypted +# using the same format and secret as its parent image (i.e. +# not explicitly formatted) or if its parent image is not +# encrypted. (Since 8.0) +# # Since: 6.1 ## { 'union': 'RbdEncryptionOptions', - 'base': { 'format': 'RbdImageEncryptionFormat' }, + 'base': { 'format': 'RbdImageEncryptionFormat', + '*parent': 'RbdEncryptionOptions' }, 'discriminator': 'format', 'data': { 'luks': 'RbdEncryptionOptionsLUKS', 'luks2': 'RbdEncryptionOptionsLUKS2', --=20 2.25.1