1 /* 2 * QEMU block full disk encryption 3 * 4 * Copyright (c) 2015-2016 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "block/block_int.h" 24 #include "block/qdict.h" 25 #include "sysemu/block-backend.h" 26 #include "crypto/block.h" 27 #include "qapi/opts-visitor.h" 28 #include "qapi/qapi-visit-crypto.h" 29 #include "qapi/qobject-input-visitor.h" 30 #include "qapi/error.h" 31 #include "qemu/module.h" 32 #include "qemu/option.h" 33 #include "qemu/cutils.h" 34 #include "crypto.h" 35 36 typedef struct BlockCrypto BlockCrypto; 37 38 struct BlockCrypto { 39 QCryptoBlock *block; 40 bool updating_keys; 41 }; 42 43 44 static int block_crypto_probe_generic(QCryptoBlockFormat format, 45 const uint8_t *buf, 46 int buf_size, 47 const char *filename) 48 { 49 if (qcrypto_block_has_format(format, buf, buf_size)) { 50 return 100; 51 } else { 52 return 0; 53 } 54 } 55 56 57 static ssize_t block_crypto_read_func(QCryptoBlock *block, 58 size_t offset, 59 uint8_t *buf, 60 size_t buflen, 61 void *opaque, 62 Error **errp) 63 { 64 BlockDriverState *bs = opaque; 65 ssize_t ret; 66 67 ret = bdrv_pread(bs->file, offset, buf, buflen); 68 if (ret < 0) { 69 error_setg_errno(errp, -ret, "Could not read encryption header"); 70 return ret; 71 } 72 return ret; 73 } 74 75 static ssize_t block_crypto_write_func(QCryptoBlock *block, 76 size_t offset, 77 const uint8_t *buf, 78 size_t buflen, 79 void *opaque, 80 Error **errp) 81 { 82 BlockDriverState *bs = opaque; 83 ssize_t ret; 84 85 ret = bdrv_pwrite(bs->file, offset, buf, buflen); 86 if (ret < 0) { 87 error_setg_errno(errp, -ret, "Could not write encryption header"); 88 return ret; 89 } 90 return ret; 91 } 92 93 94 struct BlockCryptoCreateData { 95 BlockBackend *blk; 96 uint64_t size; 97 PreallocMode prealloc; 98 }; 99 100 101 static ssize_t block_crypto_create_write_func(QCryptoBlock *block, 102 size_t offset, 103 const uint8_t *buf, 104 size_t buflen, 105 void *opaque, 106 Error **errp) 107 { 108 struct BlockCryptoCreateData *data = opaque; 109 ssize_t ret; 110 111 ret = blk_pwrite(data->blk, offset, buf, buflen, 0); 112 if (ret < 0) { 113 error_setg_errno(errp, -ret, "Could not write encryption header"); 114 return ret; 115 } 116 return ret; 117 } 118 119 static ssize_t block_crypto_create_init_func(QCryptoBlock *block, 120 size_t headerlen, 121 void *opaque, 122 Error **errp) 123 { 124 struct BlockCryptoCreateData *data = opaque; 125 Error *local_error = NULL; 126 int ret; 127 128 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) { 129 ret = -EFBIG; 130 goto error; 131 } 132 133 /* User provided size should reflect amount of space made 134 * available to the guest, so we must take account of that 135 * which will be used by the crypto header 136 */ 137 ret = blk_truncate(data->blk, data->size + headerlen, false, 138 data->prealloc, 0, &local_error); 139 140 if (ret >= 0) { 141 return ret; 142 } 143 144 error: 145 if (ret == -EFBIG) { 146 /* Replace the error message with a better one */ 147 error_free(local_error); 148 error_setg(errp, "The requested file size is too large"); 149 } else { 150 error_propagate(errp, local_error); 151 } 152 153 return ret; 154 } 155 156 157 static QemuOptsList block_crypto_runtime_opts_luks = { 158 .name = "crypto", 159 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), 160 .desc = { 161 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 162 { /* end of list */ } 163 }, 164 }; 165 166 167 static QemuOptsList block_crypto_create_opts_luks = { 168 .name = "crypto", 169 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 170 .desc = { 171 { 172 .name = BLOCK_OPT_SIZE, 173 .type = QEMU_OPT_SIZE, 174 .help = "Virtual disk size" 175 }, 176 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 177 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""), 178 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""), 179 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""), 180 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), 181 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), 182 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 183 { /* end of list */ } 184 }, 185 }; 186 187 188 static QemuOptsList block_crypto_amend_opts_luks = { 189 .name = "crypto", 190 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 191 .desc = { 192 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""), 193 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""), 194 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""), 195 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""), 196 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 197 { /* end of list */ } 198 }, 199 }; 200 201 QCryptoBlockOpenOptions * 202 block_crypto_open_opts_init(QDict *opts, Error **errp) 203 { 204 Visitor *v; 205 QCryptoBlockOpenOptions *ret; 206 207 v = qobject_input_visitor_new_flat_confused(opts, errp); 208 if (!v) { 209 return NULL; 210 } 211 212 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp); 213 214 visit_free(v); 215 return ret; 216 } 217 218 219 QCryptoBlockCreateOptions * 220 block_crypto_create_opts_init(QDict *opts, Error **errp) 221 { 222 Visitor *v; 223 QCryptoBlockCreateOptions *ret; 224 225 v = qobject_input_visitor_new_flat_confused(opts, errp); 226 if (!v) { 227 return NULL; 228 } 229 230 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp); 231 232 visit_free(v); 233 return ret; 234 } 235 236 QCryptoBlockAmendOptions * 237 block_crypto_amend_opts_init(QDict *opts, Error **errp) 238 { 239 Visitor *v; 240 QCryptoBlockAmendOptions *ret; 241 242 v = qobject_input_visitor_new_flat_confused(opts, errp); 243 if (!v) { 244 return NULL; 245 } 246 247 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp); 248 249 visit_free(v); 250 return ret; 251 } 252 253 254 static int block_crypto_open_generic(QCryptoBlockFormat format, 255 QemuOptsList *opts_spec, 256 BlockDriverState *bs, 257 QDict *options, 258 int flags, 259 Error **errp) 260 { 261 BlockCrypto *crypto = bs->opaque; 262 QemuOpts *opts = NULL; 263 int ret = -EINVAL; 264 QCryptoBlockOpenOptions *open_opts = NULL; 265 unsigned int cflags = 0; 266 QDict *cryptoopts = NULL; 267 268 bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds, 269 BDRV_CHILD_IMAGE, false, errp); 270 if (!bs->file) { 271 return -EINVAL; 272 } 273 274 bs->supported_write_flags = BDRV_REQ_FUA & 275 bs->file->bs->supported_write_flags; 276 277 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort); 278 if (!qemu_opts_absorb_qdict(opts, options, errp)) { 279 goto cleanup; 280 } 281 282 cryptoopts = qemu_opts_to_qdict(opts, NULL); 283 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format)); 284 285 open_opts = block_crypto_open_opts_init(cryptoopts, errp); 286 if (!open_opts) { 287 goto cleanup; 288 } 289 290 if (flags & BDRV_O_NO_IO) { 291 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; 292 } 293 crypto->block = qcrypto_block_open(open_opts, NULL, 294 block_crypto_read_func, 295 bs, 296 cflags, 297 1, 298 errp); 299 300 if (!crypto->block) { 301 ret = -EIO; 302 goto cleanup; 303 } 304 305 bs->encrypted = true; 306 307 ret = 0; 308 cleanup: 309 qobject_unref(cryptoopts); 310 qapi_free_QCryptoBlockOpenOptions(open_opts); 311 return ret; 312 } 313 314 315 static int block_crypto_co_create_generic(BlockDriverState *bs, 316 int64_t size, 317 QCryptoBlockCreateOptions *opts, 318 PreallocMode prealloc, 319 Error **errp) 320 { 321 int ret; 322 BlockBackend *blk; 323 QCryptoBlock *crypto = NULL; 324 struct BlockCryptoCreateData data; 325 326 blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL, 327 errp); 328 if (!blk) { 329 ret = -EPERM; 330 goto cleanup; 331 } 332 333 if (prealloc == PREALLOC_MODE_METADATA) { 334 prealloc = PREALLOC_MODE_OFF; 335 } 336 337 data = (struct BlockCryptoCreateData) { 338 .blk = blk, 339 .size = size, 340 .prealloc = prealloc, 341 }; 342 343 crypto = qcrypto_block_create(opts, NULL, 344 block_crypto_create_init_func, 345 block_crypto_create_write_func, 346 &data, 347 errp); 348 349 if (!crypto) { 350 ret = -EIO; 351 goto cleanup; 352 } 353 354 ret = 0; 355 cleanup: 356 qcrypto_block_free(crypto); 357 blk_unref(blk); 358 return ret; 359 } 360 361 static int coroutine_fn 362 block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact, 363 PreallocMode prealloc, BdrvRequestFlags flags, 364 Error **errp) 365 { 366 BlockCrypto *crypto = bs->opaque; 367 uint64_t payload_offset = 368 qcrypto_block_get_payload_offset(crypto->block); 369 370 if (payload_offset > INT64_MAX - offset) { 371 error_setg(errp, "The requested file size is too large"); 372 return -EFBIG; 373 } 374 375 offset += payload_offset; 376 377 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp); 378 } 379 380 static void block_crypto_close(BlockDriverState *bs) 381 { 382 BlockCrypto *crypto = bs->opaque; 383 qcrypto_block_free(crypto->block); 384 } 385 386 static int block_crypto_reopen_prepare(BDRVReopenState *state, 387 BlockReopenQueue *queue, Error **errp) 388 { 389 /* nothing needs checking */ 390 return 0; 391 } 392 393 /* 394 * 1 MB bounce buffer gives good performance / memory tradeoff 395 * when using cache=none|directsync. 396 */ 397 #define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024) 398 399 static coroutine_fn int 400 block_crypto_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes, 401 QEMUIOVector *qiov, BdrvRequestFlags flags) 402 { 403 BlockCrypto *crypto = bs->opaque; 404 uint64_t cur_bytes; /* number of bytes in current iteration */ 405 uint64_t bytes_done = 0; 406 uint8_t *cipher_data = NULL; 407 QEMUIOVector hd_qiov; 408 int ret = 0; 409 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 410 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 411 412 assert(!flags); 413 assert(payload_offset < INT64_MAX); 414 assert(QEMU_IS_ALIGNED(offset, sector_size)); 415 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 416 417 qemu_iovec_init(&hd_qiov, qiov->niov); 418 419 /* Bounce buffer because we don't wish to expose cipher text 420 * in qiov which points to guest memory. 421 */ 422 cipher_data = 423 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 424 qiov->size)); 425 if (cipher_data == NULL) { 426 ret = -ENOMEM; 427 goto cleanup; 428 } 429 430 while (bytes) { 431 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 432 433 qemu_iovec_reset(&hd_qiov); 434 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 435 436 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done, 437 cur_bytes, &hd_qiov, 0); 438 if (ret < 0) { 439 goto cleanup; 440 } 441 442 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done, 443 cipher_data, cur_bytes, NULL) < 0) { 444 ret = -EIO; 445 goto cleanup; 446 } 447 448 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes); 449 450 bytes -= cur_bytes; 451 bytes_done += cur_bytes; 452 } 453 454 cleanup: 455 qemu_iovec_destroy(&hd_qiov); 456 qemu_vfree(cipher_data); 457 458 return ret; 459 } 460 461 462 static coroutine_fn int 463 block_crypto_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes, 464 QEMUIOVector *qiov, BdrvRequestFlags flags) 465 { 466 BlockCrypto *crypto = bs->opaque; 467 uint64_t cur_bytes; /* number of bytes in current iteration */ 468 uint64_t bytes_done = 0; 469 uint8_t *cipher_data = NULL; 470 QEMUIOVector hd_qiov; 471 int ret = 0; 472 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 473 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 474 475 assert(!(flags & ~BDRV_REQ_FUA)); 476 assert(payload_offset < INT64_MAX); 477 assert(QEMU_IS_ALIGNED(offset, sector_size)); 478 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 479 480 qemu_iovec_init(&hd_qiov, qiov->niov); 481 482 /* Bounce buffer because we're not permitted to touch 483 * contents of qiov - it points to guest memory. 484 */ 485 cipher_data = 486 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 487 qiov->size)); 488 if (cipher_data == NULL) { 489 ret = -ENOMEM; 490 goto cleanup; 491 } 492 493 while (bytes) { 494 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 495 496 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes); 497 498 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done, 499 cipher_data, cur_bytes, NULL) < 0) { 500 ret = -EIO; 501 goto cleanup; 502 } 503 504 qemu_iovec_reset(&hd_qiov); 505 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 506 507 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done, 508 cur_bytes, &hd_qiov, flags); 509 if (ret < 0) { 510 goto cleanup; 511 } 512 513 bytes -= cur_bytes; 514 bytes_done += cur_bytes; 515 } 516 517 cleanup: 518 qemu_iovec_destroy(&hd_qiov); 519 qemu_vfree(cipher_data); 520 521 return ret; 522 } 523 524 static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp) 525 { 526 BlockCrypto *crypto = bs->opaque; 527 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 528 bs->bl.request_alignment = sector_size; /* No sub-sector I/O */ 529 } 530 531 532 static int64_t block_crypto_getlength(BlockDriverState *bs) 533 { 534 BlockCrypto *crypto = bs->opaque; 535 int64_t len = bdrv_getlength(bs->file->bs); 536 537 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block); 538 assert(offset < INT64_MAX); 539 540 if (offset > len) { 541 return -EIO; 542 } 543 544 len -= offset; 545 546 return len; 547 } 548 549 550 static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts, 551 BlockDriverState *in_bs, 552 Error **errp) 553 { 554 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL; 555 Error *local_err = NULL; 556 BlockMeasureInfo *info; 557 uint64_t size; 558 size_t luks_payload_size; 559 QDict *cryptoopts; 560 561 /* 562 * Preallocation mode doesn't affect size requirements but we must consume 563 * the option. 564 */ 565 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC)); 566 567 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 568 569 if (in_bs) { 570 int64_t ssize = bdrv_getlength(in_bs); 571 572 if (ssize < 0) { 573 error_setg_errno(&local_err, -ssize, 574 "Unable to get image virtual_size"); 575 goto err; 576 } 577 578 size = ssize; 579 } 580 581 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 582 &block_crypto_create_opts_luks, true); 583 qdict_put_str(cryptoopts, "format", "luks"); 584 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err); 585 qobject_unref(cryptoopts); 586 if (!create_opts) { 587 goto err; 588 } 589 590 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL, 591 &luks_payload_size, 592 &local_err)) { 593 goto err; 594 } 595 596 /* 597 * Unallocated blocks are still encrypted so allocation status makes no 598 * difference to the file size. 599 */ 600 info = g_new0(BlockMeasureInfo, 1); 601 info->fully_allocated = luks_payload_size + size; 602 info->required = luks_payload_size + size; 603 return info; 604 605 err: 606 error_propagate(errp, local_err); 607 return NULL; 608 } 609 610 611 static int block_crypto_probe_luks(const uint8_t *buf, 612 int buf_size, 613 const char *filename) { 614 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 615 buf, buf_size, filename); 616 } 617 618 static int block_crypto_open_luks(BlockDriverState *bs, 619 QDict *options, 620 int flags, 621 Error **errp) 622 { 623 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 624 &block_crypto_runtime_opts_luks, 625 bs, options, flags, errp); 626 } 627 628 static int coroutine_fn 629 block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) 630 { 631 BlockdevCreateOptionsLUKS *luks_opts; 632 BlockDriverState *bs = NULL; 633 QCryptoBlockCreateOptions create_opts; 634 PreallocMode preallocation = PREALLOC_MODE_OFF; 635 int ret; 636 637 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); 638 luks_opts = &create_options->u.luks; 639 640 bs = bdrv_open_blockdev_ref(luks_opts->file, errp); 641 if (bs == NULL) { 642 return -EIO; 643 } 644 645 create_opts = (QCryptoBlockCreateOptions) { 646 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 647 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts), 648 }; 649 650 if (luks_opts->has_preallocation) { 651 preallocation = luks_opts->preallocation; 652 } 653 654 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, 655 preallocation, errp); 656 if (ret < 0) { 657 goto fail; 658 } 659 660 ret = 0; 661 fail: 662 bdrv_unref(bs); 663 return ret; 664 } 665 666 static int coroutine_fn block_crypto_co_create_opts_luks(BlockDriver *drv, 667 const char *filename, 668 QemuOpts *opts, 669 Error **errp) 670 { 671 QCryptoBlockCreateOptions *create_opts = NULL; 672 BlockDriverState *bs = NULL; 673 QDict *cryptoopts; 674 PreallocMode prealloc; 675 char *buf = NULL; 676 int64_t size; 677 int ret; 678 Error *local_err = NULL; 679 680 /* Parse options */ 681 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 682 683 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC); 684 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf, 685 PREALLOC_MODE_OFF, &local_err); 686 g_free(buf); 687 if (local_err) { 688 error_propagate(errp, local_err); 689 return -EINVAL; 690 } 691 692 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 693 &block_crypto_create_opts_luks, 694 true); 695 696 qdict_put_str(cryptoopts, "format", "luks"); 697 create_opts = block_crypto_create_opts_init(cryptoopts, errp); 698 if (!create_opts) { 699 ret = -EINVAL; 700 goto fail; 701 } 702 703 /* Create protocol layer */ 704 ret = bdrv_create_file(filename, opts, errp); 705 if (ret < 0) { 706 goto fail; 707 } 708 709 bs = bdrv_open(filename, NULL, NULL, 710 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp); 711 if (!bs) { 712 ret = -EINVAL; 713 goto fail; 714 } 715 716 /* Create format layer */ 717 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp); 718 if (ret < 0) { 719 goto fail; 720 } 721 722 ret = 0; 723 fail: 724 /* 725 * If an error occurred, delete 'filename'. Even if the file existed 726 * beforehand, it has been truncated and corrupted in the process. 727 */ 728 if (ret) { 729 bdrv_co_delete_file_noerr(bs); 730 } 731 732 bdrv_unref(bs); 733 qapi_free_QCryptoBlockCreateOptions(create_opts); 734 qobject_unref(cryptoopts); 735 return ret; 736 } 737 738 static int block_crypto_get_info_luks(BlockDriverState *bs, 739 BlockDriverInfo *bdi) 740 { 741 BlockDriverInfo subbdi; 742 int ret; 743 744 ret = bdrv_get_info(bs->file->bs, &subbdi); 745 if (ret != 0) { 746 return ret; 747 } 748 749 bdi->cluster_size = subbdi.cluster_size; 750 751 return 0; 752 } 753 754 static ImageInfoSpecific * 755 block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp) 756 { 757 BlockCrypto *crypto = bs->opaque; 758 ImageInfoSpecific *spec_info; 759 QCryptoBlockInfo *info; 760 761 info = qcrypto_block_get_info(crypto->block, errp); 762 if (!info) { 763 return NULL; 764 } 765 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS); 766 767 spec_info = g_new(ImageInfoSpecific, 1); 768 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS; 769 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1); 770 *spec_info->u.luks.data = info->u.luks; 771 772 /* Blank out pointers we've just stolen to avoid double free */ 773 memset(&info->u.luks, 0, sizeof(info->u.luks)); 774 775 qapi_free_QCryptoBlockInfo(info); 776 777 return spec_info; 778 } 779 780 static int 781 block_crypto_amend_prepare(BlockDriverState *bs, Error **errp) 782 { 783 BlockCrypto *crypto = bs->opaque; 784 int ret; 785 786 /* apply for exclusive read/write permissions to the underlying file */ 787 crypto->updating_keys = true; 788 ret = bdrv_child_refresh_perms(bs, bs->file, errp); 789 if (ret < 0) { 790 /* Well, in this case we will not be updating any keys */ 791 crypto->updating_keys = false; 792 } 793 return ret; 794 } 795 796 static void 797 block_crypto_amend_cleanup(BlockDriverState *bs) 798 { 799 BlockCrypto *crypto = bs->opaque; 800 Error *errp = NULL; 801 802 /* release exclusive read/write permissions to the underlying file */ 803 crypto->updating_keys = false; 804 bdrv_child_refresh_perms(bs, bs->file, &errp); 805 806 if (errp) { 807 error_report_err(errp); 808 } 809 } 810 811 static int 812 block_crypto_amend_options_generic_luks(BlockDriverState *bs, 813 QCryptoBlockAmendOptions *amend_options, 814 bool force, 815 Error **errp) 816 { 817 BlockCrypto *crypto = bs->opaque; 818 819 assert(crypto); 820 assert(crypto->block); 821 822 return qcrypto_block_amend_options(crypto->block, 823 block_crypto_read_func, 824 block_crypto_write_func, 825 bs, 826 amend_options, 827 force, 828 errp); 829 } 830 831 static int 832 block_crypto_amend_options_luks(BlockDriverState *bs, 833 QemuOpts *opts, 834 BlockDriverAmendStatusCB *status_cb, 835 void *cb_opaque, 836 bool force, 837 Error **errp) 838 { 839 BlockCrypto *crypto = bs->opaque; 840 QDict *cryptoopts = NULL; 841 QCryptoBlockAmendOptions *amend_options = NULL; 842 int ret = -EINVAL; 843 844 assert(crypto); 845 assert(crypto->block); 846 847 cryptoopts = qemu_opts_to_qdict(opts, NULL); 848 qdict_put_str(cryptoopts, "format", "luks"); 849 amend_options = block_crypto_amend_opts_init(cryptoopts, errp); 850 qobject_unref(cryptoopts); 851 if (!amend_options) { 852 goto cleanup; 853 } 854 855 ret = block_crypto_amend_prepare(bs, errp); 856 if (ret) { 857 goto perm_cleanup; 858 } 859 ret = block_crypto_amend_options_generic_luks(bs, amend_options, 860 force, errp); 861 862 perm_cleanup: 863 block_crypto_amend_cleanup(bs); 864 cleanup: 865 qapi_free_QCryptoBlockAmendOptions(amend_options); 866 return ret; 867 } 868 869 static int 870 coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs, 871 BlockdevAmendOptions *opts, 872 bool force, 873 Error **errp) 874 { 875 QCryptoBlockAmendOptions amend_opts; 876 877 amend_opts = (QCryptoBlockAmendOptions) { 878 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 879 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks), 880 }; 881 return block_crypto_amend_options_generic_luks(bs, &amend_opts, 882 force, errp); 883 } 884 885 static void 886 block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, 887 const BdrvChildRole role, 888 BlockReopenQueue *reopen_queue, 889 uint64_t perm, uint64_t shared, 890 uint64_t *nperm, uint64_t *nshared) 891 { 892 893 BlockCrypto *crypto = bs->opaque; 894 895 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared); 896 897 /* 898 * For backward compatibility, manually share the write 899 * and resize permission 900 */ 901 *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 902 /* 903 * Since we are not fully a format driver, don't always request 904 * the read/resize permission but only when explicitly 905 * requested 906 */ 907 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 908 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 909 910 /* 911 * This driver doesn't modify LUKS metadata except 912 * when updating the encryption slots. 913 * Thus unlike a proper format driver we don't ask for 914 * shared write/read permission. However we need it 915 * when we are updating the keys, to ensure that only we 916 * have access to the device. 917 * 918 * Encryption update will set the crypto->updating_keys 919 * during that period and refresh permissions 920 * 921 */ 922 if (crypto->updating_keys) { 923 /* need exclusive write access for header update */ 924 *nperm |= BLK_PERM_WRITE; 925 /* unshare read and write permission */ 926 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE); 927 } 928 } 929 930 931 static const char *const block_crypto_strong_runtime_opts[] = { 932 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, 933 934 NULL 935 }; 936 937 static BlockDriver bdrv_crypto_luks = { 938 .format_name = "luks", 939 .instance_size = sizeof(BlockCrypto), 940 .bdrv_probe = block_crypto_probe_luks, 941 .bdrv_open = block_crypto_open_luks, 942 .bdrv_close = block_crypto_close, 943 .bdrv_child_perm = block_crypto_child_perms, 944 .bdrv_co_create = block_crypto_co_create_luks, 945 .bdrv_co_create_opts = block_crypto_co_create_opts_luks, 946 .bdrv_co_truncate = block_crypto_co_truncate, 947 .create_opts = &block_crypto_create_opts_luks, 948 .amend_opts = &block_crypto_amend_opts_luks, 949 950 .bdrv_reopen_prepare = block_crypto_reopen_prepare, 951 .bdrv_refresh_limits = block_crypto_refresh_limits, 952 .bdrv_co_preadv = block_crypto_co_preadv, 953 .bdrv_co_pwritev = block_crypto_co_pwritev, 954 .bdrv_getlength = block_crypto_getlength, 955 .bdrv_measure = block_crypto_measure, 956 .bdrv_get_info = block_crypto_get_info_luks, 957 .bdrv_get_specific_info = block_crypto_get_specific_info_luks, 958 .bdrv_amend_options = block_crypto_amend_options_luks, 959 .bdrv_co_amend = block_crypto_co_amend_luks, 960 .bdrv_amend_pre_run = block_crypto_amend_prepare, 961 .bdrv_amend_clean = block_crypto_amend_cleanup, 962 963 .is_format = true, 964 965 .strong_runtime_opts = block_crypto_strong_runtime_opts, 966 }; 967 968 static void block_crypto_init(void) 969 { 970 bdrv_register(&bdrv_crypto_luks); 971 } 972 973 block_init(block_crypto_init); 974