1 /* 2 * QEMU block full disk encryption 3 * 4 * Copyright (c) 2015-2016 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "block/block_int.h" 24 #include "block/qdict.h" 25 #include "sysemu/block-backend.h" 26 #include "crypto/block.h" 27 #include "qapi/opts-visitor.h" 28 #include "qapi/qapi-visit-crypto.h" 29 #include "qapi/qobject-input-visitor.h" 30 #include "qapi/error.h" 31 #include "qemu/module.h" 32 #include "qemu/option.h" 33 #include "qemu/cutils.h" 34 #include "qemu/memalign.h" 35 #include "crypto.h" 36 37 typedef struct BlockCrypto BlockCrypto; 38 39 struct BlockCrypto { 40 QCryptoBlock *block; 41 bool updating_keys; 42 }; 43 44 45 static int block_crypto_probe_generic(QCryptoBlockFormat format, 46 const uint8_t *buf, 47 int buf_size, 48 const char *filename) 49 { 50 if (qcrypto_block_has_format(format, buf, buf_size)) { 51 return 100; 52 } else { 53 return 0; 54 } 55 } 56 57 58 static ssize_t block_crypto_read_func(QCryptoBlock *block, 59 size_t offset, 60 uint8_t *buf, 61 size_t buflen, 62 void *opaque, 63 Error **errp) 64 { 65 BlockDriverState *bs = opaque; 66 ssize_t ret; 67 68 ret = bdrv_pread(bs->file, offset, buf, buflen); 69 if (ret < 0) { 70 error_setg_errno(errp, -ret, "Could not read encryption header"); 71 return ret; 72 } 73 return ret; 74 } 75 76 static ssize_t block_crypto_write_func(QCryptoBlock *block, 77 size_t offset, 78 const uint8_t *buf, 79 size_t buflen, 80 void *opaque, 81 Error **errp) 82 { 83 BlockDriverState *bs = opaque; 84 ssize_t ret; 85 86 ret = bdrv_pwrite(bs->file, offset, buf, buflen); 87 if (ret < 0) { 88 error_setg_errno(errp, -ret, "Could not write encryption header"); 89 return ret; 90 } 91 return ret; 92 } 93 94 95 struct BlockCryptoCreateData { 96 BlockBackend *blk; 97 uint64_t size; 98 PreallocMode prealloc; 99 }; 100 101 102 static ssize_t block_crypto_create_write_func(QCryptoBlock *block, 103 size_t offset, 104 const uint8_t *buf, 105 size_t buflen, 106 void *opaque, 107 Error **errp) 108 { 109 struct BlockCryptoCreateData *data = opaque; 110 ssize_t ret; 111 112 ret = blk_pwrite(data->blk, offset, buf, buflen, 0); 113 if (ret < 0) { 114 error_setg_errno(errp, -ret, "Could not write encryption header"); 115 return ret; 116 } 117 return ret; 118 } 119 120 static ssize_t block_crypto_create_init_func(QCryptoBlock *block, 121 size_t headerlen, 122 void *opaque, 123 Error **errp) 124 { 125 struct BlockCryptoCreateData *data = opaque; 126 Error *local_error = NULL; 127 int ret; 128 129 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) { 130 ret = -EFBIG; 131 goto error; 132 } 133 134 /* User provided size should reflect amount of space made 135 * available to the guest, so we must take account of that 136 * which will be used by the crypto header 137 */ 138 ret = blk_truncate(data->blk, data->size + headerlen, false, 139 data->prealloc, 0, &local_error); 140 141 if (ret >= 0) { 142 return ret; 143 } 144 145 error: 146 if (ret == -EFBIG) { 147 /* Replace the error message with a better one */ 148 error_free(local_error); 149 error_setg(errp, "The requested file size is too large"); 150 } else { 151 error_propagate(errp, local_error); 152 } 153 154 return ret; 155 } 156 157 158 static QemuOptsList block_crypto_runtime_opts_luks = { 159 .name = "crypto", 160 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), 161 .desc = { 162 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 163 { /* end of list */ } 164 }, 165 }; 166 167 168 static QemuOptsList block_crypto_create_opts_luks = { 169 .name = "crypto", 170 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 171 .desc = { 172 { 173 .name = BLOCK_OPT_SIZE, 174 .type = QEMU_OPT_SIZE, 175 .help = "Virtual disk size" 176 }, 177 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 178 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""), 179 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""), 180 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""), 181 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), 182 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), 183 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 184 { /* end of list */ } 185 }, 186 }; 187 188 189 static QemuOptsList block_crypto_amend_opts_luks = { 190 .name = "crypto", 191 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 192 .desc = { 193 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""), 194 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""), 195 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""), 196 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""), 197 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 198 { /* end of list */ } 199 }, 200 }; 201 202 QCryptoBlockOpenOptions * 203 block_crypto_open_opts_init(QDict *opts, Error **errp) 204 { 205 Visitor *v; 206 QCryptoBlockOpenOptions *ret; 207 208 v = qobject_input_visitor_new_flat_confused(opts, errp); 209 if (!v) { 210 return NULL; 211 } 212 213 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp); 214 215 visit_free(v); 216 return ret; 217 } 218 219 220 QCryptoBlockCreateOptions * 221 block_crypto_create_opts_init(QDict *opts, Error **errp) 222 { 223 Visitor *v; 224 QCryptoBlockCreateOptions *ret; 225 226 v = qobject_input_visitor_new_flat_confused(opts, errp); 227 if (!v) { 228 return NULL; 229 } 230 231 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp); 232 233 visit_free(v); 234 return ret; 235 } 236 237 QCryptoBlockAmendOptions * 238 block_crypto_amend_opts_init(QDict *opts, Error **errp) 239 { 240 Visitor *v; 241 QCryptoBlockAmendOptions *ret; 242 243 v = qobject_input_visitor_new_flat_confused(opts, errp); 244 if (!v) { 245 return NULL; 246 } 247 248 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp); 249 250 visit_free(v); 251 return ret; 252 } 253 254 255 static int block_crypto_open_generic(QCryptoBlockFormat format, 256 QemuOptsList *opts_spec, 257 BlockDriverState *bs, 258 QDict *options, 259 int flags, 260 Error **errp) 261 { 262 BlockCrypto *crypto = bs->opaque; 263 QemuOpts *opts = NULL; 264 int ret = -EINVAL; 265 QCryptoBlockOpenOptions *open_opts = NULL; 266 unsigned int cflags = 0; 267 QDict *cryptoopts = NULL; 268 269 bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds, 270 BDRV_CHILD_IMAGE, false, errp); 271 if (!bs->file) { 272 return -EINVAL; 273 } 274 275 bs->supported_write_flags = BDRV_REQ_FUA & 276 bs->file->bs->supported_write_flags; 277 278 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort); 279 if (!qemu_opts_absorb_qdict(opts, options, errp)) { 280 goto cleanup; 281 } 282 283 cryptoopts = qemu_opts_to_qdict(opts, NULL); 284 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format)); 285 286 open_opts = block_crypto_open_opts_init(cryptoopts, errp); 287 if (!open_opts) { 288 goto cleanup; 289 } 290 291 if (flags & BDRV_O_NO_IO) { 292 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; 293 } 294 crypto->block = qcrypto_block_open(open_opts, NULL, 295 block_crypto_read_func, 296 bs, 297 cflags, 298 1, 299 errp); 300 301 if (!crypto->block) { 302 ret = -EIO; 303 goto cleanup; 304 } 305 306 bs->encrypted = true; 307 308 ret = 0; 309 cleanup: 310 qobject_unref(cryptoopts); 311 qapi_free_QCryptoBlockOpenOptions(open_opts); 312 return ret; 313 } 314 315 316 static int block_crypto_co_create_generic(BlockDriverState *bs, 317 int64_t size, 318 QCryptoBlockCreateOptions *opts, 319 PreallocMode prealloc, 320 Error **errp) 321 { 322 int ret; 323 BlockBackend *blk; 324 QCryptoBlock *crypto = NULL; 325 struct BlockCryptoCreateData data; 326 327 blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL, 328 errp); 329 if (!blk) { 330 ret = -EPERM; 331 goto cleanup; 332 } 333 334 if (prealloc == PREALLOC_MODE_METADATA) { 335 prealloc = PREALLOC_MODE_OFF; 336 } 337 338 data = (struct BlockCryptoCreateData) { 339 .blk = blk, 340 .size = size, 341 .prealloc = prealloc, 342 }; 343 344 crypto = qcrypto_block_create(opts, NULL, 345 block_crypto_create_init_func, 346 block_crypto_create_write_func, 347 &data, 348 errp); 349 350 if (!crypto) { 351 ret = -EIO; 352 goto cleanup; 353 } 354 355 ret = 0; 356 cleanup: 357 qcrypto_block_free(crypto); 358 blk_unref(blk); 359 return ret; 360 } 361 362 static int coroutine_fn 363 block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact, 364 PreallocMode prealloc, BdrvRequestFlags flags, 365 Error **errp) 366 { 367 BlockCrypto *crypto = bs->opaque; 368 uint64_t payload_offset = 369 qcrypto_block_get_payload_offset(crypto->block); 370 371 if (payload_offset > INT64_MAX - offset) { 372 error_setg(errp, "The requested file size is too large"); 373 return -EFBIG; 374 } 375 376 offset += payload_offset; 377 378 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp); 379 } 380 381 static void block_crypto_close(BlockDriverState *bs) 382 { 383 BlockCrypto *crypto = bs->opaque; 384 qcrypto_block_free(crypto->block); 385 } 386 387 static int block_crypto_reopen_prepare(BDRVReopenState *state, 388 BlockReopenQueue *queue, Error **errp) 389 { 390 /* nothing needs checking */ 391 return 0; 392 } 393 394 /* 395 * 1 MB bounce buffer gives good performance / memory tradeoff 396 * when using cache=none|directsync. 397 */ 398 #define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024) 399 400 static coroutine_fn int 401 block_crypto_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes, 402 QEMUIOVector *qiov, BdrvRequestFlags flags) 403 { 404 BlockCrypto *crypto = bs->opaque; 405 uint64_t cur_bytes; /* number of bytes in current iteration */ 406 uint64_t bytes_done = 0; 407 uint8_t *cipher_data = NULL; 408 QEMUIOVector hd_qiov; 409 int ret = 0; 410 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 411 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 412 413 assert(!flags); 414 assert(payload_offset < INT64_MAX); 415 assert(QEMU_IS_ALIGNED(offset, sector_size)); 416 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 417 418 qemu_iovec_init(&hd_qiov, qiov->niov); 419 420 /* Bounce buffer because we don't wish to expose cipher text 421 * in qiov which points to guest memory. 422 */ 423 cipher_data = 424 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 425 qiov->size)); 426 if (cipher_data == NULL) { 427 ret = -ENOMEM; 428 goto cleanup; 429 } 430 431 while (bytes) { 432 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 433 434 qemu_iovec_reset(&hd_qiov); 435 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 436 437 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done, 438 cur_bytes, &hd_qiov, 0); 439 if (ret < 0) { 440 goto cleanup; 441 } 442 443 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done, 444 cipher_data, cur_bytes, NULL) < 0) { 445 ret = -EIO; 446 goto cleanup; 447 } 448 449 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes); 450 451 bytes -= cur_bytes; 452 bytes_done += cur_bytes; 453 } 454 455 cleanup: 456 qemu_iovec_destroy(&hd_qiov); 457 qemu_vfree(cipher_data); 458 459 return ret; 460 } 461 462 463 static coroutine_fn int 464 block_crypto_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes, 465 QEMUIOVector *qiov, BdrvRequestFlags flags) 466 { 467 BlockCrypto *crypto = bs->opaque; 468 uint64_t cur_bytes; /* number of bytes in current iteration */ 469 uint64_t bytes_done = 0; 470 uint8_t *cipher_data = NULL; 471 QEMUIOVector hd_qiov; 472 int ret = 0; 473 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 474 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 475 476 assert(!(flags & ~BDRV_REQ_FUA)); 477 assert(payload_offset < INT64_MAX); 478 assert(QEMU_IS_ALIGNED(offset, sector_size)); 479 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 480 481 qemu_iovec_init(&hd_qiov, qiov->niov); 482 483 /* Bounce buffer because we're not permitted to touch 484 * contents of qiov - it points to guest memory. 485 */ 486 cipher_data = 487 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 488 qiov->size)); 489 if (cipher_data == NULL) { 490 ret = -ENOMEM; 491 goto cleanup; 492 } 493 494 while (bytes) { 495 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 496 497 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes); 498 499 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done, 500 cipher_data, cur_bytes, NULL) < 0) { 501 ret = -EIO; 502 goto cleanup; 503 } 504 505 qemu_iovec_reset(&hd_qiov); 506 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 507 508 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done, 509 cur_bytes, &hd_qiov, flags); 510 if (ret < 0) { 511 goto cleanup; 512 } 513 514 bytes -= cur_bytes; 515 bytes_done += cur_bytes; 516 } 517 518 cleanup: 519 qemu_iovec_destroy(&hd_qiov); 520 qemu_vfree(cipher_data); 521 522 return ret; 523 } 524 525 static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp) 526 { 527 BlockCrypto *crypto = bs->opaque; 528 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 529 bs->bl.request_alignment = sector_size; /* No sub-sector I/O */ 530 } 531 532 533 static int64_t block_crypto_getlength(BlockDriverState *bs) 534 { 535 BlockCrypto *crypto = bs->opaque; 536 int64_t len = bdrv_getlength(bs->file->bs); 537 538 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block); 539 assert(offset < INT64_MAX); 540 541 if (offset > len) { 542 return -EIO; 543 } 544 545 len -= offset; 546 547 return len; 548 } 549 550 551 static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts, 552 BlockDriverState *in_bs, 553 Error **errp) 554 { 555 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL; 556 Error *local_err = NULL; 557 BlockMeasureInfo *info; 558 uint64_t size; 559 size_t luks_payload_size; 560 QDict *cryptoopts; 561 562 /* 563 * Preallocation mode doesn't affect size requirements but we must consume 564 * the option. 565 */ 566 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC)); 567 568 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 569 570 if (in_bs) { 571 int64_t ssize = bdrv_getlength(in_bs); 572 573 if (ssize < 0) { 574 error_setg_errno(&local_err, -ssize, 575 "Unable to get image virtual_size"); 576 goto err; 577 } 578 579 size = ssize; 580 } 581 582 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 583 &block_crypto_create_opts_luks, true); 584 qdict_put_str(cryptoopts, "format", "luks"); 585 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err); 586 qobject_unref(cryptoopts); 587 if (!create_opts) { 588 goto err; 589 } 590 591 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL, 592 &luks_payload_size, 593 &local_err)) { 594 goto err; 595 } 596 597 /* 598 * Unallocated blocks are still encrypted so allocation status makes no 599 * difference to the file size. 600 */ 601 info = g_new0(BlockMeasureInfo, 1); 602 info->fully_allocated = luks_payload_size + size; 603 info->required = luks_payload_size + size; 604 return info; 605 606 err: 607 error_propagate(errp, local_err); 608 return NULL; 609 } 610 611 612 static int block_crypto_probe_luks(const uint8_t *buf, 613 int buf_size, 614 const char *filename) { 615 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 616 buf, buf_size, filename); 617 } 618 619 static int block_crypto_open_luks(BlockDriverState *bs, 620 QDict *options, 621 int flags, 622 Error **errp) 623 { 624 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 625 &block_crypto_runtime_opts_luks, 626 bs, options, flags, errp); 627 } 628 629 static int coroutine_fn 630 block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) 631 { 632 BlockdevCreateOptionsLUKS *luks_opts; 633 BlockDriverState *bs = NULL; 634 QCryptoBlockCreateOptions create_opts; 635 PreallocMode preallocation = PREALLOC_MODE_OFF; 636 int ret; 637 638 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); 639 luks_opts = &create_options->u.luks; 640 641 bs = bdrv_open_blockdev_ref(luks_opts->file, errp); 642 if (bs == NULL) { 643 return -EIO; 644 } 645 646 create_opts = (QCryptoBlockCreateOptions) { 647 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 648 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts), 649 }; 650 651 if (luks_opts->has_preallocation) { 652 preallocation = luks_opts->preallocation; 653 } 654 655 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, 656 preallocation, errp); 657 if (ret < 0) { 658 goto fail; 659 } 660 661 ret = 0; 662 fail: 663 bdrv_unref(bs); 664 return ret; 665 } 666 667 static int coroutine_fn block_crypto_co_create_opts_luks(BlockDriver *drv, 668 const char *filename, 669 QemuOpts *opts, 670 Error **errp) 671 { 672 QCryptoBlockCreateOptions *create_opts = NULL; 673 BlockDriverState *bs = NULL; 674 QDict *cryptoopts; 675 PreallocMode prealloc; 676 char *buf = NULL; 677 int64_t size; 678 int ret; 679 Error *local_err = NULL; 680 681 /* Parse options */ 682 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 683 684 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC); 685 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf, 686 PREALLOC_MODE_OFF, &local_err); 687 g_free(buf); 688 if (local_err) { 689 error_propagate(errp, local_err); 690 return -EINVAL; 691 } 692 693 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 694 &block_crypto_create_opts_luks, 695 true); 696 697 qdict_put_str(cryptoopts, "format", "luks"); 698 create_opts = block_crypto_create_opts_init(cryptoopts, errp); 699 if (!create_opts) { 700 ret = -EINVAL; 701 goto fail; 702 } 703 704 /* Create protocol layer */ 705 ret = bdrv_create_file(filename, opts, errp); 706 if (ret < 0) { 707 goto fail; 708 } 709 710 bs = bdrv_open(filename, NULL, NULL, 711 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp); 712 if (!bs) { 713 ret = -EINVAL; 714 goto fail; 715 } 716 717 /* Create format layer */ 718 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp); 719 if (ret < 0) { 720 goto fail; 721 } 722 723 ret = 0; 724 fail: 725 /* 726 * If an error occurred, delete 'filename'. Even if the file existed 727 * beforehand, it has been truncated and corrupted in the process. 728 */ 729 if (ret) { 730 bdrv_co_delete_file_noerr(bs); 731 } 732 733 bdrv_unref(bs); 734 qapi_free_QCryptoBlockCreateOptions(create_opts); 735 qobject_unref(cryptoopts); 736 return ret; 737 } 738 739 static int block_crypto_get_info_luks(BlockDriverState *bs, 740 BlockDriverInfo *bdi) 741 { 742 BlockDriverInfo subbdi; 743 int ret; 744 745 ret = bdrv_get_info(bs->file->bs, &subbdi); 746 if (ret != 0) { 747 return ret; 748 } 749 750 bdi->cluster_size = subbdi.cluster_size; 751 752 return 0; 753 } 754 755 static ImageInfoSpecific * 756 block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp) 757 { 758 BlockCrypto *crypto = bs->opaque; 759 ImageInfoSpecific *spec_info; 760 QCryptoBlockInfo *info; 761 762 info = qcrypto_block_get_info(crypto->block, errp); 763 if (!info) { 764 return NULL; 765 } 766 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS); 767 768 spec_info = g_new(ImageInfoSpecific, 1); 769 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS; 770 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1); 771 *spec_info->u.luks.data = info->u.luks; 772 773 /* Blank out pointers we've just stolen to avoid double free */ 774 memset(&info->u.luks, 0, sizeof(info->u.luks)); 775 776 qapi_free_QCryptoBlockInfo(info); 777 778 return spec_info; 779 } 780 781 static int 782 block_crypto_amend_prepare(BlockDriverState *bs, Error **errp) 783 { 784 BlockCrypto *crypto = bs->opaque; 785 int ret; 786 787 /* apply for exclusive read/write permissions to the underlying file */ 788 crypto->updating_keys = true; 789 ret = bdrv_child_refresh_perms(bs, bs->file, errp); 790 if (ret < 0) { 791 /* Well, in this case we will not be updating any keys */ 792 crypto->updating_keys = false; 793 } 794 return ret; 795 } 796 797 static void 798 block_crypto_amend_cleanup(BlockDriverState *bs) 799 { 800 BlockCrypto *crypto = bs->opaque; 801 Error *errp = NULL; 802 803 /* release exclusive read/write permissions to the underlying file */ 804 crypto->updating_keys = false; 805 bdrv_child_refresh_perms(bs, bs->file, &errp); 806 807 if (errp) { 808 error_report_err(errp); 809 } 810 } 811 812 static int 813 block_crypto_amend_options_generic_luks(BlockDriverState *bs, 814 QCryptoBlockAmendOptions *amend_options, 815 bool force, 816 Error **errp) 817 { 818 BlockCrypto *crypto = bs->opaque; 819 820 assert(crypto); 821 assert(crypto->block); 822 823 return qcrypto_block_amend_options(crypto->block, 824 block_crypto_read_func, 825 block_crypto_write_func, 826 bs, 827 amend_options, 828 force, 829 errp); 830 } 831 832 static int 833 block_crypto_amend_options_luks(BlockDriverState *bs, 834 QemuOpts *opts, 835 BlockDriverAmendStatusCB *status_cb, 836 void *cb_opaque, 837 bool force, 838 Error **errp) 839 { 840 BlockCrypto *crypto = bs->opaque; 841 QDict *cryptoopts = NULL; 842 QCryptoBlockAmendOptions *amend_options = NULL; 843 int ret = -EINVAL; 844 845 assert(crypto); 846 assert(crypto->block); 847 848 cryptoopts = qemu_opts_to_qdict(opts, NULL); 849 qdict_put_str(cryptoopts, "format", "luks"); 850 amend_options = block_crypto_amend_opts_init(cryptoopts, errp); 851 qobject_unref(cryptoopts); 852 if (!amend_options) { 853 goto cleanup; 854 } 855 856 ret = block_crypto_amend_prepare(bs, errp); 857 if (ret) { 858 goto perm_cleanup; 859 } 860 ret = block_crypto_amend_options_generic_luks(bs, amend_options, 861 force, errp); 862 863 perm_cleanup: 864 block_crypto_amend_cleanup(bs); 865 cleanup: 866 qapi_free_QCryptoBlockAmendOptions(amend_options); 867 return ret; 868 } 869 870 static int 871 coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs, 872 BlockdevAmendOptions *opts, 873 bool force, 874 Error **errp) 875 { 876 QCryptoBlockAmendOptions amend_opts; 877 878 amend_opts = (QCryptoBlockAmendOptions) { 879 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 880 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks), 881 }; 882 return block_crypto_amend_options_generic_luks(bs, &amend_opts, 883 force, errp); 884 } 885 886 static void 887 block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, 888 const BdrvChildRole role, 889 BlockReopenQueue *reopen_queue, 890 uint64_t perm, uint64_t shared, 891 uint64_t *nperm, uint64_t *nshared) 892 { 893 894 BlockCrypto *crypto = bs->opaque; 895 896 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared); 897 898 /* 899 * For backward compatibility, manually share the write 900 * and resize permission 901 */ 902 *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 903 /* 904 * Since we are not fully a format driver, don't always request 905 * the read/resize permission but only when explicitly 906 * requested 907 */ 908 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 909 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 910 911 /* 912 * This driver doesn't modify LUKS metadata except 913 * when updating the encryption slots. 914 * Thus unlike a proper format driver we don't ask for 915 * shared write/read permission. However we need it 916 * when we are updating the keys, to ensure that only we 917 * have access to the device. 918 * 919 * Encryption update will set the crypto->updating_keys 920 * during that period and refresh permissions 921 * 922 */ 923 if (crypto->updating_keys) { 924 /* need exclusive write access for header update */ 925 *nperm |= BLK_PERM_WRITE; 926 /* unshare read and write permission */ 927 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE); 928 } 929 } 930 931 932 static const char *const block_crypto_strong_runtime_opts[] = { 933 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, 934 935 NULL 936 }; 937 938 static BlockDriver bdrv_crypto_luks = { 939 .format_name = "luks", 940 .instance_size = sizeof(BlockCrypto), 941 .bdrv_probe = block_crypto_probe_luks, 942 .bdrv_open = block_crypto_open_luks, 943 .bdrv_close = block_crypto_close, 944 .bdrv_child_perm = block_crypto_child_perms, 945 .bdrv_co_create = block_crypto_co_create_luks, 946 .bdrv_co_create_opts = block_crypto_co_create_opts_luks, 947 .bdrv_co_truncate = block_crypto_co_truncate, 948 .create_opts = &block_crypto_create_opts_luks, 949 .amend_opts = &block_crypto_amend_opts_luks, 950 951 .bdrv_reopen_prepare = block_crypto_reopen_prepare, 952 .bdrv_refresh_limits = block_crypto_refresh_limits, 953 .bdrv_co_preadv = block_crypto_co_preadv, 954 .bdrv_co_pwritev = block_crypto_co_pwritev, 955 .bdrv_getlength = block_crypto_getlength, 956 .bdrv_measure = block_crypto_measure, 957 .bdrv_get_info = block_crypto_get_info_luks, 958 .bdrv_get_specific_info = block_crypto_get_specific_info_luks, 959 .bdrv_amend_options = block_crypto_amend_options_luks, 960 .bdrv_co_amend = block_crypto_co_amend_luks, 961 .bdrv_amend_pre_run = block_crypto_amend_prepare, 962 .bdrv_amend_clean = block_crypto_amend_cleanup, 963 964 .is_format = true, 965 966 .strong_runtime_opts = block_crypto_strong_runtime_opts, 967 }; 968 969 static void block_crypto_init(void) 970 { 971 bdrv_register(&bdrv_crypto_luks); 972 } 973 974 block_init(block_crypto_init); 975