From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Kevin Wolf <kwolf@redhat.com>,
Max Reitz <mreitz@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v2 08/17] qcow: make encrypt_sectors encrypt in place
Date: Tue, 24 Jan 2017 14:51:43 +0000 [thread overview]
Message-ID: <20170124145152.22980-9-berrange@redhat.com> (raw)
In-Reply-To: <20170124145152.22980-1-berrange@redhat.com>
Instead of requiring separate input/output buffers for
encrypting data, change encrypt_sectors() to assume
use of a single buffer, encrypting in place. One current
caller uses the same buffer for input/output already
and the other two callers are easily converted to do so.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow.c | 44 +++++++++++++++-----------------------------
1 file changed, 15 insertions(+), 29 deletions(-)
diff --git a/block/qcow.c b/block/qcow.c
index 101c973..38d7298 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -310,11 +310,10 @@ static int qcow_set_key(BlockDriverState *bs, const char *key)
}
/* The crypt function is compatible with the linux cryptoloop
- algorithm for < 4 GB images. NOTE: out_buf == in_buf is
- supported */
+ algorithm for < 4 GB images. */
static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
- uint8_t *out_buf, const uint8_t *in_buf,
- int nb_sectors, bool enc, Error **errp)
+ uint8_t *buf, int nb_sectors, bool enc,
+ Error **errp)
{
union {
uint64_t ll[2];
@@ -333,14 +332,12 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
}
if (enc) {
ret = qcrypto_cipher_encrypt(s->cipher,
- in_buf,
- out_buf,
+ buf, buf,
512,
errp);
} else {
ret = qcrypto_cipher_decrypt(s->cipher,
- in_buf,
- out_buf,
+ buf, buf,
512,
errp);
}
@@ -348,8 +345,7 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
return -1;
}
sector_num++;
- in_buf += 512;
- out_buf += 512;
+ buf += 512;
}
return 0;
}
@@ -469,13 +465,12 @@ static uint64_t get_cluster_offset(BlockDriverState *bs,
uint64_t start_sect;
assert(s->cipher);
start_sect = (offset & ~(s->cluster_size - 1)) >> 9;
- memset(s->cluster_data + 512, 0x00, 512);
for(i = 0; i < s->cluster_sectors; i++) {
if (i < n_start || i >= n_end) {
Error *err = NULL;
+ memset(s->cluster_data, 0x00, 512);
if (encrypt_sectors(s, start_sect + i,
- s->cluster_data,
- s->cluster_data + 512, 1,
+ s->cluster_data, 1,
true, &err) < 0) {
error_free(err);
errno = EIO;
@@ -653,7 +648,7 @@ static coroutine_fn int qcow_co_readv(BlockDriverState *bs, int64_t sector_num,
}
if (bs->encrypted) {
assert(s->cipher);
- if (encrypt_sectors(s, sector_num, buf, buf,
+ if (encrypt_sectors(s, sector_num, buf,
n, false, &err) < 0) {
goto fail;
}
@@ -688,9 +683,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
BDRVQcowState *s = bs->opaque;
int index_in_cluster;
uint64_t cluster_offset;
- const uint8_t *src_buf;
int ret = 0, n;
- uint8_t *cluster_data = NULL;
struct iovec hd_iov;
QEMUIOVector hd_qiov;
uint8_t *buf;
@@ -698,7 +691,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
s->cluster_cache_offset = -1; /* disable compressed cache */
- if (qiov->niov > 1) {
+ /* We must always copy the iov when encrypting, so we
+ * don't modify the original data buffer during encryption */
+ if (bs->encrypted || qiov->niov > 1) {
buf = orig_buf = qemu_try_blockalign(bs, qiov->size);
if (buf == NULL) {
return -ENOMEM;
@@ -728,21 +723,15 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
if (bs->encrypted) {
Error *err = NULL;
assert(s->cipher);
- if (!cluster_data) {
- cluster_data = g_malloc0(s->cluster_size);
- }
- if (encrypt_sectors(s, sector_num, cluster_data, buf,
+ if (encrypt_sectors(s, sector_num, buf,
n, true, &err) < 0) {
error_free(err);
ret = -EIO;
break;
}
- src_buf = cluster_data;
- } else {
- src_buf = buf;
}
- hd_iov.iov_base = (void *)src_buf;
+ hd_iov.iov_base = (void *)buf;
hd_iov.iov_len = n * 512;
qemu_iovec_init_external(&hd_qiov, &hd_iov, 1);
qemu_co_mutex_unlock(&s->lock);
@@ -761,10 +750,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
}
qemu_co_mutex_unlock(&s->lock);
- if (qiov->niov > 1) {
- qemu_vfree(orig_buf);
- }
- g_free(cluster_data);
+ qemu_vfree(orig_buf);
return ret;
}
--
2.9.3
next prev parent reply other threads:[~2017-01-24 14:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-24 14:51 [Qemu-devel] [PATCH v2 00/17] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 01/17] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 02/17] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 03/17] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 04/17] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 05/17] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 06/17] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 07/17] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-01-24 14:51 ` Daniel P. Berrange [this message]
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 09/17] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 10/17] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 11/17] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 12/17] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 13/17] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 14/17] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 15/17] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 16/17] block: rip out all traces of password prompting Daniel P. Berrange
2017-01-24 14:51 ` [Qemu-devel] [PATCH v2 17/17] block: remove all encryption handling APIs Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170124145152.22980-9-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.