[PULL 28/29] block/rbd: Add luks-any encryption opening option

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [PULL 28/29] block/rbd: Add luks-any encryption opening option
Date: Thu, 23 Feb 2023 19:51:45 +0100	[thread overview]
Message-ID: <20230223185146.306454-29-kwolf@redhat.com> (raw)
In-Reply-To: <20230223185146.306454-1-kwolf@redhat.com>

From: Or Ozeri <oro@il.ibm.com>

Ceph RBD encryption API required specifying the encryption format
for loading encryption. The supported formats were LUKS (v1) and LUKS2.

Starting from Reef release, RBD also supports loading with "luks-any" format,
which works for both versions of LUKS.

This commit extends the qemu rbd driver API to enable qemu users to use
this luks-any wildcard format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Message-Id: <20230129113120.722708-3-oro@oro.sl.cloud9.ibm.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 qapi/block-core.json | 16 ++++++++++++++--
 block/rbd.c          | 19 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 7f331eb8ea..5f09b1d31a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3922,10 +3922,12 @@
 ##
 # @RbdImageEncryptionFormat:
 #
+# @luks-any: Used for opening either luks or luks2 (Since 8.0)
+#
 # Since: 6.1
 ##
 { 'enum': 'RbdImageEncryptionFormat',
-  'data': [ 'luks', 'luks2' ] }
+  'data': [ 'luks', 'luks2', 'luks-any' ] }
 
 ##
 # @RbdEncryptionOptionsLUKSBase:
@@ -3967,6 +3969,15 @@
   'base': 'RbdEncryptionOptionsLUKSBase',
   'data': { } }
 
+##
+# @RbdEncryptionOptionsLUKSAny:
+#
+# Since: 8.0
+##
+{ 'struct': 'RbdEncryptionOptionsLUKSAny',
+  'base': 'RbdEncryptionOptionsLUKSBase',
+  'data': { } }
+
 ##
 # @RbdEncryptionCreateOptionsLUKS:
 #
@@ -3994,7 +4005,8 @@
   'base': { 'format': 'RbdImageEncryptionFormat' },
   'discriminator': 'format',
   'data': { 'luks': 'RbdEncryptionOptionsLUKS',
-            'luks2': 'RbdEncryptionOptionsLUKS2' } }
+            'luks2': 'RbdEncryptionOptionsLUKS2',
+            'luks-any': 'RbdEncryptionOptionsLUKSAny'} }
 
 ##
 # @RbdEncryptionCreateOptions:
diff --git a/block/rbd.c b/block/rbd.c
index 4bd75c9bb7..744f84c222 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -469,6 +469,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
     g_autofree char *passphrase = NULL;
     rbd_encryption_luks1_format_options_t luks_opts;
     rbd_encryption_luks2_format_options_t luks2_opts;
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+    rbd_encryption_luks_format_options_t luks_any_opts;
+#endif
     rbd_encryption_format_t format;
     rbd_encryption_options_t opts;
     size_t opts_size;
@@ -502,6 +505,22 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
             luks2_opts.passphrase = passphrase;
             break;
         }
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+        case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: {
+            memset(&luks_any_opts, 0, sizeof(luks_any_opts));
+            format = RBD_ENCRYPTION_FORMAT_LUKS;
+            opts = &luks_any_opts;
+            opts_size = sizeof(luks_any_opts);
+            r = qemu_rbd_convert_luks_options(
+                    qapi_RbdEncryptionOptionsLUKSAny_base(&encrypt->u.luks_any),
+                    &passphrase, &luks_any_opts.passphrase_size, errp);
+            if (r < 0) {
+                return r;
+            }
+            luks_any_opts.passphrase = passphrase;
+            break;
+        }
+#endif
         default: {
             r = -ENOTSUP;
             error_setg_errno(
-- 
2.39.2

next prev parent reply	other threads:[~2023-02-23 18:54 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-23 18:51 [PULL 00/29] Block layer patches Kevin Wolf
2023-02-23 18:51 ` [PULL 01/29] block: Make bdrv_can_set_read_only() static Kevin Wolf
2023-02-23 18:51 ` [PULL 02/29] mirror: Fix access of uninitialised fields during start Kevin Wolf
2023-02-23 18:51 ` [PULL 03/29] block: Mark bdrv_co_truncate() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 04/29] block: Mark bdrv_co_block_status() " Kevin Wolf
2023-02-23 18:51 ` [PULL 05/29] block: Mark bdrv_co_ioctl() " Kevin Wolf
2023-02-23 18:51 ` [PULL 06/29] block/qed: add missing graph rdlock in qed_need_check_timer_entry Kevin Wolf
2023-02-23 18:51 ` [PULL 07/29] block: Mark bdrv_co_flush() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 08/29] block: Mark bdrv_co_pdiscard() " Kevin Wolf
2023-02-23 18:51 ` [PULL 09/29] block: Mark bdrv_co_pwrite_zeroes() " Kevin Wolf
2023-02-23 18:51 ` [PULL 10/29] block: Mark read/write in block/io.c GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 11/29] block: Mark public read/write functions GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 12/29] block: Mark bdrv_co_pwrite_sync() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 13/29] block: Mark bdrv_co_do_pwrite_zeroes() GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 14/29] block: Mark bdrv_co_copy_range() GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 15/29] block: Mark preadv_snapshot/snapshot_block_status GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 16/29] block: Mark bdrv_co_create() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 17/29] block: Mark bdrv_co_io_(un)plug() " Kevin Wolf
2023-02-23 18:51 ` [PULL 18/29] block: Mark bdrv_co_is_inserted() " Kevin Wolf
2023-02-23 18:51 ` [PULL 19/29] block: Mark bdrv_co_eject/lock_medium() " Kevin Wolf
2023-02-23 18:51 ` [PULL 20/29] block: Mark bdrv_(un)register_buf() GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 21/29] block: Mark bdrv_co_delete_file() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 22/29] block: Mark bdrv_*_dirty_bitmap() " Kevin Wolf
2023-02-23 18:51 ` [PULL 23/29] block: Mark bdrv_co_refresh_total_sectors() " Kevin Wolf
2023-02-23 18:51 ` [PULL 24/29] scsi: protect req->aiocb with AioContext lock Kevin Wolf
2023-02-23 18:51 ` [PULL 25/29] dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race Kevin Wolf
2023-02-23 18:51 ` [PULL 26/29] virtio-scsi: reset SCSI devices from main loop thread Kevin Wolf
2023-02-23 18:51 ` [PULL 27/29] block/rbd: Remove redundant stack variable passphrase_len Kevin Wolf
2023-02-23 18:51 ` Kevin Wolf [this message]
2023-02-23 18:51 ` [PULL 29/29] block/rbd: Add support for layered encryption Kevin Wolf
2023-02-24 18:50 ` [PULL 00/29] Block layer patches Peter Maydell
2023-02-24 21:35   ` Philippe Mathieu-Daudé
2023-02-27  9:12     ` Thomas Huth
2023-02-27 11:22       ` Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7f331eb8e dfblob:5f09b1d31 dfblob:4bd75c9bb dfblob:744f84c22 )
 OR (
bs:"[PULL 28/29] block/rbd: Add luks-any encryption opening option" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230223185146.306454-29-kwolf@redhat.com \
    --to=kwolf@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).