1 /* 2 * QEMU block full disk encryption 3 * 4 * Copyright (c) 2015-2016 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "block/block_int.h" 24 #include "block/qdict.h" 25 #include "sysemu/block-backend.h" 26 #include "crypto/block.h" 27 #include "qapi/opts-visitor.h" 28 #include "qapi/qapi-visit-crypto.h" 29 #include "qapi/qobject-input-visitor.h" 30 #include "qapi/error.h" 31 #include "qemu/module.h" 32 #include "qemu/option.h" 33 #include "qemu/cutils.h" 34 #include "crypto.h" 35 36 typedef struct BlockCrypto BlockCrypto; 37 38 struct BlockCrypto { 39 QCryptoBlock *block; 40 bool updating_keys; 41 }; 42 43 44 static int block_crypto_probe_generic(QCryptoBlockFormat format, 45 const uint8_t *buf, 46 int buf_size, 47 const char *filename) 48 { 49 if (qcrypto_block_has_format(format, buf, buf_size)) { 50 return 100; 51 } else { 52 return 0; 53 } 54 } 55 56 57 static ssize_t block_crypto_read_func(QCryptoBlock *block, 58 size_t offset, 59 uint8_t *buf, 60 size_t buflen, 61 void *opaque, 62 Error **errp) 63 { 64 BlockDriverState *bs = opaque; 65 ssize_t ret; 66 67 ret = bdrv_pread(bs->file, offset, buf, buflen); 68 if (ret < 0) { 69 error_setg_errno(errp, -ret, "Could not read encryption header"); 70 return ret; 71 } 72 return ret; 73 } 74 75 static ssize_t block_crypto_write_func(QCryptoBlock *block, 76 size_t offset, 77 const uint8_t *buf, 78 size_t buflen, 79 void *opaque, 80 Error **errp) 81 { 82 BlockDriverState *bs = opaque; 83 ssize_t ret; 84 85 ret = bdrv_pwrite(bs->file, offset, buf, buflen); 86 if (ret < 0) { 87 error_setg_errno(errp, -ret, "Could not write encryption header"); 88 return ret; 89 } 90 return ret; 91 } 92 93 94 struct BlockCryptoCreateData { 95 BlockBackend *blk; 96 uint64_t size; 97 PreallocMode prealloc; 98 }; 99 100 101 static ssize_t block_crypto_create_write_func(QCryptoBlock *block, 102 size_t offset, 103 const uint8_t *buf, 104 size_t buflen, 105 void *opaque, 106 Error **errp) 107 { 108 struct BlockCryptoCreateData *data = opaque; 109 ssize_t ret; 110 111 ret = blk_pwrite(data->blk, offset, buf, buflen, 0); 112 if (ret < 0) { 113 error_setg_errno(errp, -ret, "Could not write encryption header"); 114 return ret; 115 } 116 return ret; 117 } 118 119 static ssize_t block_crypto_create_init_func(QCryptoBlock *block, 120 size_t headerlen, 121 void *opaque, 122 Error **errp) 123 { 124 struct BlockCryptoCreateData *data = opaque; 125 Error *local_error = NULL; 126 int ret; 127 128 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) { 129 ret = -EFBIG; 130 goto error; 131 } 132 133 /* User provided size should reflect amount of space made 134 * available to the guest, so we must take account of that 135 * which will be used by the crypto header 136 */ 137 ret = blk_truncate(data->blk, data->size + headerlen, false, 138 data->prealloc, 0, &local_error); 139 140 if (ret >= 0) { 141 return ret; 142 } 143 144 error: 145 if (ret == -EFBIG) { 146 /* Replace the error message with a better one */ 147 error_free(local_error); 148 error_setg(errp, "The requested file size is too large"); 149 } else { 150 error_propagate(errp, local_error); 151 } 152 153 return ret; 154 } 155 156 157 static QemuOptsList block_crypto_runtime_opts_luks = { 158 .name = "crypto", 159 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), 160 .desc = { 161 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 162 { /* end of list */ } 163 }, 164 }; 165 166 167 static QemuOptsList block_crypto_create_opts_luks = { 168 .name = "crypto", 169 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 170 .desc = { 171 { 172 .name = BLOCK_OPT_SIZE, 173 .type = QEMU_OPT_SIZE, 174 .help = "Virtual disk size" 175 }, 176 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 177 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""), 178 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""), 179 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""), 180 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), 181 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), 182 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 183 { /* end of list */ } 184 }, 185 }; 186 187 188 static QemuOptsList block_crypto_amend_opts_luks = { 189 .name = "crypto", 190 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 191 .desc = { 192 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""), 193 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""), 194 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""), 195 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""), 196 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 197 { /* end of list */ } 198 }, 199 }; 200 201 QCryptoBlockOpenOptions * 202 block_crypto_open_opts_init(QDict *opts, Error **errp) 203 { 204 Visitor *v; 205 QCryptoBlockOpenOptions *ret; 206 207 v = qobject_input_visitor_new_flat_confused(opts, errp); 208 if (!v) { 209 return NULL; 210 } 211 212 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp); 213 214 visit_free(v); 215 return ret; 216 } 217 218 219 QCryptoBlockCreateOptions * 220 block_crypto_create_opts_init(QDict *opts, Error **errp) 221 { 222 Visitor *v; 223 QCryptoBlockCreateOptions *ret; 224 225 v = qobject_input_visitor_new_flat_confused(opts, errp); 226 if (!v) { 227 return NULL; 228 } 229 230 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp); 231 232 visit_free(v); 233 return ret; 234 } 235 236 QCryptoBlockAmendOptions * 237 block_crypto_amend_opts_init(QDict *opts, Error **errp) 238 { 239 Visitor *v; 240 QCryptoBlockAmendOptions *ret; 241 242 v = qobject_input_visitor_new_flat_confused(opts, errp); 243 if (!v) { 244 return NULL; 245 } 246 247 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp); 248 249 visit_free(v); 250 return ret; 251 } 252 253 254 static int block_crypto_open_generic(QCryptoBlockFormat format, 255 QemuOptsList *opts_spec, 256 BlockDriverState *bs, 257 QDict *options, 258 int flags, 259 Error **errp) 260 { 261 BlockCrypto *crypto = bs->opaque; 262 QemuOpts *opts = NULL; 263 Error *local_err = NULL; 264 int ret = -EINVAL; 265 QCryptoBlockOpenOptions *open_opts = NULL; 266 unsigned int cflags = 0; 267 QDict *cryptoopts = NULL; 268 269 bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds, 270 BDRV_CHILD_IMAGE, false, errp); 271 if (!bs->file) { 272 return -EINVAL; 273 } 274 275 bs->supported_write_flags = BDRV_REQ_FUA & 276 bs->file->bs->supported_write_flags; 277 278 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort); 279 qemu_opts_absorb_qdict(opts, options, &local_err); 280 if (local_err) { 281 error_propagate(errp, local_err); 282 goto cleanup; 283 } 284 285 cryptoopts = qemu_opts_to_qdict(opts, NULL); 286 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format)); 287 288 open_opts = block_crypto_open_opts_init(cryptoopts, errp); 289 if (!open_opts) { 290 goto cleanup; 291 } 292 293 if (flags & BDRV_O_NO_IO) { 294 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; 295 } 296 crypto->block = qcrypto_block_open(open_opts, NULL, 297 block_crypto_read_func, 298 bs, 299 cflags, 300 1, 301 errp); 302 303 if (!crypto->block) { 304 ret = -EIO; 305 goto cleanup; 306 } 307 308 bs->encrypted = true; 309 310 ret = 0; 311 cleanup: 312 qobject_unref(cryptoopts); 313 qapi_free_QCryptoBlockOpenOptions(open_opts); 314 return ret; 315 } 316 317 318 static int block_crypto_co_create_generic(BlockDriverState *bs, 319 int64_t size, 320 QCryptoBlockCreateOptions *opts, 321 PreallocMode prealloc, 322 Error **errp) 323 { 324 int ret; 325 BlockBackend *blk; 326 QCryptoBlock *crypto = NULL; 327 struct BlockCryptoCreateData data; 328 329 blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL, 330 errp); 331 if (!blk) { 332 ret = -EPERM; 333 goto cleanup; 334 } 335 336 if (prealloc == PREALLOC_MODE_METADATA) { 337 prealloc = PREALLOC_MODE_OFF; 338 } 339 340 data = (struct BlockCryptoCreateData) { 341 .blk = blk, 342 .size = size, 343 .prealloc = prealloc, 344 }; 345 346 crypto = qcrypto_block_create(opts, NULL, 347 block_crypto_create_init_func, 348 block_crypto_create_write_func, 349 &data, 350 errp); 351 352 if (!crypto) { 353 ret = -EIO; 354 goto cleanup; 355 } 356 357 ret = 0; 358 cleanup: 359 qcrypto_block_free(crypto); 360 blk_unref(blk); 361 return ret; 362 } 363 364 static int coroutine_fn 365 block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact, 366 PreallocMode prealloc, BdrvRequestFlags flags, 367 Error **errp) 368 { 369 BlockCrypto *crypto = bs->opaque; 370 uint64_t payload_offset = 371 qcrypto_block_get_payload_offset(crypto->block); 372 373 if (payload_offset > INT64_MAX - offset) { 374 error_setg(errp, "The requested file size is too large"); 375 return -EFBIG; 376 } 377 378 offset += payload_offset; 379 380 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp); 381 } 382 383 static void block_crypto_close(BlockDriverState *bs) 384 { 385 BlockCrypto *crypto = bs->opaque; 386 qcrypto_block_free(crypto->block); 387 } 388 389 static int block_crypto_reopen_prepare(BDRVReopenState *state, 390 BlockReopenQueue *queue, Error **errp) 391 { 392 /* nothing needs checking */ 393 return 0; 394 } 395 396 /* 397 * 1 MB bounce buffer gives good performance / memory tradeoff 398 * when using cache=none|directsync. 399 */ 400 #define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024) 401 402 static coroutine_fn int 403 block_crypto_co_preadv(BlockDriverState *bs, uint64_t offset, uint64_t bytes, 404 QEMUIOVector *qiov, int flags) 405 { 406 BlockCrypto *crypto = bs->opaque; 407 uint64_t cur_bytes; /* number of bytes in current iteration */ 408 uint64_t bytes_done = 0; 409 uint8_t *cipher_data = NULL; 410 QEMUIOVector hd_qiov; 411 int ret = 0; 412 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 413 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 414 415 assert(!flags); 416 assert(payload_offset < INT64_MAX); 417 assert(QEMU_IS_ALIGNED(offset, sector_size)); 418 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 419 420 qemu_iovec_init(&hd_qiov, qiov->niov); 421 422 /* Bounce buffer because we don't wish to expose cipher text 423 * in qiov which points to guest memory. 424 */ 425 cipher_data = 426 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 427 qiov->size)); 428 if (cipher_data == NULL) { 429 ret = -ENOMEM; 430 goto cleanup; 431 } 432 433 while (bytes) { 434 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 435 436 qemu_iovec_reset(&hd_qiov); 437 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 438 439 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done, 440 cur_bytes, &hd_qiov, 0); 441 if (ret < 0) { 442 goto cleanup; 443 } 444 445 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done, 446 cipher_data, cur_bytes, NULL) < 0) { 447 ret = -EIO; 448 goto cleanup; 449 } 450 451 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes); 452 453 bytes -= cur_bytes; 454 bytes_done += cur_bytes; 455 } 456 457 cleanup: 458 qemu_iovec_destroy(&hd_qiov); 459 qemu_vfree(cipher_data); 460 461 return ret; 462 } 463 464 465 static coroutine_fn int 466 block_crypto_co_pwritev(BlockDriverState *bs, uint64_t offset, uint64_t bytes, 467 QEMUIOVector *qiov, int flags) 468 { 469 BlockCrypto *crypto = bs->opaque; 470 uint64_t cur_bytes; /* number of bytes in current iteration */ 471 uint64_t bytes_done = 0; 472 uint8_t *cipher_data = NULL; 473 QEMUIOVector hd_qiov; 474 int ret = 0; 475 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 476 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 477 478 assert(!(flags & ~BDRV_REQ_FUA)); 479 assert(payload_offset < INT64_MAX); 480 assert(QEMU_IS_ALIGNED(offset, sector_size)); 481 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 482 483 qemu_iovec_init(&hd_qiov, qiov->niov); 484 485 /* Bounce buffer because we're not permitted to touch 486 * contents of qiov - it points to guest memory. 487 */ 488 cipher_data = 489 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 490 qiov->size)); 491 if (cipher_data == NULL) { 492 ret = -ENOMEM; 493 goto cleanup; 494 } 495 496 while (bytes) { 497 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 498 499 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes); 500 501 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done, 502 cipher_data, cur_bytes, NULL) < 0) { 503 ret = -EIO; 504 goto cleanup; 505 } 506 507 qemu_iovec_reset(&hd_qiov); 508 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 509 510 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done, 511 cur_bytes, &hd_qiov, flags); 512 if (ret < 0) { 513 goto cleanup; 514 } 515 516 bytes -= cur_bytes; 517 bytes_done += cur_bytes; 518 } 519 520 cleanup: 521 qemu_iovec_destroy(&hd_qiov); 522 qemu_vfree(cipher_data); 523 524 return ret; 525 } 526 527 static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp) 528 { 529 BlockCrypto *crypto = bs->opaque; 530 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 531 bs->bl.request_alignment = sector_size; /* No sub-sector I/O */ 532 } 533 534 535 static int64_t block_crypto_getlength(BlockDriverState *bs) 536 { 537 BlockCrypto *crypto = bs->opaque; 538 int64_t len = bdrv_getlength(bs->file->bs); 539 540 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block); 541 assert(offset < INT64_MAX); 542 543 if (offset > len) { 544 return -EIO; 545 } 546 547 len -= offset; 548 549 return len; 550 } 551 552 553 static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts, 554 BlockDriverState *in_bs, 555 Error **errp) 556 { 557 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL; 558 Error *local_err = NULL; 559 BlockMeasureInfo *info; 560 uint64_t size; 561 size_t luks_payload_size; 562 QDict *cryptoopts; 563 564 /* 565 * Preallocation mode doesn't affect size requirements but we must consume 566 * the option. 567 */ 568 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC)); 569 570 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 571 572 if (in_bs) { 573 int64_t ssize = bdrv_getlength(in_bs); 574 575 if (ssize < 0) { 576 error_setg_errno(&local_err, -ssize, 577 "Unable to get image virtual_size"); 578 goto err; 579 } 580 581 size = ssize; 582 } 583 584 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 585 &block_crypto_create_opts_luks, true); 586 qdict_put_str(cryptoopts, "format", "luks"); 587 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err); 588 qobject_unref(cryptoopts); 589 if (!create_opts) { 590 goto err; 591 } 592 593 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL, 594 &luks_payload_size, 595 &local_err)) { 596 goto err; 597 } 598 599 /* 600 * Unallocated blocks are still encrypted so allocation status makes no 601 * difference to the file size. 602 */ 603 info = g_new0(BlockMeasureInfo, 1); 604 info->fully_allocated = luks_payload_size + size; 605 info->required = luks_payload_size + size; 606 return info; 607 608 err: 609 error_propagate(errp, local_err); 610 return NULL; 611 } 612 613 614 static int block_crypto_probe_luks(const uint8_t *buf, 615 int buf_size, 616 const char *filename) { 617 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 618 buf, buf_size, filename); 619 } 620 621 static int block_crypto_open_luks(BlockDriverState *bs, 622 QDict *options, 623 int flags, 624 Error **errp) 625 { 626 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 627 &block_crypto_runtime_opts_luks, 628 bs, options, flags, errp); 629 } 630 631 static int coroutine_fn 632 block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) 633 { 634 BlockdevCreateOptionsLUKS *luks_opts; 635 BlockDriverState *bs = NULL; 636 QCryptoBlockCreateOptions create_opts; 637 PreallocMode preallocation = PREALLOC_MODE_OFF; 638 int ret; 639 640 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); 641 luks_opts = &create_options->u.luks; 642 643 bs = bdrv_open_blockdev_ref(luks_opts->file, errp); 644 if (bs == NULL) { 645 return -EIO; 646 } 647 648 create_opts = (QCryptoBlockCreateOptions) { 649 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 650 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts), 651 }; 652 653 if (luks_opts->has_preallocation) { 654 preallocation = luks_opts->preallocation; 655 } 656 657 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, 658 preallocation, errp); 659 if (ret < 0) { 660 goto fail; 661 } 662 663 ret = 0; 664 fail: 665 bdrv_unref(bs); 666 return ret; 667 } 668 669 static int coroutine_fn block_crypto_co_create_opts_luks(BlockDriver *drv, 670 const char *filename, 671 QemuOpts *opts, 672 Error **errp) 673 { 674 QCryptoBlockCreateOptions *create_opts = NULL; 675 BlockDriverState *bs = NULL; 676 QDict *cryptoopts; 677 PreallocMode prealloc; 678 char *buf = NULL; 679 int64_t size; 680 int ret; 681 Error *local_err = NULL; 682 683 /* Parse options */ 684 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 685 686 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC); 687 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf, 688 PREALLOC_MODE_OFF, &local_err); 689 g_free(buf); 690 if (local_err) { 691 error_propagate(errp, local_err); 692 return -EINVAL; 693 } 694 695 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 696 &block_crypto_create_opts_luks, 697 true); 698 699 qdict_put_str(cryptoopts, "format", "luks"); 700 create_opts = block_crypto_create_opts_init(cryptoopts, errp); 701 if (!create_opts) { 702 ret = -EINVAL; 703 goto fail; 704 } 705 706 /* Create protocol layer */ 707 ret = bdrv_create_file(filename, opts, errp); 708 if (ret < 0) { 709 goto fail; 710 } 711 712 bs = bdrv_open(filename, NULL, NULL, 713 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp); 714 if (!bs) { 715 ret = -EINVAL; 716 goto fail; 717 } 718 719 /* Create format layer */ 720 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp); 721 if (ret < 0) { 722 goto fail; 723 } 724 725 ret = 0; 726 fail: 727 /* 728 * If an error occurred, delete 'filename'. Even if the file existed 729 * beforehand, it has been truncated and corrupted in the process. 730 */ 731 if (ret && bs) { 732 Error *local_delete_err = NULL; 733 int r_del = bdrv_co_delete_file(bs, &local_delete_err); 734 /* 735 * ENOTSUP will happen if the block driver doesn't support 736 * the 'bdrv_co_delete_file' interface. This is a predictable 737 * scenario and shouldn't be reported back to the user. 738 */ 739 if ((r_del < 0) && (r_del != -ENOTSUP)) { 740 error_report_err(local_delete_err); 741 } 742 } 743 744 bdrv_unref(bs); 745 qapi_free_QCryptoBlockCreateOptions(create_opts); 746 qobject_unref(cryptoopts); 747 return ret; 748 } 749 750 static int block_crypto_get_info_luks(BlockDriverState *bs, 751 BlockDriverInfo *bdi) 752 { 753 BlockDriverInfo subbdi; 754 int ret; 755 756 ret = bdrv_get_info(bs->file->bs, &subbdi); 757 if (ret != 0) { 758 return ret; 759 } 760 761 bdi->cluster_size = subbdi.cluster_size; 762 763 return 0; 764 } 765 766 static ImageInfoSpecific * 767 block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp) 768 { 769 BlockCrypto *crypto = bs->opaque; 770 ImageInfoSpecific *spec_info; 771 QCryptoBlockInfo *info; 772 773 info = qcrypto_block_get_info(crypto->block, errp); 774 if (!info) { 775 return NULL; 776 } 777 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS); 778 779 spec_info = g_new(ImageInfoSpecific, 1); 780 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS; 781 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1); 782 *spec_info->u.luks.data = info->u.luks; 783 784 /* Blank out pointers we've just stolen to avoid double free */ 785 memset(&info->u.luks, 0, sizeof(info->u.luks)); 786 787 qapi_free_QCryptoBlockInfo(info); 788 789 return spec_info; 790 } 791 792 static int 793 block_crypto_amend_options_generic_luks(BlockDriverState *bs, 794 QCryptoBlockAmendOptions *amend_options, 795 bool force, 796 Error **errp) 797 { 798 BlockCrypto *crypto = bs->opaque; 799 int ret; 800 801 assert(crypto); 802 assert(crypto->block); 803 804 /* apply for exclusive read/write permissions to the underlying file*/ 805 crypto->updating_keys = true; 806 ret = bdrv_child_refresh_perms(bs, bs->file, errp); 807 if (ret) { 808 goto cleanup; 809 } 810 811 ret = qcrypto_block_amend_options(crypto->block, 812 block_crypto_read_func, 813 block_crypto_write_func, 814 bs, 815 amend_options, 816 force, 817 errp); 818 cleanup: 819 /* release exclusive read/write permissions to the underlying file*/ 820 crypto->updating_keys = false; 821 bdrv_child_refresh_perms(bs, bs->file, errp); 822 return ret; 823 } 824 825 static int 826 block_crypto_amend_options_luks(BlockDriverState *bs, 827 QemuOpts *opts, 828 BlockDriverAmendStatusCB *status_cb, 829 void *cb_opaque, 830 bool force, 831 Error **errp) 832 { 833 BlockCrypto *crypto = bs->opaque; 834 QDict *cryptoopts = NULL; 835 QCryptoBlockAmendOptions *amend_options = NULL; 836 int ret = -EINVAL; 837 838 assert(crypto); 839 assert(crypto->block); 840 841 cryptoopts = qemu_opts_to_qdict(opts, NULL); 842 qdict_put_str(cryptoopts, "format", "luks"); 843 amend_options = block_crypto_amend_opts_init(cryptoopts, errp); 844 qobject_unref(cryptoopts); 845 if (!amend_options) { 846 goto cleanup; 847 } 848 ret = block_crypto_amend_options_generic_luks(bs, amend_options, 849 force, errp); 850 cleanup: 851 qapi_free_QCryptoBlockAmendOptions(amend_options); 852 return ret; 853 } 854 855 static int 856 coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs, 857 BlockdevAmendOptions *opts, 858 bool force, 859 Error **errp) 860 { 861 QCryptoBlockAmendOptions amend_opts; 862 863 amend_opts = (QCryptoBlockAmendOptions) { 864 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 865 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks), 866 }; 867 return block_crypto_amend_options_generic_luks(bs, &amend_opts, 868 force, errp); 869 } 870 871 static void 872 block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, 873 const BdrvChildRole role, 874 BlockReopenQueue *reopen_queue, 875 uint64_t perm, uint64_t shared, 876 uint64_t *nperm, uint64_t *nshared) 877 { 878 879 BlockCrypto *crypto = bs->opaque; 880 881 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared); 882 883 /* 884 * For backward compatibility, manually share the write 885 * and resize permission 886 */ 887 *nshared |= (BLK_PERM_WRITE | BLK_PERM_RESIZE); 888 /* 889 * Since we are not fully a format driver, don't always request 890 * the read/resize permission but only when explicitly 891 * requested 892 */ 893 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 894 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 895 896 /* 897 * This driver doesn't modify LUKS metadata except 898 * when updating the encryption slots. 899 * Thus unlike a proper format driver we don't ask for 900 * shared write/read permission. However we need it 901 * when we are updating the keys, to ensure that only we 902 * have access to the device. 903 * 904 * Encryption update will set the crypto->updating_keys 905 * during that period and refresh permissions 906 * 907 */ 908 if (crypto->updating_keys) { 909 /* need exclusive write access for header update */ 910 *nperm |= BLK_PERM_WRITE; 911 /* unshare read and write permission */ 912 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE); 913 } 914 } 915 916 917 static const char *const block_crypto_strong_runtime_opts[] = { 918 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, 919 920 NULL 921 }; 922 923 static BlockDriver bdrv_crypto_luks = { 924 .format_name = "luks", 925 .instance_size = sizeof(BlockCrypto), 926 .bdrv_probe = block_crypto_probe_luks, 927 .bdrv_open = block_crypto_open_luks, 928 .bdrv_close = block_crypto_close, 929 .bdrv_child_perm = block_crypto_child_perms, 930 .bdrv_co_create = block_crypto_co_create_luks, 931 .bdrv_co_create_opts = block_crypto_co_create_opts_luks, 932 .bdrv_co_truncate = block_crypto_co_truncate, 933 .create_opts = &block_crypto_create_opts_luks, 934 .amend_opts = &block_crypto_amend_opts_luks, 935 936 .bdrv_reopen_prepare = block_crypto_reopen_prepare, 937 .bdrv_refresh_limits = block_crypto_refresh_limits, 938 .bdrv_co_preadv = block_crypto_co_preadv, 939 .bdrv_co_pwritev = block_crypto_co_pwritev, 940 .bdrv_getlength = block_crypto_getlength, 941 .bdrv_measure = block_crypto_measure, 942 .bdrv_get_info = block_crypto_get_info_luks, 943 .bdrv_get_specific_info = block_crypto_get_specific_info_luks, 944 .bdrv_amend_options = block_crypto_amend_options_luks, 945 .bdrv_co_amend = block_crypto_co_amend_luks, 946 947 .is_format = true, 948 949 .strong_runtime_opts = block_crypto_strong_runtime_opts, 950 }; 951 952 static void block_crypto_init(void) 953 { 954 bdrv_register(&bdrv_crypto_luks); 955 } 956 957 block_init(block_crypto_init); 958