On Fri, 2019-09-06 at 15:04 +0100, Daniel P. Berrangé wrote:
> On Fri, Aug 30, 2019 at 11:56:03PM +0300, Maxim Levitsky wrote:
> > This implements the encryption key management
> > using the generic code in qcrypto layer
> > (currently only for qemu-img amend)
> >
> > This code adds another 'write_func' because the initialization
> > write_func works directly on the underlying file,
> > because during the creation, there is no open instance
> > of the luks driver, but during regular use, we have it,
> > and should use it instead.
> >
> > Signed-off-by: Maxim Levitsky <mlevi...@redhat.com>
> > ---
> > block/crypto.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++--
> > 1 file changed, 103 insertions(+), 3 deletions(-)
> >
> > diff --git a/block/crypto.c b/block/crypto.c
> > index a6a3e1f1d8..dbd95a99ba 100644
> > --- a/block/crypto.c
> > +++ b/block/crypto.c
> > @@ -36,6 +36,7 @@ typedef struct BlockCrypto BlockCrypto;
> >
> > struct BlockCrypto {
> > QCryptoBlock *block;
> > + bool updating_keys;
> > };
> >
> >
> > @@ -70,6 +71,24 @@ static ssize_t block_crypto_read_func(QCryptoBlock
> > *block,
> > return ret;
> > }
> >
> > +static ssize_t block_crypto_write_func(QCryptoBlock *block,
> > + size_t offset,
> > + const uint8_t *buf,
> > + size_t buflen,
> > + void *opaque,
> > + Error **errp)
>
> Indent off-by-1 - align with param on the first line
I hope you won't hate me after all these indent bugs.
I'll learn to notice, I promise :-)
>
> > +{
> > + BlockDriverState *bs = opaque;
> > + ssize_t ret;
> > +
> > + ret = bdrv_pwrite(bs->file, offset, buf, buflen);
> > + if (ret < 0) {
> > + error_setg_errno(errp, -ret, "Could not write encryption header");
> > + return ret;
> > + }
> > + return ret;
> > +}
> > +
> >
> > struct BlockCryptoCreateData {
> > BlockBackend *blk;
> > @@ -647,6 +666,88 @@ block_crypto_get_specific_info_luks(BlockDriverState
> > *bs, Error **errp)
> > return spec_info;
> > }
> >
> > +
> > +static int
> > +block_crypto_amend_options(BlockDriverState *bs,
> > + QemuOpts *opts,
> > + BlockDriverAmendStatusCB *status_cb,
> > + void *cb_opaque,
> > + bool force,
> > + Error **errp)
> > +{
> > + BlockCrypto *crypto = bs->opaque;
> > + QDict *cryptoopts = NULL;
> > + QCryptoBlockCreateOptions *amend_options = NULL;
> > + int ret;
> > +
> > + assert(crypto);
> > + assert(crypto->block);
> > +
> > + crypto->updating_keys = true;
> > +
> > + ret = bdrv_child_refresh_perms(bs, bs->file, errp);
> > + if (ret) {
>
> I can;'t remember - does this need to be "ret < 0" or
> does refresh_perms return positive errnos ?
I don't really know but looking at the source the
bdrv_child_refresh_perms calls the bdrv_child_try_set_perm
which seems to forward only negative error codes,
so I'll do this here as well.
Also an iotest for this is a must, now I remember.
Best regards,
Maxim Levitsky
