On Sun, Aug 25, 2019 at 07:08:00PM +0300, Maxim Levitsky wrote:
> On Sun, 2019-08-25 at 18:40 +0300, Maxim Levitsky wrote:
> > On Thu, 2019-08-22 at 12:04 +0100, Daniel P. Berrangé wrote:
> > > On Wed, Aug 14, 2019 at 11:22:12PM +0300, Maxim Levitsky wrote:
> > >
On Mon, Aug 26, 2019 at 04:50:51PM +0300, Maxim Levitsky wrote:
> Marking a pointer with g_autowipe, will
> not only free it at the scope exit, but also
> erase the data it points to just prior to freeing it.
>
> This is first attempt to implement this feature,
> as suggested by Daniel and Nir.
>
On Tue, Sep 03, 2019 at 03:06:24PM -0400, John Snow wrote:
>
>
> On 9/3/19 3:02 PM, Eric Blake wrote:
> > [adding libvirt list]
> >
> > On 9/3/19 1:50 PM, John Snow wrote:
> >>
> >>
> >> On 9/3/19 10:56 AM, Eric Blake wrote:
> >>> Mention the preferred URI form, especially since NBD is trying to
On Wed, Sep 04, 2019 at 03:19:21PM +0200, Juan Quintela wrote:
> Eric Blake wrote:
> > On 8/20/19 5:48 AM, Juan Quintela wrote:
> >> Reviewed-by: Daniel P. Berrangé
> >> Signed-off-by: Juan Quintela
> >> ---
> >> blockdev-nbd.c
Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 91 +++--
> 1 file changed, 47 insertions(+), 44 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrang
,7 +738,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
> }
> }
>
> -ciphermode =
> qcrypto_block_luks_cipher_mode_lookup(luks->header.cipher_mode,
> + ciphermode = qcrypto_block_luks_cipher_mode_lookup(cipher_mode,
>
21 insertions(+), 23 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-http
&luks->header.key_slots[i],
> + i,
..given that 'i' is size_t here.
> password,
> cipheralg,
>
_get_info
>
> Using them simplifies the code
>
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 169 +---
> 1 file changed, 79 insertions(+), 90 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://
On Mon, Aug 26, 2019 at 04:50:58PM +0300, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 166 +++-
> 1 file changed, 102 insertions(+), 64 deletions(-)
>
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index
On Mon, Aug 26, 2019 at 04:50:59PM +0300, Maxim Levitsky wrote:
> This is just to make qcrypto_block_luks_open more
> reasonable in size.
>
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 254 +---
> 1 file changed, 146 insertions(+), 108 del
On Mon, Aug 26, 2019 at 04:51:00PM +0300, Maxim Levitsky wrote:
> This function will be used later to store
> new keys to the luks metadata
>
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 310 ++--
> 1 file changed, 184 insertions(+), 126 d
PTO_BLOCK_LUKS_SECTOR_SIZE)) *
> - QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> +luks->header.payload_offset_sector = header_sectors +
> +QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors;
>
> block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
> block->payload_offset = luks->header.payload_offset_sector *
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
On Mon, Aug 26, 2019 at 04:51:03PM +0300, Maxim Levitsky wrote:
> Check that keyslots don't overlap with the data,
> and check that keyslots don't overlap with each other.
> (this is done using naive O(n^2) nested loops,
> but since there are just 8 keyslots, this doesn't really matter.
>
> Signed
/block.c | 31 +++
> crypto/blockpriv.h | 8
> include/crypto/block.h | 22 ++
> 3 files changed, 61 insertions(+)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|:
On Fri, Aug 30, 2019 at 11:56:00PM +0300, Maxim Levitsky wrote:
> Now you can specify which slot to put the encryption key to
> Plus add 'active' option which will let user erase the key secret
> instead of adding it.
> Check that it is true for creation
>
> Signed-off-by: Maxim Levitsky
> ---
>
On Fri, Aug 30, 2019 at 11:56:01PM +0300, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 366 +++-
> 1 file changed, 364 insertions(+), 2 deletions(-)
>
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index b
gt; include/block/block_int.h | 1 +
> qemu-img-cmds.hx | 4 ++--
> qemu-img.c| 8 +++-
> qemu-img.texi | 6 +-
> 7 files changed, 20 insertions(+), 5 deletions(-)
For the code
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|
On Fri, Aug 30, 2019 at 11:56:03PM +0300, Maxim Levitsky wrote:
> This implements the encryption key management
> using the generic code in qcrypto layer
> (currently only for qemu-img amend)
>
> This code adds another 'write_func' because the initialization
> write_func works directly on the unde
On Fri, Aug 30, 2019 at 11:56:04PM +0300, Maxim Levitsky wrote:
> ---
> block/qcow2.c | 79 ---
> 1 file changed, 63 insertions(+), 16 deletions(-)
>
> @@ -4888,9 +4899,22 @@ static int qcow2_amend_options(BlockDriverState *bs,
> QemuOpts *opts,
>
On Fri, Aug 30, 2019 at 11:56:06PM +0300, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky
> ---
> block/crypto.c | 86 +---
> qapi/block-core.json | 4 +--
> 2 files changed, 68 insertions(+), 22 deletions(-)
Reviewed-by: Dan
On Fri, Aug 30, 2019 at 11:56:08PM +0300, Maxim Levitsky wrote:
> Note that currently I add tests 300-302, which are
> placeholders to ease the rebase. In final version
> of these patches I will update these.
>
> Signed-off-by: Maxim Levitsky
> ---
> tests/qemu-iotests/087.out | 6 +-
>
On Fri, Sep 06, 2019 at 04:57:22PM +0300, Maxim Levitsky wrote:
> On Fri, 2019-09-06 at 14:49 +0100, Daniel P. Berrangé wrote:
> > On Fri, Aug 30, 2019 at 11:56:00PM +0300, Maxim Levitsky wrote:
> > > Now you can specify which slot to put the encryption key to
> > > Plu
On Fri, Aug 30, 2019 at 11:56:07PM +0300, Maxim Levitsky wrote:
> Currently only for changing crypto parameters
>
> Signed-off-by: Maxim Levitsky
> ---
> block/qcow2.c| 71
> qapi/block-core.json | 4 +--
> 2 files changed, 73 insertions(+),
On Fri, Sep 06, 2019 at 05:26:09PM +0300, Maxim Levitsky wrote:
> On Fri, 2019-09-06 at 15:14 +0100, Daniel P. Berrangé wrote:
> > On Fri, Aug 30, 2019 at 11:56:08PM +0300, Maxim Levitsky wrote:
> > > Note that currently I add tests 300-302, which are
> > > placehol
stake. Sadly, the
> only mention of file.tls-creds in our docs relates to an --image-opts
> use of PSK encryption with qemu-img as the client, rather than x509
> certificate encryption with qemu-kvm as the client.
>
> CC: Tingting Mao
> CC: Daniel P. Berrangé
> Signed-off-by
On Fri, Sep 06, 2019 at 10:57:50PM +0300, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky
> ---
> tests/qemu-iotests/263 | 75 ++
> tests/qemu-iotests/263.out | 19 ++
> tests/qemu-iotests/group | 1 +
> 3 files changed, 95 insertions(+)
>
On Thu, Sep 12, 2019 at 12:17:05PM +0300, Maxim Levitsky wrote:
> These values are not used by generic crypto code anyway
>
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 26 +-
> 1 file changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/crypto/bl
On Thu, Sep 12, 2019 at 12:17:06PM +0300, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 158 ++--
> 1 file changed, 94 insertions(+), 64 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
27 insertions(+), 108 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
81 insertions(+), 123 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-http
doesn't really matter.
>
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 52 +
> 1 file changed, 52 insertions(+)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/
On Tue, Sep 17, 2019 at 01:45:29PM +0200, Greg Kurz wrote:
> On Tue, 17 Sep 2019 13:00:37 +0200
> Philippe Mathieu-Daudé wrote:
>
> > For some reason your email client escaped incorrectly Daniel's email:
> >
> > "Daniel P. Berrangé\"
> >
&g
On Thu, Sep 19, 2019 at 11:17:20AM +0200, Kevin Wolf wrote:
> Am 18.09.2019 um 19:10 hat Eric Blake geschrieben:
> > On 9/18/19 8:02 AM, Vladimir Sementsov-Ogievskiy wrote:
> > > + */
> > > +#define MAKE_ERRP_SAFE(errp) \
> > > +g_auto(ErrorPropagationStruct) (__auto_errp_prop) = {.errp = (errp)};
On Thu, Sep 19, 2019 at 10:21:44AM +, Vladimir Sementsov-Ogievskiy wrote:
> 19.09.2019 13:09, Daniel P. Berrangé wrote:
> > On Thu, Sep 19, 2019 at 11:17:20AM +0200, Kevin Wolf wrote:
> >> Am 18.09.2019 um 19:10 hat Eric Blake geschrieben:
> >>> On 9/18/19 8:02 AM
On Thu, Sep 19, 2019 at 09:44:14AM -0500, Eric Blake wrote:
> On 9/19/19 9:30 AM, Vladimir Sementsov-Ogievskiy wrote:
>
> >>
> >> To the same topic, of minimization: should we always call MAKE_ERRP_SAFE
> >> at function top, or only
> >> in block, where it is needed (assume, we dereference it onl
On Thu, Sep 19, 2019 at 10:24:20AM -0500, Eric Blake wrote:
> On 9/19/19 9:49 AM, Daniel P. Berrangé wrote:
>
> >> ALWAYS using MAKE_ERRP_SAFE() on entry to any function that has an Error
> >> **errp parameter is dirt-simple to explain. It has no performance
> >>
On Thu, Sep 19, 2019 at 04:16:25PM +, Vladimir Sementsov-Ogievskiy wrote:
> 19.09.2019 18:50, Daniel P. Berrangé wrote:
> > On Thu, Sep 19, 2019 at 10:24:20AM -0500, Eric Blake wrote:
> >> On 9/19/19 9:49 AM, Daniel P. Berrangé wrote:
> >>
> >>>> ALW
Some distros are now defaulting to LUKS version 2 which QEMU cannot
process. For our I/O test that validates interoperability between the
kernel/cryptsetup and QEMU, we need to explicitly ask for version 1
of the LUKS format.
Signed-off-by: Daniel P. Berrangé
---
tests/qemu-iotests/149 | 2
>
> Signed-off-by: Maxim Levitsky
> Reviewed-by: Daniel P. Berrangé
> ---
> block/crypto.c | 12 ++--
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/block/crypto.c b/block/crypto.c
> index 7eb698774e..6e822c6e50 100644
> --- a/block/
On Fri, Sep 27, 2019 at 10:26:27AM -0500, Eric Blake wrote:
> On 9/27/19 5:11 AM, Daniel P. Berrangé wrote:
> > Some distros are now defaulting to LUKS version 2 which QEMU cannot
> > process. For our I/O test that validates interoperability between the
> > kernel/cryptsetup
On Wed, Oct 02, 2019 at 04:21:46PM +0200, Thomas Huth wrote:
> Running the iotests during "make check" is causing more headaches than
> benefits for the block layer maintainers, so let's disable the iotests
> during "make check" again.
>
> Signed-off-by: Thomas Huth
> ---
> tests/Makefile.includ
On Mon, Oct 07, 2019 at 06:16:51PM +0200, Cornelia Huck wrote:
> On Mon, 7 Oct 2019 16:10:02 +
> Vladimir Sementsov-Ogievskiy wrote:
>
> > 07.10.2019 18:55, Cornelia Huck wrote:
> > > On Tue, 1 Oct 2019 18:52:54 +0300
> > > Vladimir Sementsov-Ogievskiy wrote:
>
> > >> +def git_add(pattern)
On Mon, Oct 07, 2019 at 02:48:40PM -0500, Eric Blake wrote:
> One benefit of --pid-file is that it is easier to probe the file
> system to see if a pid file has been created than it is to probe if a
> socket is available for connection. Document that this is an
> intentional feature.
I'm not seein
On Tue, Oct 08, 2019 at 08:28:16AM -0500, Eric Blake wrote:
> On 10/8/19 4:40 AM, Vladimir Sementsov-Ogievskiy wrote:
> > 08.10.2019 12:24, Daniel P. Berrangé wrote:
> > > On Mon, Oct 07, 2019 at 02:48:40PM -0500, Eric Blake wrote:
> > > > One benefit of --pid-file
+
> 6 files changed, 97 insertions(+)
Reviewed-by: Daniel P. Berrangé
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index b2a4cff683..9faebd03d4 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -309,3 +309,19 @@
>'base': '
On Tue, Jan 21, 2020 at 03:13:01PM +0200, Maxim Levitsky wrote:
> On Tue, 2020-01-21 at 08:54 +0100, Markus Armbruster wrote:
>
>
>
> > > +##
> > > +# @LUKSKeyslotUpdate:
> > > +#
> > > +# @keyslot: If specified, will update only keyslot with this
> > > index
> > > +#
> > > +# @old-secr
On Tue, Jan 14, 2020 at 09:33:39PM +0200, Maxim Levitsky wrote:
> Next few patches will expose that functionality
> to the user.
>
> Signed-off-by: Maxim Levitsky
> ---
> crypto/block-luks.c | 374 +++-
> qapi/crypto.json| 50 +-
> 2 files changed
On Tue, Jan 14, 2020 at 09:33:41PM +0200, Maxim Levitsky wrote:
> Some options are only useful for creation
> (or hard to be amended, like cluster size for qcow2), while some other
> options are only useful for amend, like upcoming keyslot management
> options for luks
>
> Since currently only qco
o->block,
> + block_crypto_read_func,
> + block_crypto_write_func,
> + bs,
> + amend_options,
> + force
On Tue, Jan 14, 2020 at 09:33:44PM +0200, Maxim Levitsky wrote:
> Now that we have all the infrastructure in place,
> wire it in the qcow2 driver and expose this to the user.
>
> Signed-off-by: Maxim Levitsky
> ---
> block/qcow2.c | 101 +++---
> 1 fil
On Tue, Jan 28, 2020 at 05:11:16PM +, Daniel P. Berrangé wrote:
> On Tue, Jan 21, 2020 at 03:13:01PM +0200, Maxim Levitsky wrote:
> > On Tue, 2020-01-21 at 08:54 +0100, Markus Armbruster wrote:
> >
> >
> >
> > > > +##
> > > > +# @LUKSKeyslo
On Tue, Jan 14, 2020 at 09:33:45PM +0200, Maxim Levitsky wrote:
> This allows more tests to be able to have same output on both qcow2 luks
> encrypted images
> and raw luks images
>
> Signed-off-by: Maxim Levitsky
> ---
> tests/qemu-iotests/087.out | 6 +++---
> tests/qemu-iotests/134.out
bdrv_co_amend = block_crypto_co_amend,
>
> .strong_runtime_opts = block_crypto_strong_runtime_opts,
> };
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
> qapi/block-core.json | 16 +++-
> 2 files changed, 54 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https
On Thu, Jan 30, 2020 at 01:38:47PM +0100, Kevin Wolf wrote:
> Am 28.01.2020 um 18:32 hat Daniel P. Berrangé geschrieben:
> > On Tue, Jan 28, 2020 at 05:11:16PM +0000, Daniel P. Berrangé wrote:
> > > On Tue, Jan 21, 2020 at 03:13:01PM +0200, Maxim Levitsky wrote:
> > > &g
On Thu, Jan 30, 2020 at 03:23:10PM +0100, Kevin Wolf wrote:
> Am 30.01.2020 um 13:53 hat Daniel P. Berrangé geschrieben:
> > On Thu, Jan 30, 2020 at 01:38:47PM +0100, Kevin Wolf wrote:
> > > Am 28.01.2020 um 18:32 hat Daniel P. Berrangé geschrieben:
> > > > On Tue, Ja
On Thu, Jan 30, 2020 at 03:47:00PM +0100, Markus Armbruster wrote:
> Daniel P. Berrangé writes:
>
> > On Thu, Jan 30, 2020 at 01:38:47PM +0100, Kevin Wolf wrote:
> >> Am 28.01.2020 um 18:32 hat Daniel P. Berrangé geschrieben:
> >> > On Tue, Jan 28, 2020 at 05:
On Mon, Feb 03, 2020 at 11:25:29AM +0100, Sergio Lopez wrote:
> On Thu, Jan 30, 2020 at 10:52:35AM +, Stefan Hajnoczi wrote:
> > On Thu, Jan 30, 2020 at 01:29:16AM +0100, Paolo Bonzini wrote:
> > > On 29/01/20 16:44, Stefan Hajnoczi wrote:
> > > > On Mon, Jan 27, 2020 at 02:10:31PM +0100, Corne
On Wed, Feb 05, 2020 at 10:30:11AM +0100, Kevin Wolf wrote:
> Am 05.02.2020 um 09:24 hat Markus Armbruster geschrieben:
> > Daniel, Kevin, any comments or objections to the QAPI schema design
> > sketch developed below?
> >
> > For your convenience, here's the result again:
> >
> > { 'enum':
On Thu, Feb 06, 2020 at 02:20:11PM +0100, Markus Armbruster wrote:
> One more question regarding the array in
>
> { 'struct': 'QCryptoBlockAmendOptionsLUKS',
> 'data' : {
> 'keys': ['LUKSKeyslotUpdate'],
> '*unlock-secret' : 'str' } }
>
> Why an array?
On Thu, Feb 06, 2020 at 02:44:45PM +0100, Markus Armbruster wrote:
> Markus Armbruster writes:
>
> > Kevin Wolf writes:
> >
> >> Am 05.02.2020 um 11:03 hat Markus Armbruster geschrieben:
> >>> Kevin Wolf writes:
> [...]
> >>> > Adding a key gets more complicated with your proposed interface bec
fail for any pre-existing disk images created prior to this change,
unless at least 1 byte of the payload is written to.
Fully writing zeros to the entire LUKS header is a good idea regardless
as it ensures that space has been allocated on the host filesystem (or
whatever block storage backend
eads.c | 12
> block/qcow2.c | 2 --
> 2 files changed, 8 insertions(+), 6 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-
On Mon, Feb 17, 2020 at 01:28:51PM +0100, Markus Armbruster wrote:
> Kevin Wolf writes:
>
> > Am 15.02.2020 um 15:51 hat Markus Armbruster geschrieben:
> >> Review of this patch led to a lengthy QAPI schema design discussion.
> >> Let me try to condense it into a concrete proposal.
> >>
> >> Thi
On Sat, Feb 15, 2020 at 03:51:46PM +0100, Markus Armbruster wrote:
> Review of this patch led to a lengthy QAPI schema design discussion.
> Let me try to condense it into a concrete proposal.
>
> This is about the QAPI schema, and therefore about QMP. The
> human-friendly interface is out of scop
On Mon, Feb 17, 2020 at 01:07:23PM +0200, Maxim Levitsky wrote:
> On Mon, 2020-02-17 at 11:37 +0100, Kevin Wolf wrote:
> > Am 15.02.2020 um 15:51 hat Markus Armbruster geschrieben:
> > > Review of this patch led to a lengthy QAPI schema design discussion.
> > > Let me try to condense it into a conc
On Tue, Feb 25, 2020 at 05:48:02PM +0100, Markus Armbruster wrote:
> Max Reitz writes:
>
> > On 15.02.20 15:51, Markus Armbruster wrote:
> >> Review of this patch led to a lengthy QAPI schema design discussion.
> >> Let me try to condense it into a concrete proposal.
> >>
> >> This is about the
On Mon, Mar 09, 2020 at 04:21:12PM +0100, Kevin Wolf wrote:
> Am 06.03.2020 um 23:51 hat Eric Blake geschrieben:
> > For qcow2 and qed, we want to encourage the use of -F always, as these
> > formats can suffer from data corruption or security holes if backing
> > format is probed. But for other f
On Mon, Mar 09, 2020 at 10:32:52AM -0500, Eric Blake wrote:
> On 3/9/20 10:21 AM, Kevin Wolf wrote:
> > Am 06.03.2020 um 23:51 hat Eric Blake geschrieben:
> > > For qcow2 and qed, we want to encourage the use of -F always, as these
> > > formats can suffer from data corruption or security holes if
On Tue, Mar 10, 2020 at 01:00:12PM +0100, Philippe Mathieu-Daudé wrote:
> On 3/10/20 12:45 PM, Kevin Wolf wrote:
> > Am 10.03.2020 um 09:02 hat Laurent Vivier geschrieben:
> > > Le 09/03/2020 à 20:30, Philippe Mathieu-Daudé a écrit :
> > > > On 3/9/20 8:17 PM, Michael S. Tsirkin wrote:
> > > > > On
On Tue, Mar 17, 2020 at 09:40:00AM -0500, Eric Blake wrote:
> On 3/17/20 9:00 AM, Peter Maydell wrote:
> > On Tue, 17 Mar 2020 at 04:38, John Snow wrote:
>
> > >
> > >block/qcow2-bitmap: use bdrv_dirty_bitmap_next_dirty (2020-03-12
> > > 16:36:46 -0400)
> > >
> > >
On Tue, Mar 17, 2020 at 03:00:48PM +, Peter Maydell wrote:
> On Tue, 17 Mar 2020 at 14:57, Daniel P. Berrangé wrote:
> > I don't feel like -Wno-unused-function looses anything significant, as
> > the GCC builds will still be reporting unused functions which will
> &g
On Tue, Mar 17, 2020 at 03:07:34PM +, Peter Maydell wrote:
> On Tue, 17 Mar 2020 at 15:05, Daniel P. Berrangé wrote:
> >
> > On Tue, Mar 17, 2020 at 03:00:48PM +, Peter Maydell wrote:
> > > On Tue, 17 Mar 2020 at 14:57, Daniel P. Berrangé
> > > wrot
On Wed, Mar 18, 2020 at 05:22:53PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Signed-off-by: Vladimir Sementsov-Ogievskiy
> ---
>
> Hi all!
>
> C standard doesn't allow pointer arithmetic on void *.
> Still, gcc allows it as an extension:
> https://gcc.gnu.org/onlinedocs/gcc-4.8.0/gcc/Pointer
On Fri, Mar 20, 2020 at 02:35:44PM -0500, Eric Blake wrote:
> On 3/20/20 1:58 PM, Alberto Garcia wrote:
> > Hi,
> >
> > when full_discard is false in discard_in_l2_slice() then the selected
> > cluster should be deallocated and it should read back as zeroes. This
> > is done by clearing the cluste
On Tue, Mar 24, 2020 at 10:36:29AM +0100, Kevin Wolf wrote:
> Am 24.03.2020 um 08:41 hat Vladimir Sementsov-Ogievskiy geschrieben:
> > When sending iotests to upstream or do patch porting from one branch
> > to another we very often have to resolve conflicts in group file, as
> > many absolutely in
On Tue, Mar 24, 2020 at 01:02:18PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> 24.03.2020 12:36, Kevin Wolf wrote:
> > Am 24.03.2020 um 08:41 hat Vladimir Sementsov-Ogievskiy geschrieben:
> > > When sending iotests to upstream or do patch porting from one branch
> > > to another we very often have
On Fri, Mar 27, 2020 at 11:19:36AM -0500, Eric Blake wrote:
> Although the remote end should always be tolerant of a socket being
> arbitrarily closed, there are situations where it is a lot easier if
> the remote end can be guaranteed to read EOF even before the socket
> has closed. In particular
On Fri, Mar 27, 2020 at 11:19:35AM -0500, Eric Blake wrote:
> Gnutls documents that while many apps simply yank out the underlying
> transport at the end of communication in the name of efficiency, this
> is indistinguishable from a malicious actor terminating the connection
> prematurely. Since o
On Fri, Mar 27, 2020 at 12:29:39PM -0500, Eric Blake wrote:
> On 3/27/20 11:40 AM, Daniel P. Berrangé wrote:
> > On Fri, Mar 27, 2020 at 11:19:35AM -0500, Eric Blake wrote:
> > > Gnutls documents that while many apps simply yank out the underlying
> > > transport at the
On Fri, Mar 27, 2020 at 12:42:21PM -0500, Eric Blake wrote:
> On 3/27/20 11:35 AM, Daniel P. Berrangé wrote:
> > On Fri, Mar 27, 2020 at 11:19:36AM -0500, Eric Blake wrote:
> > > Although the remote end should always be tolerant of a socket being
> > > arbitrarily c
On Fri, Feb 01, 2019 at 02:42:10PM +, Vladimir Sementsov-Ogievskiy wrote:
> 31.01.2019 16:46, Andrey Shinkevich wrote:
> > Inform a user in case qcow2_get_specific_info fails to obtain
> > QCOW2 image specific information. This patch is preliminary to
> > the print of bitmap information in the
On Mon, Feb 04, 2019 at 10:56:28AM +0100, Kevin Wolf wrote:
> Am 29.01.2019 um 16:58 hat Daniel P. Berrangé geschrieben:
> > On Fri, Jan 25, 2019 at 06:46:53PM +0100, Kevin Wolf wrote:
> > > We should never have exposed BlockBackend names to the guest, it's a
> >
On Tue, Feb 05, 2019 at 04:09:24PM +, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé writes:
>
> > Various iotests scripts (run via 'make check-block') use bash
> > specific extentions. OpenBSD comes with the Korn shell as default.
> > Install bash to be able to run those tests.
>
> Hmmm g
On Tue, Feb 05, 2019 at 05:24:02PM -0500, Brad Smith wrote:
> On 2/5/2019 9:23 AM, Philippe Mathieu-Daudé wrote:
>
> > Hi Brad,
> >
> > On 2/5/19 2:57 PM, Brad Smith wrote:
> > > If someone could point me in the right direction as to how the image is
> > > created
> > > I could look at coming up
On Mon, Feb 11, 2019 at 03:55:58PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Expose attached aio context. It will be used in nbd code, to
> understand, in which aio context negotiation should be done.
I'm not especially objecting to the idea of adding the API to the
QIOChannel class, but I'm su
-on: <20190215155709.15777-1-berra...@redhat.com>
Daniel P. Berrangé (17):
util: add helper APIs for dealing with inotify in portable manner
qom: don't require user creatable objects to be registered
hw/usb: don't set IN_ISDIR for inotify watch in MTP driver
hw/usb: fix const-ness for s
future.
Signed-off-by: Daniel P. Berrangé
---
MAINTAINERS | 7 +
Makefile.objs | 2 +-
include/qemu/filemonitor.h| 128 +++
tests/Makefile.include| 3 +
tests/test-util-filemonitor.c | 685 ++
util
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add
mis-fire.
Ignore this one, I used the wrong base branch to git-publish and didn't
interrupt it quickly enough
Re-posted v4 with correct base.
On Fri, Feb 15, 2019 at 05:13:28PM +0000, Daniel P. Berrangé wrote:
> v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.htm
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a certificat
-on: <20190215155709.15777-1-berra...@redhat.com>
Daniel P. Berrangé (6):
qemu-nbd: add support for authorization of TLS clients
nbd: allow authorization with nbd-server-start QMP command
migration: add support for a "tls-authz" migration parameter
chardev: add support for authorization fo
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certific
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
authz' or 'sasl-authz' parameters to the VNC server, and
equivalent for other network services.
Reviewed-by: Juan Quintela
Signed-off-by: Daniel P. Berrangé
---
monitor.c| 23 +++
qemu-deprecated.texi | 6 ++
2 files changed, 29 insertion
On Tue, Feb 19, 2019 at 07:36:07AM +0100, Thomas Huth wrote:
>
> Hi Eric, hi Daniel,
>
> QEMU iotest 233 is failing for me on RHEL7:
>
> 233[07:29:30] [07:29:30] [failed, exit status 1] - output
> mismatch (see 233.out.bad)
> --- /home/thuth/devel/qemu/tests/qemu-iotests/233.ou
On Tue, Feb 19, 2019 at 10:37:16AM +0100, Kevin Wolf wrote:
> Am 19.02.2019 um 10:04 hat Thomas Huth geschrieben:
> >
> > https://gitlab.com/huth/qemu/-/jobs/163680780
> >
> > Some of them apparently need encryption to be enabled (as already
> > mentioned by Cleber in his patch) - thus should th
porting in user_creatable_add_opts_foreach()
Some callers were updated to pass in "&error_fatal" but all the ones in
qemu-img were left passing NULL. As a result all errors went to
/dev/null instead of being reported to the user.
Signed-off-by: Daniel P. Berrangé
---
qemu-img.c | 26 +-
401 - 500 of 1885 matches
Mail list logo
