Message ID | 20170220151921.22842-5-berrange@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Am 20.02.2017 um 16:19 hat Daniel P. Berrange geschrieben: > The qemu-img dd/convert commands will create a image file and > then try to open it. Historically it has been possible to open > new files without passing any options. With encrypted files > though, the *key-secret options are mandatory, so we need to > provide those options when opening the newly created file. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > qemu-img.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 42 insertions(+), 2 deletions(-) > > diff --git a/qemu-img.c b/qemu-img.c > index e48e676..bad19fd 100644 > --- a/qemu-img.c > +++ b/qemu-img.c > @@ -317,6 +317,46 @@ static BlockBackend *img_open_file(const char *filename, > } > > > +static int img_add_key_secrets(void *opaque, > + const char *name, const char *value, > + Error **errp) > +{ > + QDict *options = opaque; > + > + if (g_str_has_suffix(name, "key-secret")) { > + qdict_put(options, name, qstring_from_str(value)); > + } > + > + return 0; > +} > + > +static BlockBackend *img_open_new_file(const char *filename, > + QemuOpts *create_opts, > + const char *fmt, int flags, > + bool writethrough, bool quiet) > +{ > + BlockBackend *blk; > + Error *local_err = NULL; > + QDict *options = NULL; > + > + options = qdict_new(); > + if (fmt) { > + qdict_put(options, "driver", qstring_from_str(fmt)); > + } > + > + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); > + > + blk = blk_new_open(filename, NULL, options, flags, &local_err); > + if (!blk) { > + error_reportf_err(local_err, "Could not open '%s': ", filename); > + return NULL; > + } > + blk_set_enable_write_cache(blk, !writethrough); > + > + return blk; > +} Why not make this a small wrapper around img_open_file(), which does almost the same except that it can ask for a password? Leaving out the img_open_password() call means that simple '-o encryption=on' breaks, so it's a bug anyway: $ ./qemu-img convert -O qcow2 -o encryption ~/images/hd.img /tmp/crypt.qcow2 qemu-img: block/qcow2.c:1613: qcow2_co_pwritev: Assertion `s->cipher' failed. Kevin
On Wed, Feb 22, 2017 at 12:20:36PM +0100, Kevin Wolf wrote: > Am 20.02.2017 um 16:19 hat Daniel P. Berrange geschrieben: > > The qemu-img dd/convert commands will create a image file and > > then try to open it. Historically it has been possible to open > > new files without passing any options. With encrypted files > > though, the *key-secret options are mandatory, so we need to > > provide those options when opening the newly created file. > > > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > > --- > > qemu-img.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- > > 1 file changed, 42 insertions(+), 2 deletions(-) > > > > diff --git a/qemu-img.c b/qemu-img.c > > index e48e676..bad19fd 100644 > > --- a/qemu-img.c > > +++ b/qemu-img.c > > @@ -317,6 +317,46 @@ static BlockBackend *img_open_file(const char *filename, > > } > > > > > > +static int img_add_key_secrets(void *opaque, > > + const char *name, const char *value, > > + Error **errp) > > +{ > > + QDict *options = opaque; > > + > > + if (g_str_has_suffix(name, "key-secret")) { > > + qdict_put(options, name, qstring_from_str(value)); > > + } > > + > > + return 0; > > +} > > + > > +static BlockBackend *img_open_new_file(const char *filename, > > + QemuOpts *create_opts, > > + const char *fmt, int flags, > > + bool writethrough, bool quiet) > > +{ > > + BlockBackend *blk; > > + Error *local_err = NULL; > > + QDict *options = NULL; > > + > > + options = qdict_new(); > > + if (fmt) { > > + qdict_put(options, "driver", qstring_from_str(fmt)); > > + } > > + > > + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); > > + > > + blk = blk_new_open(filename, NULL, options, flags, &local_err); > > + if (!blk) { > > + error_reportf_err(local_err, "Could not open '%s': ", filename); > > + return NULL; > > + } > > + blk_set_enable_write_cache(blk, !writethrough); > > + > > + return blk; > > +} > > Why not make this a small wrapper around img_open_file(), which does > almost the same except that it can ask for a password? Leaving out the > img_open_password() call means that simple '-o encryption=on' breaks, > so it's a bug anyway: > > $ ./qemu-img convert -O qcow2 -o encryption ~/images/hd.img /tmp/crypt.qcow2 > qemu-img: block/qcow2.c:1613: qcow2_co_pwritev: Assertion `s->cipher' failed. I had written this after my conversion of qcow2 to use secrets, but I presume you just tested this series in isolation. If this series merges before my qcow2+luks series, then yeah, we'd need to handle the scearnio you describe. Regards, Daniel
Am 22.02.2017 um 12:33 hat Daniel P. Berrange geschrieben: > On Wed, Feb 22, 2017 at 12:20:36PM +0100, Kevin Wolf wrote: > > Am 20.02.2017 um 16:19 hat Daniel P. Berrange geschrieben: > > > The qemu-img dd/convert commands will create a image file and > > > then try to open it. Historically it has been possible to open > > > new files without passing any options. With encrypted files > > > though, the *key-secret options are mandatory, so we need to > > > provide those options when opening the newly created file. > > > > > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > > > --- > > > qemu-img.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- > > > 1 file changed, 42 insertions(+), 2 deletions(-) > > > > > > diff --git a/qemu-img.c b/qemu-img.c > > > index e48e676..bad19fd 100644 > > > --- a/qemu-img.c > > > +++ b/qemu-img.c > > > @@ -317,6 +317,46 @@ static BlockBackend *img_open_file(const char *filename, > > > } > > > > > > > > > +static int img_add_key_secrets(void *opaque, > > > + const char *name, const char *value, > > > + Error **errp) > > > +{ > > > + QDict *options = opaque; > > > + > > > + if (g_str_has_suffix(name, "key-secret")) { > > > + qdict_put(options, name, qstring_from_str(value)); > > > + } > > > + > > > + return 0; > > > +} > > > + > > > +static BlockBackend *img_open_new_file(const char *filename, > > > + QemuOpts *create_opts, > > > + const char *fmt, int flags, > > > + bool writethrough, bool quiet) > > > +{ > > > + BlockBackend *blk; > > > + Error *local_err = NULL; > > > + QDict *options = NULL; > > > + > > > + options = qdict_new(); > > > + if (fmt) { > > > + qdict_put(options, "driver", qstring_from_str(fmt)); > > > + } > > > + > > > + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); > > > + > > > + blk = blk_new_open(filename, NULL, options, flags, &local_err); > > > + if (!blk) { > > > + error_reportf_err(local_err, "Could not open '%s': ", filename); > > > + return NULL; > > > + } > > > + blk_set_enable_write_cache(blk, !writethrough); > > > + > > > + return blk; > > > +} > > > > Why not make this a small wrapper around img_open_file(), which does > > almost the same except that it can ask for a password? Leaving out the > > img_open_password() call means that simple '-o encryption=on' breaks, > > so it's a bug anyway: > > > > $ ./qemu-img convert -O qcow2 -o encryption ~/images/hd.img /tmp/crypt.qcow2 > > qemu-img: block/qcow2.c:1613: qcow2_co_pwritev: Assertion `s->cipher' failed. > > I had written this after my conversion of qcow2 to use secrets, but I > presume you just tested this series in isolation. If this series merges > before my qcow2+luks series, then yeah, we'd need to handle the scearnio > you describe. I see. Your commit message doesn't make clear that it depends on the qcow2 series, so I was thinking that this could go into 2.9 even if the qcow2 series might not make it (I think it touches the I/O path, so I'm a bit more cautious there so short before the freeze). Anyway, doesn't the wrapper instead of duplicating code make sense anyway, even if the duplication didn't result in a bug? Kevin
On Wed, Feb 22, 2017 at 01:18:49PM +0100, Kevin Wolf wrote: > Am 22.02.2017 um 12:33 hat Daniel P. Berrange geschrieben: > > On Wed, Feb 22, 2017 at 12:20:36PM +0100, Kevin Wolf wrote: > > > Am 20.02.2017 um 16:19 hat Daniel P. Berrange geschrieben: > > > > The qemu-img dd/convert commands will create a image file and > > > > then try to open it. Historically it has been possible to open > > > > new files without passing any options. With encrypted files > > > > though, the *key-secret options are mandatory, so we need to > > > > provide those options when opening the newly created file. > > > > > > > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > > > > --- > > > > qemu-img.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- > > > > 1 file changed, 42 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/qemu-img.c b/qemu-img.c > > > > index e48e676..bad19fd 100644 > > > > --- a/qemu-img.c > > > > +++ b/qemu-img.c > > > > @@ -317,6 +317,46 @@ static BlockBackend *img_open_file(const char *filename, > > > > } > > > > > > > > > > > > +static int img_add_key_secrets(void *opaque, > > > > + const char *name, const char *value, > > > > + Error **errp) > > > > +{ > > > > + QDict *options = opaque; > > > > + > > > > + if (g_str_has_suffix(name, "key-secret")) { > > > > + qdict_put(options, name, qstring_from_str(value)); > > > > + } > > > > + > > > > + return 0; > > > > +} > > > > + > > > > +static BlockBackend *img_open_new_file(const char *filename, > > > > + QemuOpts *create_opts, > > > > + const char *fmt, int flags, > > > > + bool writethrough, bool quiet) > > > > +{ > > > > + BlockBackend *blk; > > > > + Error *local_err = NULL; > > > > + QDict *options = NULL; > > > > + > > > > + options = qdict_new(); > > > > + if (fmt) { > > > > + qdict_put(options, "driver", qstring_from_str(fmt)); > > > > + } > > > > + > > > > + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); > > > > + > > > > + blk = blk_new_open(filename, NULL, options, flags, &local_err); > > > > + if (!blk) { > > > > + error_reportf_err(local_err, "Could not open '%s': ", filename); > > > > + return NULL; > > > > + } > > > > + blk_set_enable_write_cache(blk, !writethrough); > > > > + > > > > + return blk; > > > > +} > > > > > > Why not make this a small wrapper around img_open_file(), which does > > > almost the same except that it can ask for a password? Leaving out the > > > img_open_password() call means that simple '-o encryption=on' breaks, > > > so it's a bug anyway: > > > > > > $ ./qemu-img convert -O qcow2 -o encryption ~/images/hd.img /tmp/crypt.qcow2 > > > qemu-img: block/qcow2.c:1613: qcow2_co_pwritev: Assertion `s->cipher' failed. > > > > I had written this after my conversion of qcow2 to use secrets, but I > > presume you just tested this series in isolation. If this series merges > > before my qcow2+luks series, then yeah, we'd need to handle the scearnio > > you describe. > > I see. Your commit message doesn't make clear that it depends on the > qcow2 series, so I was thinking that this could go into 2.9 even if the > qcow2 series might not make it (I think it touches the I/O path, so I'm > a bit more cautious there so short before the freeze). Yep, understood. It is wise to be cautious with crypto stuff too. > Anyway, doesn't the wrapper instead of duplicating code make sense > anyway, even if the duplication didn't result in a bug? Ok, I see what you mean. I can repost with that change. Regards, Daniel
diff --git a/qemu-img.c b/qemu-img.c index e48e676..bad19fd 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -317,6 +317,46 @@ static BlockBackend *img_open_file(const char *filename, } +static int img_add_key_secrets(void *opaque, + const char *name, const char *value, + Error **errp) +{ + QDict *options = opaque; + + if (g_str_has_suffix(name, "key-secret")) { + qdict_put(options, name, qstring_from_str(value)); + } + + return 0; +} + +static BlockBackend *img_open_new_file(const char *filename, + QemuOpts *create_opts, + const char *fmt, int flags, + bool writethrough, bool quiet) +{ + BlockBackend *blk; + Error *local_err = NULL; + QDict *options = NULL; + + options = qdict_new(); + if (fmt) { + qdict_put(options, "driver", qstring_from_str(fmt)); + } + + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); + + blk = blk_new_open(filename, NULL, options, flags, &local_err); + if (!blk) { + error_reportf_err(local_err, "Could not open '%s': ", filename); + return NULL; + } + blk_set_enable_write_cache(blk, !writethrough); + + return blk; +} + + static BlockBackend *img_open(bool image_opts, const char *filename, const char *fmt, int flags, bool writethrough, @@ -2120,8 +2160,8 @@ static int img_convert(int argc, char **argv) * That has to wait for bdrv_create to be improved * to allow filenames in option syntax */ - out_blk = img_open_file(out_filename, out_fmt, - flags, writethrough, quiet); + out_blk = img_open_new_file(out_filename, opts, out_fmt, + flags, writethrough, quiet); } if (!out_blk) { ret = -1;
The qemu-img dd/convert commands will create a image file and then try to open it. Historically it has been possible to open new files without passing any options. With encrypted files though, the *key-secret options are mandatory, so we need to provide those options when opening the newly created file. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- qemu-img.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-)