[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 28/29] block/rbd: Add luks-any encryption opening option
From: |
Kevin Wolf |
Subject: |
[PULL 28/29] block/rbd: Add luks-any encryption opening option |
Date: |
Thu, 23 Feb 2023 19:51:45 +0100 |
From: Or Ozeri <oro@il.ibm.com>
Ceph RBD encryption API required specifying the encryption format
for loading encryption. The supported formats were LUKS (v1) and LUKS2.
Starting from Reef release, RBD also supports loading with "luks-any" format,
which works for both versions of LUKS.
This commit extends the qemu rbd driver API to enable qemu users to use
this luks-any wildcard format.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
Message-Id: <20230129113120.722708-3-oro@oro.sl.cloud9.ibm.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
qapi/block-core.json | 16 ++++++++++++++--
block/rbd.c | 19 +++++++++++++++++++
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 7f331eb8ea..5f09b1d31a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3922,10 +3922,12 @@
##
# @RbdImageEncryptionFormat:
#
+# @luks-any: Used for opening either luks or luks2 (Since 8.0)
+#
# Since: 6.1
##
{ 'enum': 'RbdImageEncryptionFormat',
- 'data': [ 'luks', 'luks2' ] }
+ 'data': [ 'luks', 'luks2', 'luks-any' ] }
##
# @RbdEncryptionOptionsLUKSBase:
@@ -3967,6 +3969,15 @@
'base': 'RbdEncryptionOptionsLUKSBase',
'data': { } }
+##
+# @RbdEncryptionOptionsLUKSAny:
+#
+# Since: 8.0
+##
+{ 'struct': 'RbdEncryptionOptionsLUKSAny',
+ 'base': 'RbdEncryptionOptionsLUKSBase',
+ 'data': { } }
+
##
# @RbdEncryptionCreateOptionsLUKS:
#
@@ -3994,7 +4005,8 @@
'base': { 'format': 'RbdImageEncryptionFormat' },
'discriminator': 'format',
'data': { 'luks': 'RbdEncryptionOptionsLUKS',
- 'luks2': 'RbdEncryptionOptionsLUKS2' } }
+ 'luks2': 'RbdEncryptionOptionsLUKS2',
+ 'luks-any': 'RbdEncryptionOptionsLUKSAny'} }
##
# @RbdEncryptionCreateOptions:
diff --git a/block/rbd.c b/block/rbd.c
index 4bd75c9bb7..744f84c222 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -469,6 +469,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
g_autofree char *passphrase = NULL;
rbd_encryption_luks1_format_options_t luks_opts;
rbd_encryption_luks2_format_options_t luks2_opts;
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+ rbd_encryption_luks_format_options_t luks_any_opts;
+#endif
rbd_encryption_format_t format;
rbd_encryption_options_t opts;
size_t opts_size;
@@ -502,6 +505,22 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
luks2_opts.passphrase = passphrase;
break;
}
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+ case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: {
+ memset(&luks_any_opts, 0, sizeof(luks_any_opts));
+ format = RBD_ENCRYPTION_FORMAT_LUKS;
+ opts = &luks_any_opts;
+ opts_size = sizeof(luks_any_opts);
+ r = qemu_rbd_convert_luks_options(
+
qapi_RbdEncryptionOptionsLUKSAny_base(&encrypt->u.luks_any),
+ &passphrase, &luks_any_opts.passphrase_size, errp);
+ if (r < 0) {
+ return r;
+ }
+ luks_any_opts.passphrase = passphrase;
+ break;
+ }
+#endif
default: {
r = -ENOTSUP;
error_setg_errno(
--
2.39.2
- [PULL 13/29] block: Mark bdrv_co_do_pwrite_zeroes() GRAPH_RDLOCK, (continued)
- [PULL 13/29] block: Mark bdrv_co_do_pwrite_zeroes() GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- [PULL 21/29] block: Mark bdrv_co_delete_file() and callers GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- [PULL 22/29] block: Mark bdrv_*_dirty_bitmap() and callers GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- [PULL 18/29] block: Mark bdrv_co_is_inserted() and callers GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- [PULL 24/29] scsi: protect req->aiocb with AioContext lock, Kevin Wolf, 2023/02/23
- [PULL 26/29] virtio-scsi: reset SCSI devices from main loop thread, Kevin Wolf, 2023/02/23
- [PULL 27/29] block/rbd: Remove redundant stack variable passphrase_len, Kevin Wolf, 2023/02/23
- [PULL 25/29] dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race, Kevin Wolf, 2023/02/23
- [PULL 23/29] block: Mark bdrv_co_refresh_total_sectors() and callers GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- [PULL 17/29] block: Mark bdrv_co_io_(un)plug() and callers GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- [PULL 28/29] block/rbd: Add luks-any encryption opening option,
Kevin Wolf <=
- [PULL 29/29] block/rbd: Add support for layered encryption, Kevin Wolf, 2023/02/23
- [PULL 16/29] block: Mark bdrv_co_create() and callers GRAPH_RDLOCK, Kevin Wolf, 2023/02/23
- Re: [PULL 00/29] Block layer patches, Peter Maydell, 2023/02/24