[Qemu-block] [PATCH v10 4/4] qemu-img: copy *key-secret opts when opening newly created files

created file. Reviewed-by: Max Reitz Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 42 +- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index e0e3d31..0bf941b 100644

[Qemu-block] [PATCH v10 0/4] Improve convert and dd commands

e-considered once dd is rewritten to run ontop of convert. - Use consistent return/goto style in dd command (Max) - Fix error reporting when using compressed image and skip-create (Max) - Unconditionally create QDict when open files (Max) Changed in v2: - Replace dd -n flag with support for conv

[Qemu-block] [PATCH v9 4/4] qemu-img: copy *key-secret opts when opening newly created files

created file. Reviewed-by: Max Reitz Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 42 +- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index e0e3d31..dcddded 100644

[Qemu-block] [PATCH v9 1/4] qemu-img: add support for --object with 'dd' command

The qemu-img dd command added --image-opts support, but missed the corresponding --object support. This prevented passing secrets (eg auth passwords) needed by certain disk images. Reviewed-by: Fam Zheng Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange

[Qemu-block] [PATCH v9 3/4] qemu-img: introduce --target-image-opts for 'convert' command

s --target-image-opts to indicate that the target filename includes options. Currently this mandates use of the --skip-create flag too. Reviewed-by: Fam Zheng Signed-off-by: Daniel P. Berrange --- qemu-img-cmds.hx | 4 +-- qemu-img.c | 84 ++--

[Qemu-block] [PATCH v9 2/4] qemu-img: fix --image-opts usage with dd command

Reitz Signed-off-by: Daniel P. Berrange --- qemu-img.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 181f499..4dc1d56 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4316,8 +4316,13 @@ static int img_dd(int argc, char **argv) goto out

[Qemu-block] [PATCH v9 0/4] Improve convert and dd commands

ally create QDict when open files (Max) Changed in v2: - Replace dd -n flag with support for conv=nocreat,notrunc - Misc typos (Eric, Fam) Daniel P. Berrange (4): qemu-img: add support for --object with 'dd' command qemu-img: fix --image-opts usage with dd command qemu-img: int

Re: [Qemu-block] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption

On Thu, May 11, 2017 at 04:05:59PM +0200, Alberto Garcia wrote: > On Tue 25 Apr 2017 05:38:49 PM CEST, Daniel P. Berrange wrote: > > @@ -181,8 +188,39 @@ static int qcow_open(BlockDriverState *bs, QDict > > *options, int flags, > [...] > > +crypto_opts = blo

[Qemu-block] [PATCH v5 5/5] iotests: chown LUKS device before qemu-io launches

permissions causing failure. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/149 | 13 +- tests/qemu-iotests/149.out | 344 ++--- 2 files changed, 178 insertions(+), 179 deletions(-) diff --git a/tests/qemu-iotests/149 b

[Qemu-block] [PATCH v5 3/5] iotests: reduce PBKDF iterations when testing LUKS

ts real 4m39.235s user 3m29.590s sys 0m24.234s Still slow compared to qcow2/raw, but much improved none the less. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/149 | 3 + tests/qemu-iotests/149.out

[Qemu-block] [PATCH v5 2/5] iotests: fix remainining tests to work with LUKS

broken when run with LUKS because it didn't take account of fact that $TEST_IMG was already in image opts syntax. The launch_qemu helper also didn't register the secret object providing the LUKS password. Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/033

[Qemu-block] [PATCH v5 1/5] iotests: skip 159 & 170 with luks format

While the qemu-img dd command does accept --image-opts this is not sufficient to make it work with the LUKS image yet. This is because bdrv_create() still always requires the non-image-opts syntax. Thus we must skip 159/170 with luks for now Reviewed-by: Eric Blake Signed-off-by: Daniel P

[Qemu-block] [PATCH v5 4/5] iotests: add more LUKS hash combination tests

Add tests for sha224, sha512, sha384 and ripemd160 hash algorithms. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/149 | 10 +- tests/qemu-iotests/149.out | 482 - 2 files changed, 484 insertions(+), 8 deletions

[Qemu-block] [PATCH v5 0/5] Improve I/O tests coverage of LUKS

t work due to qemu-img dd limitations Daniel P. Berrange (5): iotests: skip 159 & 170 with luks format iotests: fix remainining tests to work with LUKS iotests: reduce PBKDF iterations when testing LUKS iotests: add more LUKS hash combination tests iotests: chown LUKS device befo

Re: [Qemu-block] [PATCH v6 13/18] qcow2: add support for LUKS encryption format

On Wed, Apr 26, 2017 at 12:46:18PM -0500, Eric Blake wrote: > On 04/25/2017 10:38 AM, Daniel P. Berrange wrote: > > This adds support for using LUKS as an encryption format > > with the qcow2 file, using the new encrypt.format parameter > > to request "luks" for

[Qemu-block] [PATCH v8 2/4] qemu-img: fix --image-opts usage with dd command

Reitz Signed-off-by: Daniel P. Berrange --- qemu-img.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 34f49c2..d8fdcb1 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4239,8 +4239,13 @@ static int img_dd(int argc, char **argv) goto out

[Qemu-block] [PATCH v8 0/4] Improve convert and dd commands

to style in dd command (Max) - Fix error reporting when using compressed image and skip-create (Max) - Unconditionally create QDict when open files (Max) Changed in v2: - Replace dd -n flag with support for conv=nocreat,notrunc - Misc typos (Eric, Fam) Daniel P. Berrange (4): qemu-img: add support for

[Qemu-block] [PATCH v8 4/4] qemu-img: copy *key-secret opts when opening newly created files

created file. Reviewed-by: Max Reitz Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 41 +++-- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index bb79cfb..c865982 100644

[Qemu-block] [PATCH v8 1/4] qemu-img: add support for --object with 'dd' command

The qemu-img dd command added --image-opts support, but missed the corresponding --object support. This prevented passing secrets (eg auth passwords) needed by certain disk images. Reviewed-by: Fam Zheng Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange

[Qemu-block] [PATCH v8 3/4] qemu-img: introduce --target-image-opts for 'convert' command

s --target-image-opts to indicate that the target filename includes options. Currently this mandates use of the --skip-create flag too. Signed-off-by: Daniel P. Berrange --- qemu-img-cmds.hx | 4 +-- qemu-img.c | 83 ++-- qemu-img.te

Re: [Qemu-block] [PATCH v7 3/4] qemu-img: introduce --target-image-opts for 'convert' command

On Wed, May 03, 2017 at 09:50:49PM +0200, Max Reitz wrote: > On 02.05.2017 16:47, Daniel P. Berrange wrote: > > The '--image-opts' flag indicates whether the source filename > > includes options. The target filename has to remain in the > > plain filename format thou

Re: [Qemu-block] [Qemu-devel] [PATCH] iotests: 147: Don't test inet6 if not available

On Fri, May 05, 2017 at 06:21:53PM +0800, Fam Zheng wrote: > This is the case in our docker tests, as we use --net=none there. Skip > this method. > > Signed-off-by: Fam Zheng > --- > tests/qemu-iotests/147 | 7 +++ > 1 file changed, 7 insertions(+) > > diff --git a/tests/qemu-iotests/147 b

Re: [Qemu-block] [PATCH] block: curl: Allow passing cookies via QCryptoSecret

t: ID of a QCryptoSecret object providing the cookie data in a > +# secure way. See @cookie for the format. (since 2.10) > +# > # Since: 2.9 > ## > { 'struct': 'BlockdevOptionsCurlHttps', >'base': 'BlockdevOptionsCurlBase

[Qemu-block] [PATCH v4 4/5] iotests: add more LUKS hash combination tests

Add tests for sha224, sha512, sha384 and ripemd160 hash algorithms. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/149 | 10 +- tests/qemu-iotests/149.out | 482 - 2 files changed, 484 insertions(+), 8 deletions

[Qemu-block] [PATCH v4 5/5] iotests: chown LUKS device before qemu-io launches

permissions causing failure. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/149 | 13 +- tests/qemu-iotests/149.out | 344 ++--- 2 files changed, 178 insertions(+), 179 deletions(-) diff --git a/tests/qemu-iotests/149 b

[Qemu-block] [PATCH v4 2/5] iotests: fix remainining tests to work with LUKS

: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/033 | 12 ++-- tests/qemu-iotests/120 | 1 + tests/qemu-iotests/140 | 15 ++- tests/qemu-iotests/145 | 18 +- tests/qemu-iotests/157 | 17 ++--- tests/qemu-iotests

[Qemu-block] [PATCH v4 3/5] iotests: reduce PBKDF iterations when testing LUKS

ts real 4m39.235s user 3m29.590s sys 0m24.234s Still slow compared to qcow2/raw, but much improved none the less. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/149 | 3 + tests/qemu-iotests/149.out

[Qemu-block] [PATCH v4 1/5] iotests: skip 159 & 170 with luks format

While the qemu-img dd command does accept --image-opts this is not sufficient to make it work with the LUKS image yet. This is because bdrv_create() still always requires the non-image-opts syntax. Thus we must skip 159/170 with luks for now Reviewed-by: Eric Blake Signed-off-by: Daniel P

[Qemu-block] [PATCH v4 0/5] Improve I/O tests coverage of LUKS

ome typos in commit message(s) (Eric) Changed in v2: - Split off patch that change check.time recording since it was not a direct dependancy - Skip new 159 & 170 tests which don't work due to qemu-img dd limitations Daniel P. Berrange (5): iotests: skip 159 & 170

[Qemu-block] [PATCH v7 3/4] qemu-img: introduce --target-image-opts for 'convert' command

s --target-image-opts to indicate that the target filename includes options. Currently this mandates use of the --skip-create flag too. Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img-cmds.hx | 4 +-- qemu-img.c

[Qemu-block] [PATCH v7 4/4] qemu-img: copy *key-secret opts when opening newly created files

created file. Reviewed-by: Max Reitz Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 41 +++-- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 94c8cea..cbf05b4 100644

[Qemu-block] [PATCH v7 2/4] qemu-img: fix --image-opts usage with dd command

Reitz Signed-off-by: Daniel P. Berrange --- qemu-img.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 34f49c2..d8fdcb1 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4239,8 +4239,13 @@ static int img_dd(int argc, char **argv) goto out

[Qemu-block] [PATCH v7 0/4] Improve convert and dd commands

--object support. They can be re-considered once dd is rewritten to run ontop of convert. - Use consistent return/goto style in dd command (Max) - Fix error reporting when using compressed image and skip-create (Max) - Unconditionally create QDict when open files (Max) Changed in v2: - Replac

[Qemu-block] [PATCH v7 1/4] qemu-img: add support for --object with 'dd' command

The qemu-img dd command added --image-opts support, but missed the corresponding --object support. This prevented passing secrets (eg auth passwords) needed by certain disk images. Reviewed-by: Fam Zheng Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange

Re: [Qemu-block] [PATCH v6 5/5] Revert "qemu-img: copy *key-secret opts when opening newly created files"

On Tue, May 02, 2017 at 09:29:24AM -0500, Eric Blake wrote: > On 05/02/2017 09:18 AM, Daniel P. Berrange wrote: > > This reverts commit 37d7772f6b81613620a333862dc67e34b2fda1a9. > > --- > > qemu-img.c | 41 ++--- > > 1 file c

[Qemu-block] [PATCH v6 5/5] Revert "qemu-img: copy *key-secret opts when opening newly created files"

This reverts commit 37d7772f6b81613620a333862dc67e34b2fda1a9. --- qemu-img.c | 41 ++--- 1 file changed, 6 insertions(+), 35 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index cbf05b4..94c8cea 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -305,17 +305,15 @@

[Qemu-block] [PATCH v6 4/5] qemu-img: copy *key-secret opts when opening newly created files

created file. Reviewed-by: Max Reitz Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 41 +++-- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 94c8cea..cbf05b4 100644

[Qemu-block] [PATCH v6 3/5] qemu-img: introduce --target-image-opts for 'convert' command

s --target-image-opts to indicate that the target filename includes options. Currently this mandates use of the --skip-create flag too. Reviewed-by: Fam Zheng Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img-cmds.hx | 4 +-- qemu-img.c

[Qemu-block] [PATCH v6 0/5] Improve convert and dd commands

ix error reporting when using compressed image and skip-create (Max) - Unconditionally create QDict when open files (Max) Changed in v2: - Replace dd -n flag with support for conv=nocreat,notrunc - Misc typos (Eric, Fam) Daniel P. Berrange (5): qemu-img: add support for --object with 'dd&

[Qemu-block] [PATCH v6 1/5] qemu-img: add support for --object with 'dd' command

The qemu-img dd command added --image-opts support, but missed the corresponding --object support. This prevented passing secrets (eg auth passwords) needed by certain disk images. Reviewed-by: Fam Zheng Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange

[Qemu-block] [PATCH v6 2/5] qemu-img: fix --image-opts usage with dd command

Reitz Signed-off-by: Daniel P. Berrange --- qemu-img.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 34f49c2..d8fdcb1 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4239,8 +4239,13 @@ static int img_dd(int argc, char **argv) goto out

Re: [Qemu-block] [PATCH v5 3/4] qemu-img: introduce --target-image-opts for 'convert' command

On Wed, Apr 26, 2017 at 09:23:25PM +0200, Max Reitz wrote: > On 24.04.2017 11:16, Daniel P. Berrange wrote: > > The '--image-opts' flags indicates whether the source filename > > includes options. The target filename has to remain in the > > plain filename form

Re: [Qemu-block] [Qemu-devel] [PATCH v15 19/21] osdep: Add qemu_lock_fd and qemu_unlock_fd

On Wed, Apr 26, 2017 at 09:20:28PM +0800, Fam Zheng wrote: > On Wed, 04/26 14:57, Kevin Wolf wrote: > > Am 26.04.2017 um 05:34 hat Fam Zheng geschrieben: > > > They are wrappers of POSIX fcntl "file private locking", with a > > > convenient "try lock" wrapper implemented with F_OFD_GETLK. > > > >

Re: [Qemu-block] [PATCH v6 02/18] block: add ability to set a prefix for opt names

On Wed, Apr 26, 2017 at 09:12:06AM -0500, Eric Blake wrote: > On 04/26/2017 08:50 AM, Daniel P. Berrange wrote: > > On Wed, Apr 26, 2017 at 08:28:04AM -0500, Eric Blake wrote: > >> On 04/25/2017 10:38 AM, Daniel P. Berrange wrote: > >>> When integrating the crypto sup

Re: [Qemu-block] [PATCH v6 02/18] block: add ability to set a prefix for opt names

On Wed, Apr 26, 2017 at 08:28:04AM -0500, Eric Blake wrote: > On 04/25/2017 10:38 AM, Daniel P. Berrange wrote: > > When integrating the crypto support with qcow/qcow2, we don't > > want to use the bare LUKS option names "hash-alg", "key-secret", > >

[Qemu-block] [PATCH v6 13/18] qcow2: add support for LUKS encryption format

ng the host physical sector as the input, rather than the guest virtual sector. This guarantees unique initialization vectors for all sectors when qcow2 internal snapshots are used, thus giving stronger protection against watermarking attacks. Signed-off-by: Daniel P. Berrange --- block/qcow2-

[Qemu-block] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1)

The 138 and 158 iotests exercise the legacy qcow2 aes encryption code path and they work fine with qcow v1 too. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/134 | 2 +- tests/qemu-iotests/158 | 2 +- 2 files changed, 2 insertions

[Qemu-block] [PATCH v6 18/18] block: pass option prefix down to crypto layer

to layer can report accurate error messages, we must tell it what option name prefix was used. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block/crypto.c| 4 ++-- block/qcow.c | 7 --- block/qcow2.c | 1

[Qemu-block] [PATCH v6 16/18] block: rip out all traces of password prompting

Now that qcow & qcow2 are wired up to get encryption keys via the QCryptoSecret object, nothing is relying on the interactive prompting for passwords. All the code related to password prompting can thus be ripped out. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Dani

[Qemu-block] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption

Likewise when creating such images qemu-img create -f qcow \ -object secret,id=sec0,filename=/home/berrange/encrypted.pw \ -o encrypt.format=qcow,encrypt.key-secret=sec0 \ /home/berrange/encrypted.qcow Signed-off-by: Daniel P. Berrange --- block/crypto.c | 10 +++ block/crypto.h

[Qemu-block] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes"

te -f qcow2 -o encrypt.format=aes demo.qcow2 Signed-off-by: Daniel P. Berrange --- block/qcow.c | 30 ++--- block/qcow2.c | 33 +++ include/block/block_int.h | 2 +- qemu-img.c | 4 ++- tests/qemu-iotests/082.out | 81 +

[Qemu-block] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support

This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests

[Qemu-block] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption

stopped CPU state. Signed-off-by: Daniel P. Berrange --- block/qcow2-cluster.c | 47 +- block/qcow2.c | 225 ++--- block/qcow2.h | 5 +- qapi/block-core.json | 27 +- tests/qemu-iotests/049 | 2

[Qemu-block] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place

Garcia Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Kevin Wolf Signed-off-by: Daniel P. Berrange --- block/qcow.c | 45 +++-- 1 file changed, 15 insertions(+), 30 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index e9b7861..8b38de2

[Qemu-block] [PATCH v6 17/18] block: remove all encryption handling APIs

whether an image is encrypted or not, since that is a potentially useful piece of metadata to report to the user. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block.c | 77 +-- block/crypto.c| 1 - block

[Qemu-block] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images

Test 042 is designed to verify operation with zero sized images. Such images are not supported with qcow (v1), so this test has always failed. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/042 | 2 +- 1 file changed, 1 insertion

[Qemu-block] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize

Test 048 is designed to verify data preservation during an image resize. The qcow (v1) format impl has never supported resize so always fails. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/048 | 2 +- 1 file changed, 1 insertion

[Qemu-block] [PATCH v6 04/18] qcow: require image size to be > 1 for new images

The qcow driver refuses to open images which are less than 2 bytes in size, but will happily create such images. Add a check in the create path to avoid this discrepancy. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- block

[Qemu-block] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers

. Reviewed-by: Max Reitz Reviewed-by: Eric Blake Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/crypto.c | 82 +--- block/crypto.h | 91 ++ 2 files changed, 117

[Qemu-block] [PATCH v6 02/18] block: add ability to set a prefix for opt names

at a later date. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/crypto.c | 16 block/crypto.h | 40 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/block/crypto.c b/block/

[Qemu-block] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place

: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/qcow2-cluster.c | 17 ++--- block/qcow2.c | 4 ++-- block/qcow2.h | 3 +-- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 100398c..0a27399 100644

[Qemu-block] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption

Update the qcow2 specification to describe how the LUKS header is placed inside a qcow2 file, when using LUKS encryption for the qcow2 payload instead of the legacy AES-CBC encryption Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- docs/specs/qcow2.txt

[Qemu-block] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption

: Alberto Garcia Signed-off-by: Daniel P. Berrange --- qemu-img.texi | 19 --- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/qemu-img.texi b/qemu-img.texi index c81db3e..d6baae0 100644 --- a/qemu-img.texi +++ b/qemu-img.texi @@ -558,16 +558,29 @@ The use of encryption in

[Qemu-block] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support

ocs for 'encryption-format' option - Deprecate legacy 'encryption' option - Drop redundant test scenarios - Use small file sizes for iotests - Drop pbkdf iteration time to 10ms during iotests - Use separate passphrase for top vs backing file in iotests - Mark 'encryption_key

Re: [Qemu-block] [PATCH v5 13/18] qcow2: add support for LUKS encryption format

On Tue, Feb 21, 2017 at 03:13:03PM +0100, Alberto Garcia wrote: > On Tue 21 Feb 2017 12:55:07 PM CET, Daniel P. Berrange wrote: > > static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts, > > -

Re: [Qemu-block] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption

On Tue, Feb 21, 2017 at 02:30:10PM +0100, Alberto Garcia wrote: > On Tue 21 Feb 2017 12:55:05 PM CET, Daniel P. Berrange wrote: > > +switch (s->crypt_method_header) { > > +case QCOW_CRYPT_NONE: > > +break; > > + > > +case QCOW_CR

Re: [Qemu-block] [PATCH v5 09/18] qcow: convert QCow to use QCryptoBlock for encryption

On Tue, Feb 21, 2017 at 02:19:46PM +0100, Alberto Garcia wrote: > On Tue 21 Feb 2017 12:55:03 PM CET, Daniel P. Berrange wrote: > > @@ -175,8 +185,31 @@ static int qcow_open(BlockDriverState *bs, QDict > > *options, int flags, > > ret = -ENOSYS; >

Re: [Qemu-block] [PATCH v5 3/4] qemu-img: introduce --target-image-opts for 'convert' command

On Mon, Apr 24, 2017 at 05:45:12PM +0800, Fam Zheng wrote: > On Mon, 04/24 10:16, Daniel P. Berrange wrote: > > The '--image-opts' flags indicates whether the source filename > > s/flags/flag/ or s/indicates/indicate/, I think? Yes to the first, no to the second > &g

[Qemu-block] [PATCH v5 4/4] qemu-img: copy *key-secret opts when opening newly created files

file. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 41 +++-- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 2344e64..cee28db 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -305,15

[Qemu-block] [PATCH v5 2/4] qemu-img: fix --image-opts usage with dd command

P. Berrange --- qemu-img.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 2249c21..83aff5e 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4312,8 +4312,13 @@ static int img_dd(int argc, char **argv) goto out; } -blk2

[Qemu-block] [PATCH v5 3/4] qemu-img: introduce --target-image-opts for 'convert' command

s --target-image-opts to indicate that the target filename includes options. Currently this mandates use of the --skip-create flag too. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img-cmds.hx | 4 +-- qemu-img.c

[Qemu-block] [PATCH v5 0/4] Improve convert and dd commands

sed image and skip-create (Max) - Unconditionally create QDict when open files (Max) Changed in v2: - Replace dd -n flag with support for conv=nocreat,notrunc - Misc typos (Eric, Fam) Daniel P. Berrange (4): qemu-img: add support for --object with 'dd' command qemu-img: fix --ima

[Qemu-block] [PATCH v5 1/4] qemu-img: add support for --object with 'dd' command

The qemu-img dd command added --image-opts support, but missed the corresponding --object support. This prevented passing secrets (eg auth passwords) needed by certain disk images. Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 18

Re: [Qemu-block] [Qemu-devel] [PATCH] sheepdog: Set error when connection fails

On Fri, Apr 21, 2017 at 04:50:34PM +0800, Fam Zheng wrote: > On Fri, 04/21 09:31, Daniel P. Berrange wrote: > > On Fri, Apr 21, 2017 at 07:43:36AM +0200, Markus Armbruster wrote: > > > Kevin Wolf writes: > > > > > > > Am 20.04.2017 um 17:30 hat Daniel P

Re: [Qemu-block] [Qemu-devel] [PATCH] sheepdog: Set error when connection fails

On Fri, Apr 21, 2017 at 07:43:36AM +0200, Markus Armbruster wrote: > Kevin Wolf writes: > > > Am 20.04.2017 um 17:30 hat Daniel P. Berrange geschrieben: > >> On Thu, Apr 20, 2017 at 12:00:03PM +0800, Fam Zheng wrote: > >> > Signed-off-by: Fam Zheng > &

Re: [Qemu-block] [Qemu-devel] [PATCH] sheepdog: Set error when connection fails

On Thu, Apr 20, 2017 at 11:42:00AM -0400, Jeff Cody wrote: > On Thu, Apr 20, 2017 at 04:30:16PM +0100, Daniel P. Berrange wrote: > > On Thu, Apr 20, 2017 at 12:00:03PM +0800, Fam Zheng wrote: > > > Signed-off-by: Fam Zheng > > > --- > > > block/sheepdog.c | 1

Re: [Qemu-block] [Qemu-devel] [PATCH] sheepdog: Set error when connection fails

On Thu, Apr 20, 2017 at 12:00:03PM +0800, Fam Zheng wrote: > Signed-off-by: Fam Zheng > --- > block/sheepdog.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/block/sheepdog.c b/block/sheepdog.c > index fb9203e..7e889ee 100644 > --- a/block/sheepdog.c > +++ b/block/sheepdog.c > @@ -608,

Re: [Qemu-block] [Qemu-devel] [PATCH v2 3/3] qemu-iotests: Test postcopy migration

On Thu, Apr 20, 2017 at 10:18:27PM +0800, Fam Zheng wrote: > On Wed, 04/19 17:16, Kevin Wolf wrote: > > +_supported_fmt generic > > This doesn't work for formats that install migration blockers, so maybe > s/generic/raw qcow2/ instead? It would be nice to use a more feature driven check and centr

[Qemu-block] [PATCH v4 4/4] qemu-img: copy *key-secret opts when opening newly created files

file. Signed-off-by: Daniel P. Berrange --- qemu-img.c | 41 +++-- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 31c4923..3d9e7b3 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -305,15 +305,17 @@ static BlockBackend

[Qemu-block] [PATCH v4 1/4] qemu-img: add support for --object with 'dd' command

The qemu-img dd command added --image-opts support, but missed the corresponding --object support. This prevented passing secrets (eg auth passwords) needed by certain disk images. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img.c | 18 ++ 1 file changed

[Qemu-block] [PATCH v4 3/4] qemu-img: introduce --target-image-opts for 'convert' command

s --target-image-opts to indicate that the target filename includes options. Currently this mandates use of the --skip-create flag too. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- qemu-img-cmds.hx | 4 +-- qemu-img.c

[Qemu-block] [PATCH v4 2/4] qemu-img: fix --image-opts usage with dd command

P. Berrange --- qemu-img.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 2249c21..83aff5e 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4312,8 +4312,13 @@ static int img_dd(int argc, char **argv) goto out; } -blk2

[Qemu-block] [PATCH v4 0/4 for-2.10] Improve convert and dd commands

n v2: - Replace dd -n flag with support for conv=nocreat,notrunc - Misc typos (Eric, Fam) Daniel P. Berrange (4): qemu-img: add support for --object with 'dd' command qemu-img: fix --image-opts usage with dd command qemu-img: introduce --target-image-opts for 'convert&

Re: [Qemu-block] [Qemu-devel] [RFC PATCH for-2.9] block: Ignore guest dev permissions during incoming migration

On Thu, Apr 06, 2017 at 01:22:56PM +0200, Kevin Wolf wrote: > Am 05.04.2017 um 15:22 hat Max Reitz geschrieben: > > On 04.04.2017 17:35, Kevin Wolf wrote: > > > Usually guest devices don't like other writers to the same image, so > > > they use blk_set_perm() to prevent this from happening. In the

Re: [Qemu-block] [Qemu-devel] [PATCH v3] migration/block:limit the time used for block migration

On Wed, Apr 05, 2017 at 05:27:58PM +0800, jemmy858...@gmail.com wrote: > From: Lidong Chen > > when migration with high speed, mig_save_device_bulk invoke > bdrv_is_allocated too frequently, and cause vnc reponse slowly. > this patch limit the time used for bdrv_is_allocated. Can you explain why

Re: [Qemu-block] [Qemu-devel] [RFC v2 for-2.9 03/10] io vnc sockets: Clean up SocketAddressKind switches

On Mon, Apr 03, 2017 at 02:50:12PM +0200, Max Reitz wrote: > On 03.04.2017 13:48, Daniel P. Berrange wrote: > > On Thu, Mar 30, 2017 at 03:15:00PM +0200, Markus Armbruster wrote: > >> We have quite a few switches over SocketAddressKind. Some have case > >> labels

Re: [Qemu-block] [Qemu-devel] [RFC v2 for-2.9 03/10] io vnc sockets: Clean up SocketAddressKind switches

On Thu, Mar 30, 2017 at 03:15:00PM +0200, Markus Armbruster wrote: > We have quite a few switches over SocketAddressKind. Some have case > labels for all enumeration values, others rely on a default label. > Some abort when the value isn't a valid SocketAddressKind, others > report an error then.

Re: [Qemu-block] [Qemu-devel] [for-2.9 3/8] io vnc sockets: Clean up SocketAddressKind switches

On Wed, Mar 29, 2017 at 06:45:15PM +0200, Markus Armbruster wrote: > We have quite a few switches over SocketAddressKind. Some have case > labels for all enumeration values, others rely on a default label. > Some abort when the value isn't a valid SocketAddressKind, others > report an error then.

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Mon, Mar 20, 2017 at 11:11:42AM +0300, Denis V. Lunev wrote: > On 03/18/2017 12:59 PM, Daniel P. Berrange wrote: > > On Thu, Mar 16, 2017 at 08:31:08PM +0300, Denis V. Lunev wrote: > >> On 03/16/2017 05:45 PM, Daniel P. Berrange wrote: > >>> On Thu, Mar 16, 201

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Thu, Mar 16, 2017 at 08:31:08PM +0300, Denis V. Lunev wrote: > On 03/16/2017 05:45 PM, Daniel P. Berrange wrote: > > On Thu, Mar 16, 2017 at 05:08:57PM +0300, Denis V. Lunev wrote: > >> Hello, All! > >> > >> There is a problem in the current libvirt imple

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Thu, Mar 16, 2017 at 05:26:26PM +0100, Kevin Wolf wrote: > Am 16.03.2017 um 16:52 hat Daniel P. Berrange geschrieben: > If you don't care about that at all, the optimal configuration in terms > of performance is to give qemu a cache large enough that the metadata of > the whole

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Thu, Mar 16, 2017 at 04:35:36PM +0100, Kevin Wolf wrote: > Am 16.03.2017 um 16:08 hat Daniel P. Berrange geschrieben: > > On Thu, Mar 16, 2017 at 06:00:46PM +0300, Denis V. Lunev wrote: > > > On 03/16/2017 05:45 PM, Daniel P. Berrange wrote: > > > > On Thu, Ma

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Thu, Mar 16, 2017 at 06:15:27PM +0300, Denis V. Lunev wrote: > On 03/16/2017 06:08 PM, Daniel P. Berrange wrote: > > On Thu, Mar 16, 2017 at 06:00:46PM +0300, Denis V. Lunev wrote: > >> On 03/16/2017 05:45 PM, Daniel P. Berrange wrote: > >>> On Thu, Mar 16, 201

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Thu, Mar 16, 2017 at 06:00:46PM +0300, Denis V. Lunev wrote: > On 03/16/2017 05:45 PM, Daniel P. Berrange wrote: > > On Thu, Mar 16, 2017 at 05:08:57PM +0300, Denis V. Lunev wrote: > >> Hello, All! > >> > >> There is a problem in the current libvirt imple

Re: [Qemu-block] [RFC] finegrained disk driver options control

On Thu, Mar 16, 2017 at 05:08:57PM +0300, Denis V. Lunev wrote: > Hello, All! > > There is a problem in the current libvirt implementation. domain.xml > allows to specify only basic set of options, especially in the case > of QEMU, when there are really a lot of tweaks in format drivers. > Most li

Re: [Qemu-block] [Qemu-devel] [PATCH for-2.9] mirror: Fix backwards mirror_yield parameters

On Wed, Mar 15, 2017 at 10:26:44AM +, Daniel P. Berrange wrote: > On Wed, Mar 15, 2017 at 06:18:35PM +0800, Stefan Hajnoczi wrote: > > On Fri, Mar 10, 2017 at 02:49:22PM -0600, Eric Blake wrote: > > > And here's where I'm stuck: the makefiles are broken. Touc

Re: [Qemu-block] [Qemu-devel] [PATCH for-2.9] mirror: Fix backwards mirror_yield parameters

On Wed, Mar 15, 2017 at 06:18:35PM +0800, Stefan Hajnoczi wrote: > On Fri, Mar 10, 2017 at 02:49:22PM -0600, Eric Blake wrote: > > And here's where I'm stuck: the makefiles are broken. Touching > > scripts/tracetool/format/h.py does NOT cause tracetool to be re-run by a > > mere 'make'; I've had t

Re: [Qemu-block] [Qemu-devel] [PATCH v5 07/18] iotests: fix 097 when run with qcow

On Tue, Mar 07, 2017 at 09:44:02AM -0600, Eric Blake wrote: > On 02/22/2017 05:46 PM, Eric Blake wrote: > > On 02/21/2017 05:55 AM, Daniel P. Berrange wrote: > >> The previous commit: > >> > >> commit a3e1505daec31ef56f0489f8c8fff1b8e4ca92bd > >> Au

Re: [Qemu-block] [Qemu-devel] [PATCH v2 5/5] block/rbd: add support for 'mon_host', 'auth_supported' via QAPI

On Tue, Feb 28, 2017 at 07:34:52AM -0500, Jeff Cody wrote: > On Tue, Feb 28, 2017 at 10:28:49AM +0000, Daniel P. Berrange wrote: > > On Tue, Feb 28, 2017 at 10:16:51AM +0000, Daniel P. Berrange wrote: > > > On Mon, Feb 27, 2017 at 10:57:44PM -0500, Jeff Cody wrote: > > >

Re: [Qemu-block] [Qemu-devel] [PATCH v2 5/5] block/rbd: add support for 'mon_host', 'auth_supported' via QAPI

On Tue, Feb 28, 2017 at 10:16:51AM +, Daniel P. Berrange wrote: > On Mon, Feb 27, 2017 at 10:57:44PM -0500, Jeff Cody wrote: > > On Mon, Feb 27, 2017 at 04:47:54PM -0600, Eric Blake wrote: > > > On 02/27/2017 12:58 PM, Jeff Cody wrote: > > > > @@ -604,6 +620,

<    1   2   3   4   5   6   7   8   9   10   >