On 01.03.2016 00:24, Eric Blake wrote:
> On 02/29/2016 04:19 PM, Max Reitz wrote:
>> Turns out NBD is not so simple to do if you do it right. Anyway, this
>> series adds blockdev-add support for NBD clients.
>>
>> Patches 1 and 2 add one less and one more complicated QDict function,
>> respectively
Signed-off-by: Max Reitz
---
tests/qemu-iotests/147 | 194 +
tests/qemu-iotests/147.out | 5 ++
tests/qemu-iotests/group | 1 +
3 files changed, 200 insertions(+)
create mode 100755 tests/qemu-iotests/147
create mode 100644 tests/qemu-iotest
On 02/29/2016 09:36 AM, Kevin Wolf wrote:
> Hi all,
>
> I'm currently trying to get rid of bdrv_move_feature_fields(), so we can
> finally have more than one BB per BDS. Generally the way to do this is
> to move features from BDS and block.c to BB and block-backend.c.
> However, for two of the f
Signed-off-by: Max Reitz
---
qapi/block-core.json | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 9bf1b22..21760e0 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1633,13 +1633,14 @@
#
On 02/29/2016 04:19 PM, Max Reitz wrote:
> Turns out NBD is not so simple to do if you do it right. Anyway, this
> series adds blockdev-add support for NBD clients.
>
> Patches 1 and 2 add one less and one more complicated QDict function,
> respectively, which I needed in later NBD patches: Patch
Drop the use of legacy options in favor of the SocketAddress
representation, even for internal use (i.e. for storing the result of
the filename parsing).
Signed-off-by: Max Reitz
---
block/nbd.c | 34 +-
1 file changed, 21 insertions(+), 13 deletions(-)
diff --gi
Signed-off-by: Max Reitz
---
tests/qemu-iotests/iotests.py | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 0a238ec..dd8805a 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotes
By adding an optional suffix to the files used for communication with a
VM, we can launch multiple VM instances concurrently.
Signed-off-by: Max Reitz
---
tests/qemu-iotests/iotests.py | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/tests/qemu-iotests/iotests.py b
Signed-off-by: Max Reitz
---
block/nbd.c | 4 ++--
tests/qemu-iotests/051.out| 4 ++--
tests/qemu-iotests/051.pc.out | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/block/nbd.c b/block/nbd.c
index db57b49..ce31119 100644
--- a/block/nbd.c
+++ b/block
As of a future patch, the NBD block driver will accept a SocketAddress
structure for a new "address" option. In order to support this,
nbd_refresh_filename() needs some changes.
The two TODOs introduced by this patch will be removed in the very next
one. They exist to explain that it is currently
This is better than the generic block layer finding out later that the
port parameter has not been used.
Signed-off-by: Max Reitz
Reviewed-by: Eric Blake
---
block/nbd.c | 4
1 file changed, 4 insertions(+)
diff --git a/block/nbd.c b/block/nbd.c
index ce31119..6a2fc27 100644
--- a/block/n
Instead of not emitting the port in nbd_refresh_filename(), just set it
to the default if the user did not specify it. This makes the logic a
bit simpler.
Signed-off-by: Max Reitz
---
block/nbd.c | 18 +++---
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/block/nbd.c
Right now, we have four possible options that conflict with specifying
an NBD filename, and a future patch will add another one ("address").
This future option is a nested QDict that is flattened at this point,
requiring as to test each option whether its key has an "address."
prefix. Therefore, we
The QMP input visitor is rather unhappy with flattened QDicts, which is
how they are generally used in the block layer. This function allows
unflattening a QDict so we can use an input visitor on it.
Signed-off-by: Max Reitz
---
include/qapi/qmp/qdict.h | 1 +
qobject/qdict.c | 189 ++
Add a new option "address" to the NBD block driver which accepts a
SocketAddress.
"path", "host" and "port" are still supported as legacy options and are
mapped to their corresponding SocketAddress representation.
Signed-off-by: Max Reitz
---
block/nbd.c | 93 +
This gives us more freedom about the fd that is passed to qemu, allowing
us to e.g. pass sockets.
Signed-off-by: Max Reitz
---
tests/qemu-iotests/socket_scm_helper.c | 29 ++---
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/tests/qemu-iotests/socket_scm_
Instead of inlining this nice macro (i.e. resorting to
qdict_put_obj(..., QOBJECT(...))), use it.
Signed-off-by: Max Reitz
---
block/nbd.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/block/nbd.c b/block/nbd.c
index 8d9a217..145db39 100644
--- a/block/nbd.c
++
This is a shorthand function for changing a QDict's entry's key.
Signed-off-by: Max Reitz
---
include/qapi/qmp/qdict.h | 1 +
qobject/qdict.c | 23 +++
2 files changed, 24 insertions(+)
diff --git a/include/qapi/qmp/qdict.h b/include/qapi/qmp/qdict.h
index 71b8eb0.
Turns out NBD is not so simple to do if you do it right. Anyway, this
series adds blockdev-add support for NBD clients.
Patches 1 and 2 add one less and one more complicated QDict function,
respectively, which I needed in later NBD patches: Patch 1 for handling
legacy options (move "host" to "addr
Signed-off-by: Max Reitz
---
tests/check-qdict.c | 267
1 file changed, 267 insertions(+)
diff --git a/tests/check-qdict.c b/tests/check-qdict.c
index a43056c..f6a5cda 100644
--- a/tests/check-qdict.c
+++ b/tests/check-qdict.c
@@ -325,6 +325,2
On 02/27/2016 04:20 AM, Fam Zheng wrote:
> We use a loop over bs->dirty_bitmaps to make sure the caller is
> only releasing a bitmap owned by bs. Let's also assert that in this case
> the caller is releasing a bitmap that does exist.
>
> Signed-off-by: Fam Zheng
> ---
> block/dirty-bitmap.c |
On 02/27/2016 04:20 AM, Fam Zheng wrote:
> The added group of operations enables tracking of the changed bits in
> the dirty bitmap.
>
> Signed-off-by: Fam Zheng
> ---
> block/dirty-bitmap.c | 51
>
> include/block/dirty-bitmap.h | 9 +
On 02/27/2016 04:20 AM, Fam Zheng wrote:
> Signed-off-by: Fam Zheng
> Reviewed-by: John Snow
> ---
> tests/test-hbitmap.c | 116
> +++
> 1 file changed, 116 insertions(+)
>
> diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
> index abe1
From: Vasiliy Tolstov
This patch implements a blockdriver function bdrv_snapshot_delete() in
the sheepdog driver. With the new function, snapshots of sheepdog can
be deleted from libvirt.
Cc: Jeff Cody
Signed-off-by: Hitoshi Mitake
Signed-off-by: Vasiliy Tolstov
Message-id: 1450873346-22334-1
From: "Daniel P. Berrange"
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy
From: John Snow
64K might not always be appropriate, make this a runtime value.
Signed-off-by: John Snow
Reviewed-by: Fam Zheng
Message-id: 1456433911-24718-2-git-send-email-js...@redhat.com
Signed-off-by: Jeff Cody
---
block/backup.c | 64 +---
From: John Snow
During incremental backups, if the target has a cluster size that is
larger than the backup cluster size and we are backing up to a target
that cannot (for whichever reason) pull clusters up from a backing image,
we may inadvertantly create unusable incremental backup images.
For
From: Fam Zheng
The three lines are duplicated a number of times now, refactor a
function.
Signed-off-by: Fam Zheng
Reviewed-by: Max Reitz
Message-id: 1454637630-10585-3-git-send-email-f...@redhat.com
Signed-off-by: Jeff Cody
---
block/mirror.c | 24
1 file changed,
From: "Daniel P. Berrange"
Currently RBD passwords must be provided on the command line
via
$QEMU -drive file=rbd:pool/image:id=myname:\
key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
auth_supported=cephx
This is insecure because the key is visible in
From: Max Reitz
For values which are powers of two (and we do assume all of these to
be), sizeof(x) * 8 - 1 - clz(x) == ctz(x). Therefore, use ctz().
Signed-off-by: Max Reitz
Message-id: 1450451066-13335-3-git-send-email-mre...@redhat.com
Signed-off-by: Jeff Cody
---
block/vhdx.c | 8
From: Fam Zheng
The "pnum < nb_sectors" condition in deciding whether to actually copy
data is unnecessarily strict, and the qiov initialization is
unnecessarily for bdrv_aio_write_zeroes and bdrv_aio_discard.
Rewrite mirror_iteration to fix both flaws.
The output of iotests 109 is updated beca
From: John Snow
If a backing file isn't specified in the target image and the
cluster_size is larger than the bitmap granularity, we run the risk of
creating bitmaps with allocated clusters but empty/no data which will
prevent the proper reading of the backup in the future.
Signed-off-by: John S
From: Max Reitz
We have DIV_ROUND_UP(), so we can use it to produce more easily readable
code. It may be slower than the bit shifting currently performed
(because it actually performs a division), but since
vhdx_calc_bat_entries() is never used in a hot path, this is completely
fine.
Signed-off-
From: "Daniel P. Berrange"
The iSCSI driver currently accepts the CHAP password in plain text
as a block driver property. This change adds a new "password-secret"
property that accepts the ID of a QCryptoSecret instance.
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
The following changes since commit 071608b519adf62bc29c914343a21c5407ab1ac9:
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160229-1' into
staging (2016-02-29 12:24:26 +)
are available in the git repository at:
g...@github.com:codyprime/qemu-kvm-jtc.git tags/
From: Peter Lieven
recent libnfs versions support logging debug messages. Add
support for it in qemu through an URL parameter.
Example:
qemu -cdrom nfs://127.0.0.1/iso/my.iso?debug=2
Signed-off-by: Peter Lieven
Reviewed-by: Fam Zheng
Message-id: 1447052973-14513-1-git-send-email...@kamp.de
S
On Thu, Feb 25, 2016 at 03:58:28PM -0500, John Snow wrote:
> Backups sometimes need a non-64KiB transfer cluster size.
> See patch #2 for the detailed justificaton.
>
> ===
> v4:
> ===
>
> 02: Polished the error message.
>
> ===
> v3:
> ===
>
> 01: +R-B
> 02: Added failure mode for bdrv_get_inf
On 29.02.2016 17:06, Eric Blake wrote:
> On 02/29/2016 08:46 AM, Max Reitz wrote:
>
Compressed Clusters Descriptor (x = 62 - (cluster_bits - 8)):
-Bit 0 - x:Host cluster offset. This is usually _not_ aligned to
a
-cluster boundary!
+
On 02/29/2016 08:46 AM, Max Reitz wrote:
>>> Compressed Clusters Descriptor (x = 62 - (cluster_bits - 8)):
>>>
>>> -Bit 0 - x:Host cluster offset. This is usually _not_ aligned to a
>>> -cluster boundary!
>>> +Bit 0 - x:Bits 9-(x+9) of host cluster offset.
On 02/29/2016 07:01 AM, Kevin Wolf wrote:
>> I have for example a compressed cluster with an L2 entry value of 4A
>> C0 00 00 00 3D 97 50. This would lead me to believe the cluster starts
>> at offset 0x3D9750 and has a length of 0x2B 512-byte sectors (or 0x2B
>> times 0x200 = 0x5600). Added to the
On 02/29/2016 07:59 AM, Eric Blake wrote:
>> an L2 entry value of 4A C0 00 00 00 3D 97 50.
>
> So with default 64k clusters, x = 62 - (16 - 8) = 54. Bits 0-54 are the
> host cluster offset, or 0x003d9750, but that is in terms of host
> sectors. The comment in block/qcow2.c is telling, and perha
On 27.02.2016 00:41, John Snow wrote:
Do you have this mirrored in a git repo so I can browse it more
effectively? I can't figure out what all the prerequisite patches are,
so it will be convenient to just have a repo in that case for the RFC.
done: https://src.openvz.org/users/vsementsov/repos
On 29.02.2016 16:42, Max Reitz wrote:
> On 29.02.2016 16:11, Eric Blake wrote:
>> The specs for the host cluster offset of a compressed cluster
>> were not clear that the offset is in terms of sectors, and requires
>> a shift by 9 to be a byte offset. Add some more text to make the
>> interpretati
On 29.02.2016 16:11, Eric Blake wrote:
> The specs for the host cluster offset of a compressed cluster
> were not clear that the offset is in terms of sectors, and requires
> a shift by 9 to be a byte offset. Add some more text to make the
> interpretation obvious.
>
> CC: mgre...@cinci.rr.com
>
I do think this patch is ready to be added to QEMU. I have listened to what you
said and implemented your changes.
https://patchwork.ozlabs.org/patch/579325/
Mac OS X can be picky when it comes to allowing the user
to use physical devices in QEMU. Most mounted volumes
appear to be off limits to
The specs for the host cluster offset of a compressed cluster
were not clear that the offset is in terms of sectors, and requires
a shift by 9 to be a byte offset. Add some more text to make the
interpretation obvious.
CC: mgre...@cinci.rr.com
Signed-off-by: Eric Blake
---
docs/specs/qcow2.txt
On 29/02/2016 15:36, Kevin Wolf wrote:
> Hi all,
>
> I'm currently trying to get rid of bdrv_move_feature_fields(), so we can
> finally have more than one BB per BDS. Generally the way to do this is
> to move features from BDS and block.c to BB and block-backend.c.
> However, for two of the feat
Hi all,
I'm currently trying to get rid of bdrv_move_feature_fields(), so we can
finally have more than one BB per BDS. Generally the way to do this is
to move features from BDS and block.c to BB and block-backend.c.
However, for two of the features I'm not sure about this:
* Copy on Read:
Whe
[ Cc: qemu-block ]
Am 27.02.2016 um 06:00 hat mgre...@cinci.rr.com geschrieben:
> Hello, I am hoping someone here can help me. I am implementing QCow2
> support for a PC emulator project and have a couple questions
> regarding compression I haven't been able to figure out on my own.
>
> First som
Refuse to use images with the legacy AES-CBC encryption
format in the system emulators. They are still fully
supported in the qemu-img, qemu-io & qemu-nbd tools in
order to allow data to be liberated and for compatibility
with older QEMU versions. Continued support in these tools
is not a notable b
Now that all encryption keys must be provided upfront via
the QCryptoSecret API and associated block driver properties
there is no need for any explicit encryption handling APIs
in the block layer. Encryption can be handled transparently
within the block driver. We only retain an API for querying
w
Instead of requiring separate input/output buffers for
encrypting data, change qcow2_encrypt_sectors() to assume
use of a single buffer, encrypting in place. The current
callers all used the same buffer for input/output already.
Reviewed-by: Eric Blake
Reviewed-by: Fam Zheng
Signed-off-by: Danie
Instead of requiring separate input/output buffers for
encrypting data, change encrypt_sectors() to assume
use of a single buffer, encrypting in place. One current
caller all uses the same buffer for input/output already
and the other two callers are easily converted todo so.
Signed-off-by: Daniel
The iotests.py helper provides a main() method for running
tests via the python unit test framework. Not all tests
will want to use this, so refactor it to split the testing
of compatible formats and platforms into separate helper
methods
Signed-off-by: Daniel P. Berrange
---
tests/qemu-iotests/
This converts the qcow2 driver to make use of the QCryptoBlock
APIs for encrypting image content. This is only wired up to
permit use of the legacy QCow encryption format. Users who wish
to have the strong LUKS format should switch to qcow2 instead.
With this change it is now required to use the Q
This converts the qcow2 driver to make use of the QCryptoBlock
APIs for encrypting image content. As well as continued support
for the legacy QCow2 encryption format, the appealing benefit
is that it enables support for the LUKS format inside qcow2.
With the LUKS format it is necessary to store th
When opening an image it is useful to know whether the caller
intends to perform I/O on the image or not. In the case of
encrypted images this will allow the block driver to avoid
having to prompt for decryption keys when we merely want to
query header metadata about the image. eg qemu-img info
Th
Now that qcow & qcow2 are wired up to get encryption keys
via the QCryptoSecret object, nothing is relying on the
interactive prompting for passwords. All the code related
to password prompting can thus be ripped out.
Signed-off-by: Daniel P. Berrange
---
hmp.c | 31 -
Provide a block encryption implementation that follows the
LUKS/dm-crypt specification.
This supports all combinations of hash, cipher algorithm,
cipher mode and iv generator that are implemented by the
current crypto layer.
The notable missing feature is support for the 'xts'
cipher mode, which
The python I/O tests helper for running qemu-img/qemu-io
setup stdout to be captured to a pipe, but left stderr
untouched. As a result, if something failed in qemu-img/
qemu-io, data written to stderr would get output directly
and not line up with data on the test stdout due to
buffering. If we ex
The XTS (XEX with tweaked-codebook and ciphertext stealing)
cipher mode is commonly used in full disk encryption. There
is unfortunately no implementation of it in either libgcrypt
or nettle, so we need to provide our own.
The libtomcrypt project provides a repository of crypto
algorithms under a
There are a number of different algorithms that can be used
to generate initialization vectors for disk encryption. This
introduces a simple internal QCryptoBlockIV object to provide
a consistent internal API to the different algorithms. The
initially implemented algorithms are 'plain', 'plain64' a
New cipher algorithms 'twofish-128', 'twofish-192' and
'twofish-256' are defined for the Twofish algorithm.
The gcrypt backend does not support 'twofish-192'.
The nettle and gcrypt cipher backends are updated to
support the new cipher and a test vector added to the
cipher test suite. The new algor
Introduce 'XTS' as a permitted mode for the cipher APIs.
With XTS the key provided must be twice the size of the
key normally required for any given algorithm. This is
because the key will be split into two pieces for use
in XTS mode.
Signed-off-by: Daniel P. Berrange
---
crypto/cipher-builtin.c
The qemu-img/qemu-io tools prompt for disk encryption passwords
regardless of whether any are actually required. Adding a check
on bdrv_key_required() avoids this prompt for disk formats which
have been converted to the QCryptoSecret APIs.
This is just a temporary hack to ensure the block I/O test
Add a 'log' method to iotests.py which prints messages to
stdout, with optional filtering of data. Port over some
standard filters for present in the shell common.filter
code.
Signed-off-by: Daniel P. Berrange
---
tests/qemu-iotests/iotests.py | 25 -
1 file changed, 24 i
The built-in and nettle cipher backends for AES maintain
two separate AES contexts, one for encryption and one for
decryption. This is going to be inconvenient for the future
code dealing with XTS, so wrap them up in a single struct
so there is just one pointer to pass around for both
encryptin and
Add a generic framework for support different block encryption
formats. Upon instantiating a QCryptoBlock object, it will read
the encryption header and extract the encryption keys. It is
then possible to call methods to encrypt/decrypt data buffers.
There is also a mode whereby it will create/ini
There are three backend impls provided. The preferred
is gnutls, which is backed by nettle in modern distros.
The gcrypt impl is provided for cases where QEMU build
against gnutls is disabled, but crypto is still desired.
No nettle impl is provided, since it is non-trivial to
use the nettle APIs fo
A new cipher algorithm 'cast-5-128' is defined for the
Cast-5 algorithm with 128 bit key size. Smaller key sizes
are supported by Cast-5, but nothing in QEMU should use
them, so only 128 bit keys are permitted.
The nettle and gcrypt cipher backends are updated to
support the new cipher and a test
New cipher algorithms 'serpent-128', 'serpent-192' and
'serpent-256' are defined for the Serpent algorithm.
The nettle and gcrypt cipher backends are updated to
support the new cipher and a test vector added to the
cipher test suite. The new algorithm is enabled in the
LUKS block encryption driver
The LUKS format specifies an anti-forensic split algorithm which
is used to artificially expand the size of the key material on
disk. This is an implementation of that algorithm.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs| 1 +
crypto/afsplit.c| 158
The LUKS data format includes use of PBKDF2 (Password-Based
Key Derivation Function). The Nettle library can provide
an implementation of this, but we don't want code directly
depending on a specific crypto library backend. Introduce
a new include/crypto/pbkdf.h header which defines a QEMU
API for
We don't guarantee that all crypto backends will support
all cipher algorithms, so we should skip tests unless
the crypto backend indicates support.
Signed-off-by: Daniel P. Berrange
---
tests/test-crypto-cipher.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/test-
This series was previously submitted here:
v1: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html
v2: https://lists.gnu.org/archive/html/qemu-block/2016-01/msg00534.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03176.html
This patch series applies as is
75 matches
Mail list logo