[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v2 16/17] block: remove all encryption handling
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-block] [PATCH v2 16/17] block: remove all encryption handling APIs |
|
Date: |
Mon, 8 Feb 2016 14:23:40 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 |
On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> Now that all encryption keys must be provided upfront via
> the QCryptoSecret API and associated block driver properties
> there is no need for any explicit encryption handling APIs
> in the block layer. Encryption can be handled transparently
> within the block driver. We only retain an API for querying
> whether an image is encrypted or not, since that is a
> potentially useful piece of metadata to report to the user.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> @@ -2190,7 +2181,6 @@ void bdrv_close(BlockDriverState *bs)
> bs->backing_format[0] = '\0';
> bs->total_sectors = 0;
> bs->encrypted = 0;
> - bs->valid_key = 0;
It would be nice if this patch (or maybe a followup) switched
bs->encrypted to bool, rather than int.
> -void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp)
> -{
> - if (key) {
> - if (!bdrv_is_encrypted(bs)) {
> - error_setg(errp, "Node '%s' is not encrypted",
> - bdrv_get_device_or_node_name(bs));
> - } else if (bdrv_set_key(bs, key) < 0) {
> - error_setg(errp, QERR_INVALID_PASSWORD);
If I'm not mistaken, this was the only use of QERR_INVALID_PASSWORD;
please also nuke it from include/qapi/qmp/qerror.h.
> - }
> - } else {
> - if (bdrv_key_required(bs)) {
> - error_set(errp, ERROR_CLASS_DEVICE_ENCRYPTED,
> - "'%s' (%s) is encrypted",
Likewise, this looks like the last use of ERROR_CLASS_DEVICE_ENCRYPTED
(since 15/17 nuked the only client in hmp.c that cared about the error
class); it would be nice to nuke the remains in include/qapi/error.h and
in qapi/common.json.
> +++ b/blockdev.c
> @@ -2261,24 +2257,8 @@ void qmp_block_passwd(bool has_device, const char
> *device,
> bool has_node_name, const char *node_name,
> const char *password, Error **errp)
> {
> - Error *local_err = NULL;
> - BlockDriverState *bs;
> - AioContext *aio_context;
> -
> - bs = bdrv_lookup_bs(has_device ? device : NULL,
> - has_node_name ? node_name : NULL,
> - &local_err);
> - if (local_err) {
> - error_propagate(errp, local_err);
> - return;
> - }
> -
> - aio_context = bdrv_get_aio_context(bs);
> - aio_context_acquire(aio_context);
> -
> - bdrv_add_key(bs, password, errp);
> -
> - aio_context_release(aio_context);
> + error_setg_errno(errp, -ENOSYS,
> + "Setting block passwords directly is no longer
> supported");
We should document in qapi/block-core.json that the QMP 'block_passwd'
command is deprecated, and will be removed in a future release (but I
suspect we don't want to completely remove it in 2.6, so that we at
least have time to find clients that were relying on it and should be
using the new methods).
> +++ b/include/block/block_int.h
> @@ -374,7 +374,6 @@ struct BlockDriverState {
> int read_only; /* if true, the media is read only */
> int open_flags; /* flags used to open the file, re-used for re-open */
> int encrypted; /* if true, the media is encrypted */
> - int valid_key; /* if true, a valid encryption key has been set */
> int sg; /* if true, the device is a /dev/sg* */
> int copy_on_read; /* if true, copy read backing sectors into image
> note this is a reference count */
Hmm - several variables that are only 'true' or 'false' and should be
typed 'bool'. Only 'encrypted' is a candidate for change in this patch;
'sg' is unrelated. And 'copy_on_read' should be tweaked to document
'nonzero', not 'true', since it is used as a reference count rather than
bool.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-block] [PATCH v2 16/17] block: remove all encryption handling APIs,
Eric Blake <=