[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PATCH RFC 2/2] block: Drop code supporting encryption outs
From: |
Markus Armbruster |
Subject: |
[Qemu-block] [PATCH RFC 2/2] block: Drop code supporting encryption outside qemu-img |
Date: |
Tue, 10 Mar 2015 18:26:40 +0100 |
Signed-off-by: Markus Armbruster <address@hidden>
---
block.c | 30 --------------------
blockdev.c | 43 +---------------------------
hmp-commands.hx | 14 ---------
hmp.c | 41 ---------------------------
hmp.h | 1 -
hw/usb/dev-storage.c | 26 -----------------
include/monitor/monitor.h | 7 -----
monitor.c | 72 -----------------------------------------------
qapi-schema.json | 13 ++-------
qapi/block-core.json | 42 ++-------------------------
qapi/common.json | 5 +---
qmp-commands.hx | 26 -----------------
qmp.c | 8 ------
13 files changed, 6 insertions(+), 322 deletions(-)
diff --git a/block.c b/block.c
index 28ea19a..e519ac7 100644
--- a/block.c
+++ b/block.c
@@ -3708,36 +3708,6 @@ int bdrv_set_key(BlockDriverState *bs, const char *key)
return ret;
}
-/*
- * Provide an encryption key for @bs.
- * If @key is non-null:
- * If @bs is not encrypted, fail.
- * Else if the key is invalid, fail.
- * Else set @bs's key to @key, replacing the existing key, if any.
- * If @key is null:
- * If @bs is encrypted and still lacks a key, fail.
- * Else do nothing.
- * On failure, store an error object through @errp if non-null.
- */
-void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp)
-{
- if (key) {
- if (!bdrv_is_encrypted(bs)) {
- error_setg(errp, "Device '%s' is not encrypted",
- bdrv_get_device_name(bs));
- } else if (bdrv_set_key(bs, key) < 0) {
- error_set(errp, QERR_INVALID_PASSWORD);
- }
- } else {
- if (bdrv_key_required(bs)) {
- error_set(errp, ERROR_CLASS_DEVICE_ENCRYPTED,
- "'%s' (%s) is encrypted",
- bdrv_get_device_name(bs),
- bdrv_get_encrypted_filename(bs));
- }
- }
-}
-
const char *bdrv_get_format_name(BlockDriverState *bs)
{
return bs->drv ? bs->drv->format_name : NULL;
diff --git a/blockdev.c b/blockdev.c
index b9c1c0c..103cc67 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1774,47 +1774,6 @@ void qmp_eject(const char *device, bool has_force, bool
force, Error **errp)
eject_device(blk, force, errp);
}
-void qmp_block_passwd(bool has_device, const char *device,
- bool has_node_name, const char *node_name,
- const char *password, Error **errp)
-{
- Error *local_err = NULL;
- BlockDriverState *bs;
- AioContext *aio_context;
-
- bs = bdrv_lookup_bs(has_device ? device : NULL,
- has_node_name ? node_name : NULL,
- &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- aio_context = bdrv_get_aio_context(bs);
- aio_context_acquire(aio_context);
-
- bdrv_add_key(bs, password, errp);
-
- aio_context_release(aio_context);
-}
-
-/* Assumes AioContext is held */
-static void qmp_bdrv_open_encrypted(BlockDriverState *bs, const char *filename,
- int bdrv_flags, BlockDriver *drv,
- const char *password, Error **errp)
-{
- Error *local_err = NULL;
- int ret;
-
- ret = bdrv_open(&bs, filename, NULL, NULL, bdrv_flags, drv, &local_err);
- if (ret < 0) {
- error_propagate(errp, local_err);
- return;
- }
-
- bdrv_add_key(bs, password, errp);
-}
-
void qmp_change_blockdev(const char *device, const char *filename,
const char *format, Error **errp)
{
@@ -1852,7 +1811,7 @@ void qmp_change_blockdev(const char *device, const char
*filename,
bdrv_flags = bdrv_is_read_only(bs) ? 0 : BDRV_O_RDWR;
bdrv_flags |= bdrv_is_snapshot(bs) ? BDRV_O_SNAPSHOT : 0;
- qmp_bdrv_open_encrypted(bs, filename, bdrv_flags, drv, NULL, errp);
+ bdrv_open(&bs, filename, NULL, NULL, bdrv_flags, drv, errp);
out:
aio_context_release(aio_context);
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 1cf0081..058dee2 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1508,20 +1508,6 @@ used by another monitor command.
ETEXI
{
- .name = "block_passwd",
- .args_type = "device:B,password:s",
- .params = "block_passwd device password",
- .help = "set the password of encrypted block devices",
- .mhandler.cmd = hmp_block_passwd,
- },
-
-STEXI
address@hidden block_passwd @var{device} @var{password}
address@hidden block_passwd
-Set the encrypted device @var{device} password to @var{password}
-ETEXI
-
- {
.name = "block_set_io_throttle",
.args_type =
"device:B,bps:l,bps_rd:l,bps_wr:l,iops:l,iops_rd:l,iops_wr:l",
.params = "device bps bps_rd bps_wr iops iops_rd iops_wr",
diff --git a/hmp.c b/hmp.c
index 71c28bc..c2a167b 100644
--- a/hmp.c
+++ b/hmp.c
@@ -918,37 +918,12 @@ void hmp_ringbuf_read(Monitor *mon, const QDict *qdict)
g_free(data);
}
-static void hmp_cont_cb(void *opaque, int err)
-{
- if (!err) {
- qmp_cont(NULL);
- }
-}
-
-static bool key_is_missing(const BlockInfo *bdev)
-{
- return (bdev->inserted && bdev->inserted->encryption_key_missing);
-}
-
void hmp_cont(Monitor *mon, const QDict *qdict)
{
- BlockInfoList *bdev_list, *bdev;
Error *err = NULL;
- bdev_list = qmp_query_block(NULL);
- for (bdev = bdev_list; bdev; bdev = bdev->next) {
- if (key_is_missing(bdev->value)) {
- monitor_read_block_device_key(mon, bdev->value->device,
- hmp_cont_cb, NULL);
- goto out;
- }
- }
-
qmp_cont(&err);
hmp_handle_error(mon, &err);
-
-out:
- qapi_free_BlockInfoList(bdev_list);
}
void hmp_system_wakeup(Monitor *mon, const QDict *qdict)
@@ -974,16 +949,6 @@ void hmp_set_link(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, &err);
}
-void hmp_block_passwd(Monitor *mon, const QDict *qdict)
-{
- const char *device = qdict_get_str(qdict, "device");
- const char *password = qdict_get_str(qdict, "password");
- Error *err = NULL;
-
- qmp_block_passwd(true, device, false, NULL, password, &err);
- hmp_handle_error(mon, &err);
-}
-
void hmp_balloon(Monitor *mon, const QDict *qdict)
{
int64_t value = qdict_get_int(qdict, "value");
@@ -1228,12 +1193,6 @@ void hmp_change(Monitor *mon, const QDict *qdict)
}
qmp_change(device, target, !!arg, arg, &err);
- if (err &&
- error_get_class(err) == ERROR_CLASS_DEVICE_ENCRYPTED) {
- error_free(err);
- monitor_read_block_device_key(mon, device, NULL, NULL);
- return;
- }
hmp_handle_error(mon, &err);
}
diff --git a/hmp.h b/hmp.h
index 81177b2..004eabf 100644
--- a/hmp.h
+++ b/hmp.h
@@ -51,7 +51,6 @@ void hmp_cont(Monitor *mon, const QDict *qdict);
void hmp_system_wakeup(Monitor *mon, const QDict *qdict);
void hmp_nmi(Monitor *mon, const QDict *qdict);
void hmp_set_link(Monitor *mon, const QDict *qdict);
-void hmp_block_passwd(Monitor *mon, const QDict *qdict);
void hmp_balloon(Monitor *mon, const QDict *qdict);
void hmp_block_resize(Monitor *mon, const QDict *qdict);
void hmp_snapshot_blkdev(Monitor *mon, const QDict *qdict);
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 65d9aa6..641a69d 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -549,22 +549,6 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket
*p)
}
}
-static void usb_msd_password_cb(void *opaque, int err)
-{
- MSDState *s = opaque;
- Error *local_err = NULL;
-
- if (!err) {
- usb_device_attach(&s->dev, &local_err);
- }
-
- if (local_err) {
- qerror_report_err(local_err);
- error_free(local_err);
- qdev_unplug(&s->dev.qdev, NULL);
- }
-}
-
static void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req)
{
MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
@@ -637,16 +621,6 @@ static void usb_msd_realize_storage(USBDevice *dev, Error
**errp)
}
usb_msd_handle_reset(dev);
s->scsi_dev = scsi_dev;
-
- if (bdrv_key_required(blk_bs(blk))) {
- if (cur_mon) {
- monitor_read_bdrv_key_start(cur_mon, blk_bs(blk),
- usb_msd_password_cb, s);
- s->dev.auto_attach = 0;
- } else {
- autostart = 0;
- }
- }
}
static void usb_msd_realize_bot(USBDevice *dev, Error **errp)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
index 1c06bed..2104a49 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -26,13 +26,6 @@ void monitor_init(CharDriverState *chr, int flags);
int monitor_suspend(Monitor *mon);
void monitor_resume(Monitor *mon);
-int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs,
- BlockCompletionFunc *completion_cb,
- void *opaque);
-int monitor_read_block_device_key(Monitor *mon, const char *device,
- BlockCompletionFunc *completion_cb,
- void *opaque);
-
int monitor_get_fd(Monitor *mon, const char *fdname, Error **errp);
int monitor_fd_param(Monitor *mon, const char *fdname, Error **errp);
diff --git a/monitor.c b/monitor.c
index c86a89e..7523c75 100644
--- a/monitor.c
+++ b/monitor.c
@@ -206,8 +206,6 @@ struct Monitor {
ReadLineState *rs;
MonitorControl *mc;
CPUState *mon_cpu;
- BlockCompletionFunc *password_completion_cb;
- void *password_opaque;
mon_cmd_t *cmd_table;
QError *error;
QLIST_HEAD(,mon_fd_t) fds;
@@ -5350,81 +5348,11 @@ void monitor_init(CharDriverState *chr, int flags)
default_mon = mon;
}
-static void bdrv_password_cb(void *opaque, const char *password,
- void *readline_opaque)
-{
- Monitor *mon = opaque;
- BlockDriverState *bs = readline_opaque;
- int ret = 0;
- Error *local_err = NULL;
-
- bdrv_add_key(bs, password, &local_err);
- if (local_err) {
- monitor_printf(mon, "%s\n", error_get_pretty(local_err));
- error_free(local_err);
- ret = -EPERM;
- }
- if (mon->password_completion_cb)
- mon->password_completion_cb(mon->password_opaque, ret);
-
- monitor_read_command(mon, 1);
-}
-
ReadLineState *monitor_get_rs(Monitor *mon)
{
return mon->rs;
}
-int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs,
- BlockCompletionFunc *completion_cb,
- void *opaque)
-{
- Error *local_err = NULL;
- int err;
-
- bdrv_add_key(bs, NULL, &local_err);
- if (!local_err) {
- if (completion_cb)
- completion_cb(opaque, 0);
- return 0;
- }
-
- /* Need a key for @bs */
-
- if (monitor_ctrl_mode(mon)) {
- qerror_report_err(local_err);
- return -1;
- }
-
- monitor_printf(mon, "%s (%s) is encrypted.\n", bdrv_get_device_name(bs),
- bdrv_get_encrypted_filename(bs));
-
- mon->password_completion_cb = completion_cb;
- mon->password_opaque = opaque;
-
- err = monitor_read_password(mon, bdrv_password_cb, bs);
-
- if (err && completion_cb)
- completion_cb(opaque, err);
-
- return err;
-}
-
-int monitor_read_block_device_key(Monitor *mon, const char *device,
- BlockCompletionFunc *completion_cb,
- void *opaque)
-{
- BlockDriverState *bs;
-
- bs = bdrv_find(device);
- if (!bs) {
- monitor_printf(mon, "Device not found %s\n", device);
- return -1;
- }
-
- return monitor_read_bdrv_key_start(mon, bs, completion_cb, opaque);
-}
-
QemuOptsList qemu_mon_opts = {
.name = "mon",
.implied_opt_name = "chardev",
diff --git a/qapi-schema.json b/qapi-schema.json
index e16f8eb..cb7ba49 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1234,10 +1234,6 @@
#
# Since: 0.14.0
#
-# Returns: If successful, nothing
-# If QEMU was started with an encrypted block device and a key has
-# not yet been set, DeviceEncrypted.
-#
# Notes: This command will succeed if the guest is currently running. It
# will also succeed if the guest is in the "inmigrate" state; in
# this case, the effect of the command is to make sure the guest
@@ -1385,8 +1381,8 @@
# o This command is stateless, this means that commands that depend
# on state information (such as getfd) might not work
#
-# o Commands that prompt the user for data (eg. 'cont' when the block
-# device is encrypted) don't currently work
+# o Commands that prompt the user for data (eg. 'change vnc
+# password') don't currently work
##
{ 'command': 'human-monitor-command',
'data': {'command-line': 'str', '*cpu-index': 'int'},
@@ -1642,11 +1638,6 @@
#
# Returns: Nothing on success.
# If @device is not a valid block device, DeviceNotFound
-# If the new block device is encrypted, DeviceEncrypted. Note that
-# if this error is returned, the device has been opened successfully
-# and an additional call to @block_passwd is required to set the
-# device's password. The behavior of reads and writes to the block
-# device between when these calls are executed is undefined.
#
# Notes: It is strongly recommended that this interface is not used especially
# for changing block devices.
diff --git a/qapi/block-core.json b/qapi/block-core.json
index a3fdaf0..9a5aa37 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -220,10 +220,9 @@
#
# @backing_file_depth: number of files in the backing file chain (since: 1.2)
#
-# @encrypted: true if the backing device is encrypted
+# @encrypted: for backward compatibility, always false
#
-# @encryption_key_missing: true if the backing device is encrypted but an
-# valid encryption key is missing
+# @encryption_key_missing: for backward compatibility, always false
#
# @detect_zeroes: detect and optimize zero writes (Since 2.1)
#
@@ -573,43 +572,6 @@
{ 'command': 'query-block-jobs', 'returns': ['BlockJobInfo'] }
##
-# @block_passwd:
-#
-# This command sets the password of a block device that has not been open
-# with a password and requires one.
-#
-# The two cases where this can happen are a block device is created through
-# QEMU's initial command line or a block device is changed through the legacy
-# @change interface.
-#
-# In the event that the block device is created through the initial command
-# line, the VM will start in the stopped state regardless of whether '-S' is
-# used. The intention is for a management tool to query the block devices to
-# determine which ones are encrypted, set the passwords with this command, and
-# then start the guest with the @cont command.
-#
-# Either @device or @node-name must be set but not both.
-#
-# @device: #optional the name of the block backend device to set the password
on
-#
-# @node-name: #optional graph node name to set the password on (Since 2.0)
-#
-# @password: the password to use for the device
-#
-# Returns: nothing on success
-# If @device is not a valid block device, DeviceNotFound
-# If @device is not encrypted, DeviceNotEncrypted
-#
-# Notes: Not all block formats support encryption and some that do are not
-# able to validate that a password is correct. Disk corruption may
-# occur if an invalid password is specified.
-#
-# Since: 0.14.0
-##
-{ 'command': 'block_passwd', 'data': {'*device': 'str',
- '*node-name': 'str', 'password': 'str'} }
-
-##
# @block_resize
#
# Resize a block image while a guest is running.
diff --git a/qapi/common.json b/qapi/common.json
index 63ef3b4..84b5cb4 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -12,9 +12,6 @@
#
# @CommandNotFound: the requested command has not been found
#
-# @DeviceEncrypted: the requested operation can't be fulfilled because the
-# selected device is encrypted
-#
# @DeviceNotActive: a device has failed to be become active
#
# @DeviceNotFound: the requested device has not been found
@@ -25,7 +22,7 @@
# Since: 1.2
##
{ 'enum': 'ErrorClass',
- 'data': [ 'GenericError', 'CommandNotFound', 'DeviceEncrypted',
+ 'data': [ 'GenericError', 'CommandNotFound',
'DeviceNotActive', 'DeviceNotFound', 'KVMMissingCap' ] }
##
diff --git a/qmp-commands.hx b/qmp-commands.hx
index a85d847..0d202ea 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1677,32 +1677,6 @@ Note: The list of fd sets is shared by all monitor
connections.
EQMP
{
- .name = "block_passwd",
- .args_type = "device:s?,node-name:s?,password:s",
- .mhandler.cmd_new = qmp_marshal_input_block_passwd,
- },
-
-SQMP
-block_passwd
-------------
-
-Set the password of encrypted block devices.
-
-Arguments:
-
-- "device": device name (json-string)
-- "node-name": name in the block driver state graph (json-string)
-- "password": password (json-string)
-
-Example:
-
--> { "execute": "block_passwd", "arguments": { "device": "ide0-hd0",
- "password": "12345" } }
-<- { "return": {} }
-
-EQMP
-
- {
.name = "block_set_io_throttle",
.args_type =
"device:B,bps:l,bps_rd:l,bps_wr:l,iops:l,iops_rd:l,iops_wr:l,bps_max:l?,bps_rd_max:l?,bps_wr_max:l?,iops_max:l?,iops_rd_max:l?,iops_wr_max:l?,iops_size:l?",
.mhandler.cmd_new = qmp_marshal_input_block_set_io_throttle,
diff --git a/qmp.c b/qmp.c
index d701cff..8ec9b03 100644
--- a/qmp.c
+++ b/qmp.c
@@ -160,7 +160,6 @@ SpiceInfo *qmp_query_spice(Error **errp)
void qmp_cont(Error **errp)
{
- Error *local_err = NULL;
BlockDriverState *bs;
if (runstate_needs_reset()) {
@@ -173,13 +172,6 @@ void qmp_cont(Error **errp)
for (bs = bdrv_next(NULL); bs; bs = bdrv_next(bs)) {
bdrv_iostatus_reset(bs);
}
- for (bs = bdrv_next(NULL); bs; bs = bdrv_next(bs)) {
- bdrv_add_key(bs, NULL, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- }
if (runstate_check(RUN_STATE_INMIGRATE)) {
autostart = 1;
--
1.9.3