* [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support
@ 2017-04-25 15:38 Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
` (19 more replies)
0 siblings, 20 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Previously posted:
v1: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00201.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg05147.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg05671.html
v4: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02293.html
v5: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04653.html
This series is a continuation of previous work to support LUKS in
QEMU. The existing merged code supports LUKS as a standalone
driver which can be layered over/under any other QEMU block device
driver. This works well when using LUKS over protocol drivers (file,
rbd, iscsi, etc, etc), but has some downsides when combined with
format drivers like qcow2.
If you layer LUKS under qcow2 (eg qcow2 -> luks -> file) then you
cannot get any information about the qcow2 file without first
decrypting it, as both the header and payload are encrypted.
If you layer LUKS over qcow2 (eg luks -> qcow2 -> file) then you
cannot distinguish between a qcow2 file where the guest has done
LUKS encryption from a qcow2 file which qemu has done encryption.
More seriously, when encrypting sectors the guest virtual sector
is used as the input for deriving the initialization vectors.
When internal snapshots are used, this means that multiple sectors
in the qcow2 file may be encrypted with the same initialization
vector. This is a security weakness when combined with certain
cryptographic modes.
Integrating LUKS natively into qcow2 allows us to combine the
best aspects of both layering strategies above. In particular
the header remains unecrypted, but initialization vectors are
generated using physical sector numbers preserving security
when snapshots are used. This is a change from previous postings
of this work, where the IVs were (incorrectly) generated based
on the virtual disk sector.
In a previous posting of this work, Fam had suggested that we
do integration by layering luks over qcow2, but having QEMU
block layer automatically create the luks driver above qcow2
based on the qcow2 header crypt_method field. This is not
possible though, because such a scheme would suffer from the
problem of IVs being generated from the virtual disk sector
instead of physical disk sector. So having LUKS specific
code in the qcow2 block driver is unavoidable. In comparison
to the previous posting though, the amount of code in qcow2.c
has been reduced by allowing re-use of code from block/crypto.c
for handling QemuOpts -> QAPI conversion. So extra lines of
code in qcow2 to support LUKS is < 200.
I have also split the changes to qcow2 up into 2 patches. The
first patch simply introduces use of the QCryptoBlock framework
to qcow2 for the existing (deprecated) AES-CBC encryption method.
The second patch wires up the LUKS support for qcow2. This makes
it clearer which parts of the changes are related to plain code
refactoring, vs enabling the new features. Specifically we can
now see that the LUKS enablement in qcow2 has this footprint:
Changed in v6:
- Changed QAPI / QemuOpts design to use nested struct/union
for all encryption parameters (Eric/Kevin)
- Fix cleanup during error conditions (Alberto)
Changed in v5:
- Remove accidental use of tabs in spec (Alberto)
- Clarify payload-offset position semantics (Alberto)
- Fix leak of QemuOpts in qcow v1 (Alberto)
- Avoid overwriting existing Error ** (Alberto)
- Reuse string -> enum convertor for qcow2 encryption format (Alberto)
- Fix iotests to deal with recent changes on git master
Changed in v4:
- Change qcow size check to == 0, instead of <= 1 (Alberto/Eric)
- Fix crash if qcow2 header contains unexpected crypt method (Alberto)
- Formatting tweaks in qcow2 spec additions (Max)
- Remove badly merged comment in qapi schema (Max)
- Don't add iotest number 173 (Max)
- Fix test-qcrypto-block.c (Max)
Changed in v3:
- Modify qemu-img to check for 'encryption-format' option too
and reject it when combined with compression
- Add check to prevent 'qemu-img amend' changing encryption
format
- Ensure crypto layer is able to report correct option names
in errors. ie luks-key-secret rather than just key-secret
- Use read -P 0 in test case 174
Changed in v2:
- Split qcow2 LUKS tests into separate patch
- Split qcow2 LUKS spec addition into separate patch
- Use strstart instead of g_str_has_prefix + pointer manipulation
- Use -1 instead of 1 for error condition when iterating over opts
- Fix formatting of qemu-img manpage for qcow2 AES flaws list
- Fix writing zeros in qcow when encrypting sector
- Don't overwrite input data buffer in qcow2 when encrypting data
- Use TODO instead of XXX markers
- Rename qcow2_change_encryption to qcow2_set_up_encryption
- Add missing QEMU_IO_OPTIONS_NO_FMT variable to iotests
- Explicitly fill crypto header unused space with zeros
- Fix byte-swapping of crypto header in qcow2
- Enforce crypto header offset is multiple of cluster size
- Move setting of crypt_physical_offset flag
- Fix docs for 'encryption-format' option
- Deprecate legacy 'encryption' option
- Drop redundant test scenarios
- Use small file sizes for iotests
- Drop pbkdf iteration time to 10ms during iotests
- Use separate passphrase for top vs backing file in iotests
- Mark 'encryption_key_missing@ field as deprecated
Daniel P. Berrange (18):
block: expose crypto option names / defs to other drivers
block: add ability to set a prefix for opt names
qcow: document another weakness of qcow AES encryption
qcow: require image size to be > 1 for new images
iotests: skip 042 with qcow which dosn't support zero sized images
iotests: skip 048 with qcow which doesn't support resize
block: deprecate "encryption=on" in favour of "encrypt.format=aes"
qcow: make encrypt_sectors encrypt in place
qcow: convert QCow to use QCryptoBlock for encryption
qcow2: make qcow2_encrypt_sectors encrypt in place
qcow2: convert QCow2 to use QCryptoBlock for encryption
qcow2: extend specification to cover LUKS encryption
qcow2: add support for LUKS encryption format
qcow2: add iotests to cover LUKS encryption support
iotests: enable tests 134 and 158 to work with qcow (v1)
block: rip out all traces of password prompting
block: remove all encryption handling APIs
block: pass option prefix down to crypto layer
block.c | 77 +-------
block/crypto.c | 97 ++++------
block/crypto.h | 101 ++++++++++
block/qapi.c | 2 +-
block/qcow.c | 265 +++++++++++++------------
block/qcow2-cluster.c | 56 +-----
block/qcow2-refcount.c | 10 +
block/qcow2.c | 473 +++++++++++++++++++++++++++++++++++++--------
block/qcow2.h | 17 +-
blockdev.c | 37 +---
crypto/block-luks.c | 8 +-
crypto/block-qcow.c | 8 +-
crypto/block.c | 6 +-
crypto/blockpriv.h | 2 +
docs/specs/qcow2.txt | 96 +++++++++
hmp-commands.hx | 2 +
hmp.c | 31 ---
include/block/block.h | 3 -
include/block/block_int.h | 3 +-
include/crypto/block.h | 6 +-
include/monitor/monitor.h | 7 -
include/qapi/error.h | 1 -
include/qemu/osdep.h | 2 -
monitor.c | 68 -------
qapi-schema.json | 10 +-
qapi/block-core.json | 102 ++++++----
qapi/common.json | 5 +-
qemu-img.c | 35 +---
qemu-img.texi | 19 +-
qemu-io.c | 20 --
qmp.c | 12 +-
tests/qemu-iotests/042 | 2 +-
tests/qemu-iotests/048 | 2 +-
tests/qemu-iotests/049 | 2 +-
tests/qemu-iotests/049.out | 4 +-
tests/qemu-iotests/082.out | 270 +++++++++++++++++++++++---
tests/qemu-iotests/087 | 39 +++-
tests/qemu-iotests/087.out | 16 +-
tests/qemu-iotests/134 | 20 +-
tests/qemu-iotests/134.out | 10 +-
tests/qemu-iotests/158 | 21 +-
tests/qemu-iotests/158.out | 14 +-
tests/qemu-iotests/177 | 76 ++++++++
tests/qemu-iotests/177.out | 18 ++
tests/qemu-iotests/178 | 86 +++++++++
tests/qemu-iotests/178.out | 26 +++
tests/qemu-iotests/common | 10 +-
tests/qemu-iotests/group | 2 +
tests/test-crypto-block.c | 8 +-
util/oslib-posix.c | 66 -------
util/oslib-win32.c | 24 ---
51 files changed, 1449 insertions(+), 848 deletions(-)
create mode 100644 block/crypto.h
create mode 100755 tests/qemu-iotests/177
create mode 100644 tests/qemu-iotests/177.out
create mode 100755 tests/qemu-iotests/178
create mode 100644 tests/qemu-iotests/178.out
--
2.9.3
^ permalink raw reply [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 13:26 ` Eric Blake
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
` (18 subsequent siblings)
19 siblings, 1 reply; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
The block/crypto.c defines a set of QemuOpts that provide
parameters for encryption. This will also be needed by
the qcow/qcow2 integration, so expose the relevant pieces
in a new block/crypto.h header. Some helper methods taking
QemuOpts are changed to take QDict to simplify usage in
other places.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 82 +++++++++++++++++-----------------------------------
block/crypto.h | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 117 insertions(+), 56 deletions(-)
create mode 100644 block/crypto.h
diff --git a/block/crypto.c b/block/crypto.c
index 2a6a805..8205bd8 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -24,16 +24,10 @@
#include "sysemu/block-backend.h"
#include "crypto/block.h"
#include "qapi/opts-visitor.h"
+#include "qapi/qobject-input-visitor.h"
#include "qapi-visit.h"
#include "qapi/error.h"
-
-#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
-#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
-#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
-#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
-#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
-#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
-#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
+#include "block/crypto.h"
typedef struct BlockCrypto BlockCrypto;
@@ -135,11 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks = {
.name = "crypto",
.head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
.desc = {
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
- .type = QEMU_OPT_STRING,
- .help = "ID of the secret that provides the encryption key",
- },
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
{ /* end of list */ }
},
};
@@ -154,49 +144,21 @@ static QemuOptsList block_crypto_create_opts_luks = {
.type = QEMU_OPT_SIZE,
.help = "Virtual disk size"
},
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
- .type = QEMU_OPT_STRING,
- .help = "ID of the secret that provides the encryption key",
- },
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,
- .type = QEMU_OPT_STRING,
- .help = "Name of encryption cipher algorithm",
- },
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,
- .type = QEMU_OPT_STRING,
- .help = "Name of encryption cipher mode",
- },
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG,
- .type = QEMU_OPT_STRING,
- .help = "Name of IV generator algorithm",
- },
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,
- .type = QEMU_OPT_STRING,
- .help = "Name of IV generator hash algorithm",
- },
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,
- .type = QEMU_OPT_STRING,
- .help = "Name of encryption hash algorithm",
- },
- {
- .name = BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,
- .type = QEMU_OPT_NUMBER,
- .help = "Time to spend in PBKDF in milliseconds",
- },
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME,
{ /* end of list */ }
},
};
-static QCryptoBlockOpenOptions *
+QCryptoBlockOpenOptions *
block_crypto_open_opts_init(QCryptoBlockFormat format,
- QemuOpts *opts,
+ QDict *opts,
Error **errp)
{
Visitor *v;
@@ -206,7 +168,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
ret = g_new0(QCryptoBlockOpenOptions, 1);
ret->format = format;
- v = opts_visitor_new(opts);
+ v = qobject_input_visitor_new_keyval(QOBJECT(opts));
visit_start_struct(v, NULL, NULL, 0, &local_err);
if (local_err) {
@@ -240,9 +202,9 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
}
-static QCryptoBlockCreateOptions *
+QCryptoBlockCreateOptions *
block_crypto_create_opts_init(QCryptoBlockFormat format,
- QemuOpts *opts,
+ QDict *opts,
Error **errp)
{
Visitor *v;
@@ -252,7 +214,7 @@ block_crypto_create_opts_init(QCryptoBlockFormat format,
ret = g_new0(QCryptoBlockCreateOptions, 1);
ret->format = format;
- v = opts_visitor_new(opts);
+ v = qobject_input_visitor_new_keyval(QOBJECT(opts));
visit_start_struct(v, NULL, NULL, 0, &local_err);
if (local_err) {
@@ -299,6 +261,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
int ret = -EINVAL;
QCryptoBlockOpenOptions *open_opts = NULL;
unsigned int cflags = 0;
+ QDict *cryptoopts = NULL;
bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
false, errp);
@@ -313,7 +276,9 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
goto cleanup;
}
- open_opts = block_crypto_open_opts_init(format, opts, errp);
+ cryptoopts = qemu_opts_to_qdict(opts, NULL);
+
+ open_opts = block_crypto_open_opts_init(format, cryptoopts, errp);
if (!open_opts) {
goto cleanup;
}
@@ -337,6 +302,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
ret = 0;
cleanup:
+ QDECREF(cryptoopts);
qapi_free_QCryptoBlockOpenOptions(open_opts);
return ret;
}
@@ -356,8 +322,11 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
.opts = opts,
.filename = filename,
};
+ QDict *cryptoopts;
+
+ cryptoopts = qemu_opts_to_qdict(opts, NULL);
- create_opts = block_crypto_create_opts_init(format, opts, errp);
+ create_opts = block_crypto_create_opts_init(format, cryptoopts, errp);
if (!create_opts) {
return -1;
}
@@ -375,6 +344,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
ret = 0;
cleanup:
+ QDECREF(cryptoopts);
qcrypto_block_free(crypto);
blk_unref(data.blk);
qapi_free_QCryptoBlockCreateOptions(create_opts);
diff --git a/block/crypto.h b/block/crypto.h
new file mode 100644
index 0000000..a4ea28a
--- /dev/null
+++ b/block/crypto.h
@@ -0,0 +1,91 @@
+/*
+ * QEMU block full disk encryption
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef BLOCK_CRYPTO_H__
+#define BLOCK_CRYPTO_H__
+
+#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
+#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
+#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \
+ .type = QEMU_OPT_STRING, \
+ .help = "ID of the secret that provides the keyslot passphrase", \
+ }
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of encryption cipher algorithm", \
+ }
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of encryption cipher mode", \
+ }
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of IV generator algorithm", \
+ }
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of IV generator hash algorithm", \
+ }
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of encryption hash algorithm", \
+ }
+
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \
+ { \
+ .name = BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
+ .type = QEMU_OPT_NUMBER, \
+ .help = "Time to spend in PBKDF in milliseconds", \
+ }
+
+QCryptoBlockCreateOptions *
+block_crypto_create_opts_init(QCryptoBlockFormat format,
+ QDict *opts,
+ Error **errp);
+
+QCryptoBlockOpenOptions *
+block_crypto_open_opts_init(QCryptoBlockFormat format,
+ QDict *opts,
+ Error **errp);
+
+#endif /* BLOCK_CRYPTO_H__ */
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 13:28 ` Eric Blake
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
` (17 subsequent siblings)
19 siblings, 1 reply; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
When integrating the crypto support with qcow/qcow2, we don't
want to use the bare LUKS option names "hash-alg", "key-secret",
etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
so that they don't clash with any general qcow options at a later
date.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 16 ++++++++--------
block/crypto.h | 40 ++++++++++++++++++++--------------------
2 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index 8205bd8..7edcc49 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -129,7 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks = {
.name = "crypto",
.head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
.desc = {
- BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
{ /* end of list */ }
},
};
@@ -144,13 +144,13 @@ static QemuOptsList block_crypto_create_opts_luks = {
.type = QEMU_OPT_SIZE,
.help = "Virtual disk size"
},
- BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE,
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
{ /* end of list */ }
},
};
diff --git a/block/crypto.h b/block/crypto.h
index a4ea28a..78c1f50 100644
--- a/block/crypto.h
+++ b/block/crypto.h
@@ -29,51 +29,51 @@
#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \
.type = QEMU_OPT_STRING, \
.help = "ID of the secret that provides the keyslot passphrase", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
.type = QEMU_OPT_STRING, \
.help = "Name of encryption cipher algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \
- { \
- .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
- .type = QEMU_OPT_STRING, \
- .help = "Name of encryption cipher mode", \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \
+ { \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of encryption cipher mode", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \
- { \
- .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
- .type = QEMU_OPT_STRING, \
- .help = "Name of IV generator algorithm", \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \
+ { \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of IV generator algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
.type = QEMU_OPT_STRING, \
.help = "Name of IV generator hash algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
.type = QEMU_OPT_STRING, \
.help = "Name of encryption hash algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
.type = QEMU_OPT_NUMBER, \
.help = "Time to spend in PBKDF in milliseconds", \
}
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
` (16 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Document that use of guest virtual sector numbers as the basis for
the initialization vectors is a potential weakness, when combined
with internal snapshots or multiple images using the same passphrase.
This fixes the formatting of the itemized list too.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
qemu-img.texi | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/qemu-img.texi b/qemu-img.texi
index c81db3e..d6baae0 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -558,16 +558,29 @@ The use of encryption in qcow and qcow2 images is considered to be flawed by
modern cryptography standards, suffering from a number of design problems:
@itemize @minus
-@item The AES-CBC cipher is used with predictable initialization vectors based
+@item
+The AES-CBC cipher is used with predictable initialization vectors based
on the sector number. This makes it vulnerable to chosen plaintext attacks
which can reveal the existence of encrypted data.
-@item The user passphrase is directly used as the encryption key. A poorly
+@item
+The user passphrase is directly used as the encryption key. A poorly
chosen or short passphrase will compromise the security of the encryption.
-@item In the event of the passphrase being compromised there is no way to
+@item
+In the event of the passphrase being compromised there is no way to
change the passphrase to protect data in any qcow images. The files must
be cloned, using a different encryption passphrase in the new file. The
original file must then be securely erased using a program like shred,
though even this is ineffective with many modern storage technologies.
+@item
+Initialization vectors used to encrypt sectors are based on the
+guest virtual sector number, instead of the host physical sector. When
+a disk image has multiple internal snapshots this means that data in
+multiple physical sectors is encrypted with the same initialization
+vector. With the CBC mode, this opens the possibility of watermarking
+attacks if the attack can collect multiple sectors encrypted with the
+same IV and some predictable data. Having multiple qcow2 images with
+the same passphrase also exposes this weakness since the passphrase
+is directly used as the key.
@end itemize
Use of qcow / qcow2 encryption is thus strongly discouraged. Users are
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 04/18] qcow: require image size to be > 1 for new images
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (2 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
` (15 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
The qcow driver refuses to open images which are less than
2 bytes in size, but will happily create such images. Add
a check in the create path to avoid this discrepancy.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/block/qcow.c b/block/qcow.c
index 9d6ac83..d6ce46c 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -811,6 +811,12 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
/* Read out options */
total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
BDRV_SECTOR_SIZE);
+ if (total_size == 0) {
+ error_setg(errp, "Image size is too small, cannot be zero length");
+ ret = -EINVAL;
+ goto cleanup;
+ }
+
backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
flags |= BLOCK_FLAG_ENCRYPT;
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (3 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
` (14 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Test 042 is designed to verify operation with zero sized images.
Such images are not supported with qcow (v1), so this test has
always failed.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/042 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/042 b/tests/qemu-iotests/042
index 351b283..a53e7cb 100755
--- a/tests/qemu-iotests/042
+++ b/tests/qemu-iotests/042
@@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
. ./common.rc
. ./common.filter
-_supported_fmt qcow2 qcow qed
+_supported_fmt qcow2 qed
_supported_proto file
_supported_os Linux
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (4 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" Daniel P. Berrange
` (13 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Test 048 is designed to verify data preservation during an
image resize. The qcow (v1) format impl has never supported
resize so always fails.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/048 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/048 b/tests/qemu-iotests/048
index 203c04f..9ed04a0 100755
--- a/tests/qemu-iotests/048
+++ b/tests/qemu-iotests/048
@@ -46,7 +46,7 @@ _compare()
. ./common.filter
. ./common.pattern
-_supported_fmt raw qcow qcow2 qed luks
+_supported_fmt raw qcow2 qed luks
_supported_proto file
_supported_os Linux
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes"
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (5 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 14:14 ` Eric Blake
2017-05-11 12:55 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
` (12 subsequent siblings)
19 siblings, 2 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Historically the qcow & qcow2 image formats supported a property
"encryption=on" to enable their built-in AES encryption. We'll
soon be supporting LUKS for qcow2, so need a more general purpose
way to enable encryption, with a choice of formats.
This introduces an "encrypt.format" option, which will later be
joined by a number of other "encrypt.XXX" options. The use of
a "encrypt." prefix instead of "encrypt-" is done to facilitate
mapping to a nested QAPI schema at later date.
e.g. the preferred syntax is now
qemu-img create -f qcow2 -o encrypt.format=aes demo.qcow2
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow.c | 30 ++++++++++++++---
block/qcow2.c | 33 +++++++++++++++----
include/block/block_int.h | 2 +-
qemu-img.c | 4 ++-
tests/qemu-iotests/082.out | 81 ++++++++++++++++++++++++++++++----------------
5 files changed, 110 insertions(+), 40 deletions(-)
diff --git a/block/qcow.c b/block/qcow.c
index d6ce46c..e9b7861 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -803,10 +803,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
uint8_t *tmp;
int64_t total_size = 0;
char *backing_file = NULL;
- int flags = 0;
Error *local_err = NULL;
int ret;
BlockBackend *qcow_blk;
+ const char *encryptfmt = NULL;
/* Read out options */
total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
@@ -818,8 +818,16 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
}
backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
- if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
- flags |= BLOCK_FLAG_ENCRYPT;
+ encryptfmt = qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT);
+ if (encryptfmt) {
+ if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
+ error_setg(errp, "Options " BLOCK_OPT_ENCRYPT " and "
+ BLOCK_OPT_ENCRYPT_FORMAT " are mutually exclusive");
+ ret = -EINVAL;
+ goto cleanup;
+ }
+ } else if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
+ encryptfmt = "aes";
}
ret = bdrv_create_file(filename, opts, &local_err);
@@ -872,7 +880,13 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
l1_size = (total_size + (1LL << shift) - 1) >> shift;
header.l1_table_offset = cpu_to_be64(header_size);
- if (flags & BLOCK_FLAG_ENCRYPT) {
+ if (encryptfmt) {
+ if (!g_str_equal(encryptfmt, "aes")) {
+ error_setg(errp, "Unknown encryption format '%s', expected 'aes'",
+ encryptfmt);
+ ret = -EINVAL;
+ goto exit;
+ }
header.crypt_method = cpu_to_be32(QCOW_CRYPT_AES);
} else {
header.crypt_method = cpu_to_be32(QCOW_CRYPT_NONE);
@@ -1046,9 +1060,15 @@ static QemuOptsList qcow_create_opts = {
{
.name = BLOCK_OPT_ENCRYPT,
.type = QEMU_OPT_BOOL,
- .help = "Encrypt the image",
+ .help = "Encrypt the image with format 'aes'. (Deprecated "
+ "in favour of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)",
.def_value_str = "off"
},
+ {
+ .name = BLOCK_OPT_ENCRYPT_FORMAT,
+ .type = QEMU_OPT_STRING,
+ .help = "Encrypt the image, format choices: 'aes'",
+ },
{ /* end of list */ }
}
};
diff --git a/block/qcow2.c b/block/qcow2.c
index 6a92d2e..98ca6ed 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2099,7 +2099,7 @@ static int qcow2_create2(const char *filename, int64_t total_size,
const char *backing_file, const char *backing_format,
int flags, size_t cluster_size, PreallocMode prealloc,
QemuOpts *opts, int version, int refcount_order,
- Error **errp)
+ const char *encryptfmt, Error **errp)
{
int cluster_bits;
QDict *options;
@@ -2227,7 +2227,13 @@ static int qcow2_create2(const char *filename, int64_t total_size,
.header_length = cpu_to_be32(sizeof(*header)),
};
- if (flags & BLOCK_FLAG_ENCRYPT) {
+ if (encryptfmt) {
+ if (!g_str_equal(encryptfmt, "aes")) {
+ error_setg(errp, "Unknown encryption format '%s', expected 'aes'",
+ encryptfmt);
+ ret = -EINVAL;
+ goto out;
+ }
header->crypt_method = cpu_to_be32(QCOW_CRYPT_AES);
} else {
header->crypt_method = cpu_to_be32(QCOW_CRYPT_NONE);
@@ -2356,6 +2362,7 @@ static int qcow2_create(const char *filename, QemuOpts *opts, Error **errp)
int version = 3;
uint64_t refcount_bits = 16;
int refcount_order;
+ const char *encryptfmt = NULL;
Error *local_err = NULL;
int ret;
@@ -2364,8 +2371,16 @@ static int qcow2_create(const char *filename, QemuOpts *opts, Error **errp)
BDRV_SECTOR_SIZE);
backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
backing_fmt = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FMT);
- if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
- flags |= BLOCK_FLAG_ENCRYPT;
+ encryptfmt = qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT);
+ if (encryptfmt) {
+ if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
+ error_setg(errp, "Options " BLOCK_OPT_ENCRYPT " and "
+ BLOCK_OPT_ENCRYPT_FORMAT " are mutually exclusive");
+ ret = -EINVAL;
+ goto finish;
+ }
+ } else if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
+ encryptfmt = "aes";
}
cluster_size = qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE,
DEFAULT_CLUSTER_SIZE);
@@ -2431,7 +2446,7 @@ static int qcow2_create(const char *filename, QemuOpts *opts, Error **errp)
ret = qcow2_create2(filename, size, backing_file, backing_fmt, flags,
cluster_size, prealloc, opts, version, refcount_order,
- &local_err);
+ encryptfmt, &local_err);
error_propagate(errp, local_err);
finish:
@@ -3370,10 +3385,16 @@ static QemuOptsList qcow2_create_opts = {
{
.name = BLOCK_OPT_ENCRYPT,
.type = QEMU_OPT_BOOL,
- .help = "Encrypt the image",
+ .help = "Encrypt the image with format 'aes'. (Deprecated "
+ "in favour of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)",
.def_value_str = "off"
},
{
+ .name = BLOCK_OPT_ENCRYPT_FORMAT,
+ .type = QEMU_OPT_STRING,
+ .help = "Encrypt the image, format choices: 'aes'",
+ },
+ {
.name = BLOCK_OPT_CLUSTER_SIZE,
.type = QEMU_OPT_SIZE,
.help = "qcow2 cluster size",
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 4f8cd29..4b2f8b0 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -36,11 +36,11 @@
#include "qemu/main-loop.h"
#include "qemu/throttle.h"
-#define BLOCK_FLAG_ENCRYPT 1
#define BLOCK_FLAG_LAZY_REFCOUNTS 8
#define BLOCK_OPT_SIZE "size"
#define BLOCK_OPT_ENCRYPT "encryption"
+#define BLOCK_OPT_ENCRYPT_FORMAT "encrypt.format"
#define BLOCK_OPT_COMPAT6 "compat6"
#define BLOCK_OPT_HWVERSION "hwversion"
#define BLOCK_OPT_BACKING_FILE "backing_file"
diff --git a/qemu-img.c b/qemu-img.c
index bbe1574..26be4d6 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2229,6 +2229,8 @@ static int img_convert(int argc, char **argv)
if (compress) {
bool encryption =
qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, false);
+ const char *encryptfmt =
+ qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT);
const char *preallocation =
qemu_opt_get(opts, BLOCK_OPT_PREALLOC);
@@ -2238,7 +2240,7 @@ static int img_convert(int argc, char **argv)
goto out;
}
- if (encryption) {
+ if (encryption || encryptfmt) {
error_report("Compression and encryption not supported at "
"the same time");
ret = -1;
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
index a952330..e7ca3b1 100644
--- a/tests/qemu-iotests/082.out
+++ b/tests/qemu-iotests/082.out
@@ -48,7 +48,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -61,7 +62,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -74,7 +76,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -87,7 +90,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -100,7 +104,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -113,7 +118,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -126,7 +132,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -139,7 +146,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -167,7 +175,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -229,7 +238,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -242,7 +252,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -255,7 +266,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -268,7 +280,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -281,7 +294,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -294,7 +308,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -307,7 +322,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -320,7 +336,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -348,7 +365,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -407,7 +425,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -420,7 +439,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -433,7 +453,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -446,7 +467,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -459,7 +481,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -472,7 +495,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -485,7 +509,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -498,7 +523,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -528,7 +554,8 @@ size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
-encryption Encrypt the image
+encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
+encrypt.format Encrypt the image, format choices: 'aes'
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (6 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
` (11 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Instead of requiring separate input/output buffers for
encrypting data, change encrypt_sectors() to assume
use of a single buffer, encrypting in place. One current
caller uses the same buffer for input/output already
and the other two callers are easily converted to do so.
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow.c | 45 +++++++++++++++------------------------------
1 file changed, 15 insertions(+), 30 deletions(-)
diff --git a/block/qcow.c b/block/qcow.c
index e9b7861..8b38de2 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -322,11 +322,10 @@ static int qcow_set_key(BlockDriverState *bs, const char *key)
}
/* The crypt function is compatible with the linux cryptoloop
- algorithm for < 4 GB images. NOTE: out_buf == in_buf is
- supported */
+ algorithm for < 4 GB images. */
static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
- uint8_t *out_buf, const uint8_t *in_buf,
- int nb_sectors, bool enc, Error **errp)
+ uint8_t *buf, int nb_sectors, bool enc,
+ Error **errp)
{
union {
uint64_t ll[2];
@@ -345,14 +344,12 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
}
if (enc) {
ret = qcrypto_cipher_encrypt(s->cipher,
- in_buf,
- out_buf,
+ buf, buf,
512,
errp);
} else {
ret = qcrypto_cipher_decrypt(s->cipher,
- in_buf,
- out_buf,
+ buf, buf,
512,
errp);
}
@@ -360,8 +357,7 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
return -1;
}
sector_num++;
- in_buf += 512;
- out_buf += 512;
+ buf += 512;
}
return 0;
}
@@ -481,13 +477,12 @@ static uint64_t get_cluster_offset(BlockDriverState *bs,
uint64_t start_sect;
assert(s->cipher);
start_sect = (offset & ~(s->cluster_size - 1)) >> 9;
- memset(s->cluster_data + 512, 0x00, 512);
for(i = 0; i < s->cluster_sectors; i++) {
if (i < n_start || i >= n_end) {
Error *err = NULL;
+ memset(s->cluster_data, 0x00, 512);
if (encrypt_sectors(s, start_sect + i,
- s->cluster_data,
- s->cluster_data + 512, 1,
+ s->cluster_data, 1,
true, &err) < 0) {
error_free(err);
errno = EIO;
@@ -665,7 +660,7 @@ static coroutine_fn int qcow_co_readv(BlockDriverState *bs, int64_t sector_num,
}
if (bs->encrypted) {
assert(s->cipher);
- if (encrypt_sectors(s, sector_num, buf, buf,
+ if (encrypt_sectors(s, sector_num, buf,
n, false, &err) < 0) {
goto fail;
}
@@ -700,9 +695,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
BDRVQcowState *s = bs->opaque;
int index_in_cluster;
uint64_t cluster_offset;
- const uint8_t *src_buf;
int ret = 0, n;
- uint8_t *cluster_data = NULL;
struct iovec hd_iov;
QEMUIOVector hd_qiov;
uint8_t *buf;
@@ -710,7 +703,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
s->cluster_cache_offset = -1; /* disable compressed cache */
- if (qiov->niov > 1) {
+ /* We must always copy the iov when encrypting, so we
+ * don't modify the original data buffer during encryption */
+ if (bs->encrypted || qiov->niov > 1) {
buf = orig_buf = qemu_try_blockalign(bs, qiov->size);
if (buf == NULL) {
return -ENOMEM;
@@ -740,21 +735,14 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
if (bs->encrypted) {
Error *err = NULL;
assert(s->cipher);
- if (!cluster_data) {
- cluster_data = g_malloc0(s->cluster_size);
- }
- if (encrypt_sectors(s, sector_num, cluster_data, buf,
- n, true, &err) < 0) {
+ if (encrypt_sectors(s, sector_num, buf, n, true, &err) < 0) {
error_free(err);
ret = -EIO;
break;
}
- src_buf = cluster_data;
- } else {
- src_buf = buf;
}
- hd_iov.iov_base = (void *)src_buf;
+ hd_iov.iov_base = (void *)buf;
hd_iov.iov_len = n * 512;
qemu_iovec_init_external(&hd_qiov, &hd_iov, 1);
qemu_co_mutex_unlock(&s->lock);
@@ -773,10 +761,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
}
qemu_co_mutex_unlock(&s->lock);
- if (qiov->niov > 1) {
- qemu_vfree(orig_buf);
- }
- g_free(cluster_data);
+ qemu_vfree(orig_buf);
return ret;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (7 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 15:12 ` Eric Blake
2017-05-11 14:05 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
` (10 subsequent siblings)
19 siblings, 2 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
This converts the qcow driver to make use of the QCryptoBlock
APIs for encrypting image content. This is only wired up to
permit use of the legacy QCow encryption format. Users who wish
to have the strong LUKS format should switch to qcow2 instead.
With this change it is now required to use the QCryptoSecret
object for providing passwords, instead of the current block
password APIs / interactive prompting.
$QEMU \
-object secret,id=sec0,filename=/home/berrange/encrypted.pw \
-drive file=/home/berrange/encrypted.qcow,encrypt.format=qcow,\
encrypt.key-secret=sec0
Likewise when creating such images
qemu-img create -f qcow \
-object secret,id=sec0,filename=/home/berrange/encrypted.pw \
-o encrypt.format=qcow,encrypt.key-secret=sec0 \
/home/berrange/encrypted.qcow
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 10 +++
block/crypto.h | 20 ++++--
block/qcow.c | 196 +++++++++++++++++++++++++--------------------------
qapi/block-core.json | 37 +++++++++-
4 files changed, 156 insertions(+), 107 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index 7edcc49..913723a 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -181,6 +181,11 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
v, &ret->u.luks, &local_err);
break;
+ case Q_CRYPTO_BLOCK_FORMAT_QCOW:
+ visit_type_QCryptoBlockOptionsQCow_members(
+ v, &ret->u.qcow, &local_err);
+ break;
+
default:
error_setg(&local_err, "Unsupported block format %d", format);
break;
@@ -227,6 +232,11 @@ block_crypto_create_opts_init(QCryptoBlockFormat format,
v, &ret->u.luks, &local_err);
break;
+ case Q_CRYPTO_BLOCK_FORMAT_QCOW:
+ visit_type_QCryptoBlockOptionsQCow_members(
+ v, &ret->u.qcow, &local_err);
+ break;
+
default:
error_setg(&local_err, "Unsupported block format %d", format);
break;
diff --git a/block/crypto.h b/block/crypto.h
index 78c1f50..a32e394 100644
--- a/block/crypto.h
+++ b/block/crypto.h
@@ -21,6 +21,19 @@
#ifndef BLOCK_CRYPTO_H__
#define BLOCK_CRYPTO_H__
+#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \
+ { \
+ .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \
+ .type = QEMU_OPT_STRING, \
+ .help = helpstr, \
+ }
+
+#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret"
+
+#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \
+ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
+ "ID of the secret that provides the AES encryption key")
+
#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
@@ -30,11 +43,8 @@
#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
- { \
- .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \
- .type = QEMU_OPT_STRING, \
- .help = "ID of the secret that provides the keyslot passphrase", \
- }
+ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
+ "ID of the secret that provides the keyslot passphrase")
#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \
{ \
diff --git a/block/qcow.c b/block/qcow.c
index 8b38de2..7bfa0dd 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -31,8 +31,10 @@
#include "qemu/bswap.h"
#include <zlib.h>
#include "qapi/qmp/qerror.h"
-#include "crypto/cipher.h"
+#include "qapi/qmp/qstring.h"
+#include "crypto/block.h"
#include "migration/migration.h"
+#include "block/crypto.h"
/**************************************************************/
/* QEMU COW block driver with compression and encryption support */
@@ -77,7 +79,7 @@ typedef struct BDRVQcowState {
uint8_t *cluster_cache;
uint8_t *cluster_data;
uint64_t cluster_cache_offset;
- QCryptoCipher *cipher; /* NULL if no key yet */
+ QCryptoBlock *crypto; /* Disk encryption format driver */
uint32_t crypt_method_header;
CoMutex lock;
Error *migration_blocker;
@@ -97,6 +99,15 @@ static int qcow_probe(const uint8_t *buf, int buf_size, const char *filename)
return 0;
}
+static QemuOptsList qcow_runtime_opts = {
+ .name = "qcow",
+ .head = QTAILQ_HEAD_INITIALIZER(qcow_runtime_opts.head),
+ .desc = {
+ BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
+ { /* end of list */ }
+ },
+};
+
static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
Error **errp)
{
@@ -105,6 +116,13 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
int ret;
QCowHeader header;
Error *local_err = NULL;
+ QCryptoBlockOpenOptions *crypto_opts = NULL;
+ unsigned int cflags = 0;
+ QDict *encryptopts = NULL;
+ const char *encryptfmt;
+
+ qdict_extract_subqdict(options, &encryptopts, "encrypt.");
+ encryptfmt = qdict_get_try_str(encryptopts, "format");
bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
false, errp);
@@ -155,17 +173,6 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
goto fail;
}
- if (header.crypt_method > QCOW_CRYPT_AES) {
- error_setg(errp, "invalid encryption method in qcow header");
- ret = -EINVAL;
- goto fail;
- }
- if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
- QCRYPTO_CIPHER_MODE_CBC)) {
- error_setg(errp, "AES cipher not available");
- ret = -EINVAL;
- goto fail;
- }
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
if (bdrv_uses_whitelist() &&
@@ -181,8 +188,39 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
ret = -ENOSYS;
goto fail;
}
+ if (s->crypt_method_header == QCOW_CRYPT_AES) {
+ if (encryptfmt && !g_str_equal(encryptfmt, "aes")) {
+ error_setg(errp,
+ "Header reported 'aes' encryption format but "
+ "options specify '%s'", encryptfmt);
+ ret = -EINVAL;
+ goto fail;
+ }
+ qdict_del(encryptopts, "format");
+ crypto_opts = block_crypto_open_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ ret = -EINVAL;
+ goto fail;
+ }
+ if (flags & BDRV_O_NO_IO) {
+ cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
+ }
+ s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
+ cflags, errp);
+ if (!s->crypto) {
+ ret = -EINVAL;
+ goto fail;
+ }
+ } else {
+ error_setg(errp, "invalid encryption method in qcow header");
+ ret = -EINVAL;
+ goto fail;
+ }
bs->encrypted = true;
+ bs->valid_key = true;
}
s->cluster_bits = header.cluster_bits;
s->cluster_size = 1 << s->cluster_bits;
@@ -266,6 +304,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
goto fail;
}
+ QDECREF(encryptopts);
+ qapi_free_QCryptoBlockOpenOptions(crypto_opts);
qemu_co_mutex_init(&s->lock);
return 0;
@@ -274,6 +314,9 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
qemu_vfree(s->l2_cache);
g_free(s->cluster_cache);
g_free(s->cluster_data);
+ qcrypto_block_free(s->crypto);
+ QDECREF(encryptopts);
+ qapi_free_QCryptoBlockOpenOptions(crypto_opts);
return ret;
}
@@ -286,81 +329,6 @@ static int qcow_reopen_prepare(BDRVReopenState *state,
return 0;
}
-static int qcow_set_key(BlockDriverState *bs, const char *key)
-{
- BDRVQcowState *s = bs->opaque;
- uint8_t keybuf[16];
- int len, i;
- Error *err;
-
- memset(keybuf, 0, 16);
- len = strlen(key);
- if (len > 16)
- len = 16;
- /* XXX: we could compress the chars to 7 bits to increase
- entropy */
- for(i = 0;i < len;i++) {
- keybuf[i] = key[i];
- }
- assert(bs->encrypted);
-
- qcrypto_cipher_free(s->cipher);
- s->cipher = qcrypto_cipher_new(
- QCRYPTO_CIPHER_ALG_AES_128,
- QCRYPTO_CIPHER_MODE_CBC,
- keybuf, G_N_ELEMENTS(keybuf),
- &err);
-
- if (!s->cipher) {
- /* XXX would be nice if errors in this method could
- * be properly propagate to the caller. Would need
- * the bdrv_set_key() API signature to be fixed. */
- error_free(err);
- return -1;
- }
- return 0;
-}
-
-/* The crypt function is compatible with the linux cryptoloop
- algorithm for < 4 GB images. */
-static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
- uint8_t *buf, int nb_sectors, bool enc,
- Error **errp)
-{
- union {
- uint64_t ll[2];
- uint8_t b[16];
- } ivec;
- int i;
- int ret;
-
- for(i = 0; i < nb_sectors; i++) {
- ivec.ll[0] = cpu_to_le64(sector_num);
- ivec.ll[1] = 0;
- if (qcrypto_cipher_setiv(s->cipher,
- ivec.b, G_N_ELEMENTS(ivec.b),
- errp) < 0) {
- return -1;
- }
- if (enc) {
- ret = qcrypto_cipher_encrypt(s->cipher,
- buf, buf,
- 512,
- errp);
- } else {
- ret = qcrypto_cipher_decrypt(s->cipher,
- buf, buf,
- 512,
- errp);
- }
- if (ret < 0) {
- return -1;
- }
- sector_num++;
- buf += 512;
- }
- return 0;
-}
/* 'allocate' is:
*
@@ -475,15 +443,16 @@ static uint64_t get_cluster_offset(BlockDriverState *bs,
if (bs->encrypted &&
(n_end - n_start) < s->cluster_sectors) {
uint64_t start_sect;
- assert(s->cipher);
+ assert(s->crypto);
start_sect = (offset & ~(s->cluster_size - 1)) >> 9;
for(i = 0; i < s->cluster_sectors; i++) {
if (i < n_start || i >= n_end) {
Error *err = NULL;
memset(s->cluster_data, 0x00, 512);
- if (encrypt_sectors(s, start_sect + i,
- s->cluster_data, 1,
- true, &err) < 0) {
+ if (qcrypto_block_encrypt(s->crypto, start_sect + i,
+ s->cluster_data,
+ BDRV_SECTOR_SIZE,
+ &err) < 0) {
error_free(err);
errno = EIO;
return -1;
@@ -528,7 +497,7 @@ static int64_t coroutine_fn qcow_co_get_block_status(BlockDriverState *bs,
if (!cluster_offset) {
return 0;
}
- if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->cipher) {
+ if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->crypto) {
return BDRV_BLOCK_DATA;
}
cluster_offset |= (index_in_cluster << BDRV_SECTOR_BITS);
@@ -659,9 +628,9 @@ static coroutine_fn int qcow_co_readv(BlockDriverState *bs, int64_t sector_num,
break;
}
if (bs->encrypted) {
- assert(s->cipher);
- if (encrypt_sectors(s, sector_num, buf,
- n, false, &err) < 0) {
+ assert(s->crypto);
+ if (qcrypto_block_decrypt(s->crypto, sector_num, buf,
+ n * BDRV_SECTOR_SIZE, &err) < 0) {
goto fail;
}
}
@@ -734,8 +703,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState *bs, int64_t sector_num,
}
if (bs->encrypted) {
Error *err = NULL;
- assert(s->cipher);
- if (encrypt_sectors(s, sector_num, buf, n, true, &err) < 0) {
+ assert(s->crypto);
+ if (qcrypto_block_encrypt(s->crypto, sector_num, buf,
+ n * BDRV_SECTOR_SIZE, &err) < 0) {
error_free(err);
ret = -EIO;
break;
@@ -770,8 +740,8 @@ static void qcow_close(BlockDriverState *bs)
{
BDRVQcowState *s = bs->opaque;
- qcrypto_cipher_free(s->cipher);
- s->cipher = NULL;
+ qcrypto_block_free(s->crypto);
+ s->crypto = NULL;
g_free(s->l1_table);
qemu_vfree(s->l2_cache);
g_free(s->cluster_cache);
@@ -792,6 +762,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
int ret;
BlockBackend *qcow_blk;
const char *encryptfmt = NULL;
+ QDict *options;
+ QDict *encryptopts = NULL;
+ QCryptoBlockCreateOptions *crypto_opts = NULL;
+ QCryptoBlock *crypto = NULL;
/* Read out options */
total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
@@ -865,6 +839,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
l1_size = (total_size + (1LL << shift) - 1) >> shift;
header.l1_table_offset = cpu_to_be64(header_size);
+
+ options = qemu_opts_to_qdict(opts, NULL);
+ qdict_extract_subqdict(options, &encryptopts, "encrypt.");
+ QDECREF(options);
if (encryptfmt) {
if (!g_str_equal(encryptfmt, "aes")) {
error_setg(errp, "Unknown encryption format '%s', expected 'aes'",
@@ -873,6 +851,20 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
goto exit;
}
header.crypt_method = cpu_to_be32(QCOW_CRYPT_AES);
+
+ crypto_opts = block_crypto_create_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ crypto = qcrypto_block_create(crypto_opts, NULL, NULL, NULL, errp);
+ if (!crypto) {
+ ret = -EINVAL;
+ goto exit;
+ }
} else {
header.crypt_method = cpu_to_be32(QCOW_CRYPT_NONE);
}
@@ -907,6 +899,8 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
exit:
blk_unref(qcow_blk);
cleanup:
+ qcrypto_block_free(crypto);
+ qapi_free_QCryptoBlockCreateOptions(crypto_opts);
g_free(backing_file);
return ret;
}
@@ -1054,6 +1048,7 @@ static QemuOptsList qcow_create_opts = {
.type = QEMU_OPT_STRING,
.help = "Encrypt the image, format choices: 'aes'",
},
+ BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
{ /* end of list */ }
}
};
@@ -1074,7 +1069,6 @@ static BlockDriver bdrv_qcow = {
.bdrv_co_writev = qcow_co_writev,
.bdrv_co_get_block_status = qcow_co_get_block_status,
- .bdrv_set_key = qcow_set_key,
.bdrv_make_empty = qcow_make_empty,
.bdrv_co_pwritev_compressed = qcow_co_pwritev_compressed,
.bdrv_get_info = qcow_get_info,
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 87fb747..e7bed8c 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2277,6 +2277,41 @@
'mode': 'Qcow2OverlapCheckMode' } }
##
+# @BlockdevQcowEncryptionFormat:
+# @qcow: AES-CBC with plain64 initialization venctors
+#
+# Since: 2.10
+##
+{ 'enum': 'BlockdevQcowEncryptionFormat',
+ 'data': [ 'qcow' ] }
+
+##
+# @BlockdevQcowEncryption:
+#
+# Since: 2.10
+##
+{ 'union': 'BlockdevQcowEncryption',
+ 'base': { 'format': 'BlockdevQcowEncryptionFormat' },
+ 'discriminator': 'format',
+ 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }
+
+##
+# @BlockdevOptionsQcow:
+#
+# Driver specific block device options for qcow.
+#
+# @encrypt: Image decryption options. Mandatory for
+# encrypted images, except when doing a metadata-only
+# probe of the image.
+#
+# Since: 2.10
+##
+{ 'struct': 'BlockdevOptionsQcow',
+ 'base': 'BlockdevOptionsGenericCOWFormat',
+ 'data': { '*encrypt': 'BlockdevQcowEncryption' } }
+
+
+##
# @BlockdevOptionsQcow2:
#
# Driver specific block device options for qcow2.
@@ -2933,7 +2968,7 @@
'null-co': 'BlockdevOptionsNull',
'parallels': 'BlockdevOptionsGenericFormat',
'qcow2': 'BlockdevOptionsQcow2',
- 'qcow': 'BlockdevOptionsGenericCOWFormat',
+ 'qcow': 'BlockdevOptionsQcow',
'qed': 'BlockdevOptionsGenericCOWFormat',
'quorum': 'BlockdevOptionsQuorum',
'raw': 'BlockdevOptionsRaw',
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (8 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
` (9 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Instead of requiring separate input/output buffers for
encrypting data, change qcow2_encrypt_sectors() to assume
use of a single buffer, encrypting in place. The current
callers all used the same buffer for input/output already.
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow2-cluster.c | 17 ++++++-----------
block/qcow2.c | 4 ++--
block/qcow2.h | 3 +--
3 files changed, 9 insertions(+), 15 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 100398c..0a27399 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -346,11 +346,9 @@ static int count_contiguous_clusters_by_type(int nb_clusters,
}
/* The crypt function is compatible with the linux cryptoloop
- algorithm for < 4 GB images. NOTE: out_buf == in_buf is
- supported */
+ algorithm for < 4 GB images. */
int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num,
- uint8_t *out_buf, const uint8_t *in_buf,
- int nb_sectors, bool enc,
+ uint8_t *buf, int nb_sectors, bool enc,
Error **errp)
{
union {
@@ -370,14 +368,12 @@ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num,
}
if (enc) {
ret = qcrypto_cipher_encrypt(s->cipher,
- in_buf,
- out_buf,
+ buf, buf,
512,
errp);
} else {
ret = qcrypto_cipher_decrypt(s->cipher,
- in_buf,
- out_buf,
+ buf, buf,
512,
errp);
}
@@ -385,8 +381,7 @@ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num,
return -1;
}
sector_num++;
- in_buf += 512;
- out_buf += 512;
+ buf += 512;
}
return 0;
}
@@ -434,7 +429,7 @@ static int coroutine_fn do_perform_cow(BlockDriverState *bs,
assert(s->cipher);
assert((offset_in_cluster & ~BDRV_SECTOR_MASK) == 0);
assert((bytes & ~BDRV_SECTOR_MASK) == 0);
- if (qcow2_encrypt_sectors(s, sector, iov.iov_base, iov.iov_base,
+ if (qcow2_encrypt_sectors(s, sector, iov.iov_base,
bytes >> BDRV_SECTOR_BITS, true, &err) < 0) {
ret = -EIO;
error_free(err);
diff --git a/block/qcow2.c b/block/qcow2.c
index 98ca6ed..8c28e9c 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1542,7 +1542,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverState *bs, uint64_t offset,
assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
Error *err = NULL;
if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS,
- cluster_data, cluster_data,
+ cluster_data,
cur_bytes >> BDRV_SECTOR_BITS,
false, &err) < 0) {
error_free(err);
@@ -1638,7 +1638,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverState *bs, uint64_t offset,
qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size);
if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS,
- cluster_data, cluster_data,
+ cluster_data,
cur_bytes >>BDRV_SECTOR_BITS,
true, &err) < 0) {
error_free(err);
diff --git a/block/qcow2.h b/block/qcow2.h
index f8aeb08..f3051f1 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -531,8 +531,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size,
int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index);
int qcow2_decompress_cluster(BlockDriverState *bs, uint64_t cluster_offset);
int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num,
- uint8_t *out_buf, const uint8_t *in_buf,
- int nb_sectors, bool enc, Error **errp);
+ uint8_t *buf, int nb_sectors, bool enc, Error **errp);
int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset,
unsigned int *bytes, uint64_t *cluster_offset);
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (9 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 15:25 ` Eric Blake
2017-05-11 14:29 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
` (8 subsequent siblings)
19 siblings, 2 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
This converts the qcow2 driver to make use of the QCryptoBlock
APIs for encrypting image content, using the legacyy QCow2 AES
scheme.
With this change it is now required to use the QCryptoSecret
object for providing passwords, instead of the current block
password APIs / interactive prompting.
$QEMU \
-object secret,id=sec0,filename=/home/berrange/encrypted.pw \
-drive file=/home/berrange/encrypted.qcow2,encrypt.key-secret=sec0
The test 087 could be simplified since there is no longer a
difference in behaviour when using blockdev_add with encrypted
images for the running vs stopped CPU state.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow2-cluster.c | 47 +---------
block/qcow2.c | 225 ++++++++++++++++++++++++++++++---------------
block/qcow2.h | 5 +-
qapi/block-core.json | 27 +++++-
tests/qemu-iotests/049 | 2 +-
tests/qemu-iotests/049.out | 4 +-
tests/qemu-iotests/082.out | 27 ++++++
tests/qemu-iotests/087 | 28 +++---
tests/qemu-iotests/087.out | 12 +--
tests/qemu-iotests/134 | 18 +++-
tests/qemu-iotests/134.out | 10 +-
tests/qemu-iotests/158 | 19 ++--
tests/qemu-iotests/158.out | 14 +--
tests/qemu-iotests/common | 10 +-
14 files changed, 262 insertions(+), 186 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 0a27399..59ad087 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -345,47 +345,6 @@ static int count_contiguous_clusters_by_type(int nb_clusters,
return i;
}
-/* The crypt function is compatible with the linux cryptoloop
- algorithm for < 4 GB images. */
-int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num,
- uint8_t *buf, int nb_sectors, bool enc,
- Error **errp)
-{
- union {
- uint64_t ll[2];
- uint8_t b[16];
- } ivec;
- int i;
- int ret;
-
- for(i = 0; i < nb_sectors; i++) {
- ivec.ll[0] = cpu_to_le64(sector_num);
- ivec.ll[1] = 0;
- if (qcrypto_cipher_setiv(s->cipher,
- ivec.b, G_N_ELEMENTS(ivec.b),
- errp) < 0) {
- return -1;
- }
- if (enc) {
- ret = qcrypto_cipher_encrypt(s->cipher,
- buf, buf,
- 512,
- errp);
- } else {
- ret = qcrypto_cipher_decrypt(s->cipher,
- buf, buf,
- 512,
- errp);
- }
- if (ret < 0) {
- return -1;
- }
- sector_num++;
- buf += 512;
- }
- return 0;
-}
-
static int coroutine_fn do_perform_cow(BlockDriverState *bs,
uint64_t src_cluster_offset,
uint64_t cluster_offset,
@@ -426,11 +385,11 @@ static int coroutine_fn do_perform_cow(BlockDriverState *bs,
Error *err = NULL;
int64_t sector = (src_cluster_offset + offset_in_cluster)
>> BDRV_SECTOR_BITS;
- assert(s->cipher);
assert((offset_in_cluster & ~BDRV_SECTOR_MASK) == 0);
assert((bytes & ~BDRV_SECTOR_MASK) == 0);
- if (qcow2_encrypt_sectors(s, sector, iov.iov_base,
- bytes >> BDRV_SECTOR_BITS, true, &err) < 0) {
+ assert(s->crypto);
+ if (qcrypto_block_encrypt(s->crypto, sector, iov.iov_base,
+ bytes, &err) < 0) {
ret = -EIO;
error_free(err);
goto out;
diff --git a/block/qcow2.c b/block/qcow2.c
index 8c28e9c..1b9eca3 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -37,6 +37,9 @@
#include "qemu/option_int.h"
#include "qemu/cutils.h"
#include "qemu/bswap.h"
+#include "qapi/opts-visitor.h"
+#include "qapi-visit.h"
+#include "block/crypto.h"
/*
Differences with QCOW:
@@ -461,6 +464,7 @@ static QemuOptsList qcow2_runtime_opts = {
.type = QEMU_OPT_NUMBER,
.help = "Clean unused cache entries after this time (in seconds)",
},
+ BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
{ /* end of list */ }
},
};
@@ -585,6 +589,7 @@ typedef struct Qcow2ReopenState {
int overlap_check;
bool discard_passthrough[QCOW2_DISCARD_MAX];
uint64_t cache_clean_interval;
+ QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime options */
} Qcow2ReopenState;
static int qcow2_update_options_prepare(BlockDriverState *bs,
@@ -598,9 +603,14 @@ static int qcow2_update_options_prepare(BlockDriverState *bs,
int overlap_check_template = 0;
uint64_t l2_cache_size, refcount_cache_size;
int i;
+ const char *encryptfmt;
+ QDict *encryptopts = NULL;
Error *local_err = NULL;
int ret;
+ qdict_extract_subqdict(options, &encryptopts, "encrypt.");
+ encryptfmt = qdict_get_try_str(encryptopts, "format");
+
opts = qemu_opts_create(&qcow2_runtime_opts, NULL, 0, &error_abort);
qemu_opts_absorb_qdict(opts, options, &local_err);
if (local_err) {
@@ -751,8 +761,41 @@ static int qcow2_update_options_prepare(BlockDriverState *bs,
r->discard_passthrough[QCOW2_DISCARD_OTHER] =
qemu_opt_get_bool(opts, QCOW2_OPT_DISCARD_OTHER, false);
+ switch (s->crypt_method_header) {
+ case QCOW_CRYPT_NONE:
+ if (encryptfmt) {
+ error_setg(errp, "No encryption in image header, but options "
+ "specified format '%s'", encryptfmt);
+ goto fail;
+ }
+ break;
+
+ case QCOW_CRYPT_AES:
+ if (encryptfmt && !g_str_equal(encryptfmt, "aes")) {
+ error_setg(errp,
+ "Header reported 'aes' encryption format but "
+ "options specify '%s'", encryptfmt);
+ ret = -EINVAL;
+ goto fail;
+ }
+ qdict_del(encryptopts, "format");
+ r->crypto_opts = block_crypto_open_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
+ break;
+
+ default:
+ error_setg(errp, "Unsupported encryption method %d",
+ s->crypt_method_header);
+ break;
+ }
+ if (s->crypt_method_header != QCOW_CRYPT_NONE && !r->crypto_opts) {
+ ret = -EINVAL;
+ goto fail;
+ }
+
ret = 0;
fail:
+ QDECREF(encryptopts);
qemu_opts_del(opts);
opts = NULL;
return ret;
@@ -785,6 +828,9 @@ static void qcow2_update_options_commit(BlockDriverState *bs,
s->cache_clean_interval = r->cache_clean_interval;
cache_clean_timer_init(bs, bdrv_get_aio_context(bs));
}
+
+ qapi_free_QCryptoBlockOpenOptions(s->crypto_opts);
+ s->crypto_opts = r->crypto_opts;
}
static void qcow2_update_options_abort(BlockDriverState *bs,
@@ -796,6 +842,7 @@ static void qcow2_update_options_abort(BlockDriverState *bs,
if (r->refcount_block_cache) {
qcow2_cache_destroy(bs, r->refcount_block_cache);
}
+ qapi_free_QCryptoBlockOpenOptions(r->crypto_opts);
}
static int qcow2_update_options(BlockDriverState *bs, QDict *options,
@@ -967,12 +1014,6 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
ret = -EINVAL;
goto fail;
}
- if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
- QCRYPTO_CIPHER_MODE_CBC)) {
- error_setg(errp, "AES cipher not available");
- ret = -EINVAL;
- goto fail;
- }
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
if (bdrv_uses_whitelist() &&
@@ -990,6 +1031,7 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
}
bs->encrypted = true;
+ bs->valid_key = true;
}
s->l2_bits = s->cluster_bits - 3; /* L2 is always one cluster */
@@ -1122,6 +1164,19 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
goto fail;
}
+ if (s->crypt_method_header == QCOW_CRYPT_AES) {
+ unsigned int cflags = 0;
+ if (flags & BDRV_O_NO_IO) {
+ cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
+ }
+ s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
+ cflags, errp);
+ if (!s->crypto) {
+ ret = -EINVAL;
+ goto fail;
+ }
+ }
+
/* read the backing file name */
if (header.backing_file_offset != 0) {
len = header.backing_file_size;
@@ -1202,6 +1257,8 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
}
g_free(s->cluster_cache);
qemu_vfree(s->cluster_data);
+ qcrypto_block_free(s->crypto);
+ qapi_free_QCryptoBlockOpenOptions(s->crypto_opts);
return ret;
}
@@ -1229,41 +1286,6 @@ static void qcow2_refresh_limits(BlockDriverState *bs, Error **errp)
bs->bl.pdiscard_alignment = s->cluster_size;
}
-static int qcow2_set_key(BlockDriverState *bs, const char *key)
-{
- BDRVQcow2State *s = bs->opaque;
- uint8_t keybuf[16];
- int len, i;
- Error *err = NULL;
-
- memset(keybuf, 0, 16);
- len = strlen(key);
- if (len > 16)
- len = 16;
- /* XXX: we could compress the chars to 7 bits to increase
- entropy */
- for(i = 0;i < len;i++) {
- keybuf[i] = key[i];
- }
- assert(bs->encrypted);
-
- qcrypto_cipher_free(s->cipher);
- s->cipher = qcrypto_cipher_new(
- QCRYPTO_CIPHER_ALG_AES_128,
- QCRYPTO_CIPHER_MODE_CBC,
- keybuf, G_N_ELEMENTS(keybuf),
- &err);
-
- if (!s->cipher) {
- /* XXX would be nice if errors in this method could
- * be properly propagate to the caller. Would need
- * the bdrv_set_key() API signature to be fixed. */
- error_free(err);
- return -1;
- }
- return 0;
-}
-
static int qcow2_reopen_prepare(BDRVReopenState *state,
BlockReopenQueue *queue, Error **errp)
{
@@ -1379,7 +1401,7 @@ static int64_t coroutine_fn qcow2_co_get_block_status(BlockDriverState *bs,
*pnum = bytes >> BDRV_SECTOR_BITS;
if (cluster_offset != 0 && ret != QCOW2_CLUSTER_COMPRESSED &&
- !s->cipher) {
+ !s->crypto) {
index_in_cluster = sector_num & (s->cluster_sectors - 1);
cluster_offset |= (index_in_cluster << BDRV_SECTOR_BITS);
*file = bs->file->bs;
@@ -1436,7 +1458,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverState *bs, uint64_t offset,
/* prepare next request */
cur_bytes = MIN(bytes, INT_MAX);
- if (s->cipher) {
+ if (s->crypto) {
cur_bytes = MIN(cur_bytes,
QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size);
}
@@ -1505,7 +1527,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverState *bs, uint64_t offset,
}
if (bs->encrypted) {
- assert(s->cipher);
+ assert(s->crypto);
/*
* For encrypted images, read everything into a temporary
@@ -1537,14 +1559,15 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverState *bs, uint64_t offset,
goto fail;
}
if (bs->encrypted) {
- assert(s->cipher);
+ assert(s->crypto);
assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
Error *err = NULL;
- if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS,
+ if (qcrypto_block_decrypt(s->crypto,
+ offset >> BDRV_SECTOR_BITS,
cluster_data,
- cur_bytes >> BDRV_SECTOR_BITS,
- false, &err) < 0) {
+ cur_bytes,
+ &err) < 0) {
error_free(err);
ret = -EIO;
goto fail;
@@ -1622,7 +1645,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverState *bs, uint64_t offset,
if (bs->encrypted) {
Error *err = NULL;
- assert(s->cipher);
+ assert(s->crypto);
if (!cluster_data) {
cluster_data = qemu_try_blockalign(bs->file->bs,
QCOW_MAX_CRYPT_CLUSTERS
@@ -1637,10 +1660,9 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverState *bs, uint64_t offset,
QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size);
qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size);
- if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS,
+ if (qcrypto_block_encrypt(s->crypto, offset >> BDRV_SECTOR_BITS,
cluster_data,
- cur_bytes >>BDRV_SECTOR_BITS,
- true, &err) < 0) {
+ cur_bytes, &err) < 0) {
error_free(err);
ret = -EIO;
goto fail;
@@ -1759,8 +1781,8 @@ static void qcow2_close(BlockDriverState *bs)
qcow2_cache_destroy(bs, s->l2_table_cache);
qcow2_cache_destroy(bs, s->refcount_block_cache);
- qcrypto_cipher_free(s->cipher);
- s->cipher = NULL;
+ qcrypto_block_free(s->crypto);
+ s->crypto = NULL;
g_free(s->unknown_header_fields);
cleanup_unknown_header_ext(bs);
@@ -1778,7 +1800,7 @@ static void qcow2_invalidate_cache(BlockDriverState *bs, Error **errp)
{
BDRVQcow2State *s = bs->opaque;
int flags = s->flags;
- QCryptoCipher *cipher = NULL;
+ QCryptoBlock *crypto = NULL;
QDict *options;
Error *local_err = NULL;
int ret;
@@ -1788,8 +1810,8 @@ static void qcow2_invalidate_cache(BlockDriverState *bs, Error **errp)
* that means we don't have to worry about reopening them here.
*/
- cipher = s->cipher;
- s->cipher = NULL;
+ crypto = s->crypto;
+ s->crypto = NULL;
qcow2_close(bs);
@@ -1810,7 +1832,7 @@ static void qcow2_invalidate_cache(BlockDriverState *bs, Error **errp)
return;
}
- s->cipher = cipher;
+ s->crypto = crypto;
}
static size_t header_ext_add(char *buf, uint32_t magic, const void *s,
@@ -2034,6 +2056,56 @@ static int qcow2_change_backing_file(BlockDriverState *bs,
return qcow2_update_header(bs);
}
+
+static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encryptfmt,
+ QemuOpts *opts, Error **errp)
+{
+ BDRVQcow2State *s = bs->opaque;
+ QCryptoBlockCreateOptions *cryptoopts = NULL;
+ QCryptoBlock *crypto = NULL;
+ int ret = -EINVAL;
+ QDict *options, *encryptopts;
+
+ options = qemu_opts_to_qdict(opts, NULL);
+ qdict_extract_subqdict(options, &encryptopts, "encrypt.");
+ QDECREF(options);
+
+ if (!g_str_equal(encryptfmt, "aes")) {
+ error_setg(errp, "Unknown encryption format '%s', expected 'aes'",
+ encryptfmt);
+ ret = -EINVAL;
+ goto out;
+ }
+ cryptoopts = block_crypto_create_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
+ if (!cryptoopts) {
+ ret = -EINVAL;
+ goto out;
+ }
+ s->crypt_method_header = QCOW_CRYPT_AES;
+
+ crypto = qcrypto_block_create(cryptoopts,
+ NULL, NULL,
+ bs, errp);
+ if (!crypto) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ret = qcow2_update_header(bs);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not write encryption header");
+ goto out;
+ }
+
+ out:
+ QDECREF(encryptopts);
+ qcrypto_block_free(crypto);
+ qapi_free_QCryptoBlockCreateOptions(cryptoopts);
+ return ret;
+}
+
+
static int preallocate(BlockDriverState *bs)
{
uint64_t bytes;
@@ -2227,17 +2299,8 @@ static int qcow2_create2(const char *filename, int64_t total_size,
.header_length = cpu_to_be32(sizeof(*header)),
};
- if (encryptfmt) {
- if (!g_str_equal(encryptfmt, "aes")) {
- error_setg(errp, "Unknown encryption format '%s', expected 'aes'",
- encryptfmt);
- ret = -EINVAL;
- goto out;
- }
- header->crypt_method = cpu_to_be32(QCOW_CRYPT_AES);
- } else {
- header->crypt_method = cpu_to_be32(QCOW_CRYPT_NONE);
- }
+ /* We'll update this to correct value later */
+ header->crypt_method = cpu_to_be32(QCOW_CRYPT_NONE);
if (flags & BLOCK_FLAG_LAZY_REFCOUNTS) {
header->compatible_features |=
@@ -2316,6 +2379,14 @@ static int qcow2_create2(const char *filename, int64_t total_size,
}
}
+ /* Want encryption? There you go. */
+ if (encryptfmt) {
+ ret = qcow2_set_up_encryption(blk_bs(blk), encryptfmt, opts, errp);
+ if (ret < 0) {
+ goto out;
+ }
+ }
+
/* And if we're supposed to preallocate metadata, do that now */
if (prealloc != PREALLOC_MODE_OFF) {
BDRVQcow2State *s = blk_bs(blk)->opaque;
@@ -2331,11 +2402,17 @@ static int qcow2_create2(const char *filename, int64_t total_size,
blk_unref(blk);
blk = NULL;
- /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning */
+ /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning.
+ * Using BDRV_O_NO_IO, since encryption is now setup we don't want to
+ * have to setup decryption context. We're not doing any I/O on the top
+ * level BlockDriverState, only lower layers, where BDRV_O_NO_IO does
+ * not have effect.
+ */
options = qdict_new();
qdict_put(options, "driver", qstring_from_str("qcow2"));
blk = blk_new_open(filename, NULL, options,
- BDRV_O_RDWR | BDRV_O_NO_BACKING, &local_err);
+ BDRV_O_RDWR | BDRV_O_NO_BACKING | BDRV_O_NO_IO,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
@@ -3165,9 +3242,9 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
backing_format = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);
} else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT)) {
encrypt = qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT,
- !!s->cipher);
+ !!s->crypto);
- if (encrypt != !!s->cipher) {
+ if (encrypt != !!s->crypto) {
error_report("Changing the encryption flag is not supported");
return -ENOTSUP;
}
@@ -3394,6 +3471,7 @@ static QemuOptsList qcow2_create_opts = {
.type = QEMU_OPT_STRING,
.help = "Encrypt the image, format choices: 'aes'",
},
+ BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
{
.name = BLOCK_OPT_CLUSTER_SIZE,
.type = QEMU_OPT_SIZE,
@@ -3436,7 +3514,6 @@ BlockDriver bdrv_qcow2 = {
.bdrv_create = qcow2_create,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
.bdrv_co_get_block_status = qcow2_co_get_block_status,
- .bdrv_set_key = qcow2_set_key,
.bdrv_co_preadv = qcow2_co_preadv,
.bdrv_co_pwritev = qcow2_co_pwritev,
diff --git a/block/qcow2.h b/block/qcow2.h
index f3051f1..9746aaf 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -25,7 +25,7 @@
#ifndef BLOCK_QCOW2_H
#define BLOCK_QCOW2_H
-#include "crypto/cipher.h"
+#include "crypto/block.h"
#include "qemu/coroutine.h"
//#define DEBUG_ALLOC
@@ -257,7 +257,8 @@ typedef struct BDRVQcow2State {
CoMutex lock;
- QCryptoCipher *cipher; /* current cipher, NULL if no key yet */
+ QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime options */
+ QCryptoBlock *crypto; /* Disk encryption format driver */
uint32_t crypt_method_header;
uint64_t snapshots_offset;
int snapshots_size;
diff --git a/qapi/block-core.json b/qapi/block-core.json
index e7bed8c..2a3ab47 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2311,6 +2311,26 @@
'data': { '*encrypt': 'BlockdevQcowEncryption' } }
+
+##
+# @BlockdevQcow2EncryptionFormat:
+# @qcow: AES-CBC with plain64 initialization venctors
+#
+# Since: 2.10
+##
+{ 'enum': 'BlockdevQcow2EncryptionFormat',
+ 'data': [ 'qcow' ] }
+
+##
+# @BlockdevQcow2Encryption:
+#
+# Since: 2.10
+##
+{ 'union': 'BlockdevQcow2Encryption',
+ 'base': { 'format': 'BlockdevQcow2EncryptionFormat' },
+ 'discriminator': 'format',
+ 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }
+
##
# @BlockdevOptionsQcow2:
#
@@ -2345,6 +2365,9 @@
# @cache-clean-interval: clean unused entries in the L2 and refcount
# caches. The interval is in seconds. The default value
# is 0 and it disables this feature (since 2.5)
+# @encrypt: Image decryption options. Mandatory for
+# encrypted images, except when doing a metadata-only
+# probe of the image. (since 2.10)
#
# Since: 2.9
##
@@ -2358,8 +2381,8 @@
'*cache-size': 'int',
'*l2-cache-size': 'int',
'*refcount-cache-size': 'int',
- '*cache-clean-interval': 'int' } }
-
+ '*cache-clean-interval': 'int',
+ '*encrypt': 'BlockdevQcow2Encryption' } }
##
# @BlockdevOptionsSsh:
diff --git a/tests/qemu-iotests/049 b/tests/qemu-iotests/049
index fff0760..df35b6d 100755
--- a/tests/qemu-iotests/049
+++ b/tests/qemu-iotests/049
@@ -106,7 +106,7 @@ test_qemu_img create -f $IMGFMT -o preallocation=1234 "$TEST_IMG" 64M
echo "== Check encryption option =="
echo
test_qemu_img create -f $IMGFMT -o encryption=off "$TEST_IMG" 64M
-test_qemu_img create -f $IMGFMT -o encryption=on "$TEST_IMG" 64M
+test_qemu_img create -f $IMGFMT --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 "$TEST_IMG" 64M
echo "== Check lazy_refcounts option (only with v3) =="
echo
diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
index 34e66db..2e5204a 100644
--- a/tests/qemu-iotests/049.out
+++ b/tests/qemu-iotests/049.out
@@ -190,8 +190,8 @@ Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_si
qemu-img create -f qcow2 -o encryption=off TEST_DIR/t.qcow2 64M
Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
-qemu-img create -f qcow2 -o encryption=on TEST_DIR/t.qcow2 64M
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on cluster_size=65536 lazy_refcounts=off refcount_bits=16
+qemu-img create -f qcow2 --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 TEST_DIR/t.qcow2 64M
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on encrypt.key-secret=sec0 cluster_size=65536 lazy_refcounts=off refcount_bits=16
== Check lazy_refcounts option (only with v3) ==
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
index e7ca3b1..7026dc4 100644
--- a/tests/qemu-iotests/082.out
+++ b/tests/qemu-iotests/082.out
@@ -50,6 +50,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -64,6 +65,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -78,6 +80,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -92,6 +95,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -106,6 +110,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -120,6 +125,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -134,6 +140,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -148,6 +155,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -177,6 +185,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -240,6 +249,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -254,6 +264,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -268,6 +279,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -282,6 +294,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -296,6 +309,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -310,6 +324,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -324,6 +339,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -338,6 +354,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -367,6 +384,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -427,6 +445,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -441,6 +460,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -455,6 +475,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -469,6 +490,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -483,6 +505,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -497,6 +520,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -511,6 +535,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -525,6 +550,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -556,6 +582,7 @@ backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
encrypt.format Encrypt the image, format choices: 'aes'
+encrypt.key-secret ID of the secret that provides the AES encryption key
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087
index 9de57dd..730270e 100755
--- a/tests/qemu-iotests/087
+++ b/tests/qemu-iotests/087
@@ -124,24 +124,18 @@ echo
echo === Encrypted image ===
echo
-_make_test_img -o encryption=on $size
-run_qemu -S <<EOF
+_make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size
+run_qemu <<EOF
{ "execute": "qmp_capabilities" }
-{ "execute": "blockdev-add",
+{ "execute": "object-add",
"arguments": {
- "driver": "$IMGFMT",
- "node-name": "disk",
- "file": {
- "driver": "file",
- "filename": "$TEST_IMG"
+ "qom-type": "secret",
+ "id": "sec0",
+ "props": {
+ "data": "123456"
}
- }
}
-{ "execute": "quit" }
-EOF
-
-run_qemu <<EOF
-{ "execute": "qmp_capabilities" }
+}
{ "execute": "blockdev-add",
"arguments": {
"driver": "$IMGFMT",
@@ -149,6 +143,10 @@ run_qemu <<EOF
"file": {
"driver": "file",
"filename": "$TEST_IMG"
+ },
+ "encrypt": {
+ "format": "qcow",
+ "key-secret": "sec0"
}
}
}
@@ -159,7 +157,7 @@ echo
echo === Missing driver ===
echo
-_make_test_img -o encryption=on $size
+_make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size
run_qemu -S <<EOF
{ "execute": "qmp_capabilities" }
{ "execute": "blockdev-add",
diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out
index dc6baf9..2f1d7d1 100644
--- a/tests/qemu-iotests/087.out
+++ b/tests/qemu-iotests/087.out
@@ -34,17 +34,11 @@ QMP_VERSION
=== Encrypted image ===
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
-Testing: -S
-QMP_VERSION
-{"return": {}}
-{"error": {"class": "GenericError", "desc": "Use of AES-CBC encrypted IMGFMT images is no longer supported in system emulators"}}
-{"return": {}}
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
-
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
Testing:
QMP_VERSION
{"return": {}}
+{"return": {}}
{"error": {"class": "GenericError", "desc": "Use of AES-CBC encrypted IMGFMT images is no longer supported in system emulators"}}
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
@@ -52,7 +46,7 @@ QMP_VERSION
=== Missing driver ===
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
Testing: -S
QMP_VERSION
{"return": {}}
diff --git a/tests/qemu-iotests/134 b/tests/qemu-iotests/134
index acce946..f851d92 100755
--- a/tests/qemu-iotests/134
+++ b/tests/qemu-iotests/134
@@ -44,23 +44,31 @@ _supported_os Linux
size=128M
-IMGOPTS="encryption=on" _make_test_img $size
+
+SECRET="secret,id=sec0,data=astrochicken"
+SECRETALT="secret,id=sec0,data=platypus"
+
+_make_test_img --object $SECRET -o "encryption=on,encrypt.key-secret=sec0" $size
+
+IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,encrypt.key-secret=sec0"
+
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
echo
echo "== reading whole image =="
-echo "astrochicken" | $QEMU_IO -c "read 0 $size" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "read 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
echo
echo "== rewriting whole image =="
-echo "astrochicken" | $QEMU_IO -c "write -P 0xa 0 $size" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
echo
echo "== verify pattern =="
-echo "astrochicken" | $QEMU_IO -c "read -P 0xa 0 $size" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
echo
echo "== verify pattern failure with wrong password =="
-echo "platypus" | $QEMU_IO -c "read -P 0xa 0 $size" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRETALT -c "read -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
# success, all done
diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out
index 6493704..972be49 100644
--- a/tests/qemu-iotests/134.out
+++ b/tests/qemu-iotests/134.out
@@ -1,27 +1,19 @@
QA output created by 134
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
== reading whole image ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
read 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== rewriting whole image ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
wrote 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
read 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern failure with wrong password ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
Pattern verification failed at offset 0, 134217728 bytes
read 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
diff --git a/tests/qemu-iotests/158 b/tests/qemu-iotests/158
index ef8d70f..e280b79 100755
--- a/tests/qemu-iotests/158
+++ b/tests/qemu-iotests/158
@@ -45,34 +45,39 @@ _supported_os Linux
size=128M
TEST_IMG_BASE=$TEST_IMG.base
+SECRET="secret,id=sec0,data=astrochicken"
TEST_IMG_SAVE=$TEST_IMG
TEST_IMG=$TEST_IMG_BASE
echo "== create base =="
-IMGOPTS="encryption=on" _make_test_img $size
+_make_test_img --object $SECRET -o "encryption=on,encrypt.key-secret=sec0" $size
TEST_IMG=$TEST_IMG_SAVE
+IMGSPECBASE="driver=$IMGFMT,file.filename=$TEST_IMG_BASE,encrypt.key-secret=sec0"
+IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,backing.driver=$IMGFMT,backing.file.filename=$TEST_IMG_BASE,backing.encrypt.key-secret=sec0,encrypt.key-secret=sec0"
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
+
echo
echo "== writing whole image =="
-echo "astrochicken" | $QEMU_IO -c "write -P 0xa 0 $size" "$TEST_IMG_BASE" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _filter_testdir
echo
echo "== verify pattern =="
-echo "astrochicken" | $QEMU_IO -c "read -P 0xa 0 $size" "$TEST_IMG_BASE" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _filter_testdir
echo "== create overlay =="
-IMGOPTS="encryption=on" _make_test_img -b "$TEST_IMG_BASE" $size
+_make_test_img --object $SECRET -o "encryption=on,encrypt.key-secret=sec0" -b "$TEST_IMG_BASE" $size
echo
echo "== writing part of a cluster =="
-echo "astrochicken" | $QEMU_IO -c "write -P 0xe 0 1024" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "write -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
echo
echo "== verify pattern =="
-echo "astrochicken" | $QEMU_IO -c "read -P 0xe 0 1024" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "read -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
echo
echo "== verify pattern =="
-echo "astrochicken" | $QEMU_IO -c "read -P 0xa 1024 64512" "$TEST_IMG" | _filter_qemu_io | _filter_testdir
+$QEMU_IO --object $SECRET -c "read -P 0xa 1024 64512" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
# success, all done
diff --git a/tests/qemu-iotests/158.out b/tests/qemu-iotests/158.out
index b3f37e2..6def216 100644
--- a/tests/qemu-iotests/158.out
+++ b/tests/qemu-iotests/158.out
@@ -1,36 +1,26 @@
QA output created by 158
== create base ==
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
== writing whole image ==
-Disk image 'TEST_DIR/t.qcow2.base' is encrypted.
-password:
wrote 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern ==
-Disk image 'TEST_DIR/t.qcow2.base' is encrypted.
-password:
read 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== create overlay ==
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base encryption=on
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base encryption=on encrypt.key-secret=sec0
== writing part of a cluster ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
wrote 1024/1024 bytes at offset 0
1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
read 1024/1024 bytes at offset 0
1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern ==
-Disk image 'TEST_DIR/t.qcow2' is encrypted.
-password:
read 64512/64512 bytes at offset 1024
63 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
*** done
diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index 9c6f972..a5602ca 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -50,6 +50,7 @@ export IMGPROTO=file
export IMGOPTS=""
export CACHEMODE="writeback"
export QEMU_IO_OPTIONS=""
+export QEMU_IO_OPTIONS_NO_FMT=""
export CACHEMODE_IS_DEFAULT=true
export QEMU_OPTIONS="-nodefaults -machine accel=qtest"
export VALGRIND_QEMU=
@@ -408,10 +409,11 @@ BEGIN { for (t='$start'; t<='$end'; t++) printf "%03d\n",t }' \
done
# Set qemu-io cache mode with $CACHEMODE we have
-if [ "$IMGOPTSSYNTAX" = "true" ]; then
- QEMU_IO_OPTIONS="$QEMU_IO_OPTIONS --cache $CACHEMODE"
-else
- QEMU_IO_OPTIONS="$QEMU_IO_OPTIONS -f $IMGFMT --cache $CACHEMODE"
+QEMU_IO_OPTIONS="$QEMU_IO_OPTIONS --cache $CACHEMODE"
+
+QEMU_IO_OPTIONS_NO_FMT="$QEMU_IO_OPTIONS"
+if [ "$IMGOPTSSYNTAX" != "true" ]; then
+ QEMU_IO_OPTIONS="$QEMU_IO_OPTIONS -f $IMGFMT"
fi
# Set default options for qemu-img create -o if they were not specified
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (10 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
` (7 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Update the qcow2 specification to describe how the LUKS header is
placed inside a qcow2 file, when using LUKS encryption for the
qcow2 payload instead of the legacy AES-CBC encryption
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
docs/specs/qcow2.txt | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 96 insertions(+)
diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt
index 80cdfd0..6509b91 100644
--- a/docs/specs/qcow2.txt
+++ b/docs/specs/qcow2.txt
@@ -45,6 +45,7 @@ The first cluster of a qcow2 image contains the file header:
32 - 35: crypt_method
0 for no encryption
1 for AES encryption
+ 2 for LUKS encryption
36 - 39: l1_size
Number of entries in the active L1 table
@@ -135,6 +136,7 @@ be stored. Each extension has a structure like the following:
0xE2792ACA - Backing file format name
0x6803f857 - Feature name table
0x23852875 - Bitmaps extension
+ 0x0537be77 - Full disk encryption header pointer
other - Unknown header extension, can be safely
ignored
@@ -207,6 +209,100 @@ The fields of the bitmaps extension are:
Offset into the image file at which the bitmap directory
starts. Must be aligned to a cluster boundary.
+== Full disk encryption header pointer ==
+
+The full disk encryption header must be present if, and only if, the
+'crypt_method' header requires metadata. Currently this is only true
+of the 'LUKS' crypt method. The header extension must be absent for
+other methods.
+
+This header provides the offset at which the crypt method can store
+its additional data, as well as the length of such data.
+
+ Byte 0 - 7: Offset into the image file at which the encryption
+ header starts in bytes. Must be aligned to a cluster
+ boundary.
+ Byte 8 - 15: Length of the written encryption header in bytes.
+ Note actual space allocated in the qcow2 file may
+ be larger than this value, since it will be rounded
+ to the nearest multiple of the cluster size. Any
+ unused bytes in the allocated space will be initialized
+ to 0.
+
+For the LUKS crypt method, the encryption header works as follows.
+
+The first 592 bytes of the header clusters will contain the LUKS
+partition header. This is then followed by the key material data areas.
+The size of the key material data areas is determined by the number of
+stripes in the key slot and key size. Refer to the LUKS format
+specification ('docs/on-disk-format.pdf' in the cryptsetup source
+package) for details of the LUKS partition header format.
+
+In the LUKS partition header, the "payload-offset" field will be
+calculated as normal for the LUKS spec. ie the size of the LUKS
+header, plus key material regions, plus padding, relative to the
+start of the LUKS header. Its value is never used in the context
+of qcow2, however, since the qcow2 file format itself defines where
+the real payload offset is.
+
+In the LUKS key slots header, the "key-material-offset" is relative
+to the start of the LUKS header clusters in the qcow2 container,
+not the start of the qcow2 file.
+
+Logically the layout looks like
+
+ +-----------------------------+
+ | QCow2 header |
+ | QCow2 header extension X |
+ | QCow2 header extension FDE |
+ | QCow2 header extension ... |
+ | QCow2 header extension Z |
+ +-----------------------------+
+ | ....other QCow2 tables.... |
+ . .
+ . .
+ +-----------------------------+
+ | +-------------------------+ |
+ | | LUKS partition header | |
+ | +-------------------------+ |
+ | | LUKS key material 1 | |
+ | +-------------------------+ |
+ | | LUKS key material 2 | |
+ | +-------------------------+ |
+ | | LUKS key material ... | |
+ | +-------------------------+ |
+ | | LUKS key material 8 | |
+ | +-------------------------+ |
+ +-----------------------------+
+ | QCow2 cluster payload |
+ . .
+ . .
+ . .
+ | |
+ +-----------------------------+
+
+== Data encryption ==
+
+When an encryption method is requested in the header, the image payload
+data must be encrypted/decrypted on every write/read. The image headers
+and metadata is never encrypted.
+
+The algorithms used for encryption vary depending on the method
+
+ - AES:
+
+ The AES cipher, in CBC mode, with 256 bit keys.
+
+ Initialization vectors generated using plain64 method, with
+ the virtual disk sector as the input tweak.
+
+ - LUKS:
+
+ The algorithms are specified in the LUKS header.
+
+ Initialization vectors generated using the method specified
+ in the LUKS header, with the physical disk sector as the
+ input tweak.
== Host cluster management ==
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (11 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 17:46 ` Eric Blake
2017-05-11 14:44 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
` (6 subsequent siblings)
19 siblings, 2 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
This adds support for using LUKS as an encryption format
with the qcow2 file, using the new encrypt.format parameter
to request "luks" format. e.g.
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encrypt.-format=luks,encrypt.key-secret=sec0 \
test.qcow2 10G
The legacy "encryption=on" parameter still results in
creation of the old qcow2 AES format (and is equivalent
to the new 'encryption-format=aes'). e.g. the following are
equivalent:
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encryption=on,encrypt.key-secret=sec0 \
test.qcow2 10G
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encryption-format=aes,encrypt.key-secret=sec0 \
test.qcow2 10G
With the LUKS format it is necessary to store the LUKS
partition header and key material in the QCow2 file. This
data can be many MB in size, so cannot go into the QCow2
header region directly. Thus the spec defines a FDE
(Full Disk Encryption) header extension that specifies
the offset of a set of clusters to hold the FDE headers,
as well as the length of that region. The LUKS header is
thus stored in these extra allocated clusters before the
main image payload.
Aside from all the cryptographic differences implied by
use of the LUKS format, there is one further key difference
between the use of legacy AES and LUKS encryption in qcow2.
For LUKS, the initialiazation vectors are generated using
the host physical sector as the input, rather than the
guest virtual sector. This guarantees unique initialization
vectors for all sectors when qcow2 internal snapshots are
used, thus giving stronger protection against watermarking
attacks.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/qcow2-cluster.c | 4 +-
block/qcow2-refcount.c | 10 ++
block/qcow2.c | 267 ++++++++++++++++++++++++++++++++++++++------
block/qcow2.h | 9 ++
qapi/block-core.json | 5 +-
tests/qemu-iotests/082.out | 270 ++++++++++++++++++++++++++++++++++++---------
6 files changed, 477 insertions(+), 88 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 59ad087..75f8b3e 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -383,7 +383,9 @@ static int coroutine_fn do_perform_cow(BlockDriverState *bs,
if (bs->encrypted) {
Error *err = NULL;
- int64_t sector = (src_cluster_offset + offset_in_cluster)
+ int64_t sector = (s->crypt_physical_offset ?
+ (cluster_offset + offset_in_cluster) :
+ (src_cluster_offset + offset_in_cluster))
>> BDRV_SECTOR_BITS;
assert((offset_in_cluster & ~BDRV_SECTOR_MASK) == 0);
assert((bytes & ~BDRV_SECTOR_MASK) == 0);
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 9e96f64..1e8d33a 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -1859,6 +1859,16 @@ static int calculate_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
return ret;
}
+ /* encryption */
+ if (s->crypto_header.length) {
+ ret = inc_refcounts(bs, res, refcount_table, nb_clusters,
+ s->crypto_header.offset,
+ s->crypto_header.length);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
return check_refblocks(bs, res, fix, rebuild, refcount_table, nb_clusters);
}
diff --git a/block/qcow2.c b/block/qcow2.c
index 1b9eca3..44a573b 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -66,6 +66,7 @@ typedef struct {
#define QCOW2_EXT_MAGIC_END 0
#define QCOW2_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA
#define QCOW2_EXT_MAGIC_FEATURE_TABLE 0x6803f857
+#define QCOW2_EXT_MAGIC_CRYPTO_HEADER 0x0537be77
static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filename)
{
@@ -80,6 +81,86 @@ static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filename)
}
+static ssize_t qcow2_crypto_hdr_read_func(QCryptoBlock *block, size_t offset,
+ uint8_t *buf, size_t buflen,
+ void *opaque, Error **errp)
+{
+ BlockDriverState *bs = opaque;
+ BDRVQcow2State *s = bs->opaque;
+ ssize_t ret;
+
+ if ((offset + buflen) > s->crypto_header.length) {
+ error_setg(errp, "Request for data outside of extension header");
+ return -1;
+ }
+
+ ret = bdrv_pread(bs->file,
+ s->crypto_header.offset + offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not read encryption header");
+ return -1;
+ }
+ return ret;
+}
+
+
+static ssize_t qcow2_crypto_hdr_init_func(QCryptoBlock *block, size_t headerlen,
+ void *opaque, Error **errp)
+{
+ BlockDriverState *bs = opaque;
+ BDRVQcow2State *s = bs->opaque;
+ int64_t ret;
+ int64_t clusterlen;
+
+ ret = qcow2_alloc_clusters(bs, headerlen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret,
+ "Cannot allocate cluster for LUKS header size %zu",
+ headerlen);
+ return -1;
+ }
+
+ s->crypto_header.length = headerlen;
+ s->crypto_header.offset = ret;
+
+ /* Zero fill remaining space in cluster so it has predictable
+ * content in case of future spec changes */
+ clusterlen = size_to_clusters(s, headerlen) * s->cluster_size;
+ ret = bdrv_pwrite_zeroes(bs->file,
+ ret + headerlen,
+ clusterlen - headerlen, 0);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not zero fill encryption header");
+ return -1;
+ }
+
+ return ret;
+}
+
+
+static ssize_t qcow2_crypto_hdr_write_func(QCryptoBlock *block, size_t offset,
+ const uint8_t *buf, size_t buflen,
+ void *opaque, Error **errp)
+{
+ BlockDriverState *bs = opaque;
+ BDRVQcow2State *s = bs->opaque;
+ ssize_t ret;
+
+ if ((offset + buflen) > s->crypto_header.length) {
+ error_setg(errp, "Request for data outside of extension header");
+ return -1;
+ }
+
+ ret = bdrv_pwrite(bs->file,
+ s->crypto_header.offset + offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not read encryption header");
+ return -1;
+ }
+ return ret;
+}
+
+
/*
* read qcow2 extension and fill bs
* start reading from start_offset
@@ -89,7 +170,7 @@ static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filename)
*/
static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
uint64_t end_offset, void **p_feature_table,
- Error **errp)
+ int flags, Error **errp)
{
BDRVQcow2State *s = bs->opaque;
QCowExtension ext;
@@ -165,6 +246,47 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
}
break;
+ case QCOW2_EXT_MAGIC_CRYPTO_HEADER: {
+ unsigned int cflags = 0;
+ if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
+ error_setg(errp, "CRYPTO header extension only "
+ "expected with LUKS encryption method");
+ return -EINVAL;
+ }
+ if (ext.len != sizeof(Qcow2CryptoHeaderExtension)) {
+ error_setg(errp, "CRYPTO header extension size %u, "
+ "but expected size %zu", ext.len,
+ sizeof(Qcow2CryptoHeaderExtension));
+ return -EINVAL;
+ }
+
+ ret = bdrv_pread(bs->file, offset, &s->crypto_header, ext.len);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret,
+ "Unable to read CRYPTO header extension");
+ return ret;
+ }
+ be64_to_cpus(&s->crypto_header.offset);
+ be64_to_cpus(&s->crypto_header.length);
+
+ if ((s->crypto_header.offset % s->cluster_size) != 0) {
+ error_setg(errp, "Encryption header offset '%" PRIu64 "' is "
+ "not a multiple of cluster size '%u'",
+ s->crypto_header.offset, s->cluster_size);
+ return -EINVAL;
+ }
+
+ if (flags & BDRV_O_NO_IO) {
+ cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
+ }
+ s->crypto = qcrypto_block_open(s->crypto_opts,
+ qcow2_crypto_hdr_read_func,
+ bs, cflags, errp);
+ if (!s->crypto) {
+ return -EINVAL;
+ }
+ } break;
+
default:
/* unknown magic - save it in case we need to rewrite the header */
{
@@ -464,7 +586,8 @@ static QemuOptsList qcow2_runtime_opts = {
.type = QEMU_OPT_NUMBER,
.help = "Clean unused cache entries after this time (in seconds)",
},
- BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.",
+ "ID of secret providing qcow AES key or LUKS passphrase"),
{ /* end of list */ }
},
};
@@ -783,6 +906,19 @@ static int qcow2_update_options_prepare(BlockDriverState *bs,
Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
break;
+ case QCOW_CRYPT_LUKS:
+ if (encryptfmt && !g_str_equal(encryptfmt, "luks")) {
+ error_setg(errp,
+ "Header reported 'luks' encryption format but "
+ "options specify '%s'", encryptfmt);
+ ret = -EINVAL;
+ goto fail;
+ }
+ qdict_del(encryptopts, "format");
+ r->crypto_opts = block_crypto_open_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp);
+ break;
+
default:
error_setg(errp, "Unsupported encryption method %d",
s->crypt_method_header);
@@ -976,7 +1112,7 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
if (s->incompatible_features & ~QCOW2_INCOMPAT_MASK) {
void *feature_table = NULL;
qcow2_read_extensions(bs, header.header_length, ext_end,
- &feature_table, NULL);
+ &feature_table, flags, NULL);
report_unsupported_feature(errp, feature_table,
s->incompatible_features &
~QCOW2_INCOMPAT_MASK);
@@ -1008,12 +1144,6 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
s->refcount_max = UINT64_C(1) << (s->refcount_bits - 1);
s->refcount_max += s->refcount_max - 1;
- if (header.crypt_method > QCOW_CRYPT_AES) {
- error_setg(errp, "Unsupported encryption method: %" PRIu32,
- header.crypt_method);
- ret = -EINVAL;
- goto fail;
- }
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
if (bdrv_uses_whitelist() &&
@@ -1030,6 +1160,15 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
goto fail;
}
+ if (s->crypt_method_header == QCOW_CRYPT_AES) {
+ s->crypt_physical_offset = false;
+ } else {
+ /* Assuming LUKS and any future crypt methods we
+ * add will all use physical offsets, due to the
+ * fact that the alternative is insecure... */
+ s->crypt_physical_offset = true;
+ }
+
bs->encrypted = true;
bs->valid_key = true;
}
@@ -1158,20 +1297,31 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
/* read qcow2 extensions */
if (qcow2_read_extensions(bs, header.header_length, ext_end, NULL,
- &local_err)) {
+ flags, &local_err)) {
error_propagate(errp, local_err);
ret = -EINVAL;
goto fail;
}
- if (s->crypt_method_header == QCOW_CRYPT_AES) {
- unsigned int cflags = 0;
- if (flags & BDRV_O_NO_IO) {
- cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
- }
- s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
- cflags, errp);
- if (!s->crypto) {
+ /* qcow2_read_extension may have set up the crypto context
+ * if the crypt method needs a header region, some methods
+ * don't need header extensions, so must check here
+ */
+ if (s->crypt_method_header && !s->crypto) {
+ if (s->crypt_method_header == QCOW_CRYPT_AES) {
+ unsigned int cflags = 0;
+ if (flags & BDRV_O_NO_IO) {
+ cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
+ }
+ s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
+ cflags, errp);
+ if (!s->crypto) {
+ ret = -EINVAL;
+ goto fail;
+ }
+ } else if (!(flags & BDRV_O_NO_IO)) {
+ error_setg(errp, "Missing CRYPTO header for crypt method %d",
+ s->crypt_method_header);
ret = -EINVAL;
goto fail;
}
@@ -1564,7 +1714,9 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverState *bs, uint64_t offset,
assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
Error *err = NULL;
if (qcrypto_block_decrypt(s->crypto,
- offset >> BDRV_SECTOR_BITS,
+ (s->crypt_physical_offset ?
+ cluster_offset + offset_in_cluster :
+ offset) >> BDRV_SECTOR_BITS,
cluster_data,
cur_bytes,
&err) < 0) {
@@ -1660,7 +1812,10 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverState *bs, uint64_t offset,
QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size);
qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size);
- if (qcrypto_block_encrypt(s->crypto, offset >> BDRV_SECTOR_BITS,
+ if (qcrypto_block_encrypt(s->crypto,
+ (s->crypt_physical_offset ?
+ cluster_offset + offset_in_cluster :
+ offset) >> BDRV_SECTOR_BITS,
cluster_data,
cur_bytes, &err) < 0) {
error_free(err);
@@ -1958,6 +2113,22 @@ int qcow2_update_header(BlockDriverState *bs)
buflen -= ret;
}
+ /* Full disk encryption header pointer extension */
+ if (s->crypto_header.offset != 0) {
+ cpu_to_be64s(&s->crypto_header.offset);
+ cpu_to_be64s(&s->crypto_header.length);
+ ret = header_ext_add(buf, QCOW2_EXT_MAGIC_CRYPTO_HEADER,
+ &s->crypto_header, sizeof(s->crypto_header),
+ buflen);
+ be64_to_cpus(&s->crypto_header.offset);
+ be64_to_cpus(&s->crypto_header.length);
+ if (ret < 0) {
+ goto fail;
+ }
+ buf += ret;
+ buflen -= ret;
+ }
+
/* Feature table */
if (s->qcow_version >= 3) {
Qcow2Feature features[] = {
@@ -2056,6 +2227,16 @@ static int qcow2_change_backing_file(BlockDriverState *bs,
return qcow2_update_header(bs);
}
+static int qcow2_crypt_method_from_format(const char *encryptfmt)
+{
+ if (g_str_equal(encryptfmt, "luks")) {
+ return QCOW_CRYPT_LUKS;
+ } else if (g_str_equal(encryptfmt, "aes")) {
+ return QCOW_CRYPT_AES;
+ } else {
+ return -EINVAL;
+ }
+}
static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encryptfmt,
QemuOpts *opts, Error **errp)
@@ -2070,22 +2251,30 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encryptfmt,
qdict_extract_subqdict(options, &encryptopts, "encrypt.");
QDECREF(options);
- if (!g_str_equal(encryptfmt, "aes")) {
- error_setg(errp, "Unknown encryption format '%s', expected 'aes'",
- encryptfmt);
- ret = -EINVAL;
- goto out;
+ int fmt = qcow2_crypt_method_from_format(encryptfmt);
+
+ switch (fmt) {
+ case QCOW_CRYPT_LUKS:
+ cryptoopts = block_crypto_create_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp);
+ break;
+ case QCOW_CRYPT_AES:
+ cryptoopts = block_crypto_create_opts_init(
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
+ break;
+ default:
+ error_setg(errp, "Unknown encryption format '%s'", encryptfmt);
+ break;
}
- cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
if (!cryptoopts) {
ret = -EINVAL;
goto out;
}
- s->crypt_method_header = QCOW_CRYPT_AES;
+ s->crypt_method_header = fmt;
crypto = qcrypto_block_create(cryptoopts,
- NULL, NULL,
+ qcow2_crypto_hdr_init_func,
+ qcow2_crypto_hdr_write_func,
bs, errp);
if (!crypto) {
ret = -EINVAL;
@@ -3206,6 +3395,7 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
const char *compat = NULL;
uint64_t cluster_size = s->cluster_size;
bool encrypt;
+ int encformat;
int refcount_bits = s->refcount_bits;
Error *local_err = NULL;
int ret;
@@ -3248,6 +3438,14 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
error_report("Changing the encryption flag is not supported");
return -ENOTSUP;
}
+ } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT_FORMAT)) {
+ encformat = qcow2_crypt_method_from_format(
+ qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT));
+
+ if (encformat != s->crypt_method_header) {
+ error_report("Changing the encryption format is not supported");
+ return -ENOTSUP;
+ }
} else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) {
cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
cluster_size);
@@ -3469,9 +3667,16 @@ static QemuOptsList qcow2_create_opts = {
{
.name = BLOCK_OPT_ENCRYPT_FORMAT,
.type = QEMU_OPT_STRING,
- .help = "Encrypt the image, format choices: 'aes'",
+ .help = "Encrypt the image, format choices: 'aes', 'luks'",
},
- BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.",
+ "ID of secret providing qcow AES key or LUKS passphrase"),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."),
{
.name = BLOCK_OPT_CLUSTER_SIZE,
.type = QEMU_OPT_SIZE,
diff --git a/block/qcow2.h b/block/qcow2.h
index 9746aaf..3cf577d 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -36,6 +36,7 @@
#define QCOW_CRYPT_NONE 0
#define QCOW_CRYPT_AES 1
+#define QCOW_CRYPT_LUKS 2
#define QCOW_MAX_CRYPT_CLUSTERS 32
#define QCOW_MAX_SNAPSHOTS 65536
@@ -163,6 +164,11 @@ typedef struct QCowSnapshot {
struct Qcow2Cache;
typedef struct Qcow2Cache Qcow2Cache;
+typedef struct Qcow2CryptoHeaderExtension {
+ uint64_t offset;
+ uint64_t length;
+} QEMU_PACKED Qcow2CryptoHeaderExtension;
+
typedef struct Qcow2UnknownHeaderExtension {
uint32_t magic;
uint32_t len;
@@ -257,8 +263,11 @@ typedef struct BDRVQcow2State {
CoMutex lock;
+ Qcow2CryptoHeaderExtension crypto_header; /* QCow2 header extension */
QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime options */
QCryptoBlock *crypto; /* Disk encryption format driver */
+ bool crypt_physical_offset; /* Whether to use virtual or physical offset
+ for encryption initialization vector tweak */
uint32_t crypt_method_header;
uint64_t snapshots_offset;
int snapshots_size;
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 2a3ab47..6d418db 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2319,7 +2319,7 @@
# Since: 2.10
##
{ 'enum': 'BlockdevQcow2EncryptionFormat',
- 'data': [ 'qcow' ] }
+ 'data': [ 'qcow', 'luks' ] }
##
# @BlockdevQcow2Encryption:
@@ -2329,7 +2329,8 @@
{ 'union': 'BlockdevQcow2Encryption',
'base': { 'format': 'BlockdevQcow2EncryptionFormat' },
'discriminator': 'format',
- 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } }
+ 'data': { 'qcow': 'QCryptoBlockOptionsQCow',
+ 'luks': 'QCryptoBlockOptionsLUKS'} }
##
# @BlockdevOptionsQcow2:
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
index 7026dc4..f3398bc 100644
--- a/tests/qemu-iotests/082.out
+++ b/tests/qemu-iotests/082.out
@@ -49,8 +49,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -64,8 +70,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -79,8 +91,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -94,8 +112,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -109,8 +133,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -124,8 +154,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -139,8 +175,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -154,8 +196,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -184,8 +232,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -248,8 +302,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -263,8 +323,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -278,8 +344,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -293,8 +365,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -308,8 +386,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -323,8 +407,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -338,8 +428,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -353,8 +449,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -383,8 +485,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -444,8 +552,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -459,8 +573,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -474,8 +594,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -489,8 +615,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -504,8 +636,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -519,8 +657,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -534,8 +678,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -549,8 +699,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
@@ -581,8 +737,14 @@ compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image with format 'aes'. (Deprecated in favour of encrypt.format=aes)
-encrypt.format Encrypt the image, format choices: 'aes'
-encrypt.key-secret ID of the secret that provides the AES encryption key
+encrypt.format Encrypt the image, format choices: 'aes', 'luks'
+encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase
+encrypt.cipher-alg Name of encryption cipher algorithm
+encrypt.cipher-mode Name of encryption cipher mode
+encrypt.ivgen-alg Name of IV generator algorithm
+encrypt.ivgen-hash-alg Name of IV generator hash algorithm
+encrypt.hash-alg Name of encryption hash algorithm
+encrypt.iter-time Time to spend in PBKDF in milliseconds
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (12 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
` (5 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
This extends the 087 iotest to cover LUKS encryption when doing
blockdev-add.
Two further tests are added to validate read/write of LUKS
encrypted images with a single file and with a backing file.
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/087 | 35 ++++++++++++++++++-
tests/qemu-iotests/087.out | 14 +++++++-
tests/qemu-iotests/177 | 76 ++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/177.out | 18 ++++++++++
tests/qemu-iotests/178 | 86 ++++++++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/178.out | 26 ++++++++++++++
tests/qemu-iotests/group | 2 ++
7 files changed, 255 insertions(+), 2 deletions(-)
create mode 100755 tests/qemu-iotests/177
create mode 100644 tests/qemu-iotests/177.out
create mode 100755 tests/qemu-iotests/178
create mode 100644 tests/qemu-iotests/178.out
diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087
index 730270e..153dad0 100755
--- a/tests/qemu-iotests/087
+++ b/tests/qemu-iotests/087
@@ -121,7 +121,7 @@ run_qemu <<EOF
EOF
echo
-echo === Encrypted image ===
+echo === Encrypted image QCow ===
echo
_make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size
@@ -154,6 +154,39 @@ run_qemu <<EOF
EOF
echo
+echo === Encrypted image LUKS ===
+echo
+
+_make_test_img --object secret,id=sec0,data=123456 -o encrypt.format=luks,encrypt.key-secret=sec0 $size
+run_qemu <<EOF
+{ "execute": "qmp_capabilities" }
+{ "execute": "object-add",
+ "arguments": {
+ "qom-type": "secret",
+ "id": "sec0",
+ "props": {
+ "data": "123456"
+ }
+ }
+}
+{ "execute": "blockdev-add",
+ "arguments": {
+ "driver": "$IMGFMT",
+ "node-name": "disk",
+ "file": {
+ "driver": "file",
+ "filename": "$TEST_IMG"
+ },
+ "encrypt": {
+ "format": "luks",
+ "key-secret": "sec0"
+ }
+ }
+ }
+{ "execute": "quit" }
+EOF
+
+echo
echo === Missing driver ===
echo
diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out
index 2f1d7d1..6317cc3 100644
--- a/tests/qemu-iotests/087.out
+++ b/tests/qemu-iotests/087.out
@@ -32,7 +32,7 @@ QMP_VERSION
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
-=== Encrypted image ===
+=== Encrypted image QCow ===
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
Testing:
@@ -44,6 +44,18 @@ QMP_VERSION
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
+=== Encrypted image LUKS ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encrypt.format=luks encrypt.key-secret=sec0
+Testing:
+QMP_VERSION
+{"return": {}}
+{"return": {}}
+{"return": {}}
+{"return": {}}
+{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
+
+
=== Missing driver ===
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0
diff --git a/tests/qemu-iotests/177 b/tests/qemu-iotests/177
new file mode 100755
index 0000000..83ed03e
--- /dev/null
+++ b/tests/qemu-iotests/177
@@ -0,0 +1,76 @@
+#!/bin/bash
+#
+# Test encrypted read/write using plain bdrv_read/bdrv_write
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=berrange@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1 # failure is the default!
+
+_cleanup()
+{
+ _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto generic
+_supported_os Linux
+
+
+size=16M
+
+SECRET="secret,id=sec0,data=astrochicken"
+SECRETALT="secret,id=sec0,data=platypus"
+
+_make_test_img --object $SECRET -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=10" $size
+
+IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,encrypt.key-secret=sec0"
+
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
+
+echo
+echo "== reading whole image =="
+$QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== rewriting whole image =="
+$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== verify pattern =="
+$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== verify open failure with wrong password =="
+$QEMU_IO --object $SECRETALT -c "read -P 0xa 0 $size" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/177.out b/tests/qemu-iotests/177.out
new file mode 100644
index 0000000..95d558b
--- /dev/null
+++ b/tests/qemu-iotests/177.out
@@ -0,0 +1,18 @@
+QA output created by 177
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
+
+== reading whole image ==
+read 16777216/16777216 bytes at offset 0
+16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== rewriting whole image ==
+wrote 16777216/16777216 bytes at offset 0
+16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== verify pattern ==
+read 16777216/16777216 bytes at offset 0
+16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== verify open failure with wrong password ==
+can't open: Invalid password, cannot unlock any keyslot
+*** done
diff --git a/tests/qemu-iotests/178 b/tests/qemu-iotests/178
new file mode 100755
index 0000000..54ad980
--- /dev/null
+++ b/tests/qemu-iotests/178
@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# Test encrypted read/write using backing files
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=berrange@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1 # failure is the default!
+
+_cleanup()
+{
+ _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto generic
+_supported_os Linux
+
+
+size=16M
+TEST_IMG_BASE=$TEST_IMG.base
+SECRET0="secret,id=sec0,data=astrochicken"
+SECRET1="secret,id=sec1,data=furby"
+
+TEST_IMG_SAVE=$TEST_IMG
+TEST_IMG=$TEST_IMG_BASE
+echo "== create base =="
+_make_test_img --object $SECRET0 -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=10" $size
+TEST_IMG=$TEST_IMG_SAVE
+
+IMGSPECBASE="driver=$IMGFMT,file.filename=$TEST_IMG_BASE,encrypt.key-secret=sec0"
+IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,backing.driver=$IMGFMT,backing.file.filename=$TEST_IMG_BASE,backing.encrypt.key-secret=sec0,encrypt.key-secret=sec1"
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
+
+echo
+echo "== writing whole image =="
+$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== verify pattern =="
+$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _filter_testdir
+
+echo "== create overlay =="
+_make_test_img --object $SECRET1 -o "encrypt.format=luks,encrypt.key-secret=sec1,encrypt.iter-time=10" -b "$TEST_IMG_BASE" $size
+
+echo
+echo "== writing part of a cluster =="
+$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+
+echo
+echo "== verify pattern =="
+$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+echo
+echo "== verify pattern =="
+$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
+
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/178.out b/tests/qemu-iotests/178.out
new file mode 100644
index 0000000..ab5342d
--- /dev/null
+++ b/tests/qemu-iotests/178.out
@@ -0,0 +1,26 @@
+QA output created by 178
+== create base ==
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
+
+== writing whole image ==
+wrote 16777216/16777216 bytes at offset 0
+16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== verify pattern ==
+read 16777216/16777216 bytes at offset 0
+16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+== create overlay ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base encrypt.format=luks encrypt.key-secret=sec1 encrypt.iter-time=10
+
+== writing part of a cluster ==
+wrote 1024/1024 bytes at offset 0
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== verify pattern ==
+read 1024/1024 bytes at offset 0
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== verify pattern ==
+read 64512/64512 bytes at offset 1024
+63 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 43142dd..e0709f2 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -169,3 +169,5 @@
174 auto
175 auto quick
176 rw auto backing
+177 rw auto quick
+178 rw auto quick
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1)
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (13 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 16/18] block: rip out all traces of password prompting Daniel P. Berrange
` (4 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
The 138 and 158 iotests exercise the legacy qcow2 aes encryption
code path and they work fine with qcow v1 too.
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/134 | 2 +-
tests/qemu-iotests/158 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/134 b/tests/qemu-iotests/134
index f851d92..9914415 100755
--- a/tests/qemu-iotests/134
+++ b/tests/qemu-iotests/134
@@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
. ./common.rc
. ./common.filter
-_supported_fmt qcow2
+_supported_fmt qcow qcow2
_supported_proto generic
_unsupported_proto vxhs
_supported_os Linux
diff --git a/tests/qemu-iotests/158 b/tests/qemu-iotests/158
index e280b79..823c120 100755
--- a/tests/qemu-iotests/158
+++ b/tests/qemu-iotests/158
@@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
. ./common.rc
. ./common.filter
-_supported_fmt qcow2
+_supported_fmt qcow qcow2
_supported_proto generic
_unsupported_proto vxhs
_supported_os Linux
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 16/18] block: rip out all traces of password prompting
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (14 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs Daniel P. Berrange
` (3 subsequent siblings)
19 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Now that qcow & qcow2 are wired up to get encryption keys
via the QCryptoSecret object, nothing is relying on the
interactive prompting for passwords. All the code related
to password prompting can thus be ripped out.
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
hmp.c | 31 ---------------------
include/monitor/monitor.h | 7 -----
include/qemu/osdep.h | 2 --
monitor.c | 68 -----------------------------------------------
qapi-schema.json | 10 +------
qemu-img.c | 31 ---------------------
qemu-io.c | 20 --------------
qmp.c | 12 +--------
util/oslib-posix.c | 66 ---------------------------------------------
util/oslib-win32.c | 24 -----------------
10 files changed, 2 insertions(+), 269 deletions(-)
diff --git a/hmp.c b/hmp.c
index ab407d6..510d412 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1076,37 +1076,12 @@ void hmp_ringbuf_read(Monitor *mon, const QDict *qdict)
g_free(data);
}
-static void hmp_cont_cb(void *opaque, int err)
-{
- if (!err) {
- qmp_cont(NULL);
- }
-}
-
-static bool key_is_missing(const BlockInfo *bdev)
-{
- return (bdev->inserted && bdev->inserted->encryption_key_missing);
-}
-
void hmp_cont(Monitor *mon, const QDict *qdict)
{
- BlockInfoList *bdev_list, *bdev;
Error *err = NULL;
- bdev_list = qmp_query_block(NULL);
- for (bdev = bdev_list; bdev; bdev = bdev->next) {
- if (key_is_missing(bdev->value)) {
- monitor_read_block_device_key(mon, bdev->value->device,
- hmp_cont_cb, NULL);
- goto out;
- }
- }
-
qmp_cont(&err);
hmp_handle_error(mon, &err);
-
-out:
- qapi_free_BlockInfoList(bdev_list);
}
void hmp_system_wakeup(Monitor *mon, const QDict *qdict)
@@ -1541,12 +1516,6 @@ void hmp_change(Monitor *mon, const QDict *qdict)
qmp_blockdev_change_medium(true, device, false, NULL, target,
!!arg, arg, !!read_only, read_only_mode,
&err);
- if (err &&
- error_get_class(err) == ERROR_CLASS_DEVICE_ENCRYPTED) {
- error_free(err);
- monitor_read_block_device_key(mon, device, NULL, NULL);
- return;
- }
}
hmp_handle_error(mon, &err);
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
index d2b3aaf..83ea4a1 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -23,13 +23,6 @@ void monitor_cleanup(void);
int monitor_suspend(Monitor *mon);
void monitor_resume(Monitor *mon);
-int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs,
- BlockCompletionFunc *completion_cb,
- void *opaque);
-int monitor_read_block_device_key(Monitor *mon, const char *device,
- BlockCompletionFunc *completion_cb,
- void *opaque);
-
int monitor_get_fd(Monitor *mon, const char *fdname, Error **errp);
int monitor_fd_param(Monitor *mon, const char *fdname, Error **errp);
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 122ff06..85587b8 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -441,8 +441,6 @@ void qemu_set_tty_echo(int fd, bool echo);
void os_mem_prealloc(int fd, char *area, size_t sz, int smp_cpus,
Error **errp);
-int qemu_read_password(char *buf, int buf_size);
-
/**
* qemu_get_pid_name:
* @pid: pid of a process
diff --git a/monitor.c b/monitor.c
index be282ec..357383f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4017,74 +4017,6 @@ void monitor_cleanup(void)
qemu_mutex_unlock(&monitor_lock);
}
-static void bdrv_password_cb(void *opaque, const char *password,
- void *readline_opaque)
-{
- Monitor *mon = opaque;
- BlockDriverState *bs = readline_opaque;
- int ret = 0;
- Error *local_err = NULL;
-
- bdrv_add_key(bs, password, &local_err);
- if (local_err) {
- error_report_err(local_err);
- ret = -EPERM;
- }
- if (mon->password_completion_cb)
- mon->password_completion_cb(mon->password_opaque, ret);
-
- monitor_read_command(mon, 1);
-}
-
-int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs,
- BlockCompletionFunc *completion_cb,
- void *opaque)
-{
- int err;
-
- monitor_printf(mon, "%s (%s) is encrypted.\n", bdrv_get_device_name(bs),
- bdrv_get_encrypted_filename(bs));
-
- mon->password_completion_cb = completion_cb;
- mon->password_opaque = opaque;
-
- err = monitor_read_password(mon, bdrv_password_cb, bs);
-
- if (err && completion_cb)
- completion_cb(opaque, err);
-
- return err;
-}
-
-int monitor_read_block_device_key(Monitor *mon, const char *device,
- BlockCompletionFunc *completion_cb,
- void *opaque)
-{
- Error *err = NULL;
- BlockBackend *blk;
-
- blk = blk_by_name(device);
- if (!blk) {
- monitor_printf(mon, "Device not found %s\n", device);
- return -1;
- }
- if (!blk_bs(blk)) {
- monitor_printf(mon, "Device '%s' has no medium\n", device);
- return -1;
- }
-
- bdrv_add_key(blk_bs(blk), NULL, &err);
- if (err) {
- error_free(err);
- return monitor_read_bdrv_key_start(mon, blk_bs(blk), completion_cb, opaque);
- }
-
- if (completion_cb) {
- completion_cb(opaque, 0);
- }
- return 0;
-}
-
QemuOptsList qemu_mon_opts = {
.name = "mon",
.implied_opt_name = "chardev",
diff --git a/qapi-schema.json b/qapi-schema.json
index 01b087f..bb0214b 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2402,8 +2402,6 @@
# Since: 0.14.0
#
# Returns: If successful, nothing
-# If QEMU was started with an encrypted block device and a key has
-# not yet been set, DeviceEncrypted.
#
# Notes: This command will succeed if the guest is currently running. It
# will also succeed if the guest is in the "inmigrate" state; in
@@ -2684,8 +2682,7 @@
# * This command is stateless, this means that commands that depend
# on state information (such as getfd) might not work
#
-# * Commands that prompt the user for data (eg. 'cont' when the block
-# device is encrypted) don't currently work
+# * Commands that prompt the user for data don't currently work
#
# Example:
#
@@ -2990,11 +2987,6 @@
#
# Returns: Nothing on success.
# If @device is not a valid block device, DeviceNotFound
-# If the new block device is encrypted, DeviceEncrypted. Note that
-# if this error is returned, the device has been opened successfully
-# and an additional call to @block_passwd is required to set the
-# device's password. The behavior of reads and writes to the block
-# device between when these calls are executed is undefined.
#
# Notes: This interface is deprecated, and it is strongly recommended that you
# avoid using it. For changing block devices, use
diff --git a/qemu-img.c b/qemu-img.c
index 26be4d6..3ca0704 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -258,29 +258,6 @@ static int print_block_option_help(const char *filename, const char *fmt)
}
-static int img_open_password(BlockBackend *blk, const char *filename,
- int flags, bool quiet)
-{
- BlockDriverState *bs;
- char password[256];
-
- bs = blk_bs(blk);
- if (bdrv_is_encrypted(bs) && bdrv_key_required(bs) &&
- !(flags & BDRV_O_NO_IO)) {
- qprintf(quiet, "Disk image '%s' is encrypted.\n", filename);
- if (qemu_read_password(password, sizeof(password)) < 0) {
- error_report("No password given");
- return -1;
- }
- if (bdrv_set_key(bs, password) < 0) {
- error_report("invalid password");
- return -1;
- }
- }
- return 0;
-}
-
-
static BlockBackend *img_open_opts(const char *optstr,
QemuOpts *opts, int flags, bool writethrough,
bool quiet)
@@ -296,10 +273,6 @@ static BlockBackend *img_open_opts(const char *optstr,
}
blk_set_enable_write_cache(blk, !writethrough);
- if (img_open_password(blk, optstr, flags, quiet) < 0) {
- blk_unref(blk);
- return NULL;
- }
return blk;
}
@@ -323,10 +296,6 @@ static BlockBackend *img_open_file(const char *filename,
}
blk_set_enable_write_cache(blk, !writethrough);
- if (img_open_password(blk, filename, flags, quiet) < 0) {
- blk_unref(blk);
- return NULL;
- }
return blk;
}
diff --git a/qemu-io.c b/qemu-io.c
index 427cbae..864b32e 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -56,7 +56,6 @@ static const cmdinfo_t close_cmd = {
static int openfile(char *name, int flags, bool writethrough, QDict *opts)
{
Error *local_err = NULL;
- BlockDriverState *bs;
if (qemuio_blk) {
error_report("file open already, try 'help close'");
@@ -71,28 +70,9 @@ static int openfile(char *name, int flags, bool writethrough, QDict *opts)
return 1;
}
- bs = blk_bs(qemuio_blk);
- if (bdrv_is_encrypted(bs) && bdrv_key_required(bs)) {
- char password[256];
- printf("Disk image '%s' is encrypted.\n", name);
- if (qemu_read_password(password, sizeof(password)) < 0) {
- error_report("No password given");
- goto error;
- }
- if (bdrv_set_key(bs, password) < 0) {
- error_report("invalid password");
- goto error;
- }
- }
-
blk_set_enable_write_cache(qemuio_blk, !writethrough);
return 0;
-
- error:
- blk_unref(qemuio_blk);
- qemuio_blk = NULL;
- return 1;
}
static void open_help(void)
diff --git a/qmp.c b/qmp.c
index ab74cd7..da46770 100644
--- a/qmp.c
+++ b/qmp.c
@@ -164,10 +164,8 @@ SpiceInfo *qmp_query_spice(Error **errp)
void qmp_cont(Error **errp)
{
- Error *local_err = NULL;
BlockBackend *blk;
- BlockDriverState *bs;
- BdrvNextIterator it;
+ Error *local_err = NULL;
/* if there is a dump in background, we should wait until the dump
* finished */
@@ -187,14 +185,6 @@ void qmp_cont(Error **errp)
blk_iostatus_reset(blk);
}
- for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
- bdrv_add_key(bs, NULL, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- }
-
/* Continuing after completed migration. Images have been inactivated to
* allow the destination to take control. Need to get control back now. */
if (runstate_check(RUN_STATE_FINISH_MIGRATE) ||
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index 4d9189e..29fd4d3 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -459,72 +459,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory, int smp_cpus,
}
-static struct termios oldtty;
-
-static void term_exit(void)
-{
- tcsetattr(0, TCSANOW, &oldtty);
-}
-
-static void term_init(void)
-{
- struct termios tty;
-
- tcgetattr(0, &tty);
- oldtty = tty;
-
- tty.c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP
- |INLCR|IGNCR|ICRNL|IXON);
- tty.c_oflag |= OPOST;
- tty.c_lflag &= ~(ECHO|ECHONL|ICANON|IEXTEN);
- tty.c_cflag &= ~(CSIZE|PARENB);
- tty.c_cflag |= CS8;
- tty.c_cc[VMIN] = 1;
- tty.c_cc[VTIME] = 0;
-
- tcsetattr(0, TCSANOW, &tty);
-
- atexit(term_exit);
-}
-
-int qemu_read_password(char *buf, int buf_size)
-{
- uint8_t ch;
- int i, ret;
-
- printf("password: ");
- fflush(stdout);
- term_init();
- i = 0;
- for (;;) {
- ret = read(0, &ch, 1);
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
- } else {
- break;
- }
- } else if (ret == 0) {
- ret = -1;
- break;
- } else {
- if (ch == '\r' ||
- ch == '\n') {
- ret = 0;
- break;
- }
- if (i < (buf_size - 1)) {
- buf[i++] = ch;
- }
- }
- }
- term_exit();
- buf[i] = '\0';
- printf("\n");
- return ret;
-}
-
-
char *qemu_get_pid_name(pid_t pid)
{
char *name = NULL;
diff --git a/util/oslib-win32.c b/util/oslib-win32.c
index 80e4668..aacdaed 100644
--- a/util/oslib-win32.c
+++ b/util/oslib-win32.c
@@ -554,30 +554,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory, int smp_cpus,
}
-/* XXX: put correct support for win32 */
-int qemu_read_password(char *buf, int buf_size)
-{
- int c, i;
-
- printf("Password: ");
- fflush(stdout);
- i = 0;
- for (;;) {
- c = getchar();
- if (c < 0) {
- buf[i] = '\0';
- return -1;
- } else if (c == '\n') {
- break;
- } else if (i < (buf_size - 1)) {
- buf[i++] = c;
- }
- }
- buf[i] = '\0';
- return 0;
-}
-
-
char *qemu_get_pid_name(pid_t pid)
{
/* XXX Implement me */
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (15 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 16/18] block: rip out all traces of password prompting Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-05-11 14:49 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
` (2 subsequent siblings)
19 siblings, 1 reply; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
Now that all encryption keys must be provided upfront via
the QCryptoSecret API and associated block driver properties
there is no need for any explicit encryption handling APIs
in the block layer. Encryption can be handled transparently
within the block driver. We only retain an API for querying
whether an image is encrypted or not, since that is a
potentially useful piece of metadata to report to the user.
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block.c | 77 +----------------------------------------------
block/crypto.c | 1 -
block/qapi.c | 2 +-
block/qcow.c | 7 ++++-
block/qcow2.c | 1 -
blockdev.c | 37 ++---------------------
hmp-commands.hx | 2 ++
include/block/block.h | 3 --
include/block/block_int.h | 1 -
include/qapi/error.h | 1 -
qapi/block-core.json | 37 ++---------------------
qapi/common.json | 5 +--
12 files changed, 15 insertions(+), 159 deletions(-)
diff --git a/block.c b/block.c
index 5db266b..a3de487 100644
--- a/block.c
+++ b/block.c
@@ -2482,15 +2482,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
goto close_and_fail;
}
- if (!bdrv_key_required(bs)) {
- bdrv_parent_cb_change_media(bs, true);
- } else if (!runstate_check(RUN_STATE_PRELAUNCH)
- && !runstate_check(RUN_STATE_INMIGRATE)
- && !runstate_check(RUN_STATE_PAUSED)) { /* HACK */
- error_setg(errp,
- "Guest must be stopped for opening of encrypted image");
- goto close_and_fail;
- }
+ bdrv_parent_cb_change_media(bs, true);
QDECREF(options);
@@ -2981,7 +2973,6 @@ static void bdrv_close(BlockDriverState *bs)
bs->backing_format[0] = '\0';
bs->total_sectors = 0;
bs->encrypted = false;
- bs->valid_key = false;
bs->sg = false;
QDECREF(bs->options);
QDECREF(bs->explicit_options);
@@ -3407,72 +3398,6 @@ bool bdrv_is_encrypted(BlockDriverState *bs)
return bs->encrypted;
}
-bool bdrv_key_required(BlockDriverState *bs)
-{
- BdrvChild *backing = bs->backing;
-
- if (backing && backing->bs->encrypted && !backing->bs->valid_key) {
- return true;
- }
- return (bs->encrypted && !bs->valid_key);
-}
-
-int bdrv_set_key(BlockDriverState *bs, const char *key)
-{
- int ret;
- if (bs->backing && bs->backing->bs->encrypted) {
- ret = bdrv_set_key(bs->backing->bs, key);
- if (ret < 0)
- return ret;
- if (!bs->encrypted)
- return 0;
- }
- if (!bs->encrypted) {
- return -EINVAL;
- } else if (!bs->drv || !bs->drv->bdrv_set_key) {
- return -ENOMEDIUM;
- }
- ret = bs->drv->bdrv_set_key(bs, key);
- if (ret < 0) {
- bs->valid_key = false;
- } else if (!bs->valid_key) {
- /* call the change callback now, we skipped it on open */
- bs->valid_key = true;
- bdrv_parent_cb_change_media(bs, true);
- }
- return ret;
-}
-
-/*
- * Provide an encryption key for @bs.
- * If @key is non-null:
- * If @bs is not encrypted, fail.
- * Else if the key is invalid, fail.
- * Else set @bs's key to @key, replacing the existing key, if any.
- * If @key is null:
- * If @bs is encrypted and still lacks a key, fail.
- * Else do nothing.
- * On failure, store an error object through @errp if non-null.
- */
-void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp)
-{
- if (key) {
- if (!bdrv_is_encrypted(bs)) {
- error_setg(errp, "Node '%s' is not encrypted",
- bdrv_get_device_or_node_name(bs));
- } else if (bdrv_set_key(bs, key) < 0) {
- error_setg(errp, QERR_INVALID_PASSWORD);
- }
- } else {
- if (bdrv_key_required(bs)) {
- error_set(errp, ERROR_CLASS_DEVICE_ENCRYPTED,
- "'%s' (%s) is encrypted",
- bdrv_get_device_or_node_name(bs),
- bdrv_get_encrypted_filename(bs));
- }
- }
-}
-
const char *bdrv_get_format_name(BlockDriverState *bs)
{
return bs->drv ? bs->drv->format_name : NULL;
diff --git a/block/crypto.c b/block/crypto.c
index 913723a..045836d 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -308,7 +308,6 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
}
bs->encrypted = true;
- bs->valid_key = true;
ret = 0;
cleanup:
diff --git a/block/qapi.c b/block/qapi.c
index a40922e..9d724c2 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -45,7 +45,7 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
info->ro = bs->read_only;
info->drv = g_strdup(bs->drv->format_name);
info->encrypted = bs->encrypted;
- info->encryption_key_missing = bdrv_key_required(bs);
+ info->encryption_key_missing = false;
info->cache = g_new(BlockdevCacheInfo, 1);
*info->cache = (BlockdevCacheInfo) {
diff --git a/block/qcow.c b/block/qcow.c
index 7bfa0dd..962b941 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -220,7 +220,12 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
goto fail;
}
bs->encrypted = true;
- bs->valid_key = true;
+ } else {
+ if (encryptfmt) {
+ error_setg(errp, "No encryption in image header, but options "
+ "specified format '%s'", encryptfmt);
+ goto fail;
+ }
}
s->cluster_bits = header.cluster_bits;
s->cluster_size = 1 << s->cluster_bits;
diff --git a/block/qcow2.c b/block/qcow2.c
index 44a573b..03997c1 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1170,7 +1170,6 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
}
bs->encrypted = true;
- bs->valid_key = true;
}
s->l2_bits = s->cluster_bits - 3; /* L2 is always one cluster */
diff --git a/blockdev.c b/blockdev.c
index 6428206..b3dd277 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -591,10 +591,6 @@ static BlockBackend *blockdev_init(const char *file, QDict *bs_opts,
bs->detect_zeroes = detect_zeroes;
- if (bdrv_key_required(bs)) {
- autostart = 0;
- }
-
block_acct_init(blk_get_stats(blk), account_invalid, account_failed);
if (!parse_stats_intervals(blk_get_stats(blk), interval_list, errp)) {
@@ -2264,24 +2260,8 @@ void qmp_block_passwd(bool has_device, const char *device,
bool has_node_name, const char *node_name,
const char *password, Error **errp)
{
- Error *local_err = NULL;
- BlockDriverState *bs;
- AioContext *aio_context;
-
- bs = bdrv_lookup_bs(has_device ? device : NULL,
- has_node_name ? node_name : NULL,
- &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- aio_context = bdrv_get_aio_context(bs);
- aio_context_acquire(aio_context);
-
- bdrv_add_key(bs, password, errp);
-
- aio_context_release(aio_context);
+ error_setg(errp,
+ "Setting block passwords directly is no longer supported");
}
/*
@@ -2591,12 +2571,6 @@ void qmp_blockdev_change_medium(bool has_device, const char *device,
goto fail;
}
- bdrv_add_key(medium_bs, NULL, &err);
- if (err) {
- error_propagate(errp, err);
- goto fail;
- }
-
rc = do_open_tray(has_device ? device : NULL,
has_id ? id : NULL,
false, &err);
@@ -3889,13 +3863,6 @@ void qmp_blockdev_add(BlockdevOptions *options, Error **errp)
QTAILQ_INSERT_TAIL(&monitor_bdrv_states, bs, monitor_list);
- if (bs && bdrv_key_required(bs)) {
- QTAILQ_REMOVE(&monitor_bdrv_states, bs, monitor_list);
- bdrv_unref(bs);
- error_setg(errp, "blockdev-add doesn't support encrypted devices");
- goto fail;
- }
-
fail:
visit_free(v);
}
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 8819281..d1a69a6 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1612,6 +1612,8 @@ STEXI
@item block_passwd @var{device} @var{password}
@findex block_passwd
Set the encrypted device @var{device} password to @var{password}
+
+This command is now obsolete and will always return an error since 2.10
ETEXI
{
diff --git a/include/block/block.h b/include/block/block.h
index 144df0d..dd7b103 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -464,9 +464,6 @@ BlockDriverState *bdrv_next(BdrvNextIterator *it);
BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs);
bool bdrv_is_encrypted(BlockDriverState *bs);
-bool bdrv_key_required(BlockDriverState *bs);
-int bdrv_set_key(BlockDriverState *bs, const char *key);
-void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp);
void bdrv_iterate_format(void (*it)(void *opaque, const char *name),
void *opaque);
const char *bdrv_get_node_name(const BlockDriverState *bs);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 4b2f8b0..9d5aba1 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -515,7 +515,6 @@ struct BlockDriverState {
int open_flags; /* flags used to open the file, re-used for re-open */
bool read_only; /* if true, the media is read only */
bool encrypted; /* if true, the media is encrypted */
- bool valid_key; /* if true, a valid encryption key has been set */
bool sg; /* if true, the device is a /dev/sg* */
bool probed; /* if true, format was probed rather than specified */
diff --git a/include/qapi/error.h b/include/qapi/error.h
index 7e532d0..5d5e737 100644
--- a/include/qapi/error.h
+++ b/include/qapi/error.h
@@ -125,7 +125,6 @@
typedef enum ErrorClass {
ERROR_CLASS_GENERIC_ERROR = QAPI_ERROR_CLASS_GENERICERROR,
ERROR_CLASS_COMMAND_NOT_FOUND = QAPI_ERROR_CLASS_COMMANDNOTFOUND,
- ERROR_CLASS_DEVICE_ENCRYPTED = QAPI_ERROR_CLASS_DEVICEENCRYPTED,
ERROR_CLASS_DEVICE_NOT_ACTIVE = QAPI_ERROR_CLASS_DEVICENOTACTIVE,
ERROR_CLASS_DEVICE_NOT_FOUND = QAPI_ERROR_CLASS_DEVICENOTFOUND,
ERROR_CLASS_KVM_MISSING_CAP = QAPI_ERROR_CLASS_KVMMISSINGCAP,
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 6d418db..e83a83f 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -259,8 +259,7 @@
#
# @encrypted: true if the backing device is encrypted
#
-# @encryption_key_missing: true if the backing device is encrypted but an
-# valid encryption key is missing
+# @encryption_key_missing: Deprecated; always false
#
# @detect_zeroes: detect and optimize zero writes (Since 2.1)
#
@@ -945,39 +944,7 @@
# This command sets the password of a block device that has not been open
# with a password and requires one.
#
-# The two cases where this can happen are a block device is created through
-# QEMU's initial command line or a block device is changed through the legacy
-# @change interface.
-#
-# In the event that the block device is created through the initial command
-# line, the VM will start in the stopped state regardless of whether '-S' is
-# used. The intention is for a management tool to query the block devices to
-# determine which ones are encrypted, set the passwords with this command, and
-# then start the guest with the @cont command.
-#
-# Either @device or @node-name must be set but not both.
-#
-# @device: the name of the block backend device to set the password on
-#
-# @node-name: graph node name to set the password on (Since 2.0)
-#
-# @password: the password to use for the device
-#
-# Returns: nothing on success
-# If @device is not a valid block device, DeviceNotFound
-# If @device is not encrypted, DeviceNotEncrypted
-#
-# Notes: Not all block formats support encryption and some that do are not
-# able to validate that a password is correct. Disk corruption may
-# occur if an invalid password is specified.
-#
-# Since: 0.14.0
-#
-# Example:
-#
-# -> { "execute": "block_passwd", "arguments": { "device": "ide0-hd0",
-# "password": "12345" } }
-# <- { "return": {} }
+# This command is now obsolete and will always return an error since 2.10
#
##
{ 'command': 'block_passwd', 'data': {'*device': 'str',
diff --git a/qapi/common.json b/qapi/common.json
index b626647..8355d5a 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -14,9 +14,6 @@
#
# @CommandNotFound: the requested command has not been found
#
-# @DeviceEncrypted: the requested operation can't be fulfilled because the
-# selected device is encrypted
-#
# @DeviceNotActive: a device has failed to be become active
#
# @DeviceNotFound: the requested device has not been found
@@ -28,7 +25,7 @@
##
{ 'enum': 'QapiErrorClass',
# Keep this in sync with ErrorClass in error.h
- 'data': [ 'GenericError', 'CommandNotFound', 'DeviceEncrypted',
+ 'data': [ 'GenericError', 'CommandNotFound',
'DeviceNotActive', 'DeviceNotFound', 'KVMMissingCap' ] }
##
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (16 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs Daniel P. Berrange
@ 2017-04-25 15:38 ` Daniel P. Berrange
2017-04-26 17:47 ` Eric Blake
2017-04-25 15:56 ` [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support no-reply
2017-04-25 17:25 ` no-reply
19 siblings, 1 reply; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-25 15:38 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf, Alberto Garcia,
Daniel P. Berrange
While the crypto layer uses a fixed option name "key-secret",
the upper block layer may have a prefix on the options. e.g.
"luks-key-secret", "aes-key-secret", in order to avoid clashes
between crypto option names & other block option names. To
ensure the crypto layer can report accurate error messages,
we must tell it what option name prefix was used.
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 4 ++--
block/qcow.c | 7 ++++---
block/qcow2.c | 11 +++++++----
crypto/block-luks.c | 8 ++++++--
crypto/block-qcow.c | 8 ++++++--
crypto/block.c | 6 ++++--
crypto/blockpriv.h | 2 ++
include/crypto/block.h | 6 +++++-
tests/test-crypto-block.c | 8 ++++----
9 files changed, 40 insertions(+), 20 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index 045836d..faa5501 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -296,7 +296,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- crypto->block = qcrypto_block_open(open_opts,
+ crypto->block = qcrypto_block_open(open_opts, NULL,
block_crypto_read_func,
bs,
cflags,
@@ -340,7 +340,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
return -1;
}
- crypto = qcrypto_block_create(create_opts,
+ crypto = qcrypto_block_create(create_opts, NULL,
block_crypto_init_func,
block_crypto_write_func,
&data,
diff --git a/block/qcow.c b/block/qcow.c
index 962b941..06f2df0 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -208,8 +208,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(crypto_opts, "encrypt.",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -865,7 +865,8 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
goto exit;
}
- crypto = qcrypto_block_create(crypto_opts, NULL, NULL, NULL, errp);
+ crypto = qcrypto_block_create(crypto_opts, "encrypt.",
+ NULL, NULL, NULL, errp);
if (!crypto) {
ret = -EINVAL;
goto exit;
diff --git a/block/qcow2.c b/block/qcow2.c
index 03997c1..a6e1453 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -279,7 +279,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- s->crypto = qcrypto_block_open(s->crypto_opts,
+ s->crypto = qcrypto_block_open(s->crypto_opts, "encrypt.",
qcow2_crypto_hdr_read_func,
bs, cflags, errp);
if (!s->crypto) {
@@ -1312,8 +1312,8 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(s->crypto_opts, "encrypt.",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -2245,6 +2245,7 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encryptfmt,
QCryptoBlock *crypto = NULL;
int ret = -EINVAL;
QDict *options, *encryptopts;
+ const char *optprefix;
options = qemu_opts_to_qdict(opts, NULL);
qdict_extract_subqdict(options, &encryptopts, "encrypt.");
@@ -2254,10 +2255,12 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encryptfmt,
switch (fmt) {
case QCOW_CRYPT_LUKS:
+ optprefix = "luks-";
cryptoopts = block_crypto_create_opts_init(
Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp);
break;
case QCOW_CRYPT_AES:
+ optprefix = "aes-";
cryptoopts = block_crypto_create_opts_init(
Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
break;
@@ -2271,7 +2274,7 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encryptfmt,
}
s->crypt_method_header = fmt;
- crypto = qcrypto_block_create(cryptoopts,
+ crypto = qcrypto_block_create(cryptoopts, optprefix,
qcow2_crypto_hdr_init_func,
qcow2_crypto_hdr_write_func,
bs, errp);
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 2b97d89..afb8543 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -638,6 +638,7 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
static int
qcrypto_block_luks_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -661,7 +662,8 @@ qcrypto_block_luks_open(QCryptoBlock *block,
if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(
@@ -885,6 +887,7 @@ qcrypto_block_luks_uuid_gen(uint8_t *uuidstr)
static int
qcrypto_block_luks_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -937,7 +940,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
* be silently ignored, for compatibility with dm-crypt */
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c
index be88c6f..a456fe3 100644
--- a/crypto/block-qcow.c
+++ b/crypto/block-qcow.c
@@ -94,6 +94,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block,
static int
qcrypto_block_qcow_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
unsigned int flags,
@@ -104,7 +105,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
} else {
if (!options->u.qcow.key_secret) {
error_setg(errp,
- "Parameter 'key-secret' is required for cipher");
+ "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
return qcrypto_block_qcow_init(block,
@@ -116,13 +118,15 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
static int
qcrypto_block_qcow_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc G_GNUC_UNUSED,
QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
Error **errp)
{
if (!options->u.qcow.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
/* QCow2 has no special header, since everything is hardwired */
diff --git a/crypto/block.c b/crypto/block.c
index 64c8420..b097d45 100644
--- a/crypto/block.c
+++ b/crypto/block.c
@@ -48,6 +48,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format,
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -67,7 +68,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->open(block, options,
+ if (block->driver->open(block, options, optprefix,
readfunc, opaque, flags, errp) < 0) {
g_free(block);
return NULL;
@@ -78,6 +79,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -97,7 +99,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->create(block, options, initfunc,
+ if (block->driver->create(block, options, optprefix, initfunc,
writefunc, opaque, errp) < 0) {
g_free(block);
return NULL;
diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h
index 68f0f06..0edb810 100644
--- a/crypto/blockpriv.h
+++ b/crypto/blockpriv.h
@@ -41,6 +41,7 @@ struct QCryptoBlock {
struct QCryptoBlockDriver {
int (*open)(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -48,6 +49,7 @@ struct QCryptoBlockDriver {
int (*create)(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
diff --git a/include/crypto/block.h b/include/crypto/block.h
index 013a435..f0e543b 100644
--- a/include/crypto/block.h
+++ b/include/crypto/block.h
@@ -71,6 +71,7 @@ typedef enum {
/**
* qcrypto_block_open:
* @options: the encryption options
+ * @optprefix: name prefix for options
* @readfunc: callback for reading data from the volume
* @opaque: data to pass to @readfunc
* @flags: bitmask of QCryptoBlockOpenFlags values
@@ -102,6 +103,7 @@ typedef enum {
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -109,7 +111,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
/**
* qcrypto_block_create:
- * @format: the encryption format
+ * @options: the encryption options
+ * @optprefix: name prefix for options
* @initfunc: callback for initializing volume header
* @writefunc: callback for writing data to the volume header
* @opaque: data to pass to @initfunc and @writefunc
@@ -133,6 +136,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c
index 95c4bd5..bd7fe59 100644
--- a/tests/test-crypto-block.c
+++ b/tests/test-crypto-block.c
@@ -281,7 +281,7 @@ static void test_block(gconstpointer opaque)
memset(&header, 0, sizeof(header));
buffer_init(&header, "header");
- blk = qcrypto_block_create(data->create_opts,
+ blk = qcrypto_block_create(data->create_opts, NULL,
test_block_init_func,
test_block_write_func,
&header,
@@ -300,7 +300,7 @@ static void test_block(gconstpointer opaque)
object_unparent(sec);
/* Ensure we can't open without the secret */
- blk = qcrypto_block_open(data->open_opts,
+ blk = qcrypto_block_open(data->open_opts, NULL,
test_block_read_func,
&header,
0,
@@ -308,7 +308,7 @@ static void test_block(gconstpointer opaque)
g_assert(blk == NULL);
/* Ensure we can't open without the secret, unless NO_IO */
- blk = qcrypto_block_open(data->open_opts,
+ blk = qcrypto_block_open(data->open_opts, NULL,
test_block_read_func,
&header,
QCRYPTO_BLOCK_OPEN_NO_IO,
@@ -322,7 +322,7 @@ static void test_block(gconstpointer opaque)
/* Now open for real with secret */
sec = test_block_secret();
- blk = qcrypto_block_open(data->open_opts,
+ blk = qcrypto_block_open(data->open_opts, NULL,
test_block_read_func,
&header,
0,
--
2.9.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (17 preceding siblings ...)
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
@ 2017-04-25 15:56 ` no-reply
2017-04-25 17:25 ` no-reply
19 siblings, 0 replies; 40+ messages in thread
From: no-reply @ 2017-04-25 15:56 UTC (permalink / raw)
To: berrange; +Cc: famz, qemu-devel, kwolf, berto, qemu-block, mreitz
Hi,
This series failed build test on s390x host. Please find the details below.
Type: series
Message-id: 20170425153858.25660-1-berrange@redhat.com
Subject: [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support
=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/20170425153858.25660-1-berrange@redhat.com -> patchew/20170425153858.25660-1-berrange@redhat.com
Switched to a new branch 'test'
5853c61 block: pass option prefix down to crypto layer
d520ee5 block: remove all encryption handling APIs
21831df block: rip out all traces of password prompting
b8525d8 iotests: enable tests 134 and 158 to work with qcow (v1)
f921b52 qcow2: add iotests to cover LUKS encryption support
24921c2 qcow2: add support for LUKS encryption format
ce3d3ef qcow2: extend specification to cover LUKS encryption
d34f397 qcow2: convert QCow2 to use QCryptoBlock for encryption
b4642d4 qcow2: make qcow2_encrypt_sectors encrypt in place
a7264fa qcow: convert QCow to use QCryptoBlock for encryption
0921b2b qcow: make encrypt_sectors encrypt in place
a29311e block: deprecate "encryption=on" in favour of "encrypt.format=aes"
73d4e25 iotests: skip 048 with qcow which doesn't support resize
85013dc iotests: skip 042 with qcow which dosn't support zero sized images
c2ec616 qcow: require image size to be > 1 for new images
bf1689f qcow: document another weakness of qcow AES encryption
7b1c8e1 block: add ability to set a prefix for opt names
7308d51 block: expose crypto option names / defs to other drivers
=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=22279
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-191ln5i9/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
libsemanage-2.5-8.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
python-fedora-0.8.0-2.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
wget-1.18-2.fc25.s390x
dhcp-client-4.3.5-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
mesa-libglapi-13.0.3-5.fc25.s390x
pcre-cpp-8.40-5.fc25.s390x
pango-1.40.4-1.fc25.s390x
python3-magic-5.29-3.fc25.noarch
python3-dnf-1.1.10-6.fc25.noarch
cryptsetup-libs-1.7.4-1.fc25.s390x
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
netpbm-10.77.00-3.fc25.s390x
openssh-7.4p1-4.fc25.s390x
kernel-headers-4.10.5-200.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch
texlive-jknapltx-svn19440.0-33.fc25.1.noarch
netpbm-progs-10.77.00-3.fc25.s390x
mesa-libgbm-devel-13.0.3-5.fc25.s390x
texinfo-6.1-4.fc25.s390x
openssl-devel-1.0.2k-1.fc25.s390x
python2-sssdconfig-1.15.2-1.fc25.noarch
libaio-0.3.110-6.fc24.s390x
libfontenc-1.1.3-3.fc24.s390x
lzo-2.08-8.fc24.s390x
isl-0.14-5.fc24.s390x
libXau-1.0.8-6.fc24.s390x
linux-atm-libs-2.5.1-14.fc24.s390x
libXext-1.3.3-4.fc24.s390x
libXxf86vm-1.1.4-3.fc24.s390x
bison-3.0.4-4.fc24.s390x
perl-srpm-macros-1-20.fc25.noarch
gawk-4.1.3-8.fc25.s390x
libwayland-client-1.12.0-1.fc25.s390x
perl-Exporter-5.72-366.fc25.noarch
perl-version-0.99.17-1.fc25.s390x
fftw-libs-double-3.3.5-3.fc25.s390x
libssh2-1.8.0-1.fc25.s390x
ModemManager-glib-1.6.4-1.fc25.s390x
newt-python3-0.52.19-2.fc25.s390x
python-munch-2.0.4-3.fc25.noarch
python-bugzilla-1.2.2-4.fc25.noarch
libedit-3.1-16.20160618cvs.fc25.s390x
python-pycurl-7.43.0-4.fc25.s390x
createrepo_c-0.10.0-6.fc25.s390x
device-mapper-multipath-libs-0.4.9-83.fc25.s390x
yum-3.4.3-510.fc25.noarch
dhcp-common-4.3.5-1.fc25.noarch
dracut-config-rescue-044-78.fc25.s390x
teamd-1.26-1.fc25.s390x
mozjs17-17.0.0-16.fc25.s390x
libselinux-2.5-13.fc25.s390x
libgo-devel-6.3.1-1.fc25.s390x
NetworkManager-libnm-1.4.4-3.fc25.s390x
python2-pyparsing-2.1.10-1.fc25.noarch
cairo-gobject-1.14.8-1.fc25.s390x
kernel-devel-4.9.3-200.fc25.s390x
ethtool-4.8-1.fc25.s390x
xorg-x11-proto-devel-7.7-20.fc25.noarch
brlapi-0.6.5-2.fc25.s390x
librados-devel-10.2.4-2.fc25.s390x
libXinerama-devel-1.1.3-6.fc24.s390x
quota-4.03-7.fc25.s390x
lua-posix-33.3.1-3.fc25.s390x
p11-kit-devel-0.23.2-2.fc24.s390x
usbredir-devel-0.7.1-2.fc24.s390x
libcurl-devel-7.51.0-4.fc25.s390x
python-libs-2.7.13-1.fc25.s390x
libX11-devel-1.6.4-4.fc25.s390x
python-devel-2.7.13-1.fc25.s390x
nss-util-3.29.3-1.0.fc25.s390x
libepoxy-1.4.1-1.fc25.s390x
freetype-devel-2.6.5-3.fc25.s390x
system-python-3.5.3-3.fc25.s390x
glusterfs-cli-3.10.0-1.fc25.s390x
python3-dnf-plugins-core-0.1.21-5.fc25.noarch
perl-macros-5.24.1-385.fc25.s390x
texlive-pdftex-doc-svn41149-33.fc25.1.noarch
mariadb-config-10.1.21-3.fc25.s390x
openssh-clients-7.4p1-4.fc25.s390x
iptables-1.6.0-3.fc25.s390x
texlive-texlive.infra-svn41280-33.fc25.1.noarch
texlive-graphics-cfg-svn40269-33.fc25.1.noarch
texlive-bibtex-svn40768-33.fc25.1.noarch
texlive-mfware-bin-svn40473-33.20160520.fc25.1.s390x
texlive-texlive-scripts-bin-svn29741.0-33.20160520.fc25.1.noarch
texlive-sauerj-svn15878.0-33.fc25.1.noarch
texlive-enctex-svn34957.0-33.fc25.1.noarch
texlive-ifetex-svn24853.1.2-33.fc25.1.noarch
texlive-ntgclass-svn15878.2.1a-33.fc25.1.noarch
texlive-tex-gyre-math-svn41264-33.fc25.1.noarch
texlive-bera-svn20031.0-33.fc25.1.noarch
texlive-ms-svn29849.0-33.fc25.1.noarch
texlive-pst-fill-svn15878.1.01-33.fc25.1.noarch
texlive-ctable-svn38672-33.fc25.1.noarch
texlive-extsizes-svn17263.1.4a-33.fc25.1.noarch
texlive-collection-latexrecommended-svn35765.0-33.20160520.fc25.1.noarch
dbus-devel-1.11.10-1.fc25.s390x
perl-Filter-1.57-1.fc25.s390x
krb5-workstation-1.14.4-7.fc25.s390x
python2-rpm-macros-3-12.fc25.noarch
gpg-pubkey-efe550f5-5220ba41
gpg-pubkey-81b46521-55b3ca9a
filesystem-3.2-37.fc24.s390x
libffi-3.1-9.fc24.s390x
keyutils-libs-1.5.9-8.fc24.s390x
libnfnetlink-1.0.1-8.fc24.s390x
libtheora-1.1.1-14.fc24.s390x
xml-common-0.6.3-44.fc24.noarch
autoconf-2.69-22.fc24.noarch
libXt-1.1.5-3.fc24.s390x
kbd-legacy-2.0.3-3.fc24.noarch
ghostscript-fonts-5.50-35.fc24.noarch
libXevie-1.0.3-11.fc24.s390x
libcap-2.25-2.fc25.s390x
mpfr-3.1.5-1.fc25.s390x
perl-Carp-1.40-365.fc25.noarch
libmnl-1.0.4-1.fc25.s390x
perl-Unicode-EastAsianWidth-1.33-8.fc25.noarch
libwayland-cursor-1.12.0-1.fc25.s390x
python-krbV-1.0.90-12.fc25.s390x
python2-urllib3-1.15.1-3.fc25.noarch
fipscheck-1.4.1-11.fc25.s390x
libndp-1.6-1.fc25.s390x
gnupg2-2.1.13-2.fc25.s390x
libXfixes-5.0.3-1.fc25.s390x
adwaita-icon-theme-3.22.0-1.fc25.noarch
dconf-0.26.0-1.fc25.s390x
ncurses-devel-6.0-6.20160709.fc25.s390x
dejagnu-1.6-1.fc25.noarch
libstdc++-devel-6.3.1-1.fc25.s390x
python-beautifulsoup4-4.5.3-1.fc25.noarch
device-mapper-1.02.136-3.fc25.s390x
subversion-1.9.5-1.fc25.s390x
libtool-ltdl-2.4.6-13.fc25.s390x
libevent-2.0.22-1.fc25.s390x
atk-devel-2.22.0-1.fc25.s390x
libev-4.24-1.fc25.s390x
xorg-x11-fonts-Type1-7.5-16.fc24.noarch
libtasn1-devel-4.10-1.fc25.s390x
vte291-devel-0.46.1-1.fc25.s390x
brlapi-devel-0.6.5-2.fc25.s390x
pulseaudio-libs-10.0-2.fc25.s390x
libnl3-cli-3.2.29-2.fc25.s390x
perl-libs-5.24.1-385.fc25.s390x
dbus-libs-1.11.10-1.fc25.s390x
mesa-libwayland-egl-devel-13.0.3-5.fc25.s390x
glib2-2.50.3-1.fc25.s390x
python3-firewall-0.4.4.4-1.fc25.noarch
python2-rpm-4.13.0.1-1.fc25.s390x
gnutls-3.5.10-1.fc25.s390x
java-1.8.0-openjdk-headless-1.8.0.121-8.b14.fc25.s390x
pango-devel-1.40.4-1.fc25.s390x
dnf-1.1.10-6.fc25.noarch
mesa-libEGL-devel-13.0.3-5.fc25.s390x
texlive-metafont-bin-svn40987-33.20160520.fc25.1.s390x
texlive-xkeyval-svn35741.2.7a-33.fc25.1.noarch
texlive-euler-svn17261.2.5-33.fc25.1.noarch
texlive-mptopdf-svn41282-33.fc25.1.noarch
texlive-wasy-svn35831.0-33.fc25.1.noarch
texlive-avantgar-svn31835.0-33.fc25.1.noarch
texlive-eurosym-svn17265.1.4_subrfix-33.fc25.1.noarch
texlive-knuth-lib-svn35820.0-33.fc25.1.noarch
texlive-parallel-svn15878.0-33.fc25.1.noarch
texlive-texlive-msg-translations-svn41431-33.fc25.1.noarch
texlive-latex-svn40218-33.fc25.1.noarch
texlive-lualatex-math-svn40621-33.fc25.1.noarch
texlive-auto-pst-pdf-svn23723.0.6-33.fc25.1.noarch
texlive-powerdot-svn38984-33.fc25.1.noarch
texlive-wasysym-svn15878.2.0-33.fc25.1.noarch
ImageMagick-libs-6.9.3.0-6.fc25.s390x
geoclue2-2.4.5-1.fc25.s390x
perl-IO-Socket-IP-0.39-1.fc25.noarch
gdb-7.12.1-47.fc25.s390x
python2-pyasn1-0.2.3-1.fc25.noarch
gpg-pubkey-34ec9cba-54e38751
gpg-pubkey-030d5aed-55b577f0
basesystem-11-2.fc24.noarch
libmpc-1.0.2-5.fc24.s390x
libunistring-0.9.4-3.fc24.s390x
libmodman-2.0.1-12.fc24.s390x
lsscsi-0.28-3.fc24.s390x
kbd-misc-2.0.3-3.fc24.noarch
rpmconf-base-1.0.18-2.fc25.noarch
libxml2-2.9.3-4.fc25.s390x
kmod-23-1.fc25.s390x
newt-0.52.19-2.fc25.s390x
perl-Text-Unidecode-1.27-3.fc25.noarch
plymouth-core-libs-0.9.3-0.6.20160620git0e65b86c.fc25.s390x
which-2.21-1.fc25.s390x
python3-slip-0.6.4-4.fc25.noarch
python3-systemd-232-1.fc25.s390x
python-lockfile-0.11.0-4.fc25.noarch
python2-requests-2.10.0-4.fc25.noarch
libarchive-3.2.2-1.fc25.s390x
libnghttp2-1.13.0-2.fc25.s390x
python-urlgrabber-3.10.1-9.fc25.noarch
iputils-20161105-1.fc25.s390x
rest-0.8.0-1.fc25.s390x
adwaita-cursor-theme-3.22.0-1.fc25.noarch
authconfig-6.2.10-14.fc25.s390x
expat-devel-2.2.0-1.fc25.s390x
automake-1.15-7.fc25.noarch
shared-mime-info-1.8-1.fc25.s390x
pigz-2.3.4-1.fc25.s390x
device-mapper-libs-1.02.136-3.fc25.s390x
dnsmasq-2.76-2.fc25.s390x
fedora-packager-0.6.0.1-1.fc25.noarch
gcc-c++-6.3.1-1.fc25.s390x
libwebp-0.5.2-1.fc25.s390x
boost-system-1.60.0-10.fc25.s390x
libasyncns-0.8-10.fc24.s390x
libXau-devel-1.0.8-6.fc24.s390x
libverto-libev-0.2.6-6.fc24.s390x
python3-html5lib-0.999-9.fc25.noarch
ttmkfdir-3.0.9-48.fc24.s390x
pulseaudio-libs-glib2-10.0-2.fc25.s390x
wpa_supplicant-2.6-1.fc25.s390x
texlive-lib-2016-33.20160520.fc25.s390x
mesa-libwayland-egl-13.0.3-5.fc25.s390x
libXi-devel-1.7.9-1.fc25.s390x
gdk-pixbuf2-2.36.5-1.fc25.s390x
python3-distro-1.0.3-1.fc25.noarch
rpm-plugin-systemd-inhibit-4.13.0.1-1.fc25.s390x
gnutls-c++-3.5.10-1.fc25.s390x
texlive-texlive-common-doc-svn40682-33.fc25.1.noarch
packagedb-cli-2.14.1-1.fc25.noarch
rpcbind-0.2.4-5.fc25.s390x
libdrm-devel-2.4.75-1.fc25.s390x
texlive-metafont-svn40793-33.fc25.1.noarch
texlive-tools-svn40934-33.fc25.1.noarch
texlive-enumitem-svn24146.3.5.2-33.fc25.1.noarch
texlive-mptopdf-bin-svn18674.0-33.20160520.fc25.1.noarch
texlive-underscore-svn18261.0-33.fc25.1.noarch
texlive-anysize-svn15878.0-33.fc25.1.noarch
texlive-euenc-svn19795.0.1h-33.fc25.1.noarch
texlive-kastrup-svn15878.0-33.fc25.1.noarch
texlive-paralist-svn39247-33.fc25.1.noarch
texlive-texlive-en-svn41185-33.fc25.1.noarch
texlive-tipa-svn29349.1.3-33.fc25.1.noarch
texlive-currfile-svn40725-33.fc25.1.noarch
texlive-pst-node-svn40743-33.fc25.1.noarch
texlive-pst-slpe-svn24391.1.31-33.fc25.1.noarch
texlive-typehtml-svn17134.0-33.fc25.1.noarch
SDL2-devel-2.0.5-3.fc25.s390x
audit-2.7.3-1.fc25.s390x
perl-Module-CoreList-5.20170320-1.fc25.noarch
libcroco-0.6.11-3.fc25.s390x
publicsuffix-list-dafsa-20170206-1.fc25.noarch
fontpackages-filesystem-1.44-17.fc24.noarch
groff-base-1.22.3-8.fc24.s390x
ilmbase-2.2.0-5.fc24.s390x
OpenEXR-libs-2.2.0-5.fc24.s390x
hesiod-3.2.1-6.fc24.s390x
sysfsutils-2.1.0-19.fc24.s390x
ocaml-srpm-macros-2-4.fc24.noarch
mailx-12.5-19.fc24.s390x
ncurses-libs-6.0-6.20160709.fc25.s390x
ipset-libs-6.29-1.fc25.s390x
gmp-devel-6.1.1-1.fc25.s390x
python-pip-8.1.2-2.fc25.noarch
harfbuzz-1.3.2-1.fc25.s390x
python2-iniparse-0.4-20.fc25.noarch
python3-iniparse-0.4-20.fc25.noarch
python3-kickstart-2.32-1.fc25.noarch
perl-Net-SSLeay-1.78-1.fc25.s390x
drpm-0.3.0-3.fc25.s390x
glib-networking-2.50.0-1.fc25.s390x
webkitgtk3-2.4.11-3.fc25.s390x
libXaw-1.0.13-4.fc25.s390x
sudo-1.8.18p1-1.fc25.s390x
xorg-x11-font-utils-7.5-32.fc25.s390x
hardlink-1.1-1.fc25.s390x
libcom_err-1.43.3-1.fc25.s390x
iproute-4.6.0-6.fc25.s390x
python2-dateutil-2.6.0-1.fc25.noarch
libXpm-3.5.12-1.fc25.s390x
python2-smmap-2.0.1-1.fc25.noarch
kernel-4.9.3-200.fc25.s390x
poppler-data-0.4.7-6.fc25.noarch
nspr-devel-4.13.1-1.fc25.s390x
librbd1-10.2.4-2.fc25.s390x
libsndfile-1.0.27-1.fc25.s390x
perl-Digest-MD5-2.55-2.fc25.s390x
wayland-protocols-devel-1.7-1.fc25.noarch
libacl-devel-2.2.52-11.fc24.s390x
texi2html-5.0-4.fc24.noarch
libxkbcommon-0.7.1-1.fc25.s390x
freetype-2.6.5-3.fc25.s390x
libuuid-devel-2.28.2-2.fc25.s390x
coreutils-common-8.25-16.fc25.s390x
gdb-headless-7.12.1-47.fc25.s390x
nss-sysinit-3.29.3-1.0.fc25.s390x
libcacard-2.5.3-1.fc25.s390x
perl-threads-shared-1.55-1.fc25.s390x
python2-rpkg-1.49-2.fc25.noarch
libwmf-lite-0.2.8.4-50.fc25.s390x
mesa-libGL-13.0.3-5.fc25.s390x
unbound-libs-1.6.0-6.fc25.s390x
texlive-tetex-svn41059-33.fc25.1.noarch
texlive-thumbpdf-svn34621.3.16-33.fc25.1.noarch
texlive-carlisle-svn18258.0-33.fc25.1.noarch
texlive-makeindex-bin-svn40473-33.20160520.fc25.1.s390x
texlive-pdftex-svn41149-33.fc25.1.noarch
texlive-csquotes-svn39538-33.fc25.1.noarch
texlive-courier-svn35058.0-33.fc25.1.noarch
texlive-helvetic-svn31835.0-33.fc25.1.noarch
texlive-mfnfss-svn19410.0-33.fc25.1.noarch
texlive-sepnum-svn20186.2.0-33.fc25.1.noarch
texlive-utopia-svn15878.0-33.fc25.1.noarch
texlive-luatexbase-svn38550-33.fc25.1.noarch
texlive-pst-3d-svn17257.1.10-33.fc25.1.noarch
texlive-latex-bin-bin-svn14050.0-33.20160520.fc25.1.noarch
texlive-l3experimental-svn41163-33.fc25.1.noarch
bind99-libs-9.9.9-4.P6.fc25.s390x
net-tools-2.0-0.40.20160329git.fc25.s390x
perl-Pod-Perldoc-3.28-1.fc25.noarch
openssl-1.0.2k-1.fc25.s390x
man-pages-4.06-4.fc25.noarch
gpg-pubkey-95a43f54-5284415a
dejavu-fonts-common-2.35-3.fc24.noarch
libSM-1.2.2-4.fc24.s390x
diffutils-3.3-13.fc24.s390x
libogg-1.3.2-5.fc24.s390x
hunspell-en-US-0.20140811.1-5.fc24.noarch
libdaemon-0.14-10.fc24.s390x
patch-2.7.5-3.fc24.s390x
libsysfs-2.1.0-19.fc24.s390x
procmail-3.22-39.fc24.s390x
libXdamage-1.1.4-8.fc24.s390x
libotf-0.9.13-7.fc24.s390x
urw-fonts-2.4-22.fc24.noarch
crontabs-1.11-12.20150630git.fc24.noarch
ppp-2.4.7-9.fc24.s390x
polkit-0.113-5.fc24.s390x
cyrus-sasl-2.1.26-26.2.fc24.s390x
zlib-devel-1.2.8-10.fc24.s390x
time-1.7-49.fc24.s390x
gpg-pubkey-fdb19c98-56fd6333
fedora-release-25-1.noarch
libcap-ng-0.7.8-1.fc25.s390x
gdbm-1.12-1.fc25.s390x
binutils-2.26.1-1.fc25.s390x
lcms2-2.8-2.fc25.s390x
libcomps-0.1.7-5.fc25.s390x
less-481-6.fc25.s390x
apr-1.5.2-4.fc25.s390x
perl-constant-1.33-367.fc25.noarch
perl-Data-Dumper-2.161-1.fc25.s390x
ipcalc-0.1.8-1.fc25.s390x
libteam-1.26-1.fc25.s390x
gmp-c++-6.1.1-1.fc25.s390x
fontconfig-2.12.1-1.fc25.s390x
enchant-1.6.0-14.fc25.s390x
pyliblzma-0.5.3-16.fc25.s390x
libsepol-devel-2.5-10.fc25.s390x
python3-ordered-set-2.0.0-4.fc25.noarch
python3-rpmconf-1.0.18-2.fc25.noarch
python-ipaddress-1.0.16-3.fc25.noarch
python2-kerberos-1.2.5-1.fc25.s390x
python2-pysocks-1.5.6-5.fc25.noarch
fipscheck-lib-1.4.1-11.fc25.s390x
libatomic_ops-7.4.4-1.fc25.s390x
net-snmp-agent-libs-5.7.3-13.fc25.s390x
dracut-044-78.fc25.s390x
python2-pygpgme-0.3-18.fc25.s390x
libsoup-2.56.0-2.fc25.s390x
orc-0.4.26-1.fc25.s390x
yum-utils-1.1.31-511.fc25.noarch
libXrender-0.9.10-1.fc25.s390x
libXrandr-1.5.1-1.fc25.s390x
go-srpm-macros-2-7.fc25.noarch
gnupg2-smime-2.1.13-2.fc25.s390x
guile-devel-2.0.13-1.fc25.s390x
uboot-tools-2016.09.01-2.fc25.s390x
pykickstart-2.32-1.fc25.noarch
python-bunch-1.0.1-9.fc25.noarch
perl-generators-1.10-1.fc25.noarch
perl-Mozilla-CA-20160104-3.fc25.noarch
glibc-all-langpacks-2.24-4.fc25.s390x
bzip2-libs-1.0.6-21.fc25.s390x
libpng-1.6.27-1.fc25.s390x
desktop-file-utils-0.23-2.fc25.s390x
python2-cccolutils-1.4-1.fc25.s390x
libcurl-7.51.0-4.fc25.s390x
cups-libs-2.2.0-5.fc25.s390x
python2-lxml-3.7.2-1.fc25.s390x
redhat-rpm-config-45-1.fc25.noarch
elfutils-libs-0.168-1.fc25.s390x
device-mapper-event-libs-1.02.136-3.fc25.s390x
lvm2-libs-2.02.167-3.fc25.s390x
elfutils-0.168-1.fc25.s390x
python2-gitdb-2.0.0-1.fc25.noarch
gcc-gfortran-6.3.1-1.fc25.s390x
libselinux-python-2.5-13.fc25.s390x
openjpeg2-2.1.2-3.fc25.s390x
js-jquery-2.2.4-1.fc25.noarch
boost-thread-1.60.0-10.fc25.s390x
json-c-0.12-7.fc24.s390x
librbd-devel-10.2.4-2.fc25.s390x
libXcursor-devel-1.1.14-6.fc24.s390x
python3-beautifulsoup4-4.5.3-1.fc25.noarch
latex2html-2012-7.fc24.noarch
lksctp-tools-1.0.16-5.fc24.s390x
vte291-0.46.1-1.fc25.s390x
at-spi2-core-devel-2.22.0-1.fc25.s390x
libfdt-1.4.2-1.fc25.s390x
libXft-devel-2.3.2-4.fc24.s390x
libattr-devel-2.4.47-16.fc24.s390x
libiscsi-devel-1.15.0-2.fc24.s390x
gettext-0.19.8.1-3.fc25.s390x
libjpeg-turbo-devel-1.5.1-0.fc25.s390x
libX11-1.6.4-4.fc25.s390x
pulseaudio-libs-devel-10.0-2.fc25.s390x
ccache-3.3.3-1.fc25.s390x
systemd-libs-231-14.fc25.s390x
file-5.29-3.fc25.s390x
nss-softokn-freebl-3.29.3-1.0.fc25.s390x
libepoxy-devel-1.4.1-1.fc25.s390x
krb5-libs-1.14.4-7.fc25.s390x
libmount-2.28.2-2.fc25.s390x
ghostscript-core-9.20-6.fc25.s390x
python3-decorator-4.0.11-1.fc25.noarch
rpm-plugin-selinux-4.13.0.1-1.fc25.s390x
python3-hawkey-0.6.4-1.fc25.s390x
nss-devel-3.29.3-1.0.fc25.s390x
libidn2-0.16-1.fc25.s390x
perl-threads-2.15-1.fc25.s390x
tzdata-java-2017b-1.fc25.noarch
python-srpm-macros-3-12.fc25.noarch
gdk-pixbuf2-devel-2.36.5-1.fc25.s390x
libsmartcols-2.28.2-2.fc25.s390x
glusterfs-api-3.10.0-1.fc25.s390x
mesa-libGLES-13.0.3-5.fc25.s390x
kernel-core-4.10.5-200.fc25.s390x
kernel-modules-4.10.5-200.fc25.s390x
jasper-libs-1.900.13-2.fc25.s390x
texlive-kpathsea-svn41139-33.fc25.1.noarch
texlive-amsmath-svn41561-33.fc25.1.noarch
texlive-thumbpdf-bin-svn6898.0-33.20160520.fc25.1.noarch
texlive-psnfss-svn33946.9.2a-33.fc25.1.noarch
texlive-subfig-svn15878.1.3-33.fc25.1.noarch
texlive-fancybox-svn18304.1.4-33.fc25.1.noarch
texlive-lua-alt-getopt-svn29349.0.7.0-33.fc25.1.noarch
texlive-natbib-svn20668.8.31b-33.fc25.1.noarch
texlive-pdftex-bin-svn40987-33.20160520.fc25.1.s390x
texlive-xdvi-svn40768-33.fc25.1.noarch
texlive-crop-svn15878.1.5-33.fc25.1.noarch
texlive-babel-english-svn30264.3.3p-33.fc25.1.noarch
texlive-cmextra-svn32831.0-33.fc25.1.noarch
texlive-fancyhdr-svn15878.3.1-33.fc25.1.noarch
texlive-luatex-svn40963-33.fc25.1.noarch
texlive-knuth-local-svn38627-33.fc25.1.noarch
texlive-mflogo-font-svn36898.1.002-33.fc25.1.noarch
texlive-parskip-svn19963.2.0-33.fc25.1.noarch
texlive-section-svn20180.0-33.fc25.1.noarch
texlive-textcase-svn15878.0-33.fc25.1.noarch
texlive-updmap-map-svn41159-33.fc25.1.noarch
texlive-attachfile-svn38830-33.fc25.1.noarch
texlive-luaotfload-svn40902-33.fc25.1.noarch
texlive-unicode-math-svn38462-33.fc25.1.noarch
texlive-fancyvrb-svn18492.2.8-33.fc25.1.noarch
texlive-pst-pdf-bin-svn7838.0-33.20160520.fc25.1.noarch
texlive-amscls-svn36804.0-33.fc25.1.noarch
texlive-ltxmisc-svn21927.0-33.fc25.1.noarch
texlive-breqn-svn38099.0.98d-33.fc25.1.noarch
texlive-xetex-def-svn40327-33.fc25.1.noarch
glusterfs-extra-xlators-3.10.0-1.fc25.s390x
bluez-libs-devel-5.43-2.fc25.s390x
openssh-server-7.4p1-4.fc25.s390x
sendmail-8.15.2-8.fc25.s390x
python-firewall-0.4.4.4-1.fc25.noarch
perl-Test-Harness-3.38-1.fc25.noarch
python3-sssdconfig-1.15.2-1.fc25.noarch
python-magic-5.29-3.fc25.noarch
tzdata-2017b-1.fc25.noarch
hunspell-1.4.1-2.fc25.s390x
gpg-pubkey-8e1431d5-53bcbac7
zlib-1.2.8-10.fc24.s390x
sed-4.2.2-15.fc24.s390x
p11-kit-0.23.2-2.fc24.s390x
psmisc-22.21-8.fc24.s390x
gpm-libs-1.20.7-9.fc24.s390x
zip-3.0-16.fc24.s390x
hostname-3.15-7.fc24.s390x
libyubikey-1.13-2.fc24.s390x
sg3_utils-libs-1.41-3.fc24.s390x
polkit-pkla-compat-0.1-7.fc24.s390x
passwd-0.79-8.fc24.s390x
trousers-0.3.13-6.fc24.s390x
grubby-8.40-3.fc24.s390x
rootfiles-8.1-19.fc24.noarch
nettle-3.3-1.fc25.s390x
jansson-2.9-1.fc25.s390x
libksba-1.3.5-1.fc25.s390x
perl-Text-ParseWords-3.30-365.fc25.noarch
perl-PathTools-3.63-366.fc25.s390x
perl-File-Temp-0.23.04-365.fc25.noarch
fuse-libs-2.9.7-1.fc25.s390x
perl-Pod-Escapes-1.07-365.fc25.noarch
perl-Term-ANSIColor-4.05-2.fc25.noarch
perl-URI-1.71-5.fc25.noarch
libXfont-1.5.2-1.fc25.s390x
python-six-1.10.0-3.fc25.noarch
dbus-glib-0.108-1.fc25.s390x
gobject-introspection-1.50.0-1.fc25.s390x
libpwquality-1.3.0-6.fc25.s390x
python-gobject-base-3.22.0-1.fc25.s390x
python-html5lib-0.999-9.fc25.noarch
python3-dbus-1.2.4-2.fc25.s390x
python3-chardet-2.3.0-1.fc25.noarch
python3-urllib3-1.15.1-3.fc25.noarch
python-offtrac-0.1.0-7.fc25.noarch
python2-cryptography-1.5.3-3.fc25.s390x
python2-requests-kerberos-0.10.0-2.fc25.noarch
libserf-1.3.9-1.fc25.s390x
libdatrie-0.2.9-3.fc25.s390x
s390utils-base-1.36.0-1.fc25.s390x
kpartx-0.4.9-83.fc25.s390x
s390utils-cpuplugd-1.36.0-1.fc25.s390x
rpmconf-1.0.18-2.fc25.noarch
s390utils-osasnmpd-1.36.0-1.fc25.s390x
python-dnf-plugins-extras-common-0.0.12-4.fc25.noarch
fpc-srpm-macros-1.0-1.fc25.noarch
libuser-0.62-4.fc25.s390x
man-db-2.7.5-3.fc25.s390x
sqlite-3.14.2-1.fc25.s390x
python-systemd-doc-232-1.fc25.s390x
libdb-5.3.28-16.fc25.s390x
lz4-1.7.5-1.fc25.s390x
tar-1.29-3.fc25.s390x
emacs-common-25.1-3.fc25.s390x
unzip-6.0-31.fc25.s390x
bodhi-client-0.9.12.2-6.fc25.noarch
glibc-headers-2.24-4.fc25.s390x
kernel-core-4.9.3-200.fc25.s390x
cairo-1.14.8-1.fc25.s390x
ca-certificates-2017.2.11-1.0.fc25.noarch
NetworkManager-glib-1.4.4-3.fc25.s390x
gcc-go-6.3.1-1.fc25.s390x
cracklib-dicts-2.9.6-4.fc25.s390x
iproute-tc-4.6.0-6.fc25.s390x
libselinux-python3-2.5-13.fc25.s390x
python2-enchant-1.6.8-1.fc25.noarch
boost-iostreams-1.60.0-10.fc25.s390x
userspace-rcu-0.9.2-2.fc25.s390x
libXext-devel-1.3.3-4.fc24.s390x
libXrandr-devel-1.5.1-1.fc25.s390x
perl-XML-XPath-1.39-1.fc25.noarch
python3-lxml-3.7.2-1.fc25.s390x
vte-profile-0.46.1-1.fc25.s390x
sqlite-devel-3.14.2-1.fc25.s390x
libiscsi-1.15.0-2.fc24.s390x
fontconfig-devel-2.12.1-1.fc25.s390x
libfdt-devel-1.4.2-1.fc25.s390x
ceph-devel-compat-10.2.4-2.fc25.s390x
zlib-static-1.2.8-10.fc24.s390x
chrpath-0.16-3.fc24.s390x
python-2.7.13-1.fc25.s390x
perl-Git-2.9.3-2.fc25.noarch
kernel-core-4.9.5-200.fc25.s390x
info-6.1-4.fc25.s390x
libtiff-4.0.7-2.fc25.s390x
iptables-libs-1.6.0-3.fc25.s390x
bind-license-9.10.4-4.P6.fc25.noarch
lua-5.3.4-1.fc25.s390x
glusterfs-libs-3.10.0-1.fc25.s390x
glusterfs-client-xlators-3.10.0-1.fc25.s390x
libfdisk-2.28.2-2.fc25.s390x
nss-pem-1.0.3-2.fc25.s390x
libsolv-0.6.26-1.fc25.s390x
dnf-plugins-core-0.1.21-5.fc25.noarch
selinux-policy-3.13.1-225.11.fc25.noarch
perl-Errno-1.25-385.fc25.s390x
perl-Storable-2.56-368.fc25.s390x
python2-decorator-4.0.11-1.fc25.noarch
pcre-utf16-8.40-5.fc25.s390x
mariadb-common-10.1.21-3.fc25.s390x
glusterfs-3.10.0-1.fc25.s390x
systemtap-client-3.1-2.fc25.s390x
glusterfs-server-3.10.0-1.fc25.s390x
libnetfilter_conntrack-1.0.6-2.fc25.s390x
bluez-libs-5.43-2.fc25.s390x
texlive-texlive.infra-bin-svn40312-33.20160520.fc25.1.s390x
texlive-ifluatex-svn41346-33.fc25.1.noarch
texlive-fp-svn15878.0-33.fc25.1.noarch
texlive-latex-fonts-svn28888.0-33.fc25.1.noarch
texlive-bibtex-bin-svn40473-33.20160520.fc25.1.s390x
texlive-glyphlist-svn28576.0-33.fc25.1.noarch
texlive-marvosym-svn29349.2.2a-33.fc25.1.noarch
texlive-tex-bin-svn40987-33.20160520.fc25.1.s390x
texlive-texconfig-svn40768-33.fc25.1.noarch
texlive-wasy2-ps-svn35830.0-33.fc25.1.noarch
texlive-psfrag-svn15878.3.04-33.fc25.1.noarch
texlive-charter-svn15878.0-33.fc25.1.noarch
texlive-ec-svn25033.1.0-33.fc25.1.noarch
texlive-lineno-svn21442.4.41-33.fc25.1.noarch
texlive-hyphen-base-svn41138-33.fc25.1.noarch
texlive-manfnt-font-svn35799.0-33.fc25.1.noarch
texlive-ncntrsbk-svn31835.0-33.fc25.1.noarch
texlive-pst-math-svn34786.0.63-33.fc25.1.noarch
texlive-symbol-svn31835.0-33.fc25.1.noarch
texlive-environ-svn33821.0.3-33.fc25.1.noarch
texlive-algorithms-svn38085.0.1-33.fc25.1.noarch
texlive-ifplatform-svn21156.0.4-33.fc25.1.noarch
texlive-eso-pic-svn37925.2.0g-33.fc25.1.noarch
texlive-xcolor-svn41044-33.fc25.1.noarch
texlive-pst-eps-svn15878.1.0-33.fc25.1.noarch
texlive-pst-text-svn15878.1.00-33.fc25.1.noarch
texlive-rotating-svn16832.2.16b-33.fc25.1.noarch
texlive-pdfpages-svn40638-33.fc25.1.noarch
texlive-cm-super-svn15878.0-33.fc25.1.noarch
texlive-xetex-svn41438-33.fc25.1.noarch
glusterfs-devel-3.10.0-1.fc25.s390x
gtk3-devel-3.22.9-2.fc25.s390x
dnf-yum-1.1.10-6.fc25.noarch
mariadb-libs-10.1.21-3.fc25.s390x
java-1.8.0-openjdk-1.8.0.121-8.b14.fc25.s390x
rpmlint-1.9-8.fc25.noarch
systemtap-sdt-devel-3.1-2.fc25.s390x
libseccomp-devel-2.3.2-1.fc25.s390x
telnet-0.17-67.fc25.s390x
gpgme-1.8.0-10.fc25.s390x
apr-util-1.5.4-3.fc24.s390x
rsync-3.1.2-2.fc24.s390x
jbigkit-libs-2.1-5.fc24.s390x
pixman-0.34.0-2.fc24.s390x
dwz-0.12-2.fc24.s390x
expect-5.45-22.fc24.s390x
libsigsegv-2.10-10.fc24.s390x
fakeroot-libs-1.20.2-4.fc24.s390x
m17n-lib-1.7.0-5.fc24.s390x
libverto-0.2.6-6.fc24.s390x
libXmu-1.1.2-4.fc24.s390x
libXcursor-1.1.14-6.fc24.s390x
python-kitchen-1.2.4-2.fc24.noarch
polkit-libs-0.113-5.fc24.s390x
fakeroot-1.20.2-4.fc24.s390x
blktrace-1.1.0-3.fc24.s390x
usermode-1.111-8.fc24.s390x
kbd-2.0.3-3.fc24.s390x
libaio-devel-0.3.110-6.fc24.s390x
web-assets-filesystem-5-4.fc24.noarch
expat-2.2.0-1.fc25.s390x
libgpg-error-1.24-1.fc25.s390x
libgcrypt-1.6.6-1.fc25.s390x
findutils-4.6.0-8.fc25.s390x
libassuan-2.4.3-1.fc25.s390x
libusbx-1.0.21-1.fc25.s390x
libxslt-1.1.28-13.fc25.s390x
libmetalink-0.1.3-1.fc25.s390x
perl-File-Path-2.12-365.fc25.noarch
perl-MIME-Base64-3.15-365.fc25.s390x
ncurses-6.0-6.20160709.fc25.s390x
libwayland-server-1.12.0-1.fc25.s390x
perl-Fedora-VSP-0.001-4.fc25.noarch
perl-libintl-perl-1.26-1.fc25.s390x
shadow-utils-4.2.1-11.fc25.s390x
atk-2.22.0-1.fc25.s390x
pam-1.3.0-1.fc25.s390x
harfbuzz-icu-1.3.2-1.fc25.s390x
libsecret-0.18.5-2.fc25.s390x
s390utils-iucvterm-1.36.0-1.fc25.s390x
python3-requests-2.10.0-4.fc25.noarch
pyusb-1.0.0-2.fc25.noarch
python-enum34-1.0.4-6.fc25.noarch
pyOpenSSL-16.0.0-2.fc25.noarch
pyxattr-0.5.3-8.fc25.s390x
libbabeltrace-1.4.0-3.fc25.s390x
libthai-0.1.25-1.fc25.s390x
deltarpm-3.6-17.fc25.s390x
s390utils-mon_statd-1.36.0-1.fc25.s390x
device-mapper-multipath-0.4.9-83.fc25.s390x
python3-pygpgme-0.3-18.fc25.s390x
libreport-filesystem-2.8.0-1.fc25.s390x
ghc-srpm-macros-1.4.2-4.fc25.noarch
rpmdevtools-8.9-1.fc25.noarch
python-dnf-plugins-extras-migrate-0.0.12-4.fc25.noarch
perl-IO-Socket-SSL-2.038-1.fc25.noarch
mc-4.8.18-2.fc25.s390x
perl-File-ShareDir-1.102-7.fc25.noarch
tcl-8.6.6-1.fc25.s390x
glibc-2.24-4.fc25.s390x
elfutils-libelf-0.168-1.fc25.s390x
perl-Scalar-List-Utils-1.47-1.fc25.s390x
bzip2-1.0.6-21.fc25.s390x
libss-1.43.3-1.fc25.s390x
libselinux-utils-2.5-13.fc25.s390x
policycoreutils-2.5-19.fc25.s390x
koji-1.11.0-1.fc25.noarch
python3-enchant-1.6.8-1.fc25.noarch
python2-dockerfile-parse-0.0.5-7.fc25.noarch
systemd-bootchart-231-2.fc25.s390x
gcc-objc-6.3.1-1.fc25.s390x
e2fsprogs-1.43.3-1.fc25.s390x
libstdc++-static-6.3.1-1.fc25.s390x
libpng-devel-1.6.27-1.fc25.s390x
perl-XML-Parser-2.44-5.fc25.s390x
lttng-ust-2.8.1-2.fc25.s390x
libXfixes-devel-5.0.3-1.fc25.s390x
libXcomposite-devel-0.4.4-8.fc24.s390x
quota-nls-4.03-7.fc25.noarch
python3-javapackages-4.7.0-6.1.fc25.noarch
libcephfs_jni-devel-10.2.4-2.fc25.s390x
keyutils-libs-devel-1.5.9-8.fc24.s390x
libicu-devel-57.1-4.fc25.s390x
harfbuzz-devel-1.3.2-1.fc25.s390x
libidn-devel-1.33-1.fc25.s390x
libnfs-1.9.8-2.fc24.s390x
libssh2-devel-1.8.0-1.fc25.s390x
qemu-sanity-check-nodeps-1.1.5-5.fc24.s390x
alsa-lib-devel-1.1.1-2.fc25.s390x
libnl3-3.2.29-2.fc25.s390x
git-core-doc-2.9.3-2.fc25.s390x
git-2.9.3-2.fc25.s390x
kernel-modules-4.9.5-200.fc25.s390x
libpsl-0.17.0-1.fc25.s390x
lua-libs-5.3.4-1.fc25.s390x
libseccomp-2.3.2-1.fc25.s390x
nss-util-devel-3.29.3-1.0.fc25.s390x
nss-softokn-freebl-devel-3.29.3-1.0.fc25.s390x
copy-jdk-configs-2.2-2.fc25.noarch
system-python-libs-3.5.3-3.fc25.s390x
json-glib-1.2.6-1.fc25.s390x
python3-libs-3.5.3-3.fc25.s390x
nss-3.29.3-1.0.fc25.s390x
hawkey-0.6.4-1.fc25.s390x
python2-dnf-1.1.10-6.fc25.noarch
bind-libs-lite-9.10.4-4.P6.fc25.s390x
perl-IO-1.36-385.fc25.s390x
vim-filesystem-8.0.425-1.fc25.s390x
python2-GitPython-2.1.3-1.fc25.noarch
pcre-devel-8.40-5.fc25.s390x
linux-firmware-20170313-72.git695f2d6d.fc25.noarch
libdrm-2.4.75-1.fc25.s390x
mesa-libEGL-13.0.3-5.fc25.s390x
systemd-container-231-14.fc25.s390x
gnutls-dane-3.5.10-1.fc25.s390x
gtk3-3.22.9-2.fc25.s390x
texlive-tetex-bin-svn36770.0-33.20160520.fc25.1.noarch
texlive-amsfonts-svn29208.3.04-33.fc25.1.noarch
texlive-babel-svn40706-33.fc25.1.noarch
texlive-colortbl-svn29803.v1.0a-33.fc25.1.noarch
texlive-babelbib-svn25245.1.31-33.fc25.1.noarch
texlive-footmisc-svn23330.5.5b-33.fc25.1.noarch
texlive-makeindex-svn40768-33.fc25.1.noarch
texlive-plain-svn40274-33.fc25.1.noarch
texlive-texconfig-bin-svn29741.0-33.20160520.fc25.1.noarch
texlive-zapfding-svn31835.0-33.fc25.1.noarch
texlive-microtype-svn41127-33.fc25.1.noarch
texlive-bookman-svn31835.0-33.fc25.1.noarch
texlive-dvisvgm-def-svn41011-33.fc25.1.noarch
texlive-finstrut-svn21719.0.5-33.fc25.1.noarch
texlive-hyph-utf8-svn41189-33.fc25.1.noarch
texlive-lualibs-svn40370-33.fc25.1.noarch
texlive-mparhack-svn15878.1.4-33.fc25.1.noarch
texlive-pspicture-svn15878.0-33.fc25.1.noarch
texlive-soul-svn15878.2.4-33.fc25.1.noarch
texlive-trimspaces-svn15878.1.1-33.fc25.1.noarch
texlive-varwidth-svn24104.0.92-33.fc25.1.noarch
texlive-geometry-svn19716.5.6-33.fc25.1.noarch
texlive-memoir-svn41203-33.fc25.1.noarch
texlive-pgf-svn40966-33.fc25.1.noarch
texlive-pst-coil-svn37377.1.07-33.fc25.1.noarch
texlive-pst-plot-svn41242-33.fc25.1.noarch
texlive-latex-bin-svn41438-33.fc25.1.noarch
texlive-ucs-svn35853.2.2-33.fc25.1.noarch
texlive-ae-svn15878.1.4-33.fc25.1.noarch
texlive-xetex-bin-svn41091-33.20160520.fc25.1.s390x
glusterfs-api-devel-3.10.0-1.fc25.s390x
mesa-libGL-devel-13.0.3-5.fc25.s390x
fedora-upgrade-26.1-1.fc25.noarch
fedpkg-1.28-1.fc25.noarch
vim-enhanced-8.0.425-1.fc25.s390x
perl-Thread-Queue-3.12-1.fc25.noarch
gstreamer1-plugins-base-1.10.4-1.fc25.s390x
screen-4.5.1-1.fc25.s390x
strace-4.16-1.fc25.s390x
fedora-repos-25-3.noarch
libacl-2.2.52-11.fc24.s390x
cdparanoia-libs-10.2-21.fc24.s390x
ustr-1.0.4-21.fc24.s390x
libusb-0.1.5-7.fc24.s390x
readline-devel-6.3-8.fc24.s390x
chkconfig-1.8-1.fc25.s390x
avahi-libs-0.6.32-4.fc25.s390x
perl-Unicode-Normalize-1.25-365.fc25.s390x
perl-libnet-3.10-1.fc25.noarch
perl-podlators-4.09-1.fc25.noarch
graphite2-1.3.6-1.fc25.s390x
dbus-python-1.2.4-2.fc25.s390x
libgnome-keyring-3.12.0-7.fc25.s390x
python-backports-1.0-8.fc25.s390x
python-pycparser-2.14-7.fc25.noarch
plymouth-scripts-0.9.3-0.6.20160620git0e65b86c.fc25.s390x
cronie-1.5.1-2.fc25.s390x
python2-librepo-1.7.18-3.fc25.s390x
at-spi2-core-2.22.0-1.fc25.s390x
libXv-1.0.11-1.fc25.s390x
python2-ndg_httpsclient-0.4.0-4.fc25.noarch
btrfs-progs-4.6.1-1.fc25.s390x
libgcc-6.3.1-1.fc25.s390x
libgomp-6.3.1-1.fc25.s390x
perl-Encode-2.88-5.fc25.s390x
cracklib-2.9.6-4.fc25.s390x
libobjc-6.3.1-1.fc25.s390x
gcc-6.3.1-1.fc25.s390x
python3-dnf-plugin-system-upgrade-0.7.1-4.fc25.noarch
NetworkManager-1.4.4-3.fc25.s390x
glibc-static-2.24-4.fc25.s390x
boost-random-1.60.0-10.fc25.s390x
libref_array-0.1.5-29.fc25.s390x
libXrender-devel-0.9.10-1.fc25.s390x
javapackages-tools-4.7.0-6.1.fc25.noarch
keyutils-1.5.9-8.fc24.s390x
libcom_err-devel-1.43.3-1.fc25.s390x
graphite2-devel-1.3.6-1.fc25.s390x
lzo-minilzo-2.08-8.fc24.s390x
libusbx-devel-1.0.21-1.fc25.s390x
virglrenderer-devel-0.5.0-1.20160411git61846f92f.fc25.s390x
acpica-tools-20160831-1.fc25.s390x
grep-2.27-2.fc25.s390x
dnf-conf-1.1.10-6.fc25.noarch
crypto-policies-20160921-4.gitf3018dd.fc25.noarch
gtk-update-icon-cache-3.22.9-2.fc25.s390x
rpm-build-libs-4.13.0.1-1.fc25.s390x
libnfsidmap-0.27-1.fc25.s390x
systemtap-devel-3.1-2.fc25.s390x
pcre2-10.23-4.fc25.s390x
systemd-231-14.fc25.s390x
gssproxy-0.7.0-2.fc25.s390x
SDL2-2.0.5-3.fc25.s390x
texlive-etex-pkg-svn39355-33.fc25.1.noarch
texlive-multido-svn18302.1.42-33.fc25.1.noarch
texlive-gsftopk-svn40768-33.fc25.1.noarch
texlive-pst-ovl-svn40873-33.fc25.1.noarch
texlive-ltabptch-svn17533.1.74d-33.fc25.1.noarch
texlive-cite-svn36428.5.5-33.fc25.1.noarch
texlive-fpl-svn15878.1.002-33.fc25.1.noarch
texlive-mathpazo-svn15878.1.003-33.fc25.1.noarch
texlive-rcs-svn15878.0-33.fc25.1.noarch
texlive-type1cm-svn21820.0-33.fc25.1.noarch
texlive-l3kernel-svn41246-33.fc25.1.noarch
texlive-hyperref-svn41396-33.fc25.1.noarch
texlive-pst-tree-svn24142.1.12-33.fc25.1.noarch
texlive-sansmathaccent-svn30187.0-33.fc25.1.noarch
texlive-dvipdfmx-bin-svn40273-33.20160520.fc25.1.s390x
texlive-zapfchan-svn31835.0-33.fc25.1.noarch
firewalld-0.4.4.4-1.fc25.noarch
glib2-static-2.50.3-1.fc25.s390x
libmicrohttpd-0.9.52-3.fc25.s390x
perl-open-1.10-385.fc25.noarch
bash-completion-2.5-1.fc25.noarch
gpg-pubkey-a29cb19c-53bcbba6
m4-1.4.17-9.fc24.s390x
liblockfile-1.09-4.fc24.s390x
sg3_utils-1.41-3.fc24.s390x
libXinerama-1.1.3-6.fc24.s390x
libXft-2.3.2-4.fc24.s390x
tcp_wrappers-libs-7.6-83.fc25.s390x
perl-Text-Tabs+Wrap-2013.0523-365.fc25.noarch
perl-Error-0.17024-7.fc25.noarch
perl-Term-Cap-1.17-365.fc25.noarch
perl-Pod-Usage-1.69-1.fc25.noarch
device-mapper-persistent-data-0.6.3-1.fc25.s390x
net-snmp-libs-5.7.3-13.fc25.s390x
libgusb-0.2.9-1.fc25.s390x
python3-six-1.10.0-3.fc25.noarch
python3-pysocks-1.5.6-5.fc25.noarch
python-chardet-2.3.0-1.fc25.noarch
python2-cffi-1.7.0-2.fc25.s390x
gc-devel-7.4.4-1.fc25.s390x
plymouth-0.9.3-0.6.20160620git0e65b86c.fc25.s390x
ebtables-2.0.10-21.fc25.s390x
python3-librepo-1.7.18-3.fc25.s390x
net-snmp-5.7.3-13.fc25.s390x
at-spi2-atk-2.22.0-1.fc25.s390x
avahi-autoipd-0.6.32-4.fc25.s390x
libcrypt-nss-2.24-4.fc25.s390x
libgo-6.3.1-1.fc25.s390x
cpp-6.3.1-1.fc25.s390x
glibc-devel-2.24-4.fc25.s390x
kernel-modules-4.9.3-200.fc25.s390x
emacs-25.1-3.fc25.s390x
pyparsing-2.1.10-1.fc25.noarch
libproxy-0.4.14-1.fc25.s390x
python3-pyparsing-2.1.10-1.fc25.noarch
libcollection-0.7.0-29.fc25.s390x
libcephfs-devel-10.2.4-2.fc25.s390x
libXdamage-devel-1.1.4-8.fc24.s390x
libverto-devel-0.2.6-6.fc24.s390x
snappy-1.1.3-2.fc24.s390x
cairo-gobject-devel-1.14.8-1.fc25.s390x
cyrus-sasl-devel-2.1.26-26.2.fc24.s390x
kernel-devel-4.9.5-200.fc25.s390x
libXi-1.7.9-1.fc25.s390x
distribution-gpg-keys-1.11-1.fc25.noarch
texlive-base-2016-33.20160520.fc25.noarch
gstreamer1-1.10.4-1.fc25.s390x
python3-rpm-4.13.0.1-1.fc25.s390x
systemtap-runtime-3.1-2.fc25.s390x
perl-SelfLoader-1.23-385.fc25.noarch
pcre-utf32-8.40-5.fc25.s390x
dbus-1.11.10-1.fc25.s390x
nfs-utils-2.1.1-2.rc1.fc25.s390x
bind99-license-9.9.9-4.P6.fc25.noarch
texlive-booktabs-svn40846-33.fc25.1.noarch
texlive-lm-svn28119.2.004-33.fc25.1.noarch
texlive-gsftopk-bin-svn40473-33.20160520.fc25.1.s390x
texlive-tex-svn40793-33.fc25.1.noarch
texlive-fancyref-svn15878.0.9c-33.fc25.1.noarch
texlive-chngcntr-svn17157.1.0a-33.fc25.1.noarch
texlive-fix2col-svn38770-33.fc25.1.noarch
texlive-marginnote-svn41382-33.fc25.1.noarch
texlive-pxfonts-svn15878.0-33.fc25.1.noarch
texlive-txfonts-svn15878.0-33.fc25.1.noarch
texlive-l3packages-svn41246-33.fc25.1.noarch
texlive-oberdiek-svn41346-33.fc25.1.noarch
texlive-pst-tools-svn34067.0.05-33.fc25.1.noarch
texlive-tex-gyre-svn18651.2.004-33.fc25.1.noarch
texlive-dvipdfmx-svn41149-33.fc25.1.noarch
texlive-collection-fontsrecommended-svn35830.0-33.20160520.fc25.1.noarch
gnutls-devel-3.5.10-1.fc25.s390x
libcacard-devel-2.5.3-1.fc25.s390x
selinux-policy-targeted-3.13.1-225.11.fc25.noarch
ykpers-1.18.0-2.fc25.s390x
python2-idna-2.5-1.fc25.noarch
python-async-0.6.1-9.fc22.s390x
dejavu-sans-mono-fonts-2.35-3.fc24.noarch
popt-1.16-7.fc24.s390x
cyrus-sasl-lib-2.1.26-26.2.fc24.s390x
xz-5.2.2-2.fc24.s390x
libpipeline-1.4.1-2.fc24.s390x
pinentry-0.9.7-2.fc24.s390x
pth-2.0.7-27.fc24.s390x
libsepol-2.5-10.fc25.s390x
sqlite-libs-3.14.2-1.fc25.s390x
libxcb-1.12-1.fc25.s390x
libicu-57.1-4.fc25.s390x
perl-Getopt-Long-2.49.1-1.fc25.noarch
avahi-glib-0.6.32-4.fc25.s390x
python3-pip-8.1.2-2.fc25.noarch
python3-libcomps-0.1.7-5.fc25.s390x
python-slip-0.6.4-4.fc25.noarch
python2-libcomps-0.1.7-5.fc25.s390x
gc-7.4.4-1.fc25.s390x
s390utils-cmsfs-1.36.0-1.fc25.s390x
newt-python-0.52.19-2.fc25.s390x
valgrind-3.12.0-1.fc25.s390x
emacs-filesystem-25.1-3.fc25.noarch
libdb-utils-5.3.28-16.fc25.s390x
qt5-srpm-macros-5.7.1-1.fc25.noarch
elfutils-default-yama-scope-0.168-1.fc25.noarch
device-mapper-event-1.02.136-3.fc25.s390x
perl-Class-Inspector-1.31-2.fc25.noarch
poppler-0.45.0-2.fc25.s390x
libbasicobjects-0.1.1-29.fc25.s390x
libradosstriper1-10.2.4-2.fc25.s390x
libXxf86vm-devel-1.1.4-3.fc24.s390x
gsm-1.0.16-1.fc25.s390x
zziplib-0.13.62-7.fc24.s390x
libpaper-1.1.24-12.fc24.s390x
libini_config-1.3.0-29.fc25.s390x
snappy-devel-1.1.3-2.fc24.s390x
libcap-ng-devel-0.7.8-1.fc25.s390x
libxkbcommon-devel-0.7.1-1.fc25.s390x
kernel-4.9.5-200.fc25.s390x
audit-libs-2.7.3-1.fc25.s390x
nss-softokn-3.29.3-1.0.fc25.s390x
openssl-libs-1.0.2k-1.fc25.s390x
libkadm5-1.14.4-7.fc25.s390x
rpm-libs-4.13.0.1-1.fc25.s390x
nss-tools-3.29.3-1.0.fc25.s390x
perl-5.24.1-385.fc25.s390x
pcre2-utf32-10.23-4.fc25.s390x
util-linux-2.28.2-2.fc25.s390x
mesa-libGLES-devel-13.0.3-5.fc25.s390x
libICE-1.0.9-8.fc25.s390x
texlive-etoolbox-svn38031.2.2a-33.fc25.1.noarch
texlive-dvips-svn41149-33.fc25.1.noarch
texlive-latexconfig-svn40274-33.fc25.1.noarch
texlive-tex-ini-files-svn40533-33.fc25.1.noarch
texlive-qstest-svn15878.0-33.fc25.1.noarch
texlive-cmap-svn41168-33.fc25.1.noarch
texlive-luatex-bin-svn41091-33.20160520.fc25.1.s390x
texlive-mflogo-svn38628-33.fc25.1.noarch
texlive-sansmath-svn17997.1.1-33.fc25.1.noarch
texlive-unicode-data-svn39808-33.fc25.1.noarch
texlive-luaotfload-bin-svn34647.0-33.20160520.fc25.1.noarch
texlive-listings-svn37534.1.6-33.fc25.1.noarch
texlive-pstricks-svn41321-33.fc25.1.noarch
texlive-metalogo-svn18611.0.12-33.fc25.1.noarch
texlive-collection-latex-svn41011-33.20160520.fc25.1.noarch
ghostscript-9.20-6.fc25.s390x
kernel-4.10.5-200.fc25.s390x
pcre-static-8.40-5.fc25.s390x
python2-dnf-plugins-core-0.1.21-5.fc25.noarch
xkeyboard-config-2.20-2.fc25.noarch
libattr-2.4.47-16.fc24.s390x
acl-2.2.52-11.fc24.s390x
libvisual-0.4.0-20.fc24.s390x
libpcap-1.7.4-2.fc24.s390x
libutempter-1.1.6-8.fc24.s390x
libgudev-230-3.fc24.s390x
popt-devel-1.16-7.fc24.s390x
make-4.1-5.fc24.s390x
hicolor-icon-theme-0.15-3.fc24.noarch
setup-2.10.4-1.fc25.noarch
bash-4.3.43-4.fc25.s390x
nspr-4.13.1-1.fc25.s390x
libjpeg-turbo-1.5.1-0.fc25.s390x
perl-Socket-2.024-1.fc25.s390x
perl-HTTP-Tiny-0.070-1.fc25.noarch
ipset-6.29-1.fc25.s390x
python2-setuptools-25.1.1-1.fc25.noarch
gsettings-desktop-schemas-3.22.0-1.fc25.s390x
python3-setuptools-25.1.1-1.fc25.noarch
python-slip-dbus-0.6.4-4.fc25.noarch
python2-ply-3.8-2.fc25.noarch
dtc-1.4.2-1.fc25.s390x
guile-2.0.13-1.fc25.s390x
cronie-anacron-1.5.1-2.fc25.s390x
libXtst-1.2.3-1.fc25.s390x
iso-codes-3.70-1.fc25.noarch
s390utils-1.36.0-1.fc25.s390x
python-backports-ssl_match_hostname-3.5.0.1-3.fc25.noarch
fedora-cert-0.6.0.1-1.fc25.noarch
libstdc++-6.3.1-1.fc25.s390x
subversion-libs-1.9.5-1.fc25.s390x
libgfortran-6.3.1-1.fc25.s390x
libtasn1-4.10-1.fc25.s390x
dnf-plugin-system-upgrade-0.7.1-4.fc25.noarch
lvm2-2.02.167-3.fc25.s390x
libselinux-devel-2.5-13.fc25.s390x
perl-Time-Local-1.250-1.fc25.noarch
libtirpc-1.0.1-3.rc3.fc25.s390x
libradosstriper-devel-10.2.4-2.fc25.s390x
flac-libs-1.3.2-1.fc25.s390x
perl-Digest-1.17-366.fc25.noarch
teckit-2.5.1-15.fc24.s390x
libpath_utils-0.2.1-29.fc25.s390x
attr-2.4.47-16.fc24.s390x
usbredir-0.7.1-2.fc24.s390x
cairo-devel-1.14.8-1.fc25.s390x
lzo-devel-2.08-8.fc24.s390x
libcap-devel-2.25-2.fc25.s390x
opus-1.1.3-2.fc25.s390x
pcre-8.40-5.fc25.s390x
firewalld-filesystem-0.4.4.4-1.fc25.noarch
coreutils-8.25-16.fc25.s390x
krb5-devel-1.14.4-7.fc25.s390x
rpm-4.13.0.1-1.fc25.s390x
openldap-2.4.44-7.fc25.s390x
kernel-devel-4.10.5-200.fc25.s390x
pcre2-utf16-10.23-4.fc25.s390x
systemd-pam-231-14.fc25.s390x
glusterfs-fuse-3.10.0-1.fc25.s390x
libbsd-0.8.3-1.fc25.s390x
texlive-url-svn32528.3.4-33.fc25.1.noarch
texlive-dvips-bin-svn40987-33.20160520.fc25.1.s390x
texlive-index-svn24099.4.1beta-33.fc25.1.noarch
texlive-setspace-svn24881.6.7a-33.fc25.1.noarch
texlive-mathtools-svn38833-33.fc25.1.noarch
texlive-cm-svn32865.0-33.fc25.1.noarch
texlive-graphics-def-svn41879-33.fc25.1.noarch
texlive-mdwtools-svn15878.1.05.4-33.fc25.1.noarch
texlive-rsfs-svn15878.0-33.fc25.1.noarch
texlive-ucharcat-svn38907-33.fc25.1.noarch
texlive-fontspec-svn41262-33.fc25.1.noarch
texlive-showexpl-svn32737.v0.3l-33.fc25.1.noarch
texlive-pstricks-add-svn40744-33.fc25.1.noarch
texlive-beamer-svn36461.3.36-33.fc25.1.noarch
texlive-collection-basic-svn41149-33.20160520.fc25.1.noarch
ghostscript-x11-9.20-6.fc25.s390x
mock-1.3.4-1.fc25.noarch
pcre2-devel-10.23-4.fc25.s390x
rpm-build-4.13.0.1-1.fc25.s390x
xemacs-filesystem-21.5.34-20.20170124hgf412e9f093d4.fc25.noarch
gpg-pubkey-a0a7badb-52844296
readline-6.3-8.fc24.s390x
cpio-2.12-3.fc24.s390x
p11-kit-trust-0.23.2-2.fc24.s390x
qrencode-libs-3.4.2-6.fc24.s390x
GeoIP-1.6.9-2.fc24.s390x
libXcomposite-0.4.4-8.fc24.s390x
procps-ng-3.3.10-11.fc24.s390x
GConf2-3.2.6-16.fc24.s390x
xz-devel-5.2.2-2.fc24.s390x
fedora-logos-22.0.0-3.fc24.s390x
gpg-pubkey-e372e838-56fd7943
kmod-libs-23-1.fc25.s390x
perl-parent-0.236-1.fc25.noarch
perl-TermReadKey-2.37-1.fc25.s390x
dhcp-libs-4.3.5-1.fc25.s390x
ncurses-c++-libs-6.0-6.20160709.fc25.s390x
gzip-1.8-1.fc25.s390x
python3-gobject-base-3.22.0-1.fc25.s390x
python2-yubico-1.3.2-3.fc25.noarch
s390utils-ziomon-1.36.0-1.fc25.s390x
librepo-1.7.18-3.fc25.s390x
librsvg2-2.40.16-2.fc25.s390x
gnat-srpm-macros-4-1.fc25.noarch
python-decoratortools-1.8-12.fc25.noarch
m17n-db-1.7.0-7.fc25.noarch
glibc-common-2.24-4.fc25.s390x
e2fsprogs-libs-1.43.3-1.fc25.s390x
curl-7.51.0-4.fc25.s390x
libvorbis-1.3.5-1.fc25.s390x
gcc-gdb-plugin-6.3.1-1.fc25.s390x
perl-Time-HiRes-1.9741-1.fc25.s390x
npth-1.3-1.fc25.s390x
libcephfs1-10.2.4-2.fc25.s390x
wayland-devel-1.12.0-1.fc25.s390x
libxcb-devel-1.12-1.fc25.s390x
perl-encoding-2.19-5.fc25.s390x
python3-cssselect-0.9.2-1.fc25.noarch
gettext-libs-0.19.8.1-3.fc25.s390x
at-spi2-atk-devel-2.22.0-1.fc25.s390x
virglrenderer-0.5.0-1.20160411git61846f92f.fc25.s390x
pixman-devel-0.34.0-2.fc24.s390x
libnfs-devel-1.9.8-2.fc24.s390x
git-core-2.9.3-2.fc25.s390x
libX11-common-1.6.4-4.fc25.noarch
GeoIP-GeoLite-data-2017.01-1.fc25.noarch
file-libs-5.29-3.fc25.s390x
nss-softokn-devel-3.29.3-1.0.fc25.s390x
libblkid-2.28.2-2.fc25.s390x
python3-3.5.3-3.fc25.s390x
python2-hawkey-0.6.4-1.fc25.s390x
bind-libs-9.10.4-4.P6.fc25.s390x
vim-common-8.0.425-1.fc25.s390x
glib2-devel-2.50.3-1.fc25.s390x
mesa-libgbm-13.0.3-5.fc25.s390x
systemd-udev-231-14.fc25.s390x
gdk-pixbuf2-modules-2.36.5-1.fc25.s390x
texlive-ifxetex-svn19685.0.5-33.fc25.1.noarch
texlive-caption-svn41409-33.fc25.1.noarch
texlive-float-svn15878.1.3d-33.fc25.1.noarch
texlive-pdftex-def-svn22653.0.06d-33.fc25.1.noarch
texlive-xdvi-bin-svn40750-33.20160520.fc25.1.s390x
texlive-beton-svn15878.0-33.fc25.1.noarch
texlive-filecontents-svn24250.1.3-33.fc25.1.noarch
texlive-lm-math-svn36915.1.959-33.fc25.1.noarch
texlive-pslatex-svn16416.0-33.fc25.1.noarch
texlive-times-svn35058.0-33.fc25.1.noarch
texlive-breakurl-svn29901.1.40-33.fc25.1.noarch
texlive-filehook-svn24280.0.5d-33.fc25.1.noarch
texlive-pst-pdf-svn31660.1.1v-33.fc25.1.noarch
texlive-seminar-svn34011.1.62-33.fc25.1.noarch
texlive-xetexconfig-svn41133-33.fc25.1.noarch
python2-gluster-3.10.0-1.fc25.s390x
systemtap-3.1-2.fc25.s390x
python-rpm-macros-3-12.fc25.noarch
rpm-devel-4.13.0.1-1.fc25.s390x
vim-minimal-8.0.425-1.fc25.s390x
=== TEST BEGIN ===
Using CC: /home/fam/bin/cc
grep: scripts/tracetool/backend/*.py: No such file or directory
Install prefix /var/tmp/patchew-tester-tmp-191ln5i9/src/install
BIOS directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/share/qemu
binary directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/bin
library directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/lib
module directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/lib/qemu
libexec directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/libexec
include directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/include
config directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/etc
local state directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/var
Manual directory /var/tmp/patchew-tester-tmp-191ln5i9/src/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path /var/tmp/patchew-tester-tmp-191ln5i9/src
C compiler /home/fam/bin/cc
Host C compiler cc
C++ compiler c++
Objective-C compiler /home/fam/bin/cc
ARFLAGS rv
CFLAGS -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g
QEMU_CFLAGS -I/usr/include/pixman-1 -Werror -DHAS_LIBSSH2_SFTP_FSYNC -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -D_GNU_SOURCE -m64 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-strong -I/usr/include/p11-kit-1 -I/usr/include/libpng16 -I/usr/include/libdrm -I/usr/include/cacard -I/usr/include/nss3 -I/usr/include/nspr4 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/libusb-1.0
LDFLAGS -Wl,--warn-common -m64 -g
make make
install install
python python -B
smbd /usr/sbin/smbd
module support no
host CPU s390x
host big endian yes
target list aarch64-softmmu alpha-softmmu arm-softmmu cris-softmmu i386-softmmu lm32-softmmu m68k-softmmu microblazeel-softmmu microblaze-softmmu mips64el-softmmu mips64-softmmu mipsel-softmmu mips-softmmu moxie-softmmu nios2-softmmu or1k-softmmu ppc64-softmmu ppcemb-softmmu ppc-softmmu s390x-softmmu sh4eb-softmmu sh4-softmmu sparc64-softmmu sparc-softmmu tricore-softmmu unicore32-softmmu x86_64-softmmu xtensaeb-softmmu xtensa-softmmu aarch64-linux-user alpha-linux-user armeb-linux-user arm-linux-user cris-linux-user hppa-linux-user i386-linux-user m68k-linux-user microblazeel-linux-user microblaze-linux-user mips64el-linux-user mips64-linux-user mipsel-linux-user mips-linux-user mipsn32el-linux-user mipsn32-linux-user nios2-linux-user or1k-linux-user ppc64abi32-linux-user ppc64le-linux-user ppc64-linux-user ppc-linux-user s390x-linux-user sh4eb-linux-user sh4-linux-user sparc32plus-linux-user sparc64-linux-user sparc-linux-user tilegx-linux-user x86_64-linux-user
tcg debug enabled no
gprof enabled no
sparse enabled no
strip binaries yes
profiler no
static build no
pixman system
SDL support yes (2.0.5)
GTK support yes (3.22.9)
GTK GL support yes
VTE support yes (0.46.1)
TLS priority NORMAL
GNUTLS support yes
GNUTLS rnd yes
libgcrypt no
libgcrypt kdf no
nettle yes (3.3)
nettle kdf yes
libtasn1 yes
curses support yes
virgl support yes
curl support yes
mingw32 support no
Audio drivers oss
Block whitelist (rw)
Block whitelist (ro)
VirtFS support yes
VNC support yes
VNC SASL support yes
VNC JPEG support yes
VNC PNG support yes
xen support no
brlapi support yes
bluez support yes
Documentation yes
PIE no
vde support no
netmap support no
Linux AIO support yes
ATTR/XATTR support yes
Install blobs yes
KVM support yes
HAX support no
RDMA support no
TCG interpreter no
fdt support yes
preadv support yes
fdatasync yes
madvise yes
posix_madvise yes
libcap-ng support yes
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
Trace backends log
spice support no
rbd support yes
xfsctl support no
smartcard support yes
libusb yes
usb net redir yes
OpenGL support yes
OpenGL dmabufs yes
libiscsi support yes
libnfs support yes
build guest agent yes
QGA VSS support no
QGA w32 disk info no
QGA MSI support no
seccomp support no
coroutine backend ucontext
coroutine pool yes
debug stack usage no
GlusterFS support yes
gcov gcov
gcov enabled no
TPM support yes
libssh2 support yes
TPM passthrough no
QOM debugging yes
lzo support yes
snappy support yes
bzip2 support yes
NUMA host support no
tcmalloc support no
jemalloc support no
avx2 optimization no
replication support yes
VxHS block device no
GEN alpha-softmmu/config-devices.mak.tmp
GEN aarch64-softmmu/config-devices.mak.tmp
GEN arm-softmmu/config-devices.mak.tmp
GEN cris-softmmu/config-devices.mak.tmp
GEN cris-softmmu/config-devices.mak
GEN alpha-softmmu/config-devices.mak
GEN arm-softmmu/config-devices.mak
GEN lm32-softmmu/config-devices.mak.tmp
GEN i386-softmmu/config-devices.mak.tmp
GEN m68k-softmmu/config-devices.mak.tmp
GEN aarch64-softmmu/config-devices.mak
GEN microblazeel-softmmu/config-devices.mak.tmp
GEN lm32-softmmu/config-devices.mak
GEN m68k-softmmu/config-devices.mak
GEN microblaze-softmmu/config-devices.mak.tmp
GEN i386-softmmu/config-devices.mak
GEN mips64el-softmmu/config-devices.mak.tmp
GEN microblazeel-softmmu/config-devices.mak
GEN mips64-softmmu/config-devices.mak.tmp
GEN microblaze-softmmu/config-devices.mak
GEN mipsel-softmmu/config-devices.mak.tmp
GEN mips-softmmu/config-devices.mak.tmp
GEN mips64-softmmu/config-devices.mak
GEN mips64el-softmmu/config-devices.mak
GEN moxie-softmmu/config-devices.mak.tmp
GEN mipsel-softmmu/config-devices.mak
GEN mips-softmmu/config-devices.mak
GEN nios2-softmmu/config-devices.mak.tmp
GEN or1k-softmmu/config-devices.mak.tmp
GEN ppc64-softmmu/config-devices.mak.tmp
GEN moxie-softmmu/config-devices.mak
GEN nios2-softmmu/config-devices.mak
GEN or1k-softmmu/config-devices.mak
GEN ppcemb-softmmu/config-devices.mak.tmp
GEN ppc-softmmu/config-devices.mak.tmp
GEN s390x-softmmu/config-devices.mak.tmp
GEN ppc64-softmmu/config-devices.mak
GEN sh4eb-softmmu/config-devices.mak.tmp
GEN s390x-softmmu/config-devices.mak
GEN ppcemb-softmmu/config-devices.mak
GEN ppc-softmmu/config-devices.mak
GEN sh4-softmmu/config-devices.mak.tmp
GEN sparc64-softmmu/config-devices.mak.tmp
GEN sparc-softmmu/config-devices.mak.tmp
GEN sh4eb-softmmu/config-devices.mak
GEN tricore-softmmu/config-devices.mak.tmp
GEN sh4-softmmu/config-devices.mak
GEN sparc-softmmu/config-devices.mak
GEN unicore32-softmmu/config-devices.mak.tmp
GEN sparc64-softmmu/config-devices.mak
GEN x86_64-softmmu/config-devices.mak.tmp
GEN xtensaeb-softmmu/config-devices.mak.tmp
GEN tricore-softmmu/config-devices.mak
GEN xtensa-softmmu/config-devices.mak.tmp
GEN unicore32-softmmu/config-devices.mak
GEN xtensaeb-softmmu/config-devices.mak
GEN aarch64-linux-user/config-devices.mak.tmp
GEN alpha-linux-user/config-devices.mak.tmp
GEN xtensa-softmmu/config-devices.mak
GEN aarch64-linux-user/config-devices.mak
GEN armeb-linux-user/config-devices.mak.tmp
GEN arm-linux-user/config-devices.mak.tmp
GEN x86_64-softmmu/config-devices.mak
GEN alpha-linux-user/config-devices.mak
GEN cris-linux-user/config-devices.mak.tmp
GEN armeb-linux-user/config-devices.mak
GEN hppa-linux-user/config-devices.mak.tmp
GEN i386-linux-user/config-devices.mak.tmp
GEN arm-linux-user/config-devices.mak
GEN m68k-linux-user/config-devices.mak.tmp
GEN cris-linux-user/config-devices.mak
GEN i386-linux-user/config-devices.mak
GEN microblazeel-linux-user/config-devices.mak.tmp
GEN microblaze-linux-user/config-devices.mak.tmp
GEN hppa-linux-user/config-devices.mak
GEN m68k-linux-user/config-devices.mak
GEN mips64el-linux-user/config-devices.mak.tmp
GEN microblazeel-linux-user/config-devices.mak
GEN mips64-linux-user/config-devices.mak.tmp
GEN mipsel-linux-user/config-devices.mak.tmp
GEN microblaze-linux-user/config-devices.mak
GEN mips64el-linux-user/config-devices.mak
GEN mips-linux-user/config-devices.mak.tmp
GEN mips64-linux-user/config-devices.mak
GEN mipsn32el-linux-user/config-devices.mak.tmp
GEN mipsn32-linux-user/config-devices.mak.tmp
GEN mipsel-linux-user/config-devices.mak
GEN nios2-linux-user/config-devices.mak.tmp
GEN mips-linux-user/config-devices.mak
GEN mipsn32-linux-user/config-devices.mak
GEN or1k-linux-user/config-devices.mak.tmp
GEN mipsn32el-linux-user/config-devices.mak
GEN ppc64abi32-linux-user/config-devices.mak.tmp
GEN ppc64le-linux-user/config-devices.mak.tmp
GEN nios2-linux-user/config-devices.mak
GEN ppc64-linux-user/config-devices.mak.tmp
GEN or1k-linux-user/config-devices.mak
GEN ppc64abi32-linux-user/config-devices.mak
GEN ppc64le-linux-user/config-devices.mak
GEN s390x-linux-user/config-devices.mak.tmp
GEN ppc-linux-user/config-devices.mak.tmp
GEN ppc64-linux-user/config-devices.mak
GEN sh4eb-linux-user/config-devices.mak.tmp
GEN sh4-linux-user/config-devices.mak.tmp
GEN ppc-linux-user/config-devices.mak
GEN s390x-linux-user/config-devices.mak
GEN sparc32plus-linux-user/config-devices.mak.tmp
GEN sh4eb-linux-user/config-devices.mak
GEN sparc64-linux-user/config-devices.mak.tmp
GEN sparc-linux-user/config-devices.mak.tmp
GEN sh4-linux-user/config-devices.mak
GEN tilegx-linux-user/config-devices.mak.tmp
GEN sparc64-linux-user/config-devices.mak
GEN sparc32plus-linux-user/config-devices.mak
GEN x86_64-linux-user/config-devices.mak.tmp
GEN sparc-linux-user/config-devices.mak
GEN tilegx-linux-user/config-devices.mak
GEN config-host.h
GEN qemu-options.def
GEN x86_64-linux-user/config-devices.mak
GEN qmp-commands.h
GEN qapi-types.h
GEN qapi-visit.h
GEN qapi-event.h
GEN qmp-marshal.c
GEN qapi-types.c
GEN qapi-visit.c
GEN qapi-event.c
GEN qmp-introspect.h
GEN qmp-introspect.c
GEN trace/generated-tcg-tracers.h
GEN trace/generated-helpers-wrappers.h
GEN trace/generated-helpers.h
GEN trace/generated-helpers.c
GEN module_block.h
GEN tests/test-qapi-types.h
GEN tests/test-qapi-visit.h
GEN tests/test-qapi-event.h
GEN tests/test-qmp-commands.h
GEN tests/test-qmp-introspect.h
GEN trace-root.h
GEN util/trace.h
GEN crypto/trace.h
GEN io/trace.h
GEN block/trace.h
GEN migration/trace.h
GEN backends/trace.h
GEN hw/block/trace.h
GEN hw/block/dataplane/trace.h
GEN hw/char/trace.h
GEN hw/intc/trace.h
GEN hw/net/trace.h
GEN hw/virtio/trace.h
GEN hw/audio/trace.h
GEN hw/misc/trace.h
GEN hw/usb/trace.h
GEN hw/scsi/trace.h
GEN hw/nvram/trace.h
GEN hw/display/trace.h
GEN hw/input/trace.h
GEN hw/timer/trace.h
GEN hw/dma/trace.h
GEN hw/sparc/trace.h
GEN hw/sd/trace.h
GEN hw/isa/trace.h
GEN hw/mem/trace.h
GEN hw/i386/trace.h
GEN hw/i386/xen/trace.h
GEN hw/9pfs/trace.h
GEN hw/ppc/trace.h
GEN hw/pci/trace.h
GEN hw/s390x/trace.h
GEN hw/vfio/trace.h
GEN hw/acpi/trace.h
GEN hw/alpha/trace.h
GEN hw/arm/trace.h
GEN ui/trace.h
GEN hw/xen/trace.h
GEN audio/trace.h
GEN net/trace.h
GEN target/arm/trace.h
GEN target/i386/trace.h
GEN target/mips/trace.h
GEN target/sparc/trace.h
GEN target/ppc/trace.h
GEN target/s390x/trace.h
GEN qom/trace.h
GEN linux-user/trace.h
GEN qapi/trace.h
GEN util/trace.c
GEN trace-root.c
GEN crypto/trace.c
GEN io/trace.c
GEN migration/trace.c
GEN block/trace.c
GEN backends/trace.c
GEN hw/block/trace.c
GEN hw/block/dataplane/trace.c
GEN hw/char/trace.c
GEN hw/intc/trace.c
GEN hw/net/trace.c
GEN hw/virtio/trace.c
GEN hw/audio/trace.c
GEN hw/misc/trace.c
GEN hw/usb/trace.c
GEN hw/scsi/trace.c
GEN hw/nvram/trace.c
GEN hw/display/trace.c
GEN hw/input/trace.c
GEN hw/timer/trace.c
GEN hw/dma/trace.c
GEN hw/sparc/trace.c
GEN hw/sd/trace.c
GEN hw/mem/trace.c
GEN hw/isa/trace.c
GEN hw/i386/trace.c
GEN hw/i386/xen/trace.c
GEN hw/9pfs/trace.c
GEN hw/ppc/trace.c
GEN hw/pci/trace.c
GEN hw/s390x/trace.c
GEN hw/vfio/trace.c
GEN hw/acpi/trace.c
GEN hw/arm/trace.c
GEN hw/alpha/trace.c
GEN ui/trace.c
GEN hw/xen/trace.c
GEN audio/trace.c
GEN net/trace.c
GEN target/arm/trace.c
GEN target/i386/trace.c
GEN target/mips/trace.c
GEN target/sparc/trace.c
GEN target/s390x/trace.c
GEN target/ppc/trace.c
GEN qom/trace.c
GEN linux-user/trace.c
GEN qapi/trace.c
GEN config-all-devices.mak
GEN qemu-monitor.texi
GEN qemu-options.texi
CC tests/qemu-iotests/socket_scm_helper.o
GEN qemu-img-cmds.texi
GEN qemu-monitor-info.texi
GEN qemu-img.1
GEN qemu-nbd.8
GEN qemu-ga.8
GEN docs/version.texi
GEN docs/qemu-qmp-qapi.texi
GEN docs/qemu-ga-qapi.texi
GEN fsdev/virtfs-proxy-helper.1
GEN qga/qapi-generated/qga-qapi-types.h
GEN qga/qapi-generated/qga-qapi-visit.h
GEN qga/qapi-generated/qga-qmp-commands.h
GEN qga/qapi-generated/qga-qapi-types.c
GEN qga/qapi-generated/qga-qmp-marshal.c
GEN qga/qapi-generated/qga-qapi-visit.c
CC qapi-types.o
CC qmp-introspect.o
CC qapi-visit.o
CC qapi-event.o
CC qapi/qapi-visit-core.o
CC qapi/qapi-dealloc-visitor.o
CC qapi/qobject-input-visitor.o
CC qapi/qobject-output-visitor.o
CC qapi/qmp-registry.o
CC qapi/qmp-dispatch.o
CC qapi/string-input-visitor.o
CC qapi/string-output-visitor.o
CC qapi/opts-visitor.o
CC qapi/qapi-clone-visitor.o
CC qapi/qmp-event.o
CC qapi/qapi-util.o
CC qobject/qnull.o
CC qobject/qint.o
CC qobject/qstring.o
CC qobject/qdict.o
CC qobject/qlist.o
CC qobject/qfloat.o
CC qobject/qbool.o
CC qobject/qjson.o
CC qobject/qobject.o
CC qobject/json-lexer.o
CC qobject/json-streamer.o
CC qobject/json-parser.o
CC trace/control.o
CC trace/qmp.o
CC util/osdep.o
CC util/cutils.o
CC util/unicode.o
CC util/qemu-timer-common.o
CC util/bufferiszero.o
CC util/lockcnt.o
CC util/aiocb.o
CC util/async.o
CC util/thread-pool.o
CC util/qemu-timer.o
CC util/main-loop.o
CC util/aio-posix.o
CC util/iohandler.o
CC util/compatfd.o
CC util/event_notifier-posix.o
CC util/oslib-posix.o
CC util/mmap-alloc.o
CC util/qemu-openpty.o
CC util/qemu-thread-posix.o
CC util/memfd.o
CC util/envlist.o
CC util/path.o
CC util/module.o
CC util/host-utils.o
CC util/bitmap.o
CC util/bitops.o
CC util/hbitmap.o
CC util/fifo8.o
CC util/acl.o
CC util/error.o
CC util/qemu-error.o
CC util/id.o
CC util/iov.o
CC util/qemu-config.o
CC util/qemu-sockets.o
CC util/uri.o
CC util/notify.o
CC util/qemu-option.o
CC util/qemu-progress.o
CC util/keyval.o
CC util/hexdump.o
CC util/crc32c.o
CC util/uuid.o
CC util/throttle.o
CC util/getauxval.o
CC util/readline.o
CC util/rcu.o
CC util/qemu-coroutine.o
CC util/qemu-coroutine-lock.o
CC util/qemu-coroutine-io.o
CC util/qemu-coroutine-sleep.o
CC util/coroutine-ucontext.o
CC util/buffer.o
CC util/timed-average.o
CC util/base64.o
CC util/log.o
CC util/qdist.o
CC util/qht.o
CC util/range.o
CC util/systemd.o
CC trace-root.o
CC util/trace.o
CC crypto/trace.o
CC io/trace.o
CC migration/trace.o
CC block/trace.o
CC backends/trace.o
CC hw/block/trace.o
CC hw/block/dataplane/trace.o
CC hw/char/trace.o
CC hw/intc/trace.o
CC hw/net/trace.o
CC hw/virtio/trace.o
CC hw/audio/trace.o
CC hw/misc/trace.o
CC hw/usb/trace.o
CC hw/scsi/trace.o
CC hw/nvram/trace.o
CC hw/display/trace.o
CC hw/input/trace.o
CC hw/timer/trace.o
CC hw/dma/trace.o
CC hw/sparc/trace.o
CC hw/sd/trace.o
CC hw/isa/trace.o
CC hw/mem/trace.o
CC hw/i386/xen/trace.o
CC hw/i386/trace.o
CC hw/9pfs/trace.o
CC hw/ppc/trace.o
CC hw/pci/trace.o
CC hw/s390x/trace.o
CC hw/vfio/trace.o
CC hw/acpi/trace.o
CC hw/arm/trace.o
CC hw/alpha/trace.o
CC hw/xen/trace.o
CC ui/trace.o
CC audio/trace.o
CC net/trace.o
CC target/arm/trace.o
CC target/i386/trace.o
CC target/mips/trace.o
CC target/sparc/trace.o
CC target/s390x/trace.o
CC target/ppc/trace.o
CC qom/trace.o
CC linux-user/trace.o
CC qapi/trace.o
CC crypto/pbkdf-stub.o
CC stubs/arch-query-cpu-def.o
CC stubs/arch-query-cpu-model-expansion.o
CC stubs/arch-query-cpu-model-comparison.o
CC stubs/arch-query-cpu-model-baseline.o
CC stubs/bdrv-next-monitor-owned.o
CC stubs/blk-commit-all.o
CC stubs/clock-warp.o
CC stubs/blockdev-close-all-bdrv-states.o
CC stubs/cpu-get-clock.o
CC stubs/cpu-get-icount.o
CC stubs/dump.o
CC stubs/error-printf.o
CC stubs/fdset.o
CC stubs/gdbstub.o
CC stubs/get-vm-name.o
CC stubs/iothread.o
CC stubs/iothread-lock.o
CC stubs/is-daemonized.o
CC stubs/machine-init-done.o
CC stubs/migr-blocker.o
CC stubs/linux-aio.o
CC stubs/monitor.o
CC stubs/notify-event.o
CC stubs/qtest.o
CC stubs/replay.o
CC stubs/runstate-check.o
CC stubs/set-fd-handler.o
CC stubs/slirp.o
CC stubs/sysbus.o
CC stubs/trace-control.o
CC stubs/uuid.o
CC stubs/vm-stop.o
CC stubs/vmstate.o
CC stubs/target-monitor-defs.o
CC stubs/qmp_pc_dimm_device_list.o
CC stubs/target-get-monitor-def.o
CC stubs/pc_madt_cpu_entry.o
CC stubs/vmgenid.o
CC contrib/ivshmem-client/ivshmem-client.o
CC contrib/ivshmem-client/main.o
CC contrib/ivshmem-server/ivshmem-server.o
CC contrib/ivshmem-server/main.o
CC qemu-nbd.o
CC block.o
CC blockjob.o
CC qemu-io-cmds.o
CC replication.o
CC block/raw-format.o
CC block/qcow.o
CC block/vdi.o
CC block/vmdk.o
CC block/cloop.o
CC block/bochs.o
CC block/vpc.o
CC block/vvfat.o
CC block/dmg.o
CC block/qcow2.o
CC block/qcow2-refcount.o
CC block/qcow2-cluster.o
CC block/qcow2-snapshot.o
CC block/qcow2-cache.o
/var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c: In function ‘qcow2_read_extensions’:
/var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c:283:44: error: passing argument 3 of ‘qcrypto_block_open’ from incompatible pointer type [-Werror=incompatible-pointer-types]
qcow2_crypto_hdr_read_func,
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.h:28:0,
from /var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c:29:
/var/tmp/patchew-tester-tmp-191ln5i9/src/include/crypto/block.h:105:15: note: expected ‘QCryptoBlockReadFunc {aka long int (*)(struct QCryptoBlock *, void *, long unsigned int, unsigned char *, long unsigned int, struct Error **)}’ but argument is of type ‘ssize_t (*)(QCryptoBlock *, size_t, uint8_t *, size_t, void *, Error **) {aka long int (*)(struct QCryptoBlock *, long unsigned int, unsigned char *, long unsigned int, void *, struct Error **)}’
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
^~~~~~~~~~~~~~~~~~
/var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c: In function ‘qcow2_set_up_encryption’:
/var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c:2278:35: error: passing argument 3 of ‘qcrypto_block_create’ from incompatible pointer type [-Werror=incompatible-pointer-types]
qcow2_crypto_hdr_init_func,
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.h:28:0,
from /var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c:29:
/var/tmp/patchew-tester-tmp-191ln5i9/src/include/crypto/block.h:138:15: note: expected ‘QCryptoBlockInitFunc {aka long int (*)(struct QCryptoBlock *, void *, long unsigned int, struct Error **)}’ but argument is of type ‘ssize_t (*)(QCryptoBlock *, size_t, void *, Error **) {aka long int (*)(struct QCryptoBlock *, long unsigned int, void *, struct Error **)}’
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
^~~~~~~~~~~~~~~~~~~~
/var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c:2279:35: error: passing argument 4 of ‘qcrypto_block_create’ from incompatible pointer type [-Werror=incompatible-pointer-types]
qcow2_crypto_hdr_write_func,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.h:28:0,
from /var/tmp/patchew-tester-tmp-191ln5i9/src/block/qcow2.c:29:
/var/tmp/patchew-tester-tmp-191ln5i9/src/include/crypto/block.h:138:15: note: expected ‘QCryptoBlockWriteFunc {aka long int (*)(struct QCryptoBlock *, void *, long unsigned int, const unsigned char *, long unsigned int, struct Error **)}’ but argument is of type ‘ssize_t (*)(QCryptoBlock *, size_t, const uint8_t *, size_t, void *, Error **) {aka long int (*)(struct QCryptoBlock *, long unsigned int, const unsigned char *, long unsigned int, void *, struct Error **)}’
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
/var/tmp/patchew-tester-tmp-191ln5i9/src/rules.mak:69: recipe for target 'block/qcow2.o' failed
make: *** [block/qcow2.o] Error 1
make: *** Waiting for unfinished jobs....
=== OUTPUT END ===
Test command exited with code: 2
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
` (18 preceding siblings ...)
2017-04-25 15:56 ` [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support no-reply
@ 2017-04-25 17:25 ` no-reply
19 siblings, 0 replies; 40+ messages in thread
From: no-reply @ 2017-04-25 17:25 UTC (permalink / raw)
To: berrange; +Cc: famz, qemu-devel, kwolf, berto, qemu-block, mreitz
Hi,
This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.
Message-id: 20170425153858.25660-1-berrange@redhat.com
Subject: [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support
Type: series
=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
make docker-test-quick@centos6
make docker-test-mingw@fedora
make docker-test-build@min-glib
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
5853c61 block: pass option prefix down to crypto layer
d520ee5 block: remove all encryption handling APIs
21831df block: rip out all traces of password prompting
b8525d8 iotests: enable tests 134 and 158 to work with qcow (v1)
f921b52 qcow2: add iotests to cover LUKS encryption support
24921c2 qcow2: add support for LUKS encryption format
ce3d3ef qcow2: extend specification to cover LUKS encryption
d34f397 qcow2: convert QCow2 to use QCryptoBlock for encryption
b4642d4 qcow2: make qcow2_encrypt_sectors encrypt in place
a7264fa qcow: convert QCow to use QCryptoBlock for encryption
0921b2b qcow: make encrypt_sectors encrypt in place
a29311e block: deprecate "encryption=on" in favour of "encrypt.format=aes"
73d4e25 iotests: skip 048 with qcow which doesn't support resize
85013dc iotests: skip 042 with qcow which dosn't support zero sized images
c2ec616 qcow: require image size to be > 1 for new images
bf1689f qcow: document another weakness of qcow AES encryption
7b1c8e1 block: add ability to set a prefix for opt names
7308d51 block: expose crypto option names / defs to other drivers
=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-8jhc2op1/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
BUILD centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-8jhc2op1/src'
ARCHIVE qemu.tgz
ARCHIVE dtc.tgz
COPY RUNNER
RUN test-quick in qemu:centos6
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
gcc-4.4.7-17.el6.x86_64
git-1.7.1-4.el6_7.1.x86_64
glib2-devel-2.28.8-5.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64
Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ zlib-devel glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=02c8f9307716
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LANG=en_US.UTF-8
TARGET_LIST=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES= dtc
DEBUG=
G_BROKEN_FILENAMES=1
CCACHE_HASHDIR=
_=/usr/bin/env
Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu --prefix=/var/tmp/qemu-build/install
grep: scripts/tracetool/backend/*.py: No such file or directory
No C++ compiler available; disabling C++ specific optional code
Install prefix /var/tmp/qemu-build/install
BIOS directory /var/tmp/qemu-build/install/share/qemu
binary directory /var/tmp/qemu-build/install/bin
library directory /var/tmp/qemu-build/install/lib
module directory /var/tmp/qemu-build/install/lib/qemu
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory /var/tmp/qemu-build/install/etc
local state directory /var/tmp/qemu-build/install/var
Manual directory /var/tmp/qemu-build/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path /tmp/qemu-test/src
C compiler cc
Host C compiler cc
C++ compiler
Objective-C compiler cc
ARFLAGS rv
CFLAGS -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g
QEMU_CFLAGS -I/usr/include/pixman-1 -I$(SRC_PATH)/dtc/libfdt -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-all
LDFLAGS -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g
make make
install install
python python -B
smbd /usr/sbin/smbd
module support no
host CPU x86_64
host big endian no
target list x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabled no
strip binaries yes
profiler no
static build no
pixman system
SDL support yes (1.2.14)
GTK support no
GTK GL support no
VTE support no
TLS priority NORMAL
GNUTLS support no
GNUTLS rnd no
libgcrypt no
libgcrypt kdf no
nettle no
nettle kdf no
libtasn1 no
curses support no
virgl support no
curl support no
mingw32 support no
Audio drivers oss
Block whitelist (rw)
Block whitelist (ro)
VirtFS support no
VNC support yes
VNC SASL support no
VNC JPEG support no
VNC PNG support no
xen support no
brlapi support no
bluez support no
Documentation no
PIE yes
vde support no
netmap support no
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support yes
HAX support no
RDMA support no
TCG interpreter no
fdt support yes
preadv support yes
fdatasync yes
madvise yes
posix_madvise yes
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
Trace backends log
spice support no
rbd support no
xfsctl support no
smartcard support no
libusb no
usb net redir no
OpenGL support no
OpenGL dmabufs no
libiscsi support no
libnfs support no
build guest agent yes
QGA VSS support no
QGA w32 disk info no
QGA MSI support no
seccomp support no
coroutine backend ucontext
coroutine pool yes
debug stack usage no
GlusterFS support no
gcov gcov
gcov enabled no
TPM support yes
libssh2 support no
TPM passthrough yes
QOM debugging yes
lzo support no
snappy support no
bzip2 support no
NUMA host support no
tcmalloc support no
jemalloc support no
avx2 optimization no
replication support yes
VxHS block device no
mkdir -p dtc/libfdt
GEN x86_64-softmmu/config-devices.mak.tmp
mkdir -p dtc/tests
GEN aarch64-softmmu/config-devices.mak.tmp
GEN config-host.h
GEN qemu-options.def
GEN qmp-commands.h
GEN qapi-types.h
GEN qapi-visit.h
GEN qapi-event.h
GEN aarch64-softmmu/config-devices.mak
GEN x86_64-softmmu/config-devices.mak
GEN qapi-types.c
GEN qmp-marshal.c
GEN qapi-visit.c
GEN qapi-event.c
GEN qmp-introspect.h
GEN qmp-introspect.c
GEN trace/generated-tcg-tracers.h
GEN trace/generated-helpers-wrappers.h
GEN trace/generated-helpers.h
GEN trace/generated-helpers.c
GEN module_block.h
GEN tests/test-qapi-types.h
GEN tests/test-qapi-visit.h
GEN tests/test-qmp-commands.h
GEN tests/test-qapi-event.h
GEN tests/test-qmp-introspect.h
GEN trace-root.h
GEN util/trace.h
GEN crypto/trace.h
GEN io/trace.h
GEN migration/trace.h
GEN block/trace.h
GEN backends/trace.h
GEN hw/block/trace.h
GEN hw/block/dataplane/trace.h
GEN hw/char/trace.h
GEN hw/intc/trace.h
GEN hw/net/trace.h
GEN hw/virtio/trace.h
GEN hw/audio/trace.h
GEN hw/misc/trace.h
GEN hw/usb/trace.h
GEN hw/scsi/trace.h
GEN hw/nvram/trace.h
GEN hw/display/trace.h
GEN hw/input/trace.h
GEN hw/timer/trace.h
GEN hw/dma/trace.h
GEN hw/sparc/trace.h
GEN hw/sd/trace.h
GEN hw/isa/trace.h
GEN hw/mem/trace.h
GEN hw/i386/trace.h
GEN hw/i386/xen/trace.h
GEN hw/9pfs/trace.h
GEN hw/ppc/trace.h
GEN hw/pci/trace.h
GEN hw/s390x/trace.h
GEN hw/vfio/trace.h
GEN hw/acpi/trace.h
GEN hw/arm/trace.h
GEN hw/alpha/trace.h
GEN hw/xen/trace.h
GEN ui/trace.h
GEN audio/trace.h
GEN net/trace.h
GEN target/arm/trace.h
GEN target/i386/trace.h
GEN target/mips/trace.h
GEN target/sparc/trace.h
GEN target/s390x/trace.h
GEN target/ppc/trace.h
GEN qom/trace.h
GEN linux-user/trace.h
GEN qapi/trace.h
GEN trace-root.c
GEN util/trace.c
GEN crypto/trace.c
GEN io/trace.c
GEN migration/trace.c
GEN block/trace.c
GEN backends/trace.c
GEN hw/block/trace.c
GEN hw/block/dataplane/trace.c
GEN hw/char/trace.c
GEN hw/intc/trace.c
GEN hw/net/trace.c
GEN hw/virtio/trace.c
GEN hw/audio/trace.c
GEN hw/misc/trace.c
GEN hw/usb/trace.c
GEN hw/scsi/trace.c
GEN hw/nvram/trace.c
GEN hw/display/trace.c
GEN hw/input/trace.c
GEN hw/timer/trace.c
GEN hw/dma/trace.c
GEN hw/sparc/trace.c
GEN hw/sd/trace.c
GEN hw/isa/trace.c
GEN hw/mem/trace.c
GEN hw/i386/trace.c
GEN hw/i386/xen/trace.c
GEN hw/9pfs/trace.c
GEN hw/ppc/trace.c
GEN hw/pci/trace.c
GEN hw/s390x/trace.c
GEN hw/vfio/trace.c
GEN hw/acpi/trace.c
GEN hw/arm/trace.c
GEN hw/alpha/trace.c
GEN hw/xen/trace.c
GEN ui/trace.c
GEN audio/trace.c
GEN net/trace.c
GEN target/arm/trace.c
GEN target/i386/trace.c
GEN target/mips/trace.c
GEN target/sparc/trace.c
GEN target/s390x/trace.c
GEN target/ppc/trace.c
GEN qom/trace.c
GEN linux-user/trace.c
GEN qapi/trace.c
GEN config-all-devices.mak
DEP /tmp/qemu-test/src/dtc/tests/dumptrees.c
DEP /tmp/qemu-test/src/dtc/tests/trees.S
DEP /tmp/qemu-test/src/dtc/tests/testutils.c
DEP /tmp/qemu-test/src/dtc/tests/value-labels.c
DEP /tmp/qemu-test/src/dtc/tests/asm_tree_dump.c
DEP /tmp/qemu-test/src/dtc/tests/truncated_property.c
DEP /tmp/qemu-test/src/dtc/tests/check_path.c
DEP /tmp/qemu-test/src/dtc/tests/overlay_bad_fixup.c
DEP /tmp/qemu-test/src/dtc/tests/subnode_iterate.c
DEP /tmp/qemu-test/src/dtc/tests/overlay.c
DEP /tmp/qemu-test/src/dtc/tests/property_iterate.c
DEP /tmp/qemu-test/src/dtc/tests/integer-expressions.c
DEP /tmp/qemu-test/src/dtc/tests/utilfdt_test.c
DEP /tmp/qemu-test/src/dtc/tests/path_offset_aliases.c
DEP /tmp/qemu-test/src/dtc/tests/add_subnode_with_nops.c
DEP /tmp/qemu-test/src/dtc/tests/dtbs_equal_unordered.c
DEP /tmp/qemu-test/src/dtc/tests/dtb_reverse.c
DEP /tmp/qemu-test/src/dtc/tests/dtbs_equal_ordered.c
DEP /tmp/qemu-test/src/dtc/tests/extra-terminating-null.c
DEP /tmp/qemu-test/src/dtc/tests/incbin.c
DEP /tmp/qemu-test/src/dtc/tests/boot-cpuid.c
DEP /tmp/qemu-test/src/dtc/tests/phandle_format.c
DEP /tmp/qemu-test/src/dtc/tests/path-references.c
DEP /tmp/qemu-test/src/dtc/tests/references.c
DEP /tmp/qemu-test/src/dtc/tests/string_escapes.c
DEP /tmp/qemu-test/src/dtc/tests/propname_escapes.c
DEP /tmp/qemu-test/src/dtc/tests/appendprop2.c
DEP /tmp/qemu-test/src/dtc/tests/appendprop1.c
DEP /tmp/qemu-test/src/dtc/tests/del_node.c
DEP /tmp/qemu-test/src/dtc/tests/del_property.c
DEP /tmp/qemu-test/src/dtc/tests/setprop.c
DEP /tmp/qemu-test/src/dtc/tests/set_name.c
DEP /tmp/qemu-test/src/dtc/tests/rw_tree1.c
DEP /tmp/qemu-test/src/dtc/tests/open_pack.c
DEP /tmp/qemu-test/src/dtc/tests/nopulate.c
DEP /tmp/qemu-test/src/dtc/tests/mangle-layout.c
DEP /tmp/qemu-test/src/dtc/tests/move_and_save.c
DEP /tmp/qemu-test/src/dtc/tests/sw_tree1.c
DEP /tmp/qemu-test/src/dtc/tests/nop_node.c
DEP /tmp/qemu-test/src/dtc/tests/nop_property.c
DEP /tmp/qemu-test/src/dtc/tests/setprop_inplace.c
DEP /tmp/qemu-test/src/dtc/tests/stringlist.c
DEP /tmp/qemu-test/src/dtc/tests/addr_size_cells.c
DEP /tmp/qemu-test/src/dtc/tests/notfound.c
DEP /tmp/qemu-test/src/dtc/tests/sized_cells.c
DEP /tmp/qemu-test/src/dtc/tests/char_literal.c
DEP /tmp/qemu-test/src/dtc/tests/get_alias.c
DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_compatible.c
DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_phandle.c
DEP /tmp/qemu-test/src/dtc/tests/node_check_compatible.c
DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_prop_value.c
DEP /tmp/qemu-test/src/dtc/tests/parent_offset.c
DEP /tmp/qemu-test/src/dtc/tests/supernode_atdepth_offset.c
DEP /tmp/qemu-test/src/dtc/tests/get_path.c
DEP /tmp/qemu-test/src/dtc/tests/get_phandle.c
DEP /tmp/qemu-test/src/dtc/tests/getprop.c
DEP /tmp/qemu-test/src/dtc/tests/get_name.c
DEP /tmp/qemu-test/src/dtc/tests/path_offset.c
DEP /tmp/qemu-test/src/dtc/tests/subnode_offset.c
DEP /tmp/qemu-test/src/dtc/tests/find_property.c
DEP /tmp/qemu-test/src/dtc/tests/root_node.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_overlay.c
DEP /tmp/qemu-test/src/dtc/tests/get_mem_rsv.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_addresses.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_empty_tree.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_strerror.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_rw.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_sw.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_wip.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_ro.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt.c
DEP /tmp/qemu-test/src/dtc/util.c
DEP /tmp/qemu-test/src/dtc/fdtput.c
DEP /tmp/qemu-test/src/dtc/fdtget.c
DEP /tmp/qemu-test/src/dtc/fdtdump.c
LEX convert-dtsv0-lexer.lex.c
DEP /tmp/qemu-test/src/dtc/srcpos.c
make[1]: flex: Command not found
BISON dtc-parser.tab.c
LEX dtc-lexer.lex.c
make[1]: bison: Command not found
DEP /tmp/qemu-test/src/dtc/treesource.c
DEP /tmp/qemu-test/src/dtc/livetree.c
make[1]: flex: Command not found
DEP /tmp/qemu-test/src/dtc/fstree.c
DEP /tmp/qemu-test/src/dtc/flattree.c
DEP /tmp/qemu-test/src/dtc/dtc.c
DEP /tmp/qemu-test/src/dtc/data.c
DEP /tmp/qemu-test/src/dtc/checks.c
CHK version_gen.h
LEX convert-dtsv0-lexer.lex.c
make[1]: flex: Command not found
LEX dtc-lexer.lex.c
make[1]: flex: Command not found
BISON dtc-parser.tab.c
make[1]: bison: Command not found
UPD version_gen.h
DEP /tmp/qemu-test/src/dtc/util.c
LEX convert-dtsv0-lexer.lex.c
make[1]: flex: Command not found
BISON dtc-parser.tab.c
make[1]: bison: Command not found
LEX dtc-lexer.lex.c
make[1]: flex: Command not found
CC libfdt/fdt_ro.o
CC libfdt/fdt.o
CC libfdt/fdt_wip.o
CC libfdt/fdt_sw.o
CC libfdt/fdt_rw.o
CC libfdt/fdt_strerror.o
CC libfdt/fdt_empty_tree.o
CC libfdt/fdt_addresses.o
CC libfdt/fdt_overlay.o
AR libfdt/libfdt.a
ar: creating libfdt/libfdt.a
a - libfdt/fdt.o
a - libfdt/fdt_ro.o
a - libfdt/fdt_wip.o
a - libfdt/fdt_sw.o
a - libfdt/fdt_rw.o
a - libfdt/fdt_strerror.o
a - libfdt/fdt_empty_tree.o
a - libfdt/fdt_addresses.o
a - libfdt/fdt_overlay.o
BISON dtc-parser.tab.c
LEX convert-dtsv0-lexer.lex.c
make[1]: bison: Command not found
make[1]: flex: Command not found
LEX dtc-lexer.lex.c
make[1]: flex: Command not found
CC tests/qemu-iotests/socket_scm_helper.o
GEN qga/qapi-generated/qga-qapi-visit.h
GEN qga/qapi-generated/qga-qapi-types.h
GEN qga/qapi-generated/qga-qapi-types.c
GEN qga/qapi-generated/qga-qmp-commands.h
GEN qga/qapi-generated/qga-qapi-visit.c
GEN qga/qapi-generated/qga-qmp-marshal.c
CC qmp-introspect.o
CC qapi-types.o
CC qapi-visit.o
CC qapi-event.o
CC qapi/qapi-visit-core.o
CC qapi/qapi-dealloc-visitor.o
CC qapi/qobject-input-visitor.o
CC qapi/qobject-output-visitor.o
CC qapi/qmp-registry.o
CC qapi/qmp-dispatch.o
CC qapi/string-input-visitor.o
CC qapi/string-output-visitor.o
CC qapi/opts-visitor.o
CC qapi/qapi-clone-visitor.o
CC qapi/qmp-event.o
CC qapi/qapi-util.o
CC qobject/qnull.o
CC qobject/qint.o
CC qobject/qstring.o
CC qobject/qdict.o
CC qobject/qlist.o
CC qobject/qfloat.o
CC qobject/qbool.o
CC qobject/qjson.o
CC qobject/qobject.o
CC qobject/json-lexer.o
CC qobject/json-streamer.o
CC qobject/json-parser.o
CC trace/control.o
CC trace/qmp.o
CC util/osdep.o
CC util/cutils.o
CC util/unicode.o
CC util/qemu-timer-common.o
CC util/bufferiszero.o
CC util/lockcnt.o
CC util/aiocb.o
CC util/async.o
CC util/thread-pool.o
CC util/qemu-timer.o
CC util/main-loop.o
CC util/iohandler.o
CC util/aio-posix.o
CC util/compatfd.o
CC util/event_notifier-posix.o
CC util/mmap-alloc.o
CC util/oslib-posix.o
CC util/qemu-openpty.o
CC util/qemu-thread-posix.o
CC util/memfd.o
CC util/envlist.o
CC util/path.o
CC util/module.o
CC util/host-utils.o
CC util/bitmap.o
CC util/bitops.o
CC util/hbitmap.o
CC util/fifo8.o
CC util/acl.o
CC util/qemu-error.o
CC util/error.o
CC util/id.o
CC util/iov.o
CC util/qemu-sockets.o
CC util/qemu-config.o
CC util/uri.o
CC util/notify.o
CC util/qemu-option.o
CC util/qemu-progress.o
CC util/keyval.o
CC util/hexdump.o
CC util/crc32c.o
CC util/uuid.o
CC util/throttle.o
CC util/getauxval.o
CC util/readline.o
CC util/rcu.o
CC util/qemu-coroutine.o
CC util/qemu-coroutine-lock.o
CC util/qemu-coroutine-io.o
CC util/qemu-coroutine-sleep.o
CC util/coroutine-ucontext.o
CC util/buffer.o
CC util/timed-average.o
CC util/base64.o
CC util/log.o
CC util/qdist.o
CC util/qht.o
CC util/range.o
CC util/systemd.o
CC trace-root.o
CC util/trace.o
CC crypto/trace.o
CC io/trace.o
CC migration/trace.o
CC block/trace.o
CC backends/trace.o
CC hw/block/trace.o
CC hw/block/dataplane/trace.o
CC hw/char/trace.o
CC hw/intc/trace.o
CC hw/net/trace.o
CC hw/virtio/trace.o
CC hw/audio/trace.o
CC hw/misc/trace.o
CC hw/usb/trace.o
CC hw/scsi/trace.o
CC hw/nvram/trace.o
CC hw/display/trace.o
CC hw/input/trace.o
CC hw/timer/trace.o
CC hw/dma/trace.o
CC hw/sparc/trace.o
CC hw/sd/trace.o
CC hw/isa/trace.o
CC hw/mem/trace.o
CC hw/i386/trace.o
CC hw/i386/xen/trace.o
CC hw/9pfs/trace.o
CC hw/ppc/trace.o
CC hw/pci/trace.o
CC hw/s390x/trace.o
CC hw/vfio/trace.o
CC hw/acpi/trace.o
CC hw/arm/trace.o
CC hw/alpha/trace.o
CC hw/xen/trace.o
CC ui/trace.o
CC audio/trace.o
CC net/trace.o
CC target/arm/trace.o
CC target/i386/trace.o
CC target/mips/trace.o
CC target/sparc/trace.o
CC target/s390x/trace.o
CC target/ppc/trace.o
CC qom/trace.o
CC linux-user/trace.o
CC qapi/trace.o
CC crypto/pbkdf-stub.o
CC stubs/arch-query-cpu-def.o
CC stubs/arch-query-cpu-model-expansion.o
CC stubs/arch-query-cpu-model-comparison.o
CC stubs/arch-query-cpu-model-baseline.o
CC stubs/bdrv-next-monitor-owned.o
CC stubs/blk-commit-all.o
CC stubs/blockdev-close-all-bdrv-states.o
CC stubs/clock-warp.o
CC stubs/cpu-get-clock.o
CC stubs/cpu-get-icount.o
CC stubs/dump.o
CC stubs/error-printf.o
CC stubs/fdset.o
CC stubs/gdbstub.o
CC stubs/get-vm-name.o
CC stubs/iothread.o
CC stubs/iothread-lock.o
CC stubs/is-daemonized.o
CC stubs/machine-init-done.o
CC stubs/migr-blocker.o
CC stubs/monitor.o
CC stubs/notify-event.o
CC stubs/qtest.o
CC stubs/runstate-check.o
CC stubs/set-fd-handler.o
CC stubs/replay.o
CC stubs/slirp.o
CC stubs/sysbus.o
CC stubs/trace-control.o
CC stubs/uuid.o
CC stubs/vm-stop.o
CC stubs/vmstate.o
CC stubs/qmp_pc_dimm_device_list.o
CC stubs/target-monitor-defs.o
CC stubs/target-get-monitor-def.o
CC stubs/pc_madt_cpu_entry.o
CC stubs/vmgenid.o
CC contrib/ivshmem-client/ivshmem-client.o
CC contrib/ivshmem-server/ivshmem-server.o
CC contrib/ivshmem-client/main.o
CC contrib/ivshmem-server/main.o
CC qemu-nbd.o
CC block.o
CC blockjob.o
CC qemu-io-cmds.o
CC replication.o
CC block/raw-format.o
CC block/qcow.o
CC block/vdi.o
CC block/vmdk.o
CC block/cloop.o
CC block/bochs.o
CC block/vpc.o
CC block/vvfat.o
CC block/dmg.o
CC block/qcow2.o
CC block/qcow2-refcount.o
CC block/qcow2-cluster.o
CC block/qcow2-snapshot.o
CC block/qcow2-cache.o
CC block/qed.o
CC block/qed-gencb.o
CC block/qed-l2-cache.o
CC block/qed-table.o
CC block/qed-cluster.o
/tmp/qemu-test/src/block/qcow2.c: In function ‘qcow2_read_extensions’:
/tmp/qemu-test/src/block/qcow2.c:284: warning: passing argument 3 of ‘qcrypto_block_open’ from incompatible pointer type
/tmp/qemu-test/src/include/crypto/block.h:105: note: expected ‘QCryptoBlockReadFunc’ but argument is of type ‘ssize_t (*)(struct QCryptoBlock *, size_t, uint8_t *, size_t, void *, struct Error **)’
/tmp/qemu-test/src/block/qcow2.c: In function ‘qcow2_set_up_encryption’:
/tmp/qemu-test/src/block/qcow2.c:2280: warning: passing argument 3 of ‘qcrypto_block_create’ from incompatible pointer type
/tmp/qemu-test/src/include/crypto/block.h:138: note: expected ‘QCryptoBlockInitFunc’ but argument is of type ‘ssize_t (*)(struct QCryptoBlock *, size_t, void *, struct Error **)’
/tmp/qemu-test/src/block/qcow2.c:2280: warning: passing argument 4 of ‘qcrypto_block_create’ from incompatible pointer type
/tmp/qemu-test/src/include/crypto/block.h:138: note: expected ‘QCryptoBlockWriteFunc’ but argument is of type ‘ssize_t (*)(struct QCryptoBlock *, size_t, const uint8_t *, size_t, void *, struct Error **)’
CC block/qed-check.o
CC block/vhdx.o
CC block/vhdx-endian.o
CC block/vhdx-log.o
CC block/quorum.o
CC block/parallels.o
CC block/blkdebug.o
CC block/blkreplay.o
CC block/blkverify.o
CC block/block-backend.o
CC block/snapshot.o
CC block/qapi.o
CC block/file-posix.o
CC block/null.o
CC block/mirror.o
CC block/commit.o
CC block/io.o
CC block/throttle-groups.o
CC block/nbd.o
CC block/nbd-client.o
CC block/sheepdog.o
CC block/accounting.o
CC block/dirty-bitmap.o
CC block/write-threshold.o
CC block/backup.o
CC block/replication.o
CC block/crypto.o
CC nbd/server.o
CC nbd/client.o
CC nbd/common.o
CC crypto/init.o
CC crypto/hash.o
CC crypto/hash-glib.o
CC crypto/hmac.o
CC crypto/hmac-glib.o
CC crypto/aes.o
CC crypto/desrfb.o
CC crypto/cipher.o
CC crypto/tlscreds.o
CC crypto/tlscredsanon.o
CC crypto/tlscredsx509.o
CC crypto/tlssession.o
CC crypto/secret.o
CC crypto/random-platform.o
CC crypto/pbkdf.o
CC crypto/ivgen.o
CC crypto/ivgen-essiv.o
CC crypto/ivgen-plain.o
CC crypto/ivgen-plain64.o
CC crypto/afsplit.o
CC crypto/xts.o
CC crypto/block.o
CC crypto/block-qcow.o
CC crypto/block-luks.o
CC io/channel.o
CC io/channel-command.o
CC io/channel-buffer.o
CC io/channel-file.o
CC io/channel-socket.o
CC io/channel-tls.o
CC io/channel-watch.o
CC io/channel-websock.o
CC io/channel-util.o
CC io/dns-resolver.o
CC io/task.o
CC qom/object.o
CC qom/container.o
CC qom/qom-qobject.o
CC qom/object_interfaces.o
GEN qemu-img-cmds.h
CC qemu-io.o
CC qemu-bridge-helper.o
CC blockdev.o
CC blockdev-nbd.o
CC iothread.o
CC qdev-monitor.o
CC device-hotplug.o
CC os-posix.o
CC page_cache.o
CC accel.o
CC bt-host.o
CC bt-vhci.o
CC dma-helpers.o
CC vl.o
CC tpm.o
CC device_tree.o
CC qmp-marshal.o
CC qmp.o
CC hmp.o
CC cpus-common.o
CC audio/audio.o
CC audio/noaudio.o
CC audio/wavaudio.o
CC audio/mixeng.o
CC audio/sdlaudio.o
CC audio/ossaudio.o
CC audio/wavcapture.o
CC backends/rng.o
CC backends/rng-egd.o
CC backends/rng-random.o
CC backends/msmouse.o
CC backends/wctablet.o
CC backends/testdev.o
CC backends/tpm.o
CC backends/hostmem.o
CC backends/hostmem-ram.o
CC backends/hostmem-file.o
CC backends/cryptodev.o
CC backends/cryptodev-builtin.o
CC block/stream.o
CC disas/arm.o
CC disas/i386.o
CC fsdev/qemu-fsdev-dummy.o
CC fsdev/qemu-fsdev-opts.o
CC fsdev/qemu-fsdev-throttle.o
CC hw/acpi/core.o
CC hw/acpi/piix4.o
CC hw/acpi/pcihp.o
CC hw/acpi/ich9.o
CC hw/acpi/tco.o
CC hw/acpi/cpu_hotplug.o
CC hw/acpi/memory_hotplug.o
CC hw/acpi/cpu.o
CC hw/acpi/nvdimm.o
CC hw/acpi/vmgenid.o
CC hw/acpi/acpi_interface.o
CC hw/acpi/bios-linker-loader.o
CC hw/acpi/aml-build.o
CC hw/acpi/ipmi.o
CC hw/acpi/acpi-stub.o
CC hw/acpi/ipmi-stub.o
CC hw/audio/sb16.o
CC hw/audio/es1370.o
CC hw/audio/ac97.o
CC hw/audio/fmopl.o
CC hw/audio/adlib.o
CC hw/audio/gus.o
CC hw/audio/gusemu_hal.o
CC hw/audio/gusemu_mixer.o
CC hw/audio/cs4231a.o
CC hw/audio/intel-hda.o
CC hw/audio/hda-codec.o
CC hw/audio/pcspk.o
CC hw/audio/wm8750.o
CC hw/audio/pl041.o
CC hw/audio/lm4549.o
CC hw/audio/marvell_88w8618.o
CC hw/block/block.o
CC hw/block/cdrom.o
CC hw/block/hd-geometry.o
CC hw/block/fdc.o
CC hw/block/m25p80.o
CC hw/block/nand.o
CC hw/block/pflash_cfi01.o
CC hw/block/pflash_cfi02.o
CC hw/block/ecc.o
CC hw/block/onenand.o
CC hw/block/nvme.o
CC hw/bt/core.o
CC hw/bt/l2cap.o
CC hw/bt/sdp.o
CC hw/bt/hci.o
CC hw/bt/hid.o
CC hw/bt/hci-csr.o
CC hw/char/ipoctal232.o
CC hw/char/parallel.o
CC hw/char/pl011.o
CC hw/char/serial.o
CC hw/char/serial-isa.o
CC hw/char/serial-pci.o
CC hw/char/virtio-console.o
CC hw/char/cadence_uart.o
CC hw/char/debugcon.o
CC hw/char/imx_serial.o
CC hw/core/qdev.o
CC hw/core/qdev-properties.o
CC hw/core/bus.o
CC hw/core/reset.o
CC hw/core/fw-path-provider.o
CC hw/core/irq.o
CC hw/core/hotplug.o
CC hw/core/ptimer.o
CC hw/core/sysbus.o
CC hw/core/machine.o
CC hw/core/loader.o
CC hw/core/qdev-properties-system.o
CC hw/core/register.o
CC hw/core/or-irq.o
CC hw/core/platform-bus.o
CC hw/display/ads7846.o
CC hw/display/cirrus_vga.o
CC hw/display/pl110.o
CC hw/display/ssd0303.o
CC hw/display/ssd0323.o
CC hw/display/vga-pci.o
CC hw/display/vga-isa.o
CC hw/display/vmware_vga.o
CC hw/display/blizzard.o
CC hw/display/exynos4210_fimd.o
CC hw/display/framebuffer.o
CC hw/display/tc6393xb.o
CC hw/dma/pl080.o
CC hw/dma/pl330.o
CC hw/dma/i8257.o
CC hw/dma/xlnx-zynq-devcfg.o
CC hw/gpio/max7310.o
CC hw/gpio/pl061.o
CC hw/gpio/zaurus.o
CC hw/gpio/gpio_key.o
CC hw/i2c/core.o
CC hw/i2c/smbus.o
CC hw/i2c/smbus_eeprom.o
CC hw/i2c/i2c-ddc.o
CC hw/i2c/versatile_i2c.o
CC hw/i2c/smbus_ich9.o
CC hw/i2c/pm_smbus.o
CC hw/i2c/bitbang_i2c.o
CC hw/i2c/exynos4210_i2c.o
CC hw/i2c/imx_i2c.o
CC hw/i2c/aspeed_i2c.o
CC hw/ide/core.o
CC hw/ide/atapi.o
CC hw/ide/qdev.o
CC hw/ide/pci.o
CC hw/ide/isa.o
CC hw/ide/piix.o
CC hw/ide/microdrive.o
CC hw/ide/ahci.o
CC hw/ide/ich.o
CC hw/input/hid.o
CC hw/input/lm832x.o
CC hw/input/pckbd.o
CC hw/input/pl050.o
CC hw/input/ps2.o
CC hw/input/stellaris_input.o
CC hw/input/tsc2005.o
CC hw/input/vmmouse.o
CC hw/input/virtio-input.o
CC hw/input/virtio-input-hid.o
CC hw/input/virtio-input-host.o
CC hw/intc/i8259_common.o
CC hw/intc/i8259.o
CC hw/intc/pl190.o
CC hw/intc/imx_avic.o
CC hw/intc/realview_gic.o
CC hw/intc/ioapic_common.o
CC hw/intc/arm_gic_common.o
CC hw/intc/arm_gic.o
CC hw/intc/arm_gicv2m.o
CC hw/intc/arm_gicv3_common.o
CC hw/intc/arm_gicv3.o
CC hw/intc/arm_gicv3_dist.o
CC hw/intc/arm_gicv3_redist.o
CC hw/intc/arm_gicv3_its_common.o
CC hw/intc/intc.o
CC hw/ipack/ipack.o
CC hw/ipack/tpci200.o
CC hw/ipmi/ipmi.o
CC hw/ipmi/ipmi_bmc_sim.o
CC hw/ipmi/ipmi_bmc_extern.o
CC hw/ipmi/isa_ipmi_kcs.o
CC hw/ipmi/isa_ipmi_bt.o
CC hw/isa/isa-bus.o
CC hw/isa/apm.o
CC hw/mem/pc-dimm.o
CC hw/mem/nvdimm.o
CC hw/misc/applesmc.o
CC hw/misc/max111x.o
CC hw/misc/tmp105.o
CC hw/misc/debugexit.o
CC hw/misc/sga.o
CC hw/misc/pc-testdev.o
CC hw/misc/pci-testdev.o
CC hw/misc/unimp.o
CC hw/misc/arm_l2x0.o
CC hw/misc/arm_integrator_debug.o
CC hw/misc/a9scu.o
CC hw/misc/arm11scu.o
CC hw/net/ne2000.o
CC hw/net/eepro100.o
CC hw/net/pcnet-pci.o
CC hw/net/pcnet.o
CC hw/net/e1000.o
CC hw/net/net_tx_pkt.o
CC hw/net/e1000x_common.o
CC hw/net/net_rx_pkt.o
CC hw/net/e1000e.o
CC hw/net/e1000e_core.o
CC hw/net/rtl8139.o
CC hw/net/vmxnet3.o
CC hw/net/smc91c111.o
CC hw/net/lan9118.o
CC hw/net/ne2000-isa.o
CC hw/net/xgmac.o
CC hw/net/allwinner_emac.o
CC hw/net/imx_fec.o
CC hw/net/cadence_gem.o
CC hw/net/stellaris_enet.o
CC hw/net/ftgmac100.o
CC hw/net/rocker/rocker.o
CC hw/net/rocker/rocker_fp.o
CC hw/net/rocker/rocker_desc.o
CC hw/net/rocker/rocker_world.o
CC hw/net/rocker/rocker_of_dpa.o
CC hw/nvram/eeprom93xx.o
CC hw/nvram/fw_cfg.o
CC hw/nvram/chrp_nvram.o
CC hw/pci-bridge/pci_bridge_dev.o
CC hw/pci-bridge/pcie_root_port.o
CC hw/pci-bridge/gen_pcie_root_port.o
CC hw/pci-bridge/pci_expander_bridge.o
CC hw/pci-bridge/xio3130_upstream.o
CC hw/pci-bridge/xio3130_downstream.o
CC hw/pci-bridge/ioh3420.o
CC hw/pci-bridge/i82801b11.o
CC hw/pci-host/pam.o
CC hw/pci-host/versatile.o
CC hw/pci-host/piix.o
CC hw/pci-host/q35.o
CC hw/pci-host/gpex.o
CC hw/pci/pci.o
CC hw/pci/pci_bridge.o
CC hw/pci/msix.o
CC hw/pci/msi.o
CC hw/pci/shpc.o
CC hw/pci/slotid_cap.o
CC hw/pci/pci_host.o
CC hw/pci/pcie_host.o
CC hw/pci/pcie.o
CC hw/pci/pcie_aer.o
CC hw/pci/pcie_port.o
CC hw/pci/pci-stub.o
CC hw/pcmcia/pcmcia.o
CC hw/scsi/scsi-disk.o
CC hw/scsi/scsi-generic.o
CC hw/scsi/scsi-bus.o
CC hw/scsi/lsi53c895a.o
CC hw/scsi/mptsas.o
CC hw/scsi/mptconfig.o
CC hw/scsi/mptendian.o
CC hw/scsi/megasas.o
CC hw/scsi/vmw_pvscsi.o
CC hw/scsi/esp.o
CC hw/scsi/esp-pci.o
CC hw/sd/pl181.o
CC hw/sd/ssi-sd.o
CC hw/sd/sd.o
CC hw/sd/core.o
CC hw/sd/sdhci.o
CC hw/smbios/smbios.o
CC hw/smbios/smbios_type_38.o
CC hw/smbios/smbios-stub.o
CC hw/smbios/smbios_type_38-stub.o
CC hw/ssi/pl022.o
CC hw/ssi/ssi.o
CC hw/ssi/xilinx_spips.o
CC hw/ssi/aspeed_smc.o
CC hw/ssi/stm32f2xx_spi.o
CC hw/timer/arm_timer.o
CC hw/timer/arm_mptimer.o
CC hw/timer/armv7m_systick.o
CC hw/timer/a9gtimer.o
CC hw/timer/cadence_ttc.o
CC hw/timer/ds1338.o
CC hw/timer/hpet.o
CC hw/timer/i8254_common.o
CC hw/timer/i8254.o
CC hw/timer/pl031.o
CC hw/timer/twl92230.o
CC hw/timer/imx_epit.o
CC hw/timer/imx_gpt.o
CC hw/timer/stm32f2xx_timer.o
CC hw/timer/aspeed_timer.o
CC hw/tpm/tpm_tis.o
CC hw/tpm/tpm_passthrough.o
CC hw/tpm/tpm_util.o
CC hw/usb/core.o
CC hw/usb/combined-packet.o
CC hw/usb/bus.o
CC hw/usb/libhw.o
CC hw/usb/desc.o
CC hw/usb/desc-msos.o
CC hw/usb/hcd-uhci.o
CC hw/usb/hcd-ohci.o
CC hw/usb/hcd-ehci-sysbus.o
CC hw/usb/hcd-ehci.o
CC hw/usb/hcd-ehci-pci.o
CC hw/usb/hcd-xhci.o
CC hw/usb/hcd-musb.o
CC hw/usb/dev-hub.o
CC hw/usb/dev-hid.o
CC hw/usb/dev-wacom.o
CC hw/usb/dev-storage.o
CC hw/usb/dev-uas.o
CC hw/usb/dev-audio.o
CC hw/usb/dev-serial.o
CC hw/usb/dev-network.o
CC hw/usb/dev-bluetooth.o
CC hw/usb/dev-smartcard-reader.o
CC hw/usb/dev-mtp.o
CC hw/usb/host-stub.o
CC hw/virtio/virtio-rng.o
CC hw/virtio/virtio-pci.o
CC hw/virtio/virtio-bus.o
CC hw/virtio/virtio-mmio.o
CC hw/virtio/vhost-stub.o
CC hw/watchdog/watchdog.o
CC hw/watchdog/wdt_i6300esb.o
CC hw/watchdog/wdt_ib700.o
CC hw/watchdog/wdt_aspeed.o
CC migration/migration.o
CC migration/socket.o
CC migration/fd.o
CC migration/exec.o
CC migration/tls.o
CC migration/colo-comm.o
CC migration/colo.o
CC migration/colo-failover.o
CC migration/vmstate.o
CC migration/qemu-file.o
CC migration/qemu-file-channel.o
CC migration/xbzrle.o
CC migration/postcopy-ram.o
CC migration/qjson.o
CC migration/block.o
CC net/net.o
CC net/queue.o
CC net/checksum.o
CC net/hub.o
CC net/util.o
CC net/socket.o
CC net/dump.o
CC net/eth.o
CC net/l2tpv3.o
CC net/tap.o
CC net/vhost-user.o
CC net/tap-linux.o
CC net/slirp.o
CC net/filter.o
CC net/filter-buffer.o
CC net/colo-compare.o
CC net/filter-mirror.o
CC net/colo.o
CC net/filter-rewriter.o
CC net/filter-replay.o
CC qom/cpu.o
CC replay/replay.o
CC replay/replay-internal.o
CC replay/replay-events.o
CC replay/replay-time.o
CC replay/replay-input.o
CC replay/replay-char.o
CC replay/replay-snapshot.o
CC replay/replay-net.o
CC replay/replay-audio.o
CC slirp/cksum.o
/tmp/qemu-test/src/replay/replay-internal.c: In function ‘replay_put_array’:
/tmp/qemu-test/src/replay/replay-internal.c:65: warning: ignoring return value of ‘fwrite’, declared with attribute warn_unused_result
CC slirp/if.o
CC slirp/ip_icmp.o
CC slirp/ip6_icmp.o
CC slirp/ip6_input.o
CC slirp/ip6_output.o
CC slirp/ip_input.o
CC slirp/ip_output.o
CC slirp/dnssearch.o
CC slirp/dhcpv6.o
CC slirp/slirp.o
CC slirp/mbuf.o
CC slirp/misc.o
CC slirp/sbuf.o
CC slirp/socket.o
CC slirp/tcp_input.o
CC slirp/tcp_output.o
CC slirp/tcp_subr.o
CC slirp/tcp_timer.o
CC slirp/udp.o
CC slirp/udp6.o
CC slirp/bootp.o
CC slirp/tftp.o
CC slirp/arp_table.o
CC slirp/ndp_table.o
CC slirp/ncsi.o
/tmp/qemu-test/src/slirp/tcp_input.c: In function ‘tcp_input’:
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_p’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_len’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_tos’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_id’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_off’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_ttl’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_sum’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_src.s_addr’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_dst.s_addr’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:220: warning: ‘save_ip6.ip_nh’ may be used uninitialized in this function
CC ui/keymaps.o
CC ui/console.o
CC ui/cursor.o
CC ui/qemu-pixman.o
CC ui/input.o
CC ui/input-keymap.o
CC ui/input-legacy.o
CC ui/input-linux.o
CC ui/sdl.o
CC ui/sdl_zoom.o
CC ui/x_keymap.o
CC ui/vnc.o
CC ui/vnc-enc-zlib.o
CC ui/vnc-enc-hextile.o
CC ui/vnc-enc-tight.o
CC ui/vnc-palette.o
CC ui/vnc-enc-zrle.o
CC ui/vnc-auth-vencrypt.o
CC ui/vnc-ws.o
CC ui/vnc-jobs.o
CC chardev/char.o
CC chardev/char-fd.o
CC chardev/char-file.o
CC chardev/char-io.o
CC chardev/char-mux.o
CC chardev/char-null.o
CC chardev/char-parallel.o
CC chardev/char-pipe.o
CC chardev/char-pty.o
CC chardev/char-ringbuf.o
CC chardev/char-serial.o
CC chardev/char-socket.o
CC chardev/char-stdio.o
CC chardev/char-udp.o
LINK tests/qemu-iotests/socket_scm_helper
CC qga/commands.o
CC qga/guest-agent-command-state.o
CC qga/main.o
AS optionrom/multiboot.o
AS optionrom/linuxboot.o
CC optionrom/linuxboot_dma.o
cc: unrecognized option '-no-integrated-as'
cc: unrecognized option '-no-integrated-as'
AS optionrom/kvmvapic.o
CC qga/commands-posix.o
BUILD optionrom/multiboot.img
BUILD optionrom/linuxboot.img
BUILD optionrom/linuxboot_dma.img
BUILD optionrom/kvmvapic.img
BUILD optionrom/multiboot.raw
BUILD optionrom/linuxboot.raw
CC qga/channel-posix.o
CC qga/qapi-generated/qga-qapi-types.o
CC qga/qapi-generated/qga-qapi-visit.o
CC qga/qapi-generated/qga-qmp-marshal.o
AR libqemuutil.a
AR libqemustub.a
CC qemu-img.o
BUILD optionrom/linuxboot_dma.raw
BUILD optionrom/kvmvapic.raw
SIGN optionrom/multiboot.bin
SIGN optionrom/linuxboot.bin
SIGN optionrom/linuxboot_dma.bin
SIGN optionrom/kvmvapic.bin
LINK qemu-io
LINK qemu-bridge-helper
LINK ivshmem-client
LINK ivshmem-server
LINK qemu-nbd
LINK qemu-img
GEN x86_64-softmmu/hmp-commands.h
GEN x86_64-softmmu/config-target.h
GEN x86_64-softmmu/hmp-commands-info.h
CC x86_64-softmmu/exec.o
CC x86_64-softmmu/cpu-exec.o
CC x86_64-softmmu/translate-common.o
CC x86_64-softmmu/tcg/tcg.o
CC x86_64-softmmu/cpu-exec-common.o
CC x86_64-softmmu/tcg/tcg-op.o
CC x86_64-softmmu/translate-all.o
GEN aarch64-softmmu/hmp-commands.h
GEN aarch64-softmmu/hmp-commands-info.h
GEN aarch64-softmmu/config-target.h
CC aarch64-softmmu/exec.o
CC aarch64-softmmu/translate-all.o
CC aarch64-softmmu/cpu-exec.o
CC aarch64-softmmu/translate-common.o
CC aarch64-softmmu/cpu-exec-common.o
CC aarch64-softmmu/tcg/tcg.o
CC aarch64-softmmu/tcg/tcg-op.o
CC x86_64-softmmu/tcg/optimize.o
CC x86_64-softmmu/tcg/tcg-common.o
LINK qemu-ga
CC aarch64-softmmu/tcg/optimize.o
CC x86_64-softmmu/fpu/softfloat.o
CC aarch64-softmmu/tcg/tcg-common.o
CC aarch64-softmmu/fpu/softfloat.o
CC x86_64-softmmu/disas.o
CC aarch64-softmmu/disas.o
CC x86_64-softmmu/tcg-runtime.o
CC x86_64-softmmu/hax-stub.o
CC aarch64-softmmu/tcg-runtime.o
GEN aarch64-softmmu/gdbstub-xml.c
CC aarch64-softmmu/hax-stub.o
CC x86_64-softmmu/arch_init.o
CC aarch64-softmmu/kvm-stub.o
CC aarch64-softmmu/arch_init.o
CC aarch64-softmmu/cpus.o
CC aarch64-softmmu/monitor.o
CC x86_64-softmmu/cpus.o
CC x86_64-softmmu/monitor.o
CC aarch64-softmmu/gdbstub.o
CC aarch64-softmmu/balloon.o
CC aarch64-softmmu/ioport.o
CC x86_64-softmmu/gdbstub.o
CC aarch64-softmmu/numa.o
CC aarch64-softmmu/qtest.o
CC x86_64-softmmu/balloon.o
CC x86_64-softmmu/ioport.o
CC aarch64-softmmu/bootdevice.o
CC x86_64-softmmu/numa.o
CC aarch64-softmmu/memory.o
CC x86_64-softmmu/qtest.o
CC aarch64-softmmu/cputlb.o
CC x86_64-softmmu/bootdevice.o
CC x86_64-softmmu/kvm-all.o
CC x86_64-softmmu/memory.o
CC x86_64-softmmu/cputlb.o
CC aarch64-softmmu/memory_mapping.o
CC x86_64-softmmu/memory_mapping.o
CC aarch64-softmmu/dump.o
CC x86_64-softmmu/dump.o
CC aarch64-softmmu/migration/ram.o
CC x86_64-softmmu/migration/ram.o
CC aarch64-softmmu/migration/savevm.o
CC aarch64-softmmu/xen-common-stub.o
CC x86_64-softmmu/migration/savevm.o
CC aarch64-softmmu/xen-hvm-stub.o
CC x86_64-softmmu/xen-common-stub.o
CC aarch64-softmmu/hw/adc/stm32f2xx_adc.o
CC aarch64-softmmu/hw/block/virtio-blk.o
CC x86_64-softmmu/xen-hvm-stub.o
CC aarch64-softmmu/hw/block/dataplane/virtio-blk.o
CC aarch64-softmmu/hw/char/exynos4210_uart.o
CC x86_64-softmmu/hw/block/virtio-blk.o
CC aarch64-softmmu/hw/char/omap_uart.o
CC aarch64-softmmu/hw/char/digic-uart.o
CC aarch64-softmmu/hw/char/stm32f2xx_usart.o
CC x86_64-softmmu/hw/block/dataplane/virtio-blk.o
CC aarch64-softmmu/hw/char/bcm2835_aux.o
CC aarch64-softmmu/hw/char/virtio-serial-bus.o
CC x86_64-softmmu/hw/char/virtio-serial-bus.o
CC aarch64-softmmu/hw/core/nmi.o
CC aarch64-softmmu/hw/core/generic-loader.o
CC x86_64-softmmu/hw/core/nmi.o
CC aarch64-softmmu/hw/core/null-machine.o
CC aarch64-softmmu/hw/cpu/arm11mpcore.o
CC aarch64-softmmu/hw/cpu/realview_mpcore.o
CC x86_64-softmmu/hw/core/generic-loader.o
CC aarch64-softmmu/hw/cpu/a9mpcore.o
CC aarch64-softmmu/hw/cpu/a15mpcore.o
CC aarch64-softmmu/hw/cpu/core.o
CC aarch64-softmmu/hw/display/omap_dss.o
CC x86_64-softmmu/hw/core/null-machine.o
CC x86_64-softmmu/hw/cpu/core.o
CC aarch64-softmmu/hw/display/omap_lcdc.o
CC aarch64-softmmu/hw/display/pxa2xx_lcd.o
CC aarch64-softmmu/hw/display/bcm2835_fb.o
CC aarch64-softmmu/hw/display/vga.o
CC aarch64-softmmu/hw/display/virtio-gpu.o
CC x86_64-softmmu/hw/display/vga.o
CC x86_64-softmmu/hw/display/virtio-gpu.o
CC aarch64-softmmu/hw/display/virtio-gpu-3d.o
CC aarch64-softmmu/hw/display/virtio-gpu-pci.o
CC aarch64-softmmu/hw/display/dpcd.o
CC aarch64-softmmu/hw/display/xlnx_dp.o
CC aarch64-softmmu/hw/dma/xlnx_dpdma.o
CC x86_64-softmmu/hw/display/virtio-gpu-3d.o
CC aarch64-softmmu/hw/dma/omap_dma.o
CC aarch64-softmmu/hw/dma/soc_dma.o
CC aarch64-softmmu/hw/dma/pxa2xx_dma.o
CC aarch64-softmmu/hw/dma/bcm2835_dma.o
CC x86_64-softmmu/hw/display/virtio-gpu-pci.o
CC aarch64-softmmu/hw/gpio/omap_gpio.o
CC aarch64-softmmu/hw/gpio/imx_gpio.o
CC aarch64-softmmu/hw/gpio/bcm2835_gpio.o
CC x86_64-softmmu/hw/display/virtio-vga.o
CC aarch64-softmmu/hw/i2c/omap_i2c.o
CC x86_64-softmmu/hw/intc/apic.o
CC aarch64-softmmu/hw/input/pxa2xx_keypad.o
CC aarch64-softmmu/hw/input/tsc210x.o
CC aarch64-softmmu/hw/intc/armv7m_nvic.o
CC aarch64-softmmu/hw/intc/exynos4210_gic.o
CC aarch64-softmmu/hw/intc/exynos4210_combiner.o
CC aarch64-softmmu/hw/intc/omap_intc.o
CC aarch64-softmmu/hw/intc/bcm2835_ic.o
CC aarch64-softmmu/hw/intc/bcm2836_control.o
CC x86_64-softmmu/hw/intc/apic_common.o
CC aarch64-softmmu/hw/intc/allwinner-a10-pic.o
CC aarch64-softmmu/hw/intc/aspeed_vic.o
CC aarch64-softmmu/hw/intc/arm_gicv3_cpuif.o
CC aarch64-softmmu/hw/misc/ivshmem.o
CC x86_64-softmmu/hw/intc/ioapic.o
CC aarch64-softmmu/hw/misc/arm_sysctl.o
CC aarch64-softmmu/hw/misc/cbus.o
CC aarch64-softmmu/hw/misc/exynos4210_pmu.o
CC aarch64-softmmu/hw/misc/exynos4210_clk.o
CC aarch64-softmmu/hw/misc/imx_ccm.o
CC aarch64-softmmu/hw/misc/imx31_ccm.o
CC aarch64-softmmu/hw/misc/imx25_ccm.o
CC aarch64-softmmu/hw/misc/imx6_ccm.o
CC aarch64-softmmu/hw/misc/imx6_src.o
CC aarch64-softmmu/hw/misc/mst_fpga.o
CC aarch64-softmmu/hw/misc/omap_clk.o
CC aarch64-softmmu/hw/misc/omap_gpmc.o
CC aarch64-softmmu/hw/misc/omap_l4.o
CC aarch64-softmmu/hw/misc/omap_sdrc.o
CC aarch64-softmmu/hw/misc/omap_tap.o
CC aarch64-softmmu/hw/misc/bcm2835_mbox.o
CC aarch64-softmmu/hw/misc/bcm2835_property.o
CC aarch64-softmmu/hw/misc/bcm2835_rng.o
CC aarch64-softmmu/hw/misc/zynq_slcr.o
CC aarch64-softmmu/hw/misc/zynq-xadc.o
CC aarch64-softmmu/hw/misc/stm32f2xx_syscfg.o
CC aarch64-softmmu/hw/misc/edu.o
CC aarch64-softmmu/hw/misc/auxbus.o
CC aarch64-softmmu/hw/misc/aspeed_scu.o
CC aarch64-softmmu/hw/misc/aspeed_sdmc.o
CC aarch64-softmmu/hw/net/virtio-net.o
CC aarch64-softmmu/hw/net/vhost_net.o
CC aarch64-softmmu/hw/pcmcia/pxa2xx.o
CC aarch64-softmmu/hw/scsi/virtio-scsi.o
CC aarch64-softmmu/hw/scsi/virtio-scsi-dataplane.o
CC aarch64-softmmu/hw/scsi/vhost-scsi.o
CC aarch64-softmmu/hw/sd/omap_mmc.o
CC aarch64-softmmu/hw/sd/pxa2xx_mmci.o
CC aarch64-softmmu/hw/sd/bcm2835_sdhost.o
CC aarch64-softmmu/hw/ssi/omap_spi.o
CC aarch64-softmmu/hw/ssi/imx_spi.o
CC aarch64-softmmu/hw/timer/exynos4210_mct.o
CC aarch64-softmmu/hw/timer/exynos4210_pwm.o
CC aarch64-softmmu/hw/timer/exynos4210_rtc.o
CC aarch64-softmmu/hw/timer/omap_gptimer.o
CC aarch64-softmmu/hw/timer/omap_synctimer.o
CC x86_64-softmmu/hw/isa/lpc_ich9.o
CC aarch64-softmmu/hw/timer/pxa2xx_timer.o
CC x86_64-softmmu/hw/misc/vmport.o
CC aarch64-softmmu/hw/timer/digic-timer.o
CC aarch64-softmmu/hw/timer/allwinner-a10-pit.o
CC aarch64-softmmu/hw/usb/tusb6010.o
CC aarch64-softmmu/hw/vfio/common.o
CC aarch64-softmmu/hw/vfio/pci.o
CC aarch64-softmmu/hw/vfio/pci-quirks.o
CC x86_64-softmmu/hw/misc/ivshmem.o
CC x86_64-softmmu/hw/misc/pvpanic.o
CC aarch64-softmmu/hw/vfio/platform.o
CC aarch64-softmmu/hw/vfio/calxeda-xgmac.o
CC x86_64-softmmu/hw/misc/edu.o
CC aarch64-softmmu/hw/vfio/amd-xgbe.o
CC x86_64-softmmu/hw/misc/hyperv_testdev.o
CC aarch64-softmmu/hw/vfio/spapr.o
CC aarch64-softmmu/hw/virtio/virtio.o
CC aarch64-softmmu/hw/virtio/virtio-balloon.o
CC aarch64-softmmu/hw/virtio/vhost.o
CC x86_64-softmmu/hw/net/virtio-net.o
CC x86_64-softmmu/hw/net/vhost_net.o
CC aarch64-softmmu/hw/virtio/vhost-backend.o
CC aarch64-softmmu/hw/virtio/vhost-user.o
CC aarch64-softmmu/hw/virtio/vhost-vsock.o
CC aarch64-softmmu/hw/virtio/virtio-crypto.o
CC aarch64-softmmu/hw/virtio/virtio-crypto-pci.o
CC x86_64-softmmu/hw/scsi/virtio-scsi.o
CC aarch64-softmmu/hw/arm/boot.o
CC aarch64-softmmu/hw/arm/collie.o
CC aarch64-softmmu/hw/arm/exynos4_boards.o
CC aarch64-softmmu/hw/arm/gumstix.o
CC x86_64-softmmu/hw/scsi/virtio-scsi-dataplane.o
CC x86_64-softmmu/hw/scsi/vhost-scsi.o
CC x86_64-softmmu/hw/timer/mc146818rtc.o
CC aarch64-softmmu/hw/arm/highbank.o
CC x86_64-softmmu/hw/vfio/common.o
CC aarch64-softmmu/hw/arm/digic_boards.o
CC aarch64-softmmu/hw/arm/integratorcp.o
CC x86_64-softmmu/hw/vfio/pci.o
CC aarch64-softmmu/hw/arm/mainstone.o
CC x86_64-softmmu/hw/vfio/pci-quirks.o
CC aarch64-softmmu/hw/arm/musicpal.o
CC aarch64-softmmu/hw/arm/nseries.o
CC aarch64-softmmu/hw/arm/omap_sx1.o
CC aarch64-softmmu/hw/arm/palm.o
CC aarch64-softmmu/hw/arm/realview.o
CC aarch64-softmmu/hw/arm/spitz.o
CC aarch64-softmmu/hw/arm/stellaris.o
CC aarch64-softmmu/hw/arm/tosa.o
CC aarch64-softmmu/hw/arm/versatilepb.o
CC x86_64-softmmu/hw/vfio/platform.o
CC aarch64-softmmu/hw/arm/vexpress.o
CC aarch64-softmmu/hw/arm/virt.o
CC x86_64-softmmu/hw/vfio/spapr.o
CC aarch64-softmmu/hw/arm/xilinx_zynq.o
CC aarch64-softmmu/hw/arm/z2.o
CC aarch64-softmmu/hw/arm/virt-acpi-build.o
CC aarch64-softmmu/hw/arm/netduino2.o
CC x86_64-softmmu/hw/virtio/virtio.o
CC aarch64-softmmu/hw/arm/sysbus-fdt.o
CC x86_64-softmmu/hw/virtio/virtio-balloon.o
CC x86_64-softmmu/hw/virtio/vhost.o
CC aarch64-softmmu/hw/arm/armv7m.o
CC aarch64-softmmu/hw/arm/exynos4210.o
CC aarch64-softmmu/hw/arm/pxa2xx.o
CC aarch64-softmmu/hw/arm/pxa2xx_gpio.o
CC aarch64-softmmu/hw/arm/pxa2xx_pic.o
CC aarch64-softmmu/hw/arm/digic.o
CC x86_64-softmmu/hw/virtio/vhost-backend.o
CC aarch64-softmmu/hw/arm/omap1.o
CC aarch64-softmmu/hw/arm/omap2.o
CC x86_64-softmmu/hw/virtio/vhost-user.o
CC x86_64-softmmu/hw/virtio/vhost-vsock.o
CC aarch64-softmmu/hw/arm/strongarm.o
CC aarch64-softmmu/hw/arm/allwinner-a10.o
CC aarch64-softmmu/hw/arm/cubieboard.o
CC aarch64-softmmu/hw/arm/bcm2835_peripherals.o
CC x86_64-softmmu/hw/virtio/virtio-crypto.o
CC x86_64-softmmu/hw/virtio/virtio-crypto-pci.o
CC aarch64-softmmu/hw/arm/bcm2836.o
CC aarch64-softmmu/hw/arm/raspi.o
CC aarch64-softmmu/hw/arm/stm32f205_soc.o
CC aarch64-softmmu/hw/arm/xlnx-zynqmp.o
CC x86_64-softmmu/hw/i386/multiboot.o
CC aarch64-softmmu/hw/arm/xlnx-ep108.o
CC aarch64-softmmu/hw/arm/fsl-imx25.o
CC aarch64-softmmu/hw/arm/imx25_pdk.o
CC aarch64-softmmu/hw/arm/fsl-imx31.o
CC x86_64-softmmu/hw/i386/pc.o
CC aarch64-softmmu/hw/arm/kzm.o
CC x86_64-softmmu/hw/i386/pc_piix.o
CC aarch64-softmmu/hw/arm/fsl-imx6.o
CC aarch64-softmmu/hw/arm/sabrelite.o
CC aarch64-softmmu/hw/arm/aspeed_soc.o
CC aarch64-softmmu/hw/arm/aspeed.o
CC aarch64-softmmu/target/arm/arm-semi.o
CC aarch64-softmmu/target/arm/machine.o
CC aarch64-softmmu/target/arm/psci.o
CC aarch64-softmmu/target/arm/arch_dump.o
CC aarch64-softmmu/target/arm/monitor.o
/tmp/qemu-test/src/hw/i386/pc_piix.c: In function ‘igd_passthrough_isa_bridge_create’:
/tmp/qemu-test/src/hw/i386/pc_piix.c:1055: warning: ‘pch_rev_id’ may be used uninitialized in this function
CC x86_64-softmmu/hw/i386/pc_q35.o
CC aarch64-softmmu/target/arm/kvm-stub.o
CC aarch64-softmmu/target/arm/translate.o
CC aarch64-softmmu/target/arm/op_helper.o
CC x86_64-softmmu/hw/i386/pc_sysfw.o
CC aarch64-softmmu/target/arm/helper.o
CC aarch64-softmmu/target/arm/cpu.o
CC aarch64-softmmu/target/arm/neon_helper.o
CC aarch64-softmmu/target/arm/iwmmxt_helper.o
CC x86_64-softmmu/hw/i386/x86-iommu.o
CC aarch64-softmmu/target/arm/gdbstub.o
CC x86_64-softmmu/hw/i386/intel_iommu.o
CC aarch64-softmmu/target/arm/cpu64.o
CC aarch64-softmmu/target/arm/translate-a64.o
CC aarch64-softmmu/target/arm/helper-a64.o
CC aarch64-softmmu/target/arm/gdbstub64.o
CC aarch64-softmmu/target/arm/crypto_helper.o
CC aarch64-softmmu/target/arm/arm-powerctl.o
GEN trace/generated-helpers.c
CC aarch64-softmmu/trace/control-target.o
CC x86_64-softmmu/hw/i386/amd_iommu.o
CC aarch64-softmmu/gdbstub-xml.o
CC aarch64-softmmu/trace/generated-helpers.o
CC x86_64-softmmu/hw/i386/kvmvapic.o
CC x86_64-softmmu/hw/i386/acpi-build.o
CC x86_64-softmmu/hw/i386/pci-assign-load-rom.o
CC x86_64-softmmu/hw/i386/kvm/clock.o
CC x86_64-softmmu/hw/i386/kvm/apic.o
CC x86_64-softmmu/hw/i386/kvm/i8259.o
CC x86_64-softmmu/hw/i386/kvm/ioapic.o
CC x86_64-softmmu/hw/i386/kvm/i8254.o
CC x86_64-softmmu/hw/i386/kvm/pci-assign.o
CC x86_64-softmmu/target/i386/translate.o
CC x86_64-softmmu/target/i386/helper.o
CC x86_64-softmmu/target/i386/cpu.o
CC x86_64-softmmu/target/i386/bpt_helper.o
/tmp/qemu-test/src/hw/i386/acpi-build.c: In function ‘build_append_pci_bus_devices’:
/tmp/qemu-test/src/hw/i386/acpi-build.c:496: warning: ‘notify_method’ may be used uninitialized in this function
/tmp/qemu-test/src/target/arm/translate-a64.c: In function ‘handle_shri_with_rndacc’:
/tmp/qemu-test/src/target/arm/translate-a64.c:6359: warning: ‘tcg_src_hi’ may be used uninitialized in this function
/tmp/qemu-test/src/target/arm/translate-a64.c: In function ‘disas_simd_scalar_two_reg_misc’:
/tmp/qemu-test/src/target/arm/translate-a64.c:8086: warning: ‘rmode’ may be used uninitialized in this function
CC x86_64-softmmu/target/i386/misc_helper.o
CC x86_64-softmmu/target/i386/excp_helper.o
CC x86_64-softmmu/target/i386/smm_helper.o
CC x86_64-softmmu/target/i386/fpu_helper.o
CC x86_64-softmmu/target/i386/svm_helper.o
CC x86_64-softmmu/target/i386/int_helper.o
CC x86_64-softmmu/target/i386/cc_helper.o
LINK aarch64-softmmu/qemu-system-aarch64
CC x86_64-softmmu/target/i386/mem_helper.o
CC x86_64-softmmu/target/i386/seg_helper.o
CC x86_64-softmmu/target/i386/mpx_helper.o
CC x86_64-softmmu/target/i386/gdbstub.o
CC x86_64-softmmu/target/i386/machine.o
CC x86_64-softmmu/target/i386/arch_memory_mapping.o
CC x86_64-softmmu/target/i386/arch_dump.o
CC x86_64-softmmu/target/i386/monitor.o
CC x86_64-softmmu/target/i386/kvm.o
CC x86_64-softmmu/target/i386/hyperv.o
GEN trace/generated-helpers.c
CC x86_64-softmmu/trace/control-target.o
CC x86_64-softmmu/trace/generated-helpers.o
LINK x86_64-softmmu/qemu-system-x86_64
BISON dtc-parser.tab.c
make[1]: bison: Command not found
LEX convert-dtsv0-lexer.lex.c
make[1]: flex: Command not found
LEX dtc-lexer.lex.c
make[1]: flex: Command not found
TEST tests/qapi-schema/alternate-any.out
TEST tests/qapi-schema/alternate-clash.out
TEST tests/qapi-schema/alternate-array.out
TEST tests/qapi-schema/alternate-base.out
TEST tests/qapi-schema/alternate-conflict-dict.out
TEST tests/qapi-schema/alternate-empty.out
TEST tests/qapi-schema/alternate-conflict-string.out
TEST tests/qapi-schema/alternate-nested.out
TEST tests/qapi-schema/alternate-unknown.out
TEST tests/qapi-schema/args-alternate.out
TEST tests/qapi-schema/args-any.out
TEST tests/qapi-schema/args-array-empty.out
TEST tests/qapi-schema/args-array-unknown.out
TEST tests/qapi-schema/args-bad-boxed.out
TEST tests/qapi-schema/args-boxed-anon.out
TEST tests/qapi-schema/args-boxed-empty.out
TEST tests/qapi-schema/args-boxed-string.out
TEST tests/qapi-schema/args-int.out
TEST tests/qapi-schema/args-invalid.out
TEST tests/qapi-schema/args-member-array-bad.out
TEST tests/qapi-schema/args-member-case.out
TEST tests/qapi-schema/args-member-unknown.out
TEST tests/qapi-schema/args-name-clash.out
TEST tests/qapi-schema/args-union.out
TEST tests/qapi-schema/bad-base.out
TEST tests/qapi-schema/args-unknown.out
TEST tests/qapi-schema/bad-data.out
TEST tests/qapi-schema/bad-ident.out
TEST tests/qapi-schema/bad-type-bool.out
TEST tests/qapi-schema/bad-type-dict.out
TEST tests/qapi-schema/bad-type-int.out
TEST tests/qapi-schema/base-cycle-direct.out
TEST tests/qapi-schema/base-cycle-indirect.out
TEST tests/qapi-schema/command-int.out
TEST tests/qapi-schema/comments.out
TEST tests/qapi-schema/doc-bad-alternate-member.out
TEST tests/qapi-schema/doc-bad-command-arg.out
TEST tests/qapi-schema/doc-bad-symbol.out
TEST tests/qapi-schema/doc-bad-union-member.out
TEST tests/qapi-schema/doc-before-include.out
TEST tests/qapi-schema/doc-before-pragma.out
TEST tests/qapi-schema/doc-duplicated-arg.out
TEST tests/qapi-schema/doc-duplicated-return.out
TEST tests/qapi-schema/doc-duplicated-since.out
TEST tests/qapi-schema/doc-empty-arg.out
TEST tests/qapi-schema/doc-empty-section.out
TEST tests/qapi-schema/doc-empty-symbol.out
TEST tests/qapi-schema/doc-good.out
TEST tests/qapi-schema/doc-interleaved-section.out
TEST tests/qapi-schema/doc-invalid-end.out
TEST tests/qapi-schema/doc-invalid-end2.out
TEST tests/qapi-schema/doc-invalid-return.out
TEST tests/qapi-schema/doc-invalid-section.out
TEST tests/qapi-schema/doc-invalid-start.out
TEST tests/qapi-schema/doc-missing.out
TEST tests/qapi-schema/doc-missing-colon.out
TEST tests/qapi-schema/doc-missing-expr.out
TEST tests/qapi-schema/doc-missing-space.out
TEST tests/qapi-schema/doc-no-symbol.out
TEST tests/qapi-schema/double-data.out
TEST tests/qapi-schema/double-type.out
TEST tests/qapi-schema/duplicate-key.out
TEST tests/qapi-schema/empty.out
TEST tests/qapi-schema/enum-bad-name.out
TEST tests/qapi-schema/enum-clash-member.out
TEST tests/qapi-schema/enum-bad-prefix.out
TEST tests/qapi-schema/enum-dict-member.out
TEST tests/qapi-schema/enum-int-member.out
TEST tests/qapi-schema/enum-member-case.out
TEST tests/qapi-schema/enum-missing-data.out
TEST tests/qapi-schema/enum-wrong-data.out
TEST tests/qapi-schema/escape-outside-string.out
TEST tests/qapi-schema/escape-too-big.out
TEST tests/qapi-schema/escape-too-short.out
TEST tests/qapi-schema/event-boxed-empty.out
TEST tests/qapi-schema/event-case.out
TEST tests/qapi-schema/event-nest-struct.out
TEST tests/qapi-schema/flat-union-array-branch.out
TEST tests/qapi-schema/flat-union-bad-base.out
TEST tests/qapi-schema/flat-union-bad-discriminator.out
TEST tests/qapi-schema/flat-union-base-any.out
TEST tests/qapi-schema/flat-union-base-union.out
TEST tests/qapi-schema/flat-union-clash-member.out
TEST tests/qapi-schema/flat-union-empty.out
TEST tests/qapi-schema/flat-union-incomplete-branch.out
TEST tests/qapi-schema/flat-union-inline.out
TEST tests/qapi-schema/flat-union-int-branch.out
TEST tests/qapi-schema/flat-union-invalid-branch-key.out
TEST tests/qapi-schema/flat-union-invalid-discriminator.out
TEST tests/qapi-schema/flat-union-no-base.out
TEST tests/qapi-schema/flat-union-optional-discriminator.out
TEST tests/qapi-schema/flat-union-string-discriminator.out
TEST tests/qapi-schema/funny-char.out
TEST tests/qapi-schema/ident-with-escape.out
TEST tests/qapi-schema/include-before-err.out
TEST tests/qapi-schema/include-cycle.out
TEST tests/qapi-schema/include-extra-junk.out
TEST tests/qapi-schema/include-format-err.out
TEST tests/qapi-schema/include-nested-err.out
TEST tests/qapi-schema/include-no-file.out
TEST tests/qapi-schema/include-non-file.out
TEST tests/qapi-schema/include-relpath.out
TEST tests/qapi-schema/include-repetition.out
TEST tests/qapi-schema/include-self-cycle.out
TEST tests/qapi-schema/include-simple.out
TEST tests/qapi-schema/indented-expr.out
TEST tests/qapi-schema/leading-comma-list.out
TEST tests/qapi-schema/leading-comma-object.out
TEST tests/qapi-schema/missing-comma-list.out
TEST tests/qapi-schema/missing-colon.out
TEST tests/qapi-schema/missing-comma-object.out
TEST tests/qapi-schema/missing-type.out
TEST tests/qapi-schema/non-objects.out
TEST tests/qapi-schema/nested-struct-data.out
TEST tests/qapi-schema/pragma-doc-required-crap.out
TEST tests/qapi-schema/pragma-extra-junk.out
TEST tests/qapi-schema/pragma-name-case-whitelist-crap.out
TEST tests/qapi-schema/pragma-non-dict.out
TEST tests/qapi-schema/pragma-returns-whitelist-crap.out
TEST tests/qapi-schema/qapi-schema-test.out
TEST tests/qapi-schema/quoted-structural-chars.out
TEST tests/qapi-schema/redefined-builtin.out
TEST tests/qapi-schema/redefined-command.out
TEST tests/qapi-schema/redefined-event.out
TEST tests/qapi-schema/redefined-type.out
TEST tests/qapi-schema/reserved-command-q.out
TEST tests/qapi-schema/reserved-enum-q.out
TEST tests/qapi-schema/reserved-member-has.out
TEST tests/qapi-schema/reserved-member-q.out
TEST tests/qapi-schema/reserved-member-u.out
TEST tests/qapi-schema/reserved-member-underscore.out
TEST tests/qapi-schema/reserved-type-kind.out
TEST tests/qapi-schema/reserved-type-list.out
TEST tests/qapi-schema/returns-alternate.out
TEST tests/qapi-schema/returns-array-bad.out
TEST tests/qapi-schema/returns-dict.out
TEST tests/qapi-schema/returns-unknown.out
TEST tests/qapi-schema/returns-whitelist.out
TEST tests/qapi-schema/struct-base-clash-deep.out
TEST tests/qapi-schema/struct-base-clash.out
TEST tests/qapi-schema/struct-member-invalid.out
TEST tests/qapi-schema/struct-data-invalid.out
TEST tests/qapi-schema/trailing-comma-list.out
TEST tests/qapi-schema/trailing-comma-object.out
TEST tests/qapi-schema/type-bypass-bad-gen.out
TEST tests/qapi-schema/unclosed-list.out
TEST tests/qapi-schema/unclosed-object.out
TEST tests/qapi-schema/unclosed-string.out
TEST tests/qapi-schema/unicode-str.out
TEST tests/qapi-schema/union-base-empty.out
TEST tests/qapi-schema/union-base-no-discriminator.out
TEST tests/qapi-schema/union-branch-case.out
TEST tests/qapi-schema/union-clash-branches.out
TEST tests/qapi-schema/union-empty.out
TEST tests/qapi-schema/union-invalid-base.out
TEST tests/qapi-schema/union-optional-branch.out
TEST tests/qapi-schema/union-unknown.out
TEST tests/qapi-schema/unknown-escape.out
TEST tests/qapi-schema/unknown-expr-key.out
GEN tests/qapi-schema/doc-good.test.texi
CC tests/check-qdict.o
CC tests/test-char.o
CC tests/check-qint.o
CC tests/check-qfloat.o
CC tests/check-qstring.o
CC tests/check-qlist.o
CC tests/check-qnull.o
CC tests/check-qjson.o
CC tests/test-qobject-output-visitor.o
GEN tests/test-qapi-visit.c
GEN tests/test-qapi-types.c
GEN tests/test-qapi-event.c
GEN tests/test-qmp-introspect.c
CC tests/test-clone-visitor.o
CC tests/test-qobject-input-visitor.o
CC tests/test-qmp-commands.o
GEN tests/test-qmp-marshal.c
CC tests/test-string-input-visitor.o
CC tests/test-string-output-visitor.o
CC tests/test-qmp-event.o
CC tests/test-opts-visitor.o
CC tests/test-coroutine.o
CC tests/iothread.o
CC tests/test-visitor-serialization.o
CC tests/test-iov.o
CC tests/test-aio.o
CC tests/test-aio-multithread.o
CC tests/test-throttle.o
CC tests/test-thread-pool.o
CC tests/test-hbitmap.o
CC tests/test-blockjob.o
CC tests/test-blockjob-txn.o
CC tests/test-x86-cpuid.o
CC tests/test-xbzrle.o
CC tests/test-vmstate.o
CC tests/test-cutils.o
CC tests/test-shift128.o
CC tests/test-mul64.o
CC tests/test-int128.o
CC tests/rcutorture.o
CC tests/test-rcu-list.o
CC tests/test-qdist.o
CC tests/test-qht.o
CC tests/test-qht-par.o
/tmp/qemu-test/src/tests/test-int128.c:180: warning: ‘__noclone__’ attribute directive ignored
CC tests/qht-bench.o
CC tests/test-bitops.o
CC tests/test-bitcnt.o
CC tests/check-qom-interface.o
CC tests/check-qom-proplist.o
CC tests/test-qemu-opts.o
CC tests/test-keyval.o
CC tests/test-write-threshold.o
CC tests/test-crypto-hash.o
CC tests/test-crypto-hmac.o
CC tests/test-crypto-cipher.o
CC tests/test-crypto-secret.o
CC tests/test-qga.o
CC tests/libqtest.o
CC tests/test-timed-average.o
CC tests/test-io-task.o
CC tests/test-io-channel-socket.o
CC tests/io-channel-helpers.o
CC tests/test-io-channel-file.o
CC tests/test-io-channel-command.o
CC tests/test-io-channel-buffer.o
CC tests/test-base64.o
CC tests/test-crypto-ivgen.o
CC tests/test-crypto-afsplit.o
CC tests/test-crypto-xts.o
CC tests/test-crypto-block.o
CC tests/test-logging.o
CC tests/test-replication.o
CC tests/test-bufferiszero.o
CC tests/test-uuid.o
CC tests/ptimer-test.o
CC tests/ptimer-test-stubs.o
CC tests/test-qapi-util.o
CC tests/vhost-user-test.o
CC tests/libqos/pci.o
CC tests/libqos/fw_cfg.o
CC tests/libqos/malloc.o
CC tests/libqos/i2c.o
CC tests/libqos/libqos.o
CC tests/libqos/malloc-spapr.o
CC tests/libqos/libqos-spapr.o
CC tests/libqos/rtas.o
CC tests/libqos/pci-spapr.o
CC tests/libqos/pci-pc.o
CC tests/libqos/malloc-pc.o
CC tests/libqos/libqos-pc.o
CC tests/libqos/ahci.o
CC tests/libqos/virtio.o
CC tests/libqos/virtio-pci.o
CC tests/libqos/virtio-mmio.o
CC tests/libqos/malloc-generic.o
CC tests/endianness-test.o
CC tests/fdc-test.o
CC tests/ide-test.o
CC tests/ahci-test.o
CC tests/hd-geo-test.o
CC tests/boot-order-test.o
CC tests/bios-tables-test.o
CC tests/boot-sector.o
CC tests/acpi-utils.o
CC tests/boot-serial-test.o
/tmp/qemu-test/src/tests/ide-test.c: In function ‘cdrom_pio_impl’:
/tmp/qemu-test/src/tests/ide-test.c:803: warning: ignoring return value of ‘fwrite’, declared with attribute warn_unused_result
/tmp/qemu-test/src/tests/ide-test.c: In function ‘test_cdrom_dma’:
/tmp/qemu-test/src/tests/ide-test.c:899: warning: ignoring return value of ‘fwrite’, declared with attribute warn_unused_result
CC tests/pxe-test.o
CC tests/rtc-test.o
CC tests/ipmi-kcs-test.o
CC tests/ipmi-bt-test.o
CC tests/i440fx-test.o
CC tests/fw_cfg-test.o
CC tests/drive_del-test.o
CC tests/wdt_ib700-test.o
CC tests/tco-test.o
CC tests/e1000-test.o
CC tests/e1000e-test.o
CC tests/rtl8139-test.o
CC tests/pcnet-test.o
CC tests/eepro100-test.o
CC tests/ne2000-test.o
CC tests/nvme-test.o
CC tests/ac97-test.o
CC tests/es1370-test.o
CC tests/virtio-net-test.o
CC tests/virtio-balloon-test.o
CC tests/virtio-blk-test.o
CC tests/virtio-scsi-test.o
CC tests/virtio-rng-test.o
CC tests/virtio-serial-test.o
CC tests/virtio-console-test.o
CC tests/tpci200-test.o
CC tests/ipoctal232-test.o
CC tests/display-vga-test.o
CC tests/intel-hda-test.o
CC tests/vmxnet3-test.o
CC tests/pvpanic-test.o
CC tests/i82801b11-test.o
CC tests/ivshmem-test.o
CC tests/ioh3420-test.o
CC tests/usb-hcd-ohci-test.o
CC tests/libqos/usb.o
CC tests/usb-hcd-uhci-test.o
CC tests/usb-hcd-ehci-test.o
CC tests/usb-hcd-xhci-test.o
CC tests/pc-cpu-test.o
CC tests/q35-test.o
CC tests/test-netfilter.o
CC tests/test-filter-mirror.o
CC tests/test-filter-redirector.o
CC tests/postcopy-test.o
CC tests/test-x86-cpuid-compat.o
CC tests/qmp-test.o
CC tests/device-introspect-test.o
CC tests/qom-test.o
LINK tests/check-qdict
LINK tests/test-char
LINK tests/check-qfloat
LINK tests/check-qint
LINK tests/check-qstring
LINK tests/check-qlist
LINK tests/check-qnull
LINK tests/check-qjson
CC tests/test-qapi-visit.o
CC tests/test-qapi-types.o
CC tests/test-qapi-event.o
CC tests/test-qmp-introspect.o
CC tests/test-qmp-marshal.o
LINK tests/test-coroutine
LINK tests/test-iov
LINK tests/test-aio
LINK tests/test-aio-multithread
LINK tests/test-throttle
LINK tests/test-thread-pool
LINK tests/test-hbitmap
LINK tests/test-blockjob
LINK tests/test-blockjob-txn
LINK tests/test-x86-cpuid
LINK tests/test-xbzrle
LINK tests/test-vmstate
LINK tests/test-cutils
LINK tests/test-shift128
LINK tests/test-mul64
LINK tests/test-int128
LINK tests/rcutorture
LINK tests/test-rcu-list
LINK tests/test-qdist
LINK tests/test-qht
LINK tests/qht-bench
LINK tests/test-bitops
LINK tests/test-bitcnt
LINK tests/check-qom-interface
LINK tests/check-qom-proplist
LINK tests/test-qemu-opts
LINK tests/test-write-threshold
LINK tests/test-crypto-hash
LINK tests/test-crypto-hmac
LINK tests/test-crypto-cipher
LINK tests/test-crypto-secret
LINK tests/test-qga
LINK tests/test-timed-average
LINK tests/test-io-task
LINK tests/test-io-channel-socket
LINK tests/test-io-channel-file
LINK tests/test-io-channel-command
LINK tests/test-io-channel-buffer
LINK tests/test-base64
LINK tests/test-crypto-ivgen
LINK tests/test-crypto-afsplit
LINK tests/test-crypto-xts
LINK tests/test-crypto-block
LINK tests/test-logging
LINK tests/test-replication
LINK tests/test-bufferiszero
LINK tests/test-uuid
LINK tests/ptimer-test
LINK tests/test-qapi-util
LINK tests/vhost-user-test
LINK tests/endianness-test
LINK tests/fdc-test
LINK tests/ide-test
LINK tests/ahci-test
LINK tests/hd-geo-test
LINK tests/boot-order-test
LINK tests/bios-tables-test
LINK tests/boot-serial-test
LINK tests/pxe-test
LINK tests/rtc-test
LINK tests/ipmi-kcs-test
LINK tests/ipmi-bt-test
LINK tests/i440fx-test
LINK tests/fw_cfg-test
LINK tests/drive_del-test
LINK tests/wdt_ib700-test
LINK tests/tco-test
LINK tests/e1000-test
LINK tests/e1000e-test
LINK tests/rtl8139-test
LINK tests/pcnet-test
LINK tests/eepro100-test
LINK tests/ne2000-test
LINK tests/nvme-test
LINK tests/ac97-test
LINK tests/es1370-test
LINK tests/virtio-net-test
LINK tests/virtio-balloon-test
LINK tests/virtio-blk-test
LINK tests/virtio-rng-test
LINK tests/virtio-scsi-test
LINK tests/virtio-serial-test
LINK tests/virtio-console-test
LINK tests/tpci200-test
LINK tests/ipoctal232-test
LINK tests/display-vga-test
LINK tests/intel-hda-test
LINK tests/ivshmem-test
LINK tests/vmxnet3-test
LINK tests/pvpanic-test
LINK tests/i82801b11-test
LINK tests/ioh3420-test
LINK tests/usb-hcd-ohci-test
LINK tests/usb-hcd-uhci-test
LINK tests/usb-hcd-ehci-test
LINK tests/usb-hcd-xhci-test
LINK tests/pc-cpu-test
LINK tests/q35-test
LINK tests/test-netfilter
LINK tests/test-filter-mirror
LINK tests/test-filter-redirector
LINK tests/postcopy-test
LINK tests/test-x86-cpuid-compat
LINK tests/qmp-test
LINK tests/device-introspect-test
LINK tests/qom-test
GTESTER tests/check-qdict
GTESTER tests/test-char
GTESTER tests/check-qfloat
GTESTER tests/check-qint
GTESTER tests/check-qstring
GTESTER tests/check-qnull
GTESTER tests/check-qlist
GTESTER tests/check-qjson
LINK tests/test-qobject-output-visitor
LINK tests/test-clone-visitor
LINK tests/test-qobject-input-visitor
LINK tests/test-string-input-visitor
LINK tests/test-string-output-visitor
LINK tests/test-qmp-event
LINK tests/test-opts-visitor
GTESTER tests/test-coroutine
GTESTER tests/test-aio
LINK tests/test-visitor-serialization
GTESTER tests/test-iov
GTESTER tests/test-throttle
GTESTER tests/test-aio-multithread
GTESTER tests/test-thread-pool
GTESTER tests/test-hbitmap
GTESTER tests/test-blockjob
GTESTER tests/test-blockjob-txn
GTESTER tests/test-x86-cpuid
GTESTER tests/test-xbzrle
GTESTER tests/test-vmstate
Failed to load simple/primitive:b_1
Failed to load simple/primitive:i64_2
Failed to load simple/primitive:i32_1
Failed to load simple/primitive:i32_1
Failed to load test/with_tmp:a
Failed to load test/tmp_child_parent:f
Failed to load test/tmp_child:parent
Failed to load test/with_tmp:tmp
Failed to load test/tmp_child:diff
Failed to load test/with_tmp:tmp
Failed to load test/tmp_child:diff
Failed to load test/with_tmp:tmp
GTESTER tests/test-cutils
GTESTER tests/test-shift128
GTESTER tests/test-mul64
GTESTER tests/test-int128
GTESTER tests/rcutorture
GTESTER tests/test-rcu-list
GTESTER tests/test-qdist
GTESTER tests/test-qht
LINK tests/test-qht-par
GTESTER tests/test-bitops
GTESTER tests/test-bitcnt
GTESTER tests/check-qom-interface
GTESTER tests/check-qom-proplist
GTESTER tests/test-qemu-opts
LINK tests/test-keyval
GTESTER tests/test-write-threshold
GTESTER tests/test-crypto-hash
GTESTER tests/test-crypto-hmac
GTESTER tests/test-crypto-cipher
GTESTER tests/test-crypto-secret
GTESTER tests/test-qga
GTESTER tests/test-timed-average
GTESTER tests/test-io-task
GTESTER tests/test-io-channel-socket
GTESTER tests/test-io-channel-file
GTESTER tests/test-io-channel-command
GTESTER tests/test-io-channel-buffer
GTESTER tests/test-base64
GTESTER tests/test-crypto-ivgen
GTESTER tests/test-crypto-afsplit
GTESTER tests/test-crypto-xts
GTESTER tests/test-crypto-block
GTESTER tests/test-logging
GTESTER tests/test-replication
GTESTER tests/test-bufferiszero
GTESTER tests/test-uuid
GTESTER tests/ptimer-test
GTESTER tests/test-qapi-util
GTESTER check-qtest-x86_64
GTESTER check-qtest-aarch64
GTESTER tests/test-qobject-output-visitor
GTESTER tests/test-clone-visitor
GTESTER tests/test-qobject-input-visitor
LINK tests/test-qmp-commands
GTESTER tests/test-string-input-visitor
GTESTER tests/test-string-output-visitor
GTESTER tests/test-qmp-event
GTESTER tests/test-opts-visitor
GTESTER tests/test-visitor-serialization
GTESTER tests/test-qht-par
GTESTER tests/test-keyval
GTESTER tests/test-qmp-commands
socket_accept failed: Resource temporarily unavailable
**
ERROR:/tmp/qemu-test/src/tests/libqtest.c:209:qtest_init_without_qmp_handshake: assertion failed: (s->fd >= 0 && s->qmp_fd >= 0)
GTester: last random seed: R02S85da0e44d8feae0ed253638f8b4dfc0d
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
make[1]: Leaving directory '/var/tmp/patchew-tester-tmp-8jhc2op1/src'
BUILD fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-8jhc2op1/src'
ARCHIVE qemu.tgz
ARCHIVE dtc.tgz
COPY RUNNER
RUN test-mingw in qemu:fedora
Packages installed:
PyYAML-3.11-13.fc25.x86_64
SDL-devel-1.2.15-21.fc24.x86_64
bc-1.06.95-16.fc24.x86_64
bison-3.0.4-4.fc24.x86_64
ccache-3.3.4-1.fc25.x86_64
clang-3.9.1-2.fc25.x86_64
findutils-4.6.0-8.fc25.x86_64
flex-2.6.0-3.fc25.x86_64
gcc-6.3.1-1.fc25.x86_64
gcc-c++-6.3.1-1.fc25.x86_64
git-2.9.3-2.fc25.x86_64
glib2-devel-2.50.3-1.fc25.x86_64
libfdt-devel-1.4.2-1.fc25.x86_64
make-4.1-5.fc24.x86_64
mingw32-SDL-1.2.15-7.fc24.noarch
mingw32-bzip2-1.0.6-7.fc24.noarch
mingw32-curl-7.47.0-1.fc24.noarch
mingw32-glib2-2.50.1-1.fc25.noarch
mingw32-gmp-6.1.1-1.fc25.noarch
mingw32-gnutls-3.5.5-2.fc25.noarch
mingw32-gtk2-2.24.31-2.fc25.noarch
mingw32-gtk3-3.22.2-1.fc25.noarch
mingw32-libjpeg-turbo-1.5.1-1.fc25.noarch
mingw32-libpng-1.6.27-1.fc25.noarch
mingw32-libssh2-1.4.3-5.fc24.noarch
mingw32-libtasn1-4.9-1.fc25.noarch
mingw32-nettle-3.3-1.fc25.noarch
mingw32-pixman-0.34.0-1.fc25.noarch
mingw32-pkg-config-0.28-6.fc24.x86_64
mingw64-SDL-1.2.15-7.fc24.noarch
mingw64-bzip2-1.0.6-7.fc24.noarch
mingw64-curl-7.47.0-1.fc24.noarch
mingw64-glib2-2.50.1-1.fc25.noarch
mingw64-gmp-6.1.1-1.fc25.noarch
mingw64-gnutls-3.5.5-2.fc25.noarch
mingw64-gtk2-2.24.31-2.fc25.noarch
mingw64-gtk3-3.22.2-1.fc25.noarch
mingw64-libjpeg-turbo-1.5.1-1.fc25.noarch
mingw64-libpng-1.6.27-1.fc25.noarch
mingw64-libssh2-1.4.3-5.fc24.noarch
mingw64-libtasn1-4.9-1.fc25.noarch
mingw64-nettle-3.3-1.fc25.noarch
mingw64-pixman-0.34.0-1.fc25.noarch
mingw64-pkg-config-0.28-6.fc24.x86_64
package python2 is not installed
perl-5.24.1-385.fc25.x86_64
pixman-devel-0.34.0-2.fc24.x86_64
sparse-0.5.0-10.fc25.x86_64
tar-1.29-3.fc25.x86_64
which-2.21-1.fc25.x86_64
zlib-devel-1.2.8-10.fc24.x86_64
Environment variables:
FBR=f25
PACKAGES=ccache git tar PyYAML sparse flex bison python2 glib2-devel pixman-devel zlib-devel SDL-devel libfdt-devel gcc gcc-c++ clang make perl which bc findutils mingw32-pixman mingw32-glib2 mingw32-gmp mingw32-SDL mingw32-pkg-config mingw32-gtk2 mingw32-gtk3 mingw32-gnutls mingw32-nettle mingw32-libtasn1 mingw32-libjpeg-turbo mingw32-libpng mingw32-curl mingw32-libssh2 mingw32-bzip2 mingw64-pixman mingw64-glib2 mingw64-gmp mingw64-SDL mingw64-pkg-config mingw64-gtk2 mingw64-gtk3 mingw64-gnutls mingw64-nettle mingw64-libtasn1 mingw64-libjpeg-turbo mingw64-libpng mingw64-curl mingw64-libssh2 mingw64-bzip2
HOSTNAME=
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.m4a=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.oga=01;36:*.opus=01;36:*.spx=01;36:*.xspf=01;36:
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
HISTCONTROL=ignoredups
FGC=f25
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
DISTTAG=f25docker
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES=mingw clang pyyaml dtc
DEBUG=
_=/usr/bin/env
Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu --prefix=/var/tmp/qemu-build/install --cross-prefix=x86_64-w64-mingw32- --enable-trace-backends=simple --enable-debug --enable-gnutls --enable-nettle --enable-curl --enable-vnc --enable-bzip2 --enable-guest-agent --with-sdlabi=1.2 --with-gtkabi=2.0
grep: scripts/tracetool/backend/*.py: No such file or directory
Install prefix /var/tmp/qemu-build/install
BIOS directory /var/tmp/qemu-build/install
binary directory /var/tmp/qemu-build/install
library directory /var/tmp/qemu-build/install/lib
module directory /var/tmp/qemu-build/install/lib
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory /var/tmp/qemu-build/install
local state directory queried at runtime
Windows SDK no
Source path /tmp/qemu-test/src
C compiler x86_64-w64-mingw32-gcc
Host C compiler cc
C++ compiler x86_64-w64-mingw32-g++
Objective-C compiler clang
ARFLAGS rv
CFLAGS -g
QEMU_CFLAGS -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/pixman-1 -I$(SRC_PATH)/dtc/libfdt -Werror -mms-bitfields -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/glib-2.0 -I/usr/x86_64-w64-mingw32/sys-root/mingw/lib/glib-2.0/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -m64 -mcx16 -mthreads -D__USE_MINGW_ANSI_STDIO=1 -DWIN32_LEAN_AND_MEAN -DWINVER=0x501 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/libpng16
LDFLAGS -Wl,--nxcompat -Wl,--no-seh -Wl,--dynamicbase -Wl,--warn-common -m64 -g
make make
install install
python python -B
smbd /usr/sbin/smbd
module support no
host CPU x86_64
host big endian no
target list x86_64-softmmu aarch64-softmmu
tcg debug enabled yes
gprof enabled no
sparse enabled no
strip binaries no
profiler no
static build no
pixman system
SDL support yes (1.2.15)
GTK support yes (2.24.31)
GTK GL support no
VTE support no
TLS priority NORMAL
GNUTLS support yes
GNUTLS rnd yes
libgcrypt no
libgcrypt kdf no
nettle yes (3.3)
nettle kdf yes
libtasn1 yes
curses support no
virgl support no
curl support yes
mingw32 support yes
Audio drivers dsound
Block whitelist (rw)
Block whitelist (ro)
VirtFS support no
VNC support yes
VNC SASL support no
VNC JPEG support yes
VNC PNG support yes
xen support no
brlapi support no
bluez support no
Documentation no
PIE no
vde support no
netmap support no
Linux AIO support no
ATTR/XATTR support no
Install blobs yes
KVM support no
HAX support yes
RDMA support no
TCG interpreter no
fdt support yes
preadv support no
fdatasync no
madvise no
posix_madvise no
libcap-ng support no
vhost-net support no
vhost-scsi support no
vhost-vsock support no
Trace backends simple
Trace output file trace-<pid>
spice support no
rbd support no
xfsctl support no
smartcard support no
libusb no
usb net redir no
OpenGL support no
OpenGL dmabufs no
libiscsi support no
libnfs support no
build guest agent yes
QGA VSS support no
QGA w32 disk info yes
QGA MSI support no
seccomp support no
coroutine backend win32
coroutine pool yes
debug stack usage no
GlusterFS support no
gcov gcov
gcov enabled no
TPM support yes
libssh2 support yes
TPM passthrough no
QOM debugging yes
lzo support no
snappy support no
bzip2 support yes
NUMA host support no
tcmalloc support no
jemalloc support no
avx2 optimization yes
replication support yes
VxHS block device no
mkdir -p dtc/libfdt
mkdir -p dtc/tests
GEN x86_64-softmmu/config-devices.mak.tmp
GEN aarch64-softmmu/config-devices.mak.tmp
GEN qmp-commands.h
GEN qemu-options.def
GEN config-host.h
GEN qapi-types.h
GEN qapi-visit.h
GEN qapi-event.h
GEN x86_64-softmmu/config-devices.mak
GEN aarch64-softmmu/config-devices.mak
GEN qmp-marshal.c
GEN qapi-types.c
GEN qapi-visit.c
GEN qapi-event.c
GEN qmp-introspect.h
GEN qmp-introspect.c
GEN trace/generated-tcg-tracers.h
GEN trace/generated-helpers-wrappers.h
GEN trace/generated-helpers.h
GEN trace/generated-helpers.c
GEN module_block.h
GEN tests/test-qapi-types.h
GEN tests/test-qapi-visit.h
GEN tests/test-qmp-commands.h
GEN tests/test-qapi-event.h
GEN tests/test-qmp-introspect.h
GEN trace-root.h
GEN util/trace.h
GEN crypto/trace.h
GEN io/trace.h
GEN migration/trace.h
GEN block/trace.h
GEN backends/trace.h
GEN hw/block/trace.h
GEN hw/block/dataplane/trace.h
GEN hw/char/trace.h
GEN hw/intc/trace.h
GEN hw/net/trace.h
GEN hw/virtio/trace.h
GEN hw/audio/trace.h
GEN hw/misc/trace.h
GEN hw/usb/trace.h
GEN hw/scsi/trace.h
GEN hw/nvram/trace.h
GEN hw/display/trace.h
GEN hw/input/trace.h
GEN hw/timer/trace.h
GEN hw/dma/trace.h
GEN hw/sparc/trace.h
GEN hw/sd/trace.h
GEN hw/isa/trace.h
GEN hw/mem/trace.h
GEN hw/i386/trace.h
GEN hw/i386/xen/trace.h
GEN hw/9pfs/trace.h
GEN hw/ppc/trace.h
GEN hw/pci/trace.h
GEN hw/s390x/trace.h
GEN hw/vfio/trace.h
GEN hw/acpi/trace.h
GEN hw/arm/trace.h
GEN hw/alpha/trace.h
GEN hw/xen/trace.h
GEN ui/trace.h
GEN audio/trace.h
GEN net/trace.h
GEN target/arm/trace.h
GEN target/i386/trace.h
GEN target/mips/trace.h
GEN target/sparc/trace.h
GEN target/s390x/trace.h
GEN target/ppc/trace.h
GEN qom/trace.h
GEN linux-user/trace.h
GEN qapi/trace.h
GEN trace-root.c
GEN util/trace.c
GEN crypto/trace.c
GEN io/trace.c
GEN migration/trace.c
GEN block/trace.c
GEN backends/trace.c
GEN hw/block/trace.c
GEN hw/block/dataplane/trace.c
GEN hw/char/trace.c
GEN hw/intc/trace.c
GEN hw/net/trace.c
GEN hw/virtio/trace.c
GEN hw/audio/trace.c
GEN hw/misc/trace.c
GEN hw/usb/trace.c
GEN hw/scsi/trace.c
GEN hw/nvram/trace.c
GEN hw/display/trace.c
GEN hw/input/trace.c
GEN hw/timer/trace.c
GEN hw/dma/trace.c
GEN hw/sparc/trace.c
GEN hw/sd/trace.c
GEN hw/isa/trace.c
GEN hw/mem/trace.c
GEN hw/i386/trace.c
GEN hw/i386/xen/trace.c
GEN hw/9pfs/trace.c
GEN hw/ppc/trace.c
GEN hw/pci/trace.c
GEN hw/s390x/trace.c
GEN hw/vfio/trace.c
GEN hw/acpi/trace.c
GEN hw/arm/trace.c
GEN hw/alpha/trace.c
GEN hw/xen/trace.c
GEN ui/trace.c
GEN audio/trace.c
GEN net/trace.c
GEN target/arm/trace.c
GEN target/i386/trace.c
GEN target/mips/trace.c
GEN target/sparc/trace.c
GEN target/s390x/trace.c
GEN target/ppc/trace.c
GEN qom/trace.c
GEN linux-user/trace.c
GEN qapi/trace.c
GEN config-all-devices.mak
DEP /tmp/qemu-test/src/dtc/tests/dumptrees.c
DEP /tmp/qemu-test/src/dtc/tests/trees.S
DEP /tmp/qemu-test/src/dtc/tests/testutils.c
DEP /tmp/qemu-test/src/dtc/tests/value-labels.c
DEP /tmp/qemu-test/src/dtc/tests/asm_tree_dump.c
DEP /tmp/qemu-test/src/dtc/tests/truncated_property.c
DEP /tmp/qemu-test/src/dtc/tests/check_path.c
DEP /tmp/qemu-test/src/dtc/tests/overlay_bad_fixup.c
DEP /tmp/qemu-test/src/dtc/tests/overlay.c
DEP /tmp/qemu-test/src/dtc/tests/subnode_iterate.c
DEP /tmp/qemu-test/src/dtc/tests/property_iterate.c
DEP /tmp/qemu-test/src/dtc/tests/integer-expressions.c
DEP /tmp/qemu-test/src/dtc/tests/utilfdt_test.c
DEP /tmp/qemu-test/src/dtc/tests/path_offset_aliases.c
DEP /tmp/qemu-test/src/dtc/tests/add_subnode_with_nops.c
DEP /tmp/qemu-test/src/dtc/tests/dtbs_equal_unordered.c
DEP /tmp/qemu-test/src/dtc/tests/dtb_reverse.c
DEP /tmp/qemu-test/src/dtc/tests/dtbs_equal_ordered.c
DEP /tmp/qemu-test/src/dtc/tests/extra-terminating-null.c
DEP /tmp/qemu-test/src/dtc/tests/incbin.c
DEP /tmp/qemu-test/src/dtc/tests/boot-cpuid.c
DEP /tmp/qemu-test/src/dtc/tests/phandle_format.c
DEP /tmp/qemu-test/src/dtc/tests/path-references.c
DEP /tmp/qemu-test/src/dtc/tests/references.c
DEP /tmp/qemu-test/src/dtc/tests/string_escapes.c
DEP /tmp/qemu-test/src/dtc/tests/propname_escapes.c
DEP /tmp/qemu-test/src/dtc/tests/appendprop2.c
DEP /tmp/qemu-test/src/dtc/tests/appendprop1.c
DEP /tmp/qemu-test/src/dtc/tests/del_node.c
DEP /tmp/qemu-test/src/dtc/tests/del_property.c
DEP /tmp/qemu-test/src/dtc/tests/setprop.c
DEP /tmp/qemu-test/src/dtc/tests/set_name.c
DEP /tmp/qemu-test/src/dtc/tests/rw_tree1.c
DEP /tmp/qemu-test/src/dtc/tests/open_pack.c
DEP /tmp/qemu-test/src/dtc/tests/nopulate.c
DEP /tmp/qemu-test/src/dtc/tests/mangle-layout.c
DEP /tmp/qemu-test/src/dtc/tests/move_and_save.c
DEP /tmp/qemu-test/src/dtc/tests/sw_tree1.c
DEP /tmp/qemu-test/src/dtc/tests/nop_node.c
DEP /tmp/qemu-test/src/dtc/tests/nop_property.c
DEP /tmp/qemu-test/src/dtc/tests/setprop_inplace.c
DEP /tmp/qemu-test/src/dtc/tests/stringlist.c
DEP /tmp/qemu-test/src/dtc/tests/addr_size_cells.c
DEP /tmp/qemu-test/src/dtc/tests/notfound.c
DEP /tmp/qemu-test/src/dtc/tests/sized_cells.c
DEP /tmp/qemu-test/src/dtc/tests/char_literal.c
DEP /tmp/qemu-test/src/dtc/tests/get_alias.c
DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_compatible.c
DEP /tmp/qemu-test/src/dtc/tests/node_check_compatible.c
DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_phandle.c
DEP /tmp/qemu-test/src/dtc/tests/node_offset_by_prop_value.c
DEP /tmp/qemu-test/src/dtc/tests/parent_offset.c
DEP /tmp/qemu-test/src/dtc/tests/supernode_atdepth_offset.c
DEP /tmp/qemu-test/src/dtc/tests/get_path.c
DEP /tmp/qemu-test/src/dtc/tests/get_phandle.c
DEP /tmp/qemu-test/src/dtc/tests/getprop.c
DEP /tmp/qemu-test/src/dtc/tests/get_name.c
DEP /tmp/qemu-test/src/dtc/tests/path_offset.c
DEP /tmp/qemu-test/src/dtc/tests/subnode_offset.c
DEP /tmp/qemu-test/src/dtc/tests/find_property.c
DEP /tmp/qemu-test/src/dtc/tests/root_node.c
DEP /tmp/qemu-test/src/dtc/tests/get_mem_rsv.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_overlay.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_addresses.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_empty_tree.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_strerror.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_rw.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_sw.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_wip.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt.c
DEP /tmp/qemu-test/src/dtc/libfdt/fdt_ro.c
DEP /tmp/qemu-test/src/dtc/util.c
DEP /tmp/qemu-test/src/dtc/fdtput.c
DEP /tmp/qemu-test/src/dtc/fdtget.c
DEP /tmp/qemu-test/src/dtc/fdtdump.c
LEX convert-dtsv0-lexer.lex.c
DEP /tmp/qemu-test/src/dtc/srcpos.c
BISON dtc-parser.tab.c
LEX dtc-lexer.lex.c
DEP /tmp/qemu-test/src/dtc/treesource.c
DEP /tmp/qemu-test/src/dtc/livetree.c
DEP /tmp/qemu-test/src/dtc/fstree.c
DEP /tmp/qemu-test/src/dtc/flattree.c
DEP /tmp/qemu-test/src/dtc/dtc.c
DEP /tmp/qemu-test/src/dtc/data.c
DEP /tmp/qemu-test/src/dtc/checks.c
DEP convert-dtsv0-lexer.lex.c
DEP dtc-parser.tab.c
DEP dtc-lexer.lex.c
CHK version_gen.h
UPD version_gen.h
DEP /tmp/qemu-test/src/dtc/util.c
CC libfdt/fdt.o
CC libfdt/fdt_ro.o
CC libfdt/fdt_wip.o
CC libfdt/fdt_rw.o
CC libfdt/fdt_sw.o
CC libfdt/fdt_empty_tree.o
CC libfdt/fdt_strerror.o
CC libfdt/fdt_addresses.o
CC libfdt/fdt_overlay.o
AR libfdt/libfdt.a
x86_64-w64-mingw32-ar: creating libfdt/libfdt.a
a - libfdt/fdt.o
a - libfdt/fdt_ro.o
a - libfdt/fdt_wip.o
a - libfdt/fdt_sw.o
a - libfdt/fdt_rw.o
a - libfdt/fdt_strerror.o
a - libfdt/fdt_empty_tree.o
a - libfdt/fdt_addresses.o
a - libfdt/fdt_overlay.o
RC version.o
GEN qga/qapi-generated/qga-qapi-types.h
GEN qga/qapi-generated/qga-qapi-visit.h
GEN qga/qapi-generated/qga-qmp-commands.h
GEN qga/qapi-generated/qga-qapi-visit.c
GEN qga/qapi-generated/qga-qapi-types.c
GEN qga/qapi-generated/qga-qmp-marshal.c
CC qmp-introspect.o
CC qapi-types.o
CC qapi-visit.o
CC qapi-event.o
CC qapi/qapi-visit-core.o
CC qapi/qapi-dealloc-visitor.o
CC qapi/qobject-output-visitor.o
CC qapi/qobject-input-visitor.o
CC qapi/qmp-registry.o
CC qapi/qmp-dispatch.o
CC qapi/string-input-visitor.o
CC qapi/string-output-visitor.o
CC qapi/opts-visitor.o
CC qapi/qapi-clone-visitor.o
CC qapi/qmp-event.o
CC qapi/qapi-util.o
CC qobject/qnull.o
CC qobject/qint.o
CC qobject/qstring.o
CC qobject/qdict.o
CC qobject/qlist.o
CC qobject/qfloat.o
CC qobject/qbool.o
CC qobject/qjson.o
CC qobject/qobject.o
CC qobject/json-lexer.o
CC qobject/json-streamer.o
CC qobject/json-parser.o
CC trace/simple.o
CC trace/control.o
CC trace/qmp.o
CC util/osdep.o
CC util/cutils.o
CC util/unicode.o
CC util/qemu-timer-common.o
CC util/bufferiszero.o
CC util/lockcnt.o
CC util/aiocb.o
CC util/async.o
CC util/thread-pool.o
CC util/qemu-timer.o
CC util/main-loop.o
CC util/iohandler.o
CC util/aio-win32.o
CC util/event_notifier-win32.o
CC util/oslib-win32.o
CC util/qemu-thread-win32.o
CC util/envlist.o
CC util/path.o
CC util/module.o
CC util/host-utils.o
CC util/bitmap.o
CC util/bitops.o
CC util/hbitmap.o
CC util/fifo8.o
CC util/acl.o
CC util/error.o
CC util/qemu-error.o
CC util/id.o
CC util/iov.o
CC util/qemu-config.o
CC util/qemu-sockets.o
CC util/uri.o
CC util/notify.o
CC util/qemu-option.o
CC util/qemu-progress.o
CC util/keyval.o
CC util/hexdump.o
CC util/crc32c.o
CC util/uuid.o
CC util/throttle.o
CC util/getauxval.o
CC util/readline.o
CC util/rcu.o
CC util/qemu-coroutine.o
CC util/qemu-coroutine-lock.o
CC util/qemu-coroutine-io.o
CC util/qemu-coroutine-sleep.o
CC util/coroutine-win32.o
CC util/buffer.o
CC util/timed-average.o
CC util/base64.o
CC util/log.o
CC util/qdist.o
CC util/qht.o
CC util/range.o
CC util/systemd.o
CC trace-root.o
CC util/trace.o
CC crypto/trace.o
CC io/trace.o
CC migration/trace.o
CC block/trace.o
CC backends/trace.o
CC hw/block/trace.o
CC hw/block/dataplane/trace.o
CC hw/char/trace.o
CC hw/intc/trace.o
CC hw/net/trace.o
CC hw/virtio/trace.o
CC hw/audio/trace.o
CC hw/misc/trace.o
CC hw/usb/trace.o
CC hw/scsi/trace.o
CC hw/nvram/trace.o
CC hw/display/trace.o
CC hw/input/trace.o
CC hw/timer/trace.o
CC hw/dma/trace.o
CC hw/sparc/trace.o
CC hw/sd/trace.o
CC hw/isa/trace.o
CC hw/mem/trace.o
CC hw/i386/trace.o
CC hw/i386/xen/trace.o
CC hw/9pfs/trace.o
CC hw/ppc/trace.o
CC hw/pci/trace.o
CC hw/s390x/trace.o
CC hw/vfio/trace.o
CC hw/acpi/trace.o
CC hw/arm/trace.o
CC hw/alpha/trace.o
CC hw/xen/trace.o
CC ui/trace.o
CC audio/trace.o
CC net/trace.o
CC target/arm/trace.o
CC target/i386/trace.o
CC target/mips/trace.o
CC target/sparc/trace.o
CC target/s390x/trace.o
CC target/ppc/trace.o
CC qom/trace.o
CC linux-user/trace.o
CC qapi/trace.o
CC crypto/pbkdf-stub.o
CC stubs/arch-query-cpu-def.o
CC stubs/arch-query-cpu-model-expansion.o
CC stubs/arch-query-cpu-model-comparison.o
CC stubs/arch-query-cpu-model-baseline.o
CC stubs/bdrv-next-monitor-owned.o
CC stubs/blk-commit-all.o
CC stubs/blockdev-close-all-bdrv-states.o
CC stubs/clock-warp.o
CC stubs/cpu-get-clock.o
CC stubs/cpu-get-icount.o
CC stubs/dump.o
CC stubs/error-printf.o
CC stubs/fdset.o
CC stubs/gdbstub.o
CC stubs/get-vm-name.o
CC stubs/iothread.o
CC stubs/iothread-lock.o
CC stubs/is-daemonized.o
CC stubs/machine-init-done.o
CC stubs/migr-blocker.o
CC stubs/monitor.o
CC stubs/notify-event.o
CC stubs/qtest.o
CC stubs/replay.o
CC stubs/runstate-check.o
CC stubs/set-fd-handler.o
CC stubs/slirp.o
CC stubs/sysbus.o
CC stubs/trace-control.o
CC stubs/uuid.o
CC stubs/vm-stop.o
CC stubs/vmstate.o
CC stubs/fd-register.o
CC stubs/qmp_pc_dimm_device_list.o
CC stubs/target-monitor-defs.o
CC stubs/target-get-monitor-def.o
CC stubs/pc_madt_cpu_entry.o
CC stubs/vmgenid.o
GEN qemu-img-cmds.h
CC block.o
CC blockjob.o
CC qemu-io-cmds.o
CC replication.o
CC block/raw-format.o
CC block/qcow.o
CC block/vdi.o
CC block/vmdk.o
CC block/cloop.o
CC block/bochs.o
CC block/vpc.o
CC block/vvfat.o
CC block/dmg.o
CC block/qcow2.o
CC block/qcow2-refcount.o
CC block/qcow2-cluster.o
CC block/qcow2-snapshot.o
CC block/qcow2-cache.o
CC block/qed.o
CC block/qed-gencb.o
CC block/qed-l2-cache.o
CC block/qed-table.o
/tmp/qemu-test/src/block/qcow2.c: In function 'qcow2_read_extensions':
/tmp/qemu-test/src/block/qcow2.c:283:44: error: passing argument 3 of 'qcrypto_block_open' from incompatible pointer type [-Werror=incompatible-pointer-types]
qcow2_crypto_hdr_read_func,
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /tmp/qemu-test/src/block/qcow2.h:28:0,
from /tmp/qemu-test/src/block/qcow2.c:29:
/tmp/qemu-test/src/include/crypto/block.h:105:15: note: expected 'QCryptoBlockReadFunc {aka long long int (*)(struct QCryptoBlock *, void *, long long unsigned int, unsigned char *, long long unsigned int, struct Error **)}' but argument is of type 'ssize_t (*)(QCryptoBlock *, size_t, uint8_t *, size_t, void *, Error **) {aka long long int (*)(struct QCryptoBlock *, long long unsigned int, unsigned char *, long long unsigned int, void *, struct Error **)}'
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
^~~~~~~~~~~~~~~~~~
/tmp/qemu-test/src/block/qcow2.c: In function 'qcow2_set_up_encryption':
/tmp/qemu-test/src/block/qcow2.c:2278:35: error: passing argument 3 of 'qcrypto_block_create' from incompatible pointer type [-Werror=incompatible-pointer-types]
qcow2_crypto_hdr_init_func,
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /tmp/qemu-test/src/block/qcow2.h:28:0,
from /tmp/qemu-test/src/block/qcow2.c:29:
/tmp/qemu-test/src/include/crypto/block.h:138:15: note: expected 'QCryptoBlockInitFunc {aka long long int (*)(struct QCryptoBlock *, void *, long long unsigned int, struct Error **)}' but argument is of type 'ssize_t (*)(QCryptoBlock *, size_t, void *, Error **) {aka long long int (*)(struct QCryptoBlock *, long long unsigned int, void *, struct Error **)}'
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
^~~~~~~~~~~~~~~~~~~~
/tmp/qemu-test/src/block/qcow2.c:2279:35: error: passing argument 4 of 'qcrypto_block_create' from incompatible pointer type [-Werror=incompatible-pointer-types]
qcow2_crypto_hdr_write_func,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /tmp/qemu-test/src/block/qcow2.h:28:0,
from /tmp/qemu-test/src/block/qcow2.c:29:
/tmp/qemu-test/src/include/crypto/block.h:138:15: note: expected 'QCryptoBlockWriteFunc {aka long long int (*)(struct QCryptoBlock *, void *, long long unsigned int, const unsigned char *, long long unsigned int, struct Error **)}' but argument is of type 'ssize_t (*)(QCryptoBlock *, size_t, const uint8_t *, size_t, void *, Error **) {aka long long int (*)(struct QCryptoBlock *, long long unsigned int, const unsigned char *, long long unsigned int, void *, struct Error **)}'
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
/tmp/qemu-test/src/rules.mak:69: recipe for target 'block/qcow2.o' failed
make: *** [block/qcow2.o] Error 1
make: *** Waiting for unfinished jobs....
tests/docker/Makefile.include:118: recipe for target 'docker-run' failed
make[1]: *** [docker-run] Error 2
make[1]: Leaving directory '/var/tmp/patchew-tester-tmp-8jhc2op1/src'
tests/docker/Makefile.include:149: recipe for target 'docker-run-test-mingw@fedora' failed
make: *** [docker-run-test-mingw@fedora] Error 2
=== OUTPUT END ===
Test command exited with code: 2
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
@ 2017-04-26 13:26 ` Eric Blake
0 siblings, 0 replies; 40+ messages in thread
From: Eric Blake @ 2017-04-26 13:26 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 1185 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> The block/crypto.c defines a set of QemuOpts that provide
> parameters for encryption. This will also be needed by
> the qcow/qcow2 integration, so expose the relevant pieces
> in a new block/crypto.h header. Some helper methods taking
> QemuOpts are changed to take QDict to simplify usage in
> other places.
>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
> Reviewed-by: Eric Blake <eblake@redhat.com>
> Reviewed-by: Alberto Garcia <berto@igalia.com>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> block/crypto.c | 82 +++++++++++++++++-----------------------------------
> block/crypto.h | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 117 insertions(+), 56 deletions(-)
> create mode 100644 block/crypto.h
> +++ b/block/crypto.h
> @@ -0,0 +1,91 @@
> +/*
> + * QEMU block full disk encryption
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc.
Wow, we've been working on this for a while. Is it worth adding 2017?
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
@ 2017-04-26 13:28 ` Eric Blake
2017-04-26 13:50 ` Daniel P. Berrange
0 siblings, 1 reply; 40+ messages in thread
From: Eric Blake @ 2017-04-26 13:28 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> When integrating the crypto support with qcow/qcow2, we don't
> want to use the bare LUKS option names "hash-alg", "key-secret",
> etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
> so that they don't clash with any general qcow options at a later
> date.
>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
> Reviewed-by: Alberto Garcia <berto@igalia.com>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> block/crypto.c | 16 ++++++++--------
> block/crypto.h | 40 ++++++++++++++++++++--------------------
> 2 files changed, 28 insertions(+), 28 deletions(-)
>
> diff --git a/block/crypto.c b/block/crypto.c
> index 8205bd8..7edcc49 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -129,7 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks = {
> .name = "crypto",
> .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
> .desc = {
> - BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
> + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
Is this still needed, given your cover letter said you reworked things
to use a nested struct? I'm still not convinced we need the complexity
of two different prefixes if we can instead reuse a common structure.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names
2017-04-26 13:28 ` Eric Blake
@ 2017-04-26 13:50 ` Daniel P. Berrange
2017-04-26 14:12 ` Eric Blake
0 siblings, 1 reply; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-26 13:50 UTC (permalink / raw)
To: Eric Blake; +Cc: qemu-devel, qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
On Wed, Apr 26, 2017 at 08:28:04AM -0500, Eric Blake wrote:
> On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> > When integrating the crypto support with qcow/qcow2, we don't
> > want to use the bare LUKS option names "hash-alg", "key-secret",
> > etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
> > so that they don't clash with any general qcow options at a later
> > date.
> >
> > Reviewed-by: Max Reitz <mreitz@redhat.com>
> > Reviewed-by: Alberto Garcia <berto@igalia.com>
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
> > block/crypto.c | 16 ++++++++--------
> > block/crypto.h | 40 ++++++++++++++++++++--------------------
> > 2 files changed, 28 insertions(+), 28 deletions(-)
> >
> > diff --git a/block/crypto.c b/block/crypto.c
> > index 8205bd8..7edcc49 100644
> > --- a/block/crypto.c
> > +++ b/block/crypto.c
> > @@ -129,7 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks = {
> > .name = "crypto",
> > .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
> > .desc = {
> > - BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
> > + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
>
> Is this still needed, given your cover letter said you reworked things
> to use a nested struct? I'm still not convinced we need the complexity
> of two different prefixes if we can instead reuse a common structure.
Yes, we still need this at the QemuOpts level. We have the general
purpose luks driver that has opts directly in the top level QAPI block
driver options, vs the qcow2 integration, which now has the encryption
options in a nested struct/union, rather than having an option prefix
in the QAPI member names.
At the QemuOpts level, this mean that the option names have changed
from being 'luks-key-secret', 'aes-key-secret', to be "encrypt.key-secret"
So this change is about letting us provide the "encrypt." prefix for
the QemuOpts.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names
2017-04-26 13:50 ` Daniel P. Berrange
@ 2017-04-26 14:12 ` Eric Blake
2017-04-26 14:13 ` Daniel P. Berrange
0 siblings, 1 reply; 40+ messages in thread
From: Eric Blake @ 2017-04-26 14:12 UTC (permalink / raw)
To: Daniel P. Berrange
Cc: qemu-devel, qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 1397 bytes --]
On 04/26/2017 08:50 AM, Daniel P. Berrange wrote:
> On Wed, Apr 26, 2017 at 08:28:04AM -0500, Eric Blake wrote:
>> On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
>>> When integrating the crypto support with qcow/qcow2, we don't
>>> want to use the bare LUKS option names "hash-alg", "key-secret",
>>> etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
>>> so that they don't clash with any general qcow options at a later
>>> date.
>> Is this still needed, given your cover letter said you reworked things
>> to use a nested struct? I'm still not convinced we need the complexity
>> of two different prefixes if we can instead reuse a common structure.
>
> Yes, we still need this at the QemuOpts level. We have the general
> purpose luks driver that has opts directly in the top level QAPI block
> driver options, vs the qcow2 integration, which now has the encryption
> options in a nested struct/union, rather than having an option prefix
> in the QAPI member names.
Fair enough.
>
> At the QemuOpts level, this mean that the option names have changed
> from being 'luks-key-secret', 'aes-key-secret', to be "encrypt.key-secret"
But you'll want to update the commit message to match your new planned
names ;)
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names
2017-04-26 14:12 ` Eric Blake
@ 2017-04-26 14:13 ` Daniel P. Berrange
0 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-04-26 14:13 UTC (permalink / raw)
To: Eric Blake; +Cc: qemu-devel, qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
On Wed, Apr 26, 2017 at 09:12:06AM -0500, Eric Blake wrote:
> On 04/26/2017 08:50 AM, Daniel P. Berrange wrote:
> > On Wed, Apr 26, 2017 at 08:28:04AM -0500, Eric Blake wrote:
> >> On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> >>> When integrating the crypto support with qcow/qcow2, we don't
> >>> want to use the bare LUKS option names "hash-alg", "key-secret",
> >>> etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
> >>> so that they don't clash with any general qcow options at a later
> >>> date.
>
> >> Is this still needed, given your cover letter said you reworked things
> >> to use a nested struct? I'm still not convinced we need the complexity
> >> of two different prefixes if we can instead reuse a common structure.
> >
> > Yes, we still need this at the QemuOpts level. We have the general
> > purpose luks driver that has opts directly in the top level QAPI block
> > driver options, vs the qcow2 integration, which now has the encryption
> > options in a nested struct/union, rather than having an option prefix
> > in the QAPI member names.
>
> Fair enough.
>
> >
> > At the QemuOpts level, this mean that the option names have changed
> > from being 'luks-key-secret', 'aes-key-secret', to be "encrypt.key-secret"
>
> But you'll want to update the commit message to match your new planned
> names ;)
Hah, opps :-)
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes"
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" Daniel P. Berrange
@ 2017-04-26 14:14 ` Eric Blake
2017-05-11 12:55 ` Alberto Garcia
1 sibling, 0 replies; 40+ messages in thread
From: Eric Blake @ 2017-04-26 14:14 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 1414 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> Historically the qcow & qcow2 image formats supported a property
> "encryption=on" to enable their built-in AES encryption. We'll
> soon be supporting LUKS for qcow2, so need a more general purpose
> way to enable encryption, with a choice of formats.
>
> This introduces an "encrypt.format" option, which will later be
> joined by a number of other "encrypt.XXX" options. The use of
> a "encrypt." prefix instead of "encrypt-" is done to facilitate
> mapping to a nested QAPI schema at later date.
>
> e.g. the preferred syntax is now
>
> qemu-img create -f qcow2 -o encrypt.format=aes demo.qcow2
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> @@ -3370,10 +3385,16 @@ static QemuOptsList qcow2_create_opts = {
> {
> .name = BLOCK_OPT_ENCRYPT,
> .type = QEMU_OPT_BOOL,
> - .help = "Encrypt the image",
> + .help = "Encrypt the image with format 'aes'. (Deprecated "
> + "in favour of " BLOCK_OPT_ENCRYPT_FORMAT "=aes)",
I don't think we have any strong position on US vs. UK spellings in
user-facing documentation, so I won't insist on any change.
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
@ 2017-04-26 15:12 ` Eric Blake
2017-05-11 14:05 ` Alberto Garcia
1 sibling, 0 replies; 40+ messages in thread
From: Eric Blake @ 2017-04-26 15:12 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 1731 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> This converts the qcow driver to make use of the QCryptoBlock
> APIs for encrypting image content. This is only wired up to
> permit use of the legacy QCow encryption format. Users who wish
> to have the strong LUKS format should switch to qcow2 instead.
>
> With this change it is now required to use the QCryptoSecret
> object for providing passwords, instead of the current block
> password APIs / interactive prompting.
>
> $QEMU \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -drive file=/home/berrange/encrypted.qcow,encrypt.format=qcow,\
> encrypt.key-secret=sec0
>
> Likewise when creating such images
>
> qemu-img create -f qcow \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -o encrypt.format=qcow,encrypt.key-secret=sec0 \
> /home/berrange/encrypted.qcow
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> block/crypto.c | 10 +++
> block/crypto.h | 20 ++++--
> block/qcow.c | 196 +++++++++++++++++++++++++--------------------------
> qapi/block-core.json | 37 +++++++++-
> 4 files changed, 156 insertions(+), 107 deletions(-)
>
> +++ b/qapi/block-core.json
> @@ -2277,6 +2277,41 @@
> 'mode': 'Qcow2OverlapCheckMode' } }
>
> ##
> +# @BlockdevQcowEncryptionFormat:
> +# @qcow: AES-CBC with plain64 initialization venctors
s/venctors/vectors/
With that fixed,
Reviewed-by: Eric Blake <eblake@redhat.com>
and it turned out much nicer than v5 !
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
@ 2017-04-26 15:25 ` Eric Blake
2017-05-11 14:29 ` Alberto Garcia
1 sibling, 0 replies; 40+ messages in thread
From: Eric Blake @ 2017-04-26 15:25 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 981 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> This converts the qcow2 driver to make use of the QCryptoBlock
> APIs for encrypting image content, using the legacyy QCow2 AES
s/legacyy/legacy/
> scheme.
>
> With this change it is now required to use the QCryptoSecret
> object for providing passwords, instead of the current block
> password APIs / interactive prompting.
>
> $QEMU \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -drive file=/home/berrange/encrypted.qcow2,encrypt.key-secret=sec0
>
> The test 087 could be simplified since there is no longer a
> difference in behaviour when using blockdev_add with encrypted
> images for the running vs stopped CPU state.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
@ 2017-04-26 17:46 ` Eric Blake
2017-05-09 14:05 ` Daniel P. Berrange
2017-05-11 14:44 ` Alberto Garcia
1 sibling, 1 reply; 40+ messages in thread
From: Eric Blake @ 2017-04-26 17:46 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 3852 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> This adds support for using LUKS as an encryption format
> with the qcow2 file, using the new encrypt.format parameter
> to request "luks" format. e.g.
>
> # qemu-img create --object secret,data=123456,id=sec0 \
> -f qcow2 -o encrypt.-format=luks,encrypt.key-secret=sec0 \
s/encrypt.-format/encrypt.format/
> test.qcow2 10G
>
>
> Aside from all the cryptographic differences implied by
> use of the LUKS format, there is one further key difference
> between the use of legacy AES and LUKS encryption in qcow2.
> For LUKS, the initialiazation vectors are generated using
> the host physical sector as the input, rather than the
> guest virtual sector. This guarantees unique initialization
> vectors for all sectors when qcow2 internal snapshots are
> used, thus giving stronger protection against watermarking
> attacks.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> @@ -165,6 +246,47 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
> }
> break;
>
> + case QCOW2_EXT_MAGIC_CRYPTO_HEADER: {
> + unsigned int cflags = 0;
> + if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
> + error_setg(errp, "CRYPTO header extension only "
> + "expected with LUKS encryption method");
> + return -EINVAL;
> + }
> + if (ext.len != sizeof(Qcow2CryptoHeaderExtension)) {
> + error_setg(errp, "CRYPTO header extension size %u, "
> + "but expected size %zu", ext.len,
> + sizeof(Qcow2CryptoHeaderExtension));
> + return -EINVAL;
> + }
> +
> + ret = bdrv_pread(bs->file, offset, &s->crypto_header, ext.len);
> + if (ret < 0) {
> + error_setg_errno(errp, -ret,
> + "Unable to read CRYPTO header extension");
> + return ret;
> + }
> + be64_to_cpus(&s->crypto_header.offset);
> + be64_to_cpus(&s->crypto_header.length);
> +
> + if ((s->crypto_header.offset % s->cluster_size) != 0) {
> + error_setg(errp, "Encryption header offset '%" PRIu64 "' is "
> + "not a multiple of cluster size '%u'",
> + s->crypto_header.offset, s->cluster_size);
> + return -EINVAL;
> + }
Do we need to sanity check that crypto_header.length is not bogus?
> +
> + if (flags & BDRV_O_NO_IO) {
> + cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> + }
> + s->crypto = qcrypto_block_open(s->crypto_opts,
> + qcow2_crypto_hdr_read_func,
> + bs, cflags, errp);
> + if (!s->crypto) {
> + return -EINVAL;
> + }
> + } break;
> +
> default:
> /* unknown magic - save it in case we need to rewrite the header */
> {
> @@ -464,7 +586,8 @@ static QemuOptsList qcow2_runtime_opts = {
> .type = QEMU_OPT_NUMBER,
> .help = "Clean unused cache entries after this time (in seconds)",
> },
> - BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
> + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.",
> + "ID of secret providing qcow AES key or LUKS passphrase"),
s/qcow/qcow2/ ?
Minor enough that I'm okay giving:
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
@ 2017-04-26 17:47 ` Eric Blake
0 siblings, 0 replies; 40+ messages in thread
From: Eric Blake @ 2017-04-26 17:47 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
[-- Attachment #1: Type: text/plain, Size: 798 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> While the crypto layer uses a fixed option name "key-secret",
> the upper block layer may have a prefix on the options. e.g.
> "luks-key-secret", "aes-key-secret", in order to avoid clashes
Another commit message that will need cleanups to match the new reality.
> between crypto option names & other block option names. To
> ensure the crypto layer can report accurate error messages,
> we must tell it what option name prefix was used.
>
> Reviewed-by: Alberto Garcia <berto@igalia.com>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format
2017-04-26 17:46 ` Eric Blake
@ 2017-05-09 14:05 ` Daniel P. Berrange
0 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-05-09 14:05 UTC (permalink / raw)
To: Eric Blake; +Cc: qemu-devel, qemu-block, Max Reitz, Kevin Wolf, Alberto Garcia
On Wed, Apr 26, 2017 at 12:46:18PM -0500, Eric Blake wrote:
> On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> > This adds support for using LUKS as an encryption format
> > with the qcow2 file, using the new encrypt.format parameter
> > to request "luks" format. e.g.
> >
> > # qemu-img create --object secret,data=123456,id=sec0 \
> > -f qcow2 -o encrypt.-format=luks,encrypt.key-secret=sec0 \
>
> s/encrypt.-format/encrypt.format/
>
> > test.qcow2 10G
> >
>
> >
> > Aside from all the cryptographic differences implied by
> > use of the LUKS format, there is one further key difference
> > between the use of legacy AES and LUKS encryption in qcow2.
> > For LUKS, the initialiazation vectors are generated using
> > the host physical sector as the input, rather than the
> > guest virtual sector. This guarantees unique initialization
> > vectors for all sectors when qcow2 internal snapshots are
> > used, thus giving stronger protection against watermarking
> > attacks.
> >
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
>
> > @@ -165,6 +246,47 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
> > }
> > break;
> >
> > + case QCOW2_EXT_MAGIC_CRYPTO_HEADER: {
> > + unsigned int cflags = 0;
> > + if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
> > + error_setg(errp, "CRYPTO header extension only "
> > + "expected with LUKS encryption method");
> > + return -EINVAL;
> > + }
> > + if (ext.len != sizeof(Qcow2CryptoHeaderExtension)) {
> > + error_setg(errp, "CRYPTO header extension size %u, "
> > + "but expected size %zu", ext.len,
> > + sizeof(Qcow2CryptoHeaderExtension));
> > + return -EINVAL;
> > + }
> > +
> > + ret = bdrv_pread(bs->file, offset, &s->crypto_header, ext.len);
> > + if (ret < 0) {
> > + error_setg_errno(errp, -ret,
> > + "Unable to read CRYPTO header extension");
> > + return ret;
> > + }
> > + be64_to_cpus(&s->crypto_header.offset);
> > + be64_to_cpus(&s->crypto_header.length);
> > +
> > + if ((s->crypto_header.offset % s->cluster_size) != 0) {
> > + error_setg(errp, "Encryption header offset '%" PRIu64 "' is "
> > + "not a multiple of cluster size '%u'",
> > + s->crypto_header.offset, s->cluster_size);
> > + return -EINVAL;
> > + }
>
> Do we need to sanity check that crypto_header.length is not bogus?
The only sanity check I can see would be to put an arbitrary size limit
on the length ? I'm a little loathe to do that since LUKSv2 is going to
make the header extensible, and/or future LUKSv1 changes might adjust
padding, both making the header longer than it would be today. I would
like qemu-img to be able to open such future files, even if it then
refuses support for the features.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes"
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" Daniel P. Berrange
2017-04-26 14:14 ` Eric Blake
@ 2017-05-11 12:55 ` Alberto Garcia
1 sibling, 0 replies; 40+ messages in thread
From: Alberto Garcia @ 2017-05-11 12:55 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Tue 25 Apr 2017 05:38:47 PM CEST, Daniel P. Berrange wrote:
> Historically the qcow & qcow2 image formats supported a property
> "encryption=on" to enable their built-in AES encryption. We'll
> soon be supporting LUKS for qcow2, so need a more general purpose
> way to enable encryption, with a choice of formats.
>
> This introduces an "encrypt.format" option, which will later be
> joined by a number of other "encrypt.XXX" options. The use of
> a "encrypt." prefix instead of "encrypt-" is done to facilitate
> mapping to a nested QAPI schema at later date.
>
> e.g. the preferred syntax is now
>
> qemu-img create -f qcow2 -o encrypt.format=aes demo.qcow2
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Berto
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-04-26 15:12 ` Eric Blake
@ 2017-05-11 14:05 ` Alberto Garcia
2017-05-11 14:09 ` Daniel P. Berrange
1 sibling, 1 reply; 40+ messages in thread
From: Alberto Garcia @ 2017-05-11 14:05 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Tue 25 Apr 2017 05:38:49 PM CEST, Daniel P. Berrange wrote:
> @@ -181,8 +188,39 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
[...]
> + crypto_opts = block_crypto_open_opts_init(
> + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, &local_err);
> + if (local_err) {
> + error_propagate(errp, local_err);
> + ret = -EINVAL;
> + goto fail;
> + }
Not very important, but if you check !crypto_opts for errors instead you
can pass errp directly and avoid that error_propagate() call. Exactly
the same that you do here in qcrypto_block_open():
> + if (flags & BDRV_O_NO_IO) {
> + cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> + }
> + s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
> + cflags, errp);
> + if (!s->crypto) {
> + ret = -EINVAL;
> + goto fail;
> + }
> @@ -792,6 +762,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
> int ret;
> BlockBackend *qcow_blk;
> const char *encryptfmt = NULL;
> + QDict *options;
> + QDict *encryptopts = NULL;
> + QCryptoBlockCreateOptions *crypto_opts = NULL;
> + QCryptoBlock *crypto = NULL;
>
> /* Read out options */
> total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
> @@ -865,6 +839,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
> l1_size = (total_size + (1LL << shift) - 1) >> shift;
>
> header.l1_table_offset = cpu_to_be64(header_size);
> +
> + options = qemu_opts_to_qdict(opts, NULL);
> + qdict_extract_subqdict(options, &encryptopts, "encrypt.");
> + QDECREF(options);
I think you're leaking encryptopts in this function.
> ##
> +# @BlockdevQcowEncryptionFormat:
> +# @qcow: AES-CBC with plain64 initialization venctors
> +#
> +# Since: 2.10
> +##
> +{ 'enum': 'BlockdevQcowEncryptionFormat',
> + 'data': [ 'qcow' ] }
Shouldn't this be 'aes' instead of 'qcow' ??
Berto
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption
2017-05-11 14:05 ` Alberto Garcia
@ 2017-05-11 14:09 ` Daniel P. Berrange
0 siblings, 0 replies; 40+ messages in thread
From: Daniel P. Berrange @ 2017-05-11 14:09 UTC (permalink / raw)
To: Alberto Garcia; +Cc: qemu-devel, qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Thu, May 11, 2017 at 04:05:59PM +0200, Alberto Garcia wrote:
> On Tue 25 Apr 2017 05:38:49 PM CEST, Daniel P. Berrange wrote:
> > @@ -181,8 +188,39 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
> [...]
> > + crypto_opts = block_crypto_open_opts_init(
> > + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, &local_err);
> > + if (local_err) {
> > + error_propagate(errp, local_err);
> > + ret = -EINVAL;
> > + goto fail;
> > + }
>
> Not very important, but if you check !crypto_opts for errors instead you
> can pass errp directly and avoid that error_propagate() call. Exactly
> the same that you do here in qcrypto_block_open():
>
> > + if (flags & BDRV_O_NO_IO) {
> > + cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> > + }
> > + s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
> > + cflags, errp);
> > + if (!s->crypto) {
> > + ret = -EINVAL;
> > + goto fail;
> > + }
>
>
> > @@ -792,6 +762,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
> > int ret;
> > BlockBackend *qcow_blk;
> > const char *encryptfmt = NULL;
> > + QDict *options;
> > + QDict *encryptopts = NULL;
> > + QCryptoBlockCreateOptions *crypto_opts = NULL;
> > + QCryptoBlock *crypto = NULL;
> >
> > /* Read out options */
> > total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
> > @@ -865,6 +839,10 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
> > l1_size = (total_size + (1LL << shift) - 1) >> shift;
> >
> > header.l1_table_offset = cpu_to_be64(header_size);
> > +
> > + options = qemu_opts_to_qdict(opts, NULL);
> > + qdict_extract_subqdict(options, &encryptopts, "encrypt.");
> > + QDECREF(options);
>
> I think you're leaking encryptopts in this function.
>
> > ##
> > +# @BlockdevQcowEncryptionFormat:
> > +# @qcow: AES-CBC with plain64 initialization venctors
> > +#
> > +# Since: 2.10
> > +##
> > +{ 'enum': 'BlockdevQcowEncryptionFormat',
> > + 'data': [ 'qcow' ] }
>
> Shouldn't this be 'aes' instead of 'qcow' ??
Opps, yes. I've been flipping back & forth about whether to call the
encryption format 'aes' or 'qcow' in the public API. Internally
the crypto/ code calls it the 'qcow' encryption format, but from a
technical POV it is aes.
I see i've got the same mistake in the equivalent qcow2 patch too
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-04-26 15:25 ` Eric Blake
@ 2017-05-11 14:29 ` Alberto Garcia
2017-05-24 16:46 ` Daniel P. Berrange
1 sibling, 1 reply; 40+ messages in thread
From: Alberto Garcia @ 2017-05-11 14:29 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Tue 25 Apr 2017 05:38:51 PM CEST, Daniel P. Berrange wrote:
> + switch (s->crypt_method_header) {
> + case QCOW_CRYPT_NONE:
> + if (encryptfmt) {
> + error_setg(errp, "No encryption in image header, but options "
> + "specified format '%s'", encryptfmt);
> + goto fail;
> + }
> + break;
You forgot to set the return value here (it is undefined at this
point)...
> +
> + case QCOW_CRYPT_AES:
> + if (encryptfmt && !g_str_equal(encryptfmt, "aes")) {
> + error_setg(errp,
> + "Header reported 'aes' encryption format but "
> + "options specify '%s'", encryptfmt);
> + ret = -EINVAL;
> + goto fail;
> + }
...and here you could break instead, the condition immediately after the
switch sets ret to -EINVAL and returns.
> +##
> +# @BlockdevQcow2EncryptionFormat:
> +# @qcow: AES-CBC with plain64 initialization venctors
> +#
> +# Since: 2.10
> +##
> +{ 'enum': 'BlockdevQcow2EncryptionFormat',
> + 'data': [ 'qcow' ] }
> +
Same question here, isn't this supposed to be 'aes' ?
Berto
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-04-26 17:46 ` Eric Blake
@ 2017-05-11 14:44 ` Alberto Garcia
1 sibling, 0 replies; 40+ messages in thread
From: Alberto Garcia @ 2017-05-11 14:44 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Tue 25 Apr 2017 05:38:53 PM CEST, Daniel P. Berrange wrote:
> This adds support for using LUKS as an encryption format
> with the qcow2 file, using the new encrypt.format parameter
> to request "luks" format. e.g.
>
> # qemu-img create --object secret,data=123456,id=sec0 \
> -f qcow2 -o encrypt.-format=luks,encrypt.key-secret=sec0 \
> test.qcow2 10G
>
> The legacy "encryption=on" parameter still results in
> creation of the old qcow2 AES format (and is equivalent
> to the new 'encryption-format=aes'). e.g. the following are
> equivalent:
>
> # qemu-img create --object secret,data=123456,id=sec0 \
> -f qcow2 -o encryption=on,encrypt.key-secret=sec0 \
> test.qcow2 10G
>
> # qemu-img create --object secret,data=123456,id=sec0 \
> -f qcow2 -o encryption-format=aes,encrypt.key-secret=sec0 \
> test.qcow2 10G
>
> With the LUKS format it is necessary to store the LUKS
> partition header and key material in the QCow2 file. This
> data can be many MB in size, so cannot go into the QCow2
> header region directly. Thus the spec defines a FDE
> (Full Disk Encryption) header extension that specifies
> the offset of a set of clusters to hold the FDE headers,
> as well as the length of that region. The LUKS header is
> thus stored in these extra allocated clusters before the
> main image payload.
>
> Aside from all the cryptographic differences implied by
> use of the LUKS format, there is one further key difference
> between the use of legacy AES and LUKS encryption in qcow2.
> For LUKS, the initialiazation vectors are generated using
> the host physical sector as the input, rather than the
> guest virtual sector. This guarantees unique initialization
> vectors for all sectors when qcow2 internal snapshots are
> used, thus giving stronger protection against watermarking
> attacks.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Berto
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs Daniel P. Berrange
@ 2017-05-11 14:49 ` Alberto Garcia
0 siblings, 0 replies; 40+ messages in thread
From: Alberto Garcia @ 2017-05-11 14:49 UTC (permalink / raw)
To: Daniel P. Berrange, qemu-devel
Cc: qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Tue 25 Apr 2017 05:38:57 PM CEST, Daniel P. Berrange wrote:
> @@ -220,7 +220,12 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
> goto fail;
> }
> bs->encrypted = true;
> - bs->valid_key = true;
> + } else {
> + if (encryptfmt) {
> + error_setg(errp, "No encryption in image header, but options "
> + "specified format '%s'", encryptfmt);
> + goto fail;
> + }
You need to set a return value here, else it's undefined.
Berto
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption
2017-05-11 14:29 ` Alberto Garcia
@ 2017-05-24 16:46 ` Daniel P. Berrange
2017-05-25 10:46 ` Alberto Garcia
0 siblings, 1 reply; 40+ messages in thread
From: Daniel P. Berrange @ 2017-05-24 16:46 UTC (permalink / raw)
To: Alberto Garcia; +Cc: qemu-devel, qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Thu, May 11, 2017 at 04:29:11PM +0200, Alberto Garcia wrote:
> On Tue 25 Apr 2017 05:38:51 PM CEST, Daniel P. Berrange wrote:
> > + switch (s->crypt_method_header) {
> > + case QCOW_CRYPT_NONE:
> > + if (encryptfmt) {
> > + error_setg(errp, "No encryption in image header, but options "
> > + "specified format '%s'", encryptfmt);
> > + goto fail;
> > + }
> > + break;
>
> You forgot to set the return value here (it is undefined at this
> point)...
Opps, yes.
>
> > +
> > + case QCOW_CRYPT_AES:
> > + if (encryptfmt && !g_str_equal(encryptfmt, "aes")) {
> > + error_setg(errp,
> > + "Header reported 'aes' encryption format but "
> > + "options specify '%s'", encryptfmt);
> > + ret = -EINVAL;
> > + goto fail;
> > + }
>
> ...and here you could break instead, the condition immediately after the
> switch sets ret to -EINVAL and returns.
In thi case I think its clearer to set it right here, rather than having
to follow the code paths through & read the later logic
> > +# Since: 2.10
> > +##
> > +{ 'enum': 'BlockdevQcow2EncryptionFormat',
> > + 'data': [ 'qcow' ] }
> > +
>
> Same question here, isn't this supposed to be 'aes' ?
Yes
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption
2017-05-24 16:46 ` Daniel P. Berrange
@ 2017-05-25 10:46 ` Alberto Garcia
0 siblings, 0 replies; 40+ messages in thread
From: Alberto Garcia @ 2017-05-25 10:46 UTC (permalink / raw)
To: Daniel P. Berrange
Cc: qemu-devel, qemu-block, Eric Blake, Max Reitz, Kevin Wolf
On Wed 24 May 2017 06:46:31 PM CEST, Daniel P. Berrange wrote:
>> > + case QCOW_CRYPT_AES:
>> > + if (encryptfmt && !g_str_equal(encryptfmt, "aes")) {
>> > + error_setg(errp,
>> > + "Header reported 'aes' encryption format but "
>> > + "options specify '%s'", encryptfmt);
>> > + ret = -EINVAL;
>> > + goto fail;
>> > + }
>>
>> ...and here you could break instead, the condition immediately after
>> the switch sets ret to -EINVAL and returns.
>
> In thi case I think its clearer to set it right here, rather than
> having to follow the code paths through & read the later logic
Ok, works for me! :)
Berto
^ permalink raw reply [flat|nested] 40+ messages in thread
end of thread, other threads:[~2017-05-25 10:46 UTC | newest]
Thread overview: 40+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-04-26 13:26 ` Eric Blake
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-04-26 13:28 ` Eric Blake
2017-04-26 13:50 ` Daniel P. Berrange
2017-04-26 14:12 ` Eric Blake
2017-04-26 14:13 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" Daniel P. Berrange
2017-04-26 14:14 ` Eric Blake
2017-05-11 12:55 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-04-26 15:12 ` Eric Blake
2017-05-11 14:05 ` Alberto Garcia
2017-05-11 14:09 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-04-26 15:25 ` Eric Blake
2017-05-11 14:29 ` Alberto Garcia
2017-05-24 16:46 ` Daniel P. Berrange
2017-05-25 10:46 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-04-26 17:46 ` Eric Blake
2017-05-09 14:05 ` Daniel P. Berrange
2017-05-11 14:44 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-05-11 14:49 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
2017-04-26 17:47 ` Eric Blake
2017-04-25 15:56 ` [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support no-reply
2017-04-25 17:25 ` no-reply
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.