* [PATCH v6 0/3] block/rbd: Add support for layered encryption
@ 2023-01-29 11:31 ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 1/3] block/rbd: Remove redundant stack variable passphrase_len ORO@il.ibm.com
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: ORO@il.ibm.com @ 2023-01-29 11:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-block, oro, idryomov, ORO@il.ibm.com
v6: nit fixes
v5: nit fixes
v4: split to multiple commits
add support for more than just luks-any in layered encryption
nit fixes
v3: further nit fixes suggested by @idryomov
v2: nit fixes suggested by @idryomov
Or Ozeri (3):
block/rbd: Remove redundant stack variable passphrase_len
block/rbd: Add luks-any encryption opening option
block/rbd: Add support for layered encryption
block/rbd.c | 188 ++++++++++++++++++++++++++++++++++++++++---
qapi/block-core.json | 31 ++++++-
2 files changed, 205 insertions(+), 14 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v6 1/3] block/rbd: Remove redundant stack variable passphrase_len
2023-01-29 11:31 [PATCH v6 0/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
@ 2023-01-29 11:31 ` ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 2/3] block/rbd: Add luks-any encryption opening option ORO@il.ibm.com
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: ORO@il.ibm.com @ 2023-01-29 11:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-block, oro, idryomov
From: Or Ozeri <oro@il.ibm.com>
Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
block/rbd.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index 3aa6aae0e0..cfec0f2862 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -385,7 +385,6 @@ static int qemu_rbd_encryption_format(rbd_image_t image,
{
int r = 0;
g_autofree char *passphrase = NULL;
- size_t passphrase_len;
rbd_encryption_format_t format;
rbd_encryption_options_t opts;
rbd_encryption_luks1_format_options_t luks_opts;
@@ -407,12 +406,12 @@ static int qemu_rbd_encryption_format(rbd_image_t image,
opts_size = sizeof(luks_opts);
r = qemu_rbd_convert_luks_create_options(
qapi_RbdEncryptionCreateOptionsLUKS_base(&encrypt->u.luks),
- &luks_opts.alg, &passphrase, &passphrase_len, errp);
+ &luks_opts.alg, &passphrase, &luks_opts.passphrase_size,
+ errp);
if (r < 0) {
return r;
}
luks_opts.passphrase = passphrase;
- luks_opts.passphrase_size = passphrase_len;
break;
}
case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: {
@@ -423,12 +422,12 @@ static int qemu_rbd_encryption_format(rbd_image_t image,
r = qemu_rbd_convert_luks_create_options(
qapi_RbdEncryptionCreateOptionsLUKS2_base(
&encrypt->u.luks2),
- &luks2_opts.alg, &passphrase, &passphrase_len, errp);
+ &luks2_opts.alg, &passphrase, &luks2_opts.passphrase_size,
+ errp);
if (r < 0) {
return r;
}
luks2_opts.passphrase = passphrase;
- luks2_opts.passphrase_size = passphrase_len;
break;
}
default: {
@@ -467,7 +466,6 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
{
int r = 0;
g_autofree char *passphrase = NULL;
- size_t passphrase_len;
rbd_encryption_luks1_format_options_t luks_opts;
rbd_encryption_luks2_format_options_t luks2_opts;
rbd_encryption_format_t format;
@@ -482,12 +480,11 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
opts_size = sizeof(luks_opts);
r = qemu_rbd_convert_luks_options(
qapi_RbdEncryptionOptionsLUKS_base(&encrypt->u.luks),
- &passphrase, &passphrase_len, errp);
+ &passphrase, &luks_opts.passphrase_size, errp);
if (r < 0) {
return r;
}
luks_opts.passphrase = passphrase;
- luks_opts.passphrase_size = passphrase_len;
break;
}
case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: {
@@ -497,12 +494,11 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
opts_size = sizeof(luks2_opts);
r = qemu_rbd_convert_luks_options(
qapi_RbdEncryptionOptionsLUKS2_base(&encrypt->u.luks2),
- &passphrase, &passphrase_len, errp);
+ &passphrase, &luks2_opts.passphrase_size, errp);
if (r < 0) {
return r;
}
luks2_opts.passphrase = passphrase;
- luks2_opts.passphrase_size = passphrase_len;
break;
}
default: {
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v6 2/3] block/rbd: Add luks-any encryption opening option
2023-01-29 11:31 [PATCH v6 0/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 1/3] block/rbd: Remove redundant stack variable passphrase_len ORO@il.ibm.com
@ 2023-01-29 11:31 ` ORO@il.ibm.com
2023-02-23 17:44 ` Kevin Wolf
2023-01-29 11:31 ` [PATCH v6 3/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
2023-01-30 13:16 ` [PATCH v6 0/3] " Ilya Dryomov
3 siblings, 1 reply; 7+ messages in thread
From: ORO@il.ibm.com @ 2023-01-29 11:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-block, oro, idryomov
From: Or Ozeri <oro@il.ibm.com>
Ceph RBD encryption API required specifying the encryption format
for loading encryption. The supported formats were LUKS (v1) and LUKS2.
Starting from Reef release, RBD also supports loading with "luks-any" format,
which works for both versions of LUKS.
This commit extends the qemu rbd driver API to enable qemu users to use
this luks-any wildcard format.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
block/rbd.c | 19 +++++++++++++++++++
qapi/block-core.json | 20 ++++++++++++++++++--
2 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index cfec0f2862..b929378871 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -468,6 +468,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
g_autofree char *passphrase = NULL;
rbd_encryption_luks1_format_options_t luks_opts;
rbd_encryption_luks2_format_options_t luks2_opts;
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+ rbd_encryption_luks_format_options_t luks_any_opts;
+#endif
rbd_encryption_format_t format;
rbd_encryption_options_t opts;
size_t opts_size;
@@ -501,6 +504,22 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
luks2_opts.passphrase = passphrase;
break;
}
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+ case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: {
+ memset(&luks_any_opts, 0, sizeof(luks_any_opts));
+ format = RBD_ENCRYPTION_FORMAT_LUKS;
+ opts = &luks_any_opts;
+ opts_size = sizeof(luks_any_opts);
+ r = qemu_rbd_convert_luks_options(
+ qapi_RbdEncryptionOptionsLUKSAny_base(&encrypt->u.luks_any),
+ &passphrase, &luks_any_opts.passphrase_size, errp);
+ if (r < 0) {
+ return r;
+ }
+ luks_any_opts.passphrase = passphrase;
+ break;
+ }
+#endif
default: {
r = -ENOTSUP;
error_setg_errno(
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 95ac4fa634..e59fb5d453 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3827,10 +3827,16 @@
##
# @RbdImageEncryptionFormat:
#
+# luks
+#
+# luks2
+#
+# luks-any: Used for opening either luks or luks2. (Since 8.0)
+#
# Since: 6.1
##
{ 'enum': 'RbdImageEncryptionFormat',
- 'data': [ 'luks', 'luks2' ] }
+ 'data': [ 'luks', 'luks2', 'luks-any' ] }
##
# @RbdEncryptionOptionsLUKSBase:
@@ -3872,6 +3878,15 @@
'base': 'RbdEncryptionOptionsLUKSBase',
'data': { } }
+##
+# @RbdEncryptionOptionsLUKSAny:
+#
+# Since: 8.0
+##
+{ 'struct': 'RbdEncryptionOptionsLUKSAny',
+ 'base': 'RbdEncryptionOptionsLUKSBase',
+ 'data': { } }
+
##
# @RbdEncryptionCreateOptionsLUKS:
#
@@ -3899,7 +3914,8 @@
'base': { 'format': 'RbdImageEncryptionFormat' },
'discriminator': 'format',
'data': { 'luks': 'RbdEncryptionOptionsLUKS',
- 'luks2': 'RbdEncryptionOptionsLUKS2' } }
+ 'luks2': 'RbdEncryptionOptionsLUKS2',
+ 'luks-any': 'RbdEncryptionOptionsLUKSAny'} }
##
# @RbdEncryptionCreateOptions:
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v6 3/3] block/rbd: Add support for layered encryption
2023-01-29 11:31 [PATCH v6 0/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 1/3] block/rbd: Remove redundant stack variable passphrase_len ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 2/3] block/rbd: Add luks-any encryption opening option ORO@il.ibm.com
@ 2023-01-29 11:31 ` ORO@il.ibm.com
2023-01-30 13:16 ` [PATCH v6 0/3] " Ilya Dryomov
3 siblings, 0 replies; 7+ messages in thread
From: ORO@il.ibm.com @ 2023-01-29 11:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-block, oro, idryomov
From: Or Ozeri <oro@il.ibm.com>
Starting from ceph Reef, RBD has built-in support for layered encryption,
where each ancestor image (in a cloned image setting) can be possibly
encrypted using a unique passphrase.
A new function, rbd_encryption_load2, was added to librbd API.
This new function supports an array of passphrases (via "spec" structs).
This commit extends the qemu rbd driver API to use this new librbd API,
in order to support this new layered encryption feature.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
block/rbd.c | 153 ++++++++++++++++++++++++++++++++++++++++++-
qapi/block-core.json | 11 +++-
2 files changed, 162 insertions(+), 2 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index b929378871..3a8060b88b 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -71,6 +71,16 @@ static const char rbd_luks2_header_verification[
'L', 'U', 'K', 'S', 0xBA, 0xBE, 0, 2
};
+static const char rbd_layered_luks_header_verification[
+ RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] = {
+ 'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 1
+};
+
+static const char rbd_layered_luks2_header_verification[
+ RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] = {
+ 'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 2
+};
+
typedef enum {
RBD_AIO_READ,
RBD_AIO_WRITE,
@@ -537,6 +547,128 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
return 0;
}
+
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+static int qemu_rbd_encryption_load2(rbd_image_t image,
+ RbdEncryptionOptions *encrypt,
+ Error **errp)
+{
+ int r = 0;
+ int encrypt_count = 1;
+ int i;
+ RbdEncryptionOptions *curr_encrypt;
+ rbd_encryption_spec_t *specs;
+ rbd_encryption_luks1_format_options_t *luks_opts;
+ rbd_encryption_luks2_format_options_t *luks2_opts;
+ rbd_encryption_luks_format_options_t *luks_any_opts;
+
+ /* count encryption options */
+ for (curr_encrypt = encrypt->parent; curr_encrypt;
+ curr_encrypt = curr_encrypt->parent) {
+ ++encrypt_count;
+ }
+
+ specs = g_new0(rbd_encryption_spec_t, encrypt_count);
+
+ curr_encrypt = encrypt;
+ for (i = 0; i < encrypt_count; ++i) {
+ switch (curr_encrypt->format) {
+ case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS: {
+ specs[i].format = RBD_ENCRYPTION_FORMAT_LUKS1;
+
+ luks_opts = g_new0(rbd_encryption_luks1_format_options_t, 1);
+ specs[i].opts = luks_opts;
+ specs[i].opts_size = sizeof(*luks_opts);
+
+ r = qemu_rbd_convert_luks_options(
+ qapi_RbdEncryptionOptionsLUKS_base(
+ &curr_encrypt->u.luks),
+ (char **)&luks_opts->passphrase,
+ &luks_opts->passphrase_size,
+ errp);
+ break;
+ }
+ case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2: {
+ specs[i].format = RBD_ENCRYPTION_FORMAT_LUKS2;
+
+ luks2_opts = g_new0(rbd_encryption_luks2_format_options_t, 1);
+ specs[i].opts = luks2_opts;
+ specs[i].opts_size = sizeof(*luks2_opts);
+
+ r = qemu_rbd_convert_luks_options(
+ qapi_RbdEncryptionOptionsLUKS2_base(
+ &curr_encrypt->u.luks2),
+ (char **)&luks2_opts->passphrase,
+ &luks2_opts->passphrase_size,
+ errp);
+ break;
+ }
+ case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: {
+ specs[i].format = RBD_ENCRYPTION_FORMAT_LUKS;
+
+ luks_any_opts = g_new0(rbd_encryption_luks_format_options_t, 1);
+ specs[i].opts = luks_any_opts;
+ specs[i].opts_size = sizeof(*luks_any_opts);
+
+ r = qemu_rbd_convert_luks_options(
+ qapi_RbdEncryptionOptionsLUKSAny_base(
+ &curr_encrypt->u.luks_any),
+ (char **)&luks_any_opts->passphrase,
+ &luks_any_opts->passphrase_size,
+ errp);
+ break;
+ }
+ default: {
+ r = -ENOTSUP;
+ error_setg_errno(
+ errp, -r, "unknown image encryption format: %u",
+ curr_encrypt->format);
+ }
+ }
+
+ if (r < 0) {
+ goto exit;
+ }
+
+ curr_encrypt = curr_encrypt->parent;
+ }
+
+ r = rbd_encryption_load2(image, specs, encrypt_count);
+ if (r < 0) {
+ error_setg_errno(errp, -r, "layered encryption load fail");
+ goto exit;
+ }
+
+exit:
+ for (i = 0; i < encrypt_count; ++i) {
+ if (!specs[i].opts) {
+ break;
+ }
+
+ switch (specs[i].format) {
+ case RBD_ENCRYPTION_FORMAT_LUKS1: {
+ luks_opts = specs[i].opts;
+ g_free((void *)luks_opts->passphrase);
+ break;
+ }
+ case RBD_ENCRYPTION_FORMAT_LUKS2: {
+ luks2_opts = specs[i].opts;
+ g_free((void *)luks2_opts->passphrase);
+ break;
+ }
+ case RBD_ENCRYPTION_FORMAT_LUKS: {
+ luks_any_opts = specs[i].opts;
+ g_free((void *)luks_any_opts->passphrase);
+ break;
+ }
+ }
+
+ g_free(specs[i].opts);
+ }
+ g_free(specs);
+ return r;
+}
+#endif
#endif
/* FIXME Deprecate and remove keypairs or make it available in QMP. */
@@ -1003,7 +1135,16 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
if (opts->encrypt) {
#ifdef LIBRBD_SUPPORTS_ENCRYPTION
- r = qemu_rbd_encryption_load(s->image, opts->encrypt, errp);
+ if (opts->encrypt->parent) {
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+ r = qemu_rbd_encryption_load2(s->image, opts->encrypt, errp);
+#else
+ r = -ENOTSUP;
+ error_setg(errp, "RBD library does not support layered encryption");
+#endif
+ } else {
+ r = qemu_rbd_encryption_load(s->image, opts->encrypt, errp);
+ }
if (r < 0) {
goto failed_post_open;
}
@@ -1294,6 +1435,16 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
spec_info->u.rbd.data->encryption_format =
RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2;
spec_info->u.rbd.data->has_encryption_format = true;
+ } else if (memcmp(buf, rbd_layered_luks_header_verification,
+ RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) == 0) {
+ spec_info->u.rbd.data->encryption_format =
+ RBD_IMAGE_ENCRYPTION_FORMAT_LUKS;
+ spec_info->u.rbd.data->has_encryption_format = true;
+ } else if (memcmp(buf, rbd_layered_luks2_header_verification,
+ RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) == 0) {
+ spec_info->u.rbd.data->encryption_format =
+ RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2;
+ spec_info->u.rbd.data->has_encryption_format = true;
} else {
spec_info->u.rbd.data->has_encryption_format = false;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
index e59fb5d453..49df47c3c6 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3908,10 +3908,19 @@
##
# @RbdEncryptionOptions:
#
+# @format: Encryption format.
+#
+# @parent: Parent image encryption options (for cloned images).
+# Can be left unspecified if this cloned image is encrypted
+# using the same format and secret as its parent image (i.e.
+# not explicitly formatted) or if its parent image is not
+# encrypted. (Since 8.0)
+#
# Since: 6.1
##
{ 'union': 'RbdEncryptionOptions',
- 'base': { 'format': 'RbdImageEncryptionFormat' },
+ 'base': { 'format': 'RbdImageEncryptionFormat',
+ '*parent': 'RbdEncryptionOptions' },
'discriminator': 'format',
'data': { 'luks': 'RbdEncryptionOptionsLUKS',
'luks2': 'RbdEncryptionOptionsLUKS2',
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v6 0/3] block/rbd: Add support for layered encryption
2023-01-29 11:31 [PATCH v6 0/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
` (2 preceding siblings ...)
2023-01-29 11:31 ` [PATCH v6 3/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
@ 2023-01-30 13:16 ` Ilya Dryomov
2023-02-22 20:13 ` Ilya Dryomov
3 siblings, 1 reply; 7+ messages in thread
From: Ilya Dryomov @ 2023-01-30 13:16 UTC (permalink / raw)
To: oro; +Cc: qemu-devel, qemu-block, oro
On Sun, Jan 29, 2023 at 12:31 PM ORO@il.ibm.com
<oro@oro.sl.cloud9.ibm.com> wrote:
>
> v6: nit fixes
> v5: nit fixes
> v4: split to multiple commits
> add support for more than just luks-any in layered encryption
> nit fixes
> v3: further nit fixes suggested by @idryomov
> v2: nit fixes suggested by @idryomov
>
> Or Ozeri (3):
> block/rbd: Remove redundant stack variable passphrase_len
> block/rbd: Add luks-any encryption opening option
> block/rbd: Add support for layered encryption
>
> block/rbd.c | 188 ++++++++++++++++++++++++++++++++++++++++---
> qapi/block-core.json | 31 ++++++-
> 2 files changed, 205 insertions(+), 14 deletions(-)
>
> --
> 2.25.1
>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Thanks,
Ilya
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v6 0/3] block/rbd: Add support for layered encryption
2023-01-30 13:16 ` [PATCH v6 0/3] " Ilya Dryomov
@ 2023-02-22 20:13 ` Ilya Dryomov
0 siblings, 0 replies; 7+ messages in thread
From: Ilya Dryomov @ 2023-02-22 20:13 UTC (permalink / raw)
To: oro, Kevin Wolf, Hanna Reitz
Cc: qemu-devel, qemu-block, oro, Daniel P. Berrangé
On Mon, Jan 30, 2023 at 2:16 PM Ilya Dryomov <idryomov@gmail.com> wrote:
>
> On Sun, Jan 29, 2023 at 12:31 PM ORO@il.ibm.com
> <oro@oro.sl.cloud9.ibm.com> wrote:
> >
> > v6: nit fixes
> > v5: nit fixes
> > v4: split to multiple commits
> > add support for more than just luks-any in layered encryption
> > nit fixes
> > v3: further nit fixes suggested by @idryomov
> > v2: nit fixes suggested by @idryomov
> >
> > Or Ozeri (3):
> > block/rbd: Remove redundant stack variable passphrase_len
> > block/rbd: Add luks-any encryption opening option
> > block/rbd: Add support for layered encryption
> >
> > block/rbd.c | 188 ++++++++++++++++++++++++++++++++++++++++---
> > qapi/block-core.json | 31 ++++++-
> > 2 files changed, 205 insertions(+), 14 deletions(-)
> >
> > --
> > 2.25.1
> >
>
> Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Hi Kevin, Hanna,
What is the status of this set? I see it on patchw and also see that
my review got picked up but it's not clear whether there is something
else to do here:
https://patchew.org/QEMU/20230129113120.722708-1-oro@oro.sl.cloud9.ibm.com/
I'm CCing Daniel who commented on previous postings of this set in case
an additional review is needed.
Thanks,
Ilya
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v6 2/3] block/rbd: Add luks-any encryption opening option
2023-01-29 11:31 ` [PATCH v6 2/3] block/rbd: Add luks-any encryption opening option ORO@il.ibm.com
@ 2023-02-23 17:44 ` Kevin Wolf
0 siblings, 0 replies; 7+ messages in thread
From: Kevin Wolf @ 2023-02-23 17:44 UTC (permalink / raw)
To: oro; +Cc: qemu-devel, qemu-block, oro, idryomov
Am 29.01.2023 um 12:31 hat ORO@il.ibm.com geschrieben:
> From: Or Ozeri <oro@il.ibm.com>
>
> Ceph RBD encryption API required specifying the encryption format
> for loading encryption. The supported formats were LUKS (v1) and LUKS2.
>
> Starting from Reef release, RBD also supports loading with "luks-any" format,
> which works for both versions of LUKS.
>
> This commit extends the qemu rbd driver API to enable qemu users to use
> this luks-any wildcard format.
>
> Signed-off-by: Or Ozeri <oro@il.ibm.com>
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index 95ac4fa634..e59fb5d453 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -3827,10 +3827,16 @@
> ##
> # @RbdImageEncryptionFormat:
> #
> +# luks
> +#
> +# luks2
If we don't want to document these values, there's no reason to have
them listed at all. After all, the undocumented list is already in the
definition.
> +# luks-any: Used for opening either luks or luks2. (Since 8.0)
And here it should be '@luks-any' with @.
> # Since: 6.1
> ##
> { 'enum': 'RbdImageEncryptionFormat',
> - 'data': [ 'luks', 'luks2' ] }
> + 'data': [ 'luks', 'luks2', 'luks-any' ] }
I've fixed this up and applied the series to my block branch. Thanks!
Kevin
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-02-23 17:45 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-29 11:31 [PATCH v6 0/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 1/3] block/rbd: Remove redundant stack variable passphrase_len ORO@il.ibm.com
2023-01-29 11:31 ` [PATCH v6 2/3] block/rbd: Add luks-any encryption opening option ORO@il.ibm.com
2023-02-23 17:44 ` Kevin Wolf
2023-01-29 11:31 ` [PATCH v6 3/3] block/rbd: Add support for layered encryption ORO@il.ibm.com
2023-01-30 13:16 ` [PATCH v6 0/3] " Ilya Dryomov
2023-02-22 20:13 ` Ilya Dryomov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.