aboutsummaryrefslogtreecommitdiff
path: root/tests/qemu-iotests/087
AgeCommit message (Collapse)Author
2017-07-11qcow2: add iotests to cover LUKS encryption supportDaniel P. Berrange
This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170623162419.26068-15-berrange@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-07-11qcow2: convert QCow2 to use QCryptoBlock for encryptionDaniel P. Berrange
This converts the qcow2 driver to make use of the QCryptoBlock APIs for encrypting image content, using the legacy QCow2 AES scheme. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=sec0,file=/home/berrange/encrypted.pw \ -drive file=/home/berrange/encrypted.qcow2,encrypt.key-secret=sec0 The test 087 could be simplified since there is no longer a difference in behaviour when using blockdev_add with encrypted images for the running vs stopped CPU state. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170623162419.26068-12-berrange@redhat.com Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-05-11iotests: 087: Don't attach test image twiceFam Zheng
The test scenario doesn't require the same image, instead it focuses on the duplicated node-name, so use null-co to avoid locking conflict. Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-24block: Remove "options" indirection from blockdev-addKevin Wolf
Now that QAPI supports boxed types, we can have unions at the top level of a command, so let's put our real options directly there for blockdev-add instead of having a single "options" dict that contains the real arguments. blockdev-add is still experimental and we already made substantial changes to the API recently, so we're free to make changes like this one, too. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-09-29block/qapi: Move 'aio' option to file driverKevin Wolf
The option whether or not to use a native AIO interface really isn't a generic option for all drivers, but only applies to the native file protocols. This patch moves the option in blockdev-add to the appropriate places (raw-posix and raw-win32). We still have to keep the flag BDRV_O_NATIVE_AIO for compatibility because so far the AIO option was usually specified on the wrong layer (the top-level format driver, which didn't even look at it) and then inherited by the protocol driver (where it was actually used). We can't forbid this use except in new interfaces. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-09-23qemu-iotests/087: Avoid blockdev-add with idKevin Wolf
We want to remove the 'id' option for blockdev-add. This removes one user of the option and makes it use only node names. The test cases that test conflicts between the 'id' option to blockdev-add and existing block devices or the 'node-name' of the same command can be removed because it won't be possible to specify this at the end of the series. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-04-15qemu-iotests: tests: do not set unused tmp variableSascha Silbe
The previous commit removed the last usage of ${tmp} inside the tests themselves; the only remaining users are sourced by check. So we can now drop this variable from the tests. Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com> Message-id: 1460472980-26319-4-git-send-email-silbe@linux.vnet.ibm.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-03-30block: move encryption deprecation warning into qcow codeDaniel P. Berrange
For a couple of releases we have been warning Encrypted images are deprecated Support for them will be removed in a future release. You can use 'qemu-img convert' to convert your image to an unencrypted one. This warning was issued by system emulators, qemu-img, qemu-nbd and qemu-io. Such a broad warning was issued because the original intention was to rip out all the code for dealing with encryption inside the QEMU block layer APIs. The new block encryption framework used for the LUKS driver does not rely on the unloved block layer API for encryption keys, instead using the QOM 'secret' object type. It is thus no longer appropriate to warn about encryption unconditionally. When the qcow/qcow2 drivers are converted to use the new encryption framework too, it will be practical to keep AES-CBC support present for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability with older QEMU versions and liberation of data from existing encrypted qcow2 files. This change moves the warning out of the generic block code and into the qcow/qcow2 drivers. Further, the warning is set to only appear when running the system emulators, since qemu-img, qemu-io, qemu-nbd are expected to support qcow2 encryption long term now that the maint burden has been eliminated. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-10-23blockdev: Allow creation of BDS trees without BBMax Reitz
If the "id" field is missing from the options given to blockdev-add, just omit the BlockBackend and create the BlockDriverState tree alone. However, if "id" is missing, "node-name" must be specified; otherwise, the BDS tree would no longer be accessible. Many BDS options which are not parsed by bdrv_open() (like caching) cannot be specified for these BB-less BDS trees yet. A future patch will remove this limitation. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-13iotests: Filter out "I/O thread spun..." warningMax Reitz
Filter out the "main loop: WARNING: I/O thread spun for..." warning from qemu output (it hardly matters for code specifically testing I/O). Furthermore, use _filter_qemu in all the custom functions which run qemu. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-09-26qemu-iotests: Test missing "driver" key for blockdev-addFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-04-22qemu-iotests: Check common namespace for id and node-nameKevin Wolf
A name that is taken by an ID can't be taken by a node-name at the same time. Check that conflicts are correctly detected. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com>
2014-04-22block: Catch duplicate IDs in bdrv_new()Kevin Wolf
Since commit f298d071, block devices added with blockdev-add don't have a QemuOpts around in dinfo->opts. Consequently, we can't rely any more on QemuOpts catching duplicate IDs for block devices. This patch adds a new check for duplicate IDs to bdrv_new(), and moves the existing check that the ID isn't already taken for a node-name there as well. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-03-14blockdev: Refuse to open encrypted image unless pausedMarkus Armbruster
Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used. We have some protection against accidental use in place: you can't unpause a guest while we're missing keys. You can, however, hot-plug block devices lacking keys into a running guest just fine, or insert media lacking keys. In the latter case, notifying the guest of the insert is delayed until the key is set, which may suffice to protect at least some guests in common usage. This patch makes the protection apply in more cases, in a rather heavy-handed way: it doesn't let you open encrypted images unless we're in a paused state. It doesn't extend the protection to users other than the guest (block jobs?). Use of runstate_check() from block.c is disgusting. Best I can do right now. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-06qemu-iotests: Test a few blockdev-add error casesKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>