From b67e353863deec6b7fbbc728773180a8533e9e48 Mon Sep 17 00:00:00 2001 From: "Denis V. Lunev via" Date: Tue, 30 Apr 2024 19:02:13 +0200 Subject: [PATCH 1/8] block: drop force_dup parameter of raw_reconfigure_getfd() Since commit 72373e40fbc, this parameter is always passed as 'false' from the caller. Signed-off-by: Denis V. Lunev CC: Andrey Zhadchenko CC: Kevin Wolf CC: Hanna Reitz Message-ID: <20240430170213.148558-1-den@openvz.org> Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- block/file-posix.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/block/file-posix.c b/block/file-posix.c index 35684f7e21..5c46938936 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -1039,8 +1039,7 @@ static int fcntl_setfl(int fd, int flag) } static int raw_reconfigure_getfd(BlockDriverState *bs, int flags, - int *open_flags, uint64_t perm, bool force_dup, - Error **errp) + int *open_flags, uint64_t perm, Error **errp) { BDRVRawState *s = bs->opaque; int fd = -1; @@ -1068,7 +1067,7 @@ static int raw_reconfigure_getfd(BlockDriverState *bs, int flags, assert((s->open_flags & O_ASYNC) == 0); #endif - if (!force_dup && *open_flags == s->open_flags) { + if (*open_flags == s->open_flags) { /* We're lucky, the existing fd is fine */ return s->fd; } @@ -3748,8 +3747,7 @@ static int raw_check_perm(BlockDriverState *bs, uint64_t perm, uint64_t shared, int ret; /* We may need a new fd if auto-read-only switches the mode */ - ret = raw_reconfigure_getfd(bs, input_flags, &open_flags, perm, - false, errp); + ret = raw_reconfigure_getfd(bs, input_flags, &open_flags, perm, errp); if (ret < 0) { return ret; } else if (ret != s->fd) { From 719c6819ed9a9838520fa732f9861918dc693bda Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Mon, 6 May 2024 15:06:21 -0400 Subject: [PATCH 2/8] Revert "monitor: use aio_co_reschedule_self()" Commit 1f25c172f837 ("monitor: use aio_co_reschedule_self()") was a code cleanup that uses aio_co_reschedule_self() instead of open coding coroutine rescheduling. Bug RHEL-34618 was reported and Kevin Wolf identified the root cause. I missed that aio_co_reschedule_self() -> qemu_get_current_aio_context() only knows about qemu_aio_context/IOThread AioContexts and not about iohandler_ctx. It does not function correctly when going back from the iohandler_ctx to qemu_aio_context. Go back to open coding the AioContext transitions to avoid this bug. This reverts commit 1f25c172f83704e350c0829438d832384084a74d. Cc: qemu-stable@nongnu.org Buglink: https://issues.redhat.com/browse/RHEL-34618 Signed-off-by: Stefan Hajnoczi Message-ID: <20240506190622.56095-2-stefanha@redhat.com> Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- qapi/qmp-dispatch.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c index f3488afeef..176b549473 100644 --- a/qapi/qmp-dispatch.c +++ b/qapi/qmp-dispatch.c @@ -212,7 +212,8 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ * executing the command handler so that it can make progress if it * involves an AIO_WAIT_WHILE(). */ - aio_co_reschedule_self(qemu_get_aio_context()); + aio_co_schedule(qemu_get_aio_context(), qemu_coroutine_self()); + qemu_coroutine_yield(); } monitor_set_cur(qemu_coroutine_self(), cur_mon); @@ -226,7 +227,9 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ * Move back to iohandler_ctx so that nested event loops for * qemu_aio_context don't start new monitor commands. */ - aio_co_reschedule_self(iohandler_get_aio_context()); + aio_co_schedule(iohandler_get_aio_context(), + qemu_coroutine_self()); + qemu_coroutine_yield(); } } else { /* From e669e800fc9ef8806af5c5578249ab758a4f8a5a Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Mon, 6 May 2024 15:06:22 -0400 Subject: [PATCH 3/8] aio: warn about iohandler_ctx special casing The main loop has two AioContexts: qemu_aio_context and iohandler_ctx. The main loop runs them both, but nested aio_poll() calls on qemu_aio_context exclude iohandler_ctx. Which one should qemu_get_current_aio_context() return when called from the main loop? Document that it's always qemu_aio_context. This has subtle effects on functions that use qemu_get_current_aio_context(). For example, aio_co_reschedule_self() does not work when moving from iohandler_ctx to qemu_aio_context because qemu_get_current_aio_context() does not differentiate these two AioContexts. Document this in order to reduce the chance of future bugs. Signed-off-by: Stefan Hajnoczi Message-ID: <20240506190622.56095-3-stefanha@redhat.com> Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- include/block/aio.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/block/aio.h b/include/block/aio.h index 8378553eb9..4ee81936ed 100644 --- a/include/block/aio.h +++ b/include/block/aio.h @@ -629,6 +629,9 @@ void aio_co_schedule(AioContext *ctx, Coroutine *co); * * Move the currently running coroutine to new_ctx. If the coroutine is already * running in new_ctx, do nothing. + * + * Note that this function cannot reschedule from iohandler_ctx to + * qemu_aio_context. */ void coroutine_fn aio_co_reschedule_self(AioContext *new_ctx); @@ -661,6 +664,9 @@ void aio_co_enter(AioContext *ctx, Coroutine *co); * If called from an IOThread this will be the IOThread's AioContext. If * called from the main thread or with the "big QEMU lock" taken it * will be the main loop AioContext. + * + * Note that the return value is never the main loop's iohandler_ctx and the + * return value is the main loop AioContext instead. */ AioContext *qemu_get_current_aio_context(void); From 365911b182017f05122b88a574477ff945ae91ab Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 7 May 2024 14:05:58 -0400 Subject: [PATCH 4/8] qemu-io: add cvtnum() error handling for zone commands cvtnum() parses positive int64_t values and returns a negative errno on failure. Print errors and return early when cvtnum() fails. While we're at it, also reject nr_zones values greater or equal to 2^32 since they cannot be represented. Reported-by: Peter Maydell Cc: Sam Li Signed-off-by: Stefan Hajnoczi Message-ID: <20240507180558.377233-1-stefanha@redhat.com> Reviewed-by: Sam Li Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- qemu-io-cmds.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c index f5d7202a13..e2fab57183 100644 --- a/qemu-io-cmds.c +++ b/qemu-io-cmds.c @@ -1739,12 +1739,26 @@ static int zone_report_f(BlockBackend *blk, int argc, char **argv) { int ret; int64_t offset; + int64_t val; unsigned int nr_zones; ++optind; offset = cvtnum(argv[optind]); + if (offset < 0) { + print_cvtnum_err(offset, argv[optind]); + return offset; + } ++optind; - nr_zones = cvtnum(argv[optind]); + val = cvtnum(argv[optind]); + if (val < 0) { + print_cvtnum_err(val, argv[optind]); + return val; + } + if (val > UINT_MAX) { + printf("Number of zones must be less than 2^32\n"); + return -ERANGE; + } + nr_zones = val; g_autofree BlockZoneDescriptor *zones = NULL; zones = g_new(BlockZoneDescriptor, nr_zones); @@ -1780,8 +1794,16 @@ static int zone_open_f(BlockBackend *blk, int argc, char **argv) int64_t offset, len; ++optind; offset = cvtnum(argv[optind]); + if (offset < 0) { + print_cvtnum_err(offset, argv[optind]); + return offset; + } ++optind; len = cvtnum(argv[optind]); + if (len < 0) { + print_cvtnum_err(len, argv[optind]); + return len; + } ret = blk_zone_mgmt(blk, BLK_ZO_OPEN, offset, len); if (ret < 0) { printf("zone open failed: %s\n", strerror(-ret)); @@ -1805,8 +1827,16 @@ static int zone_close_f(BlockBackend *blk, int argc, char **argv) int64_t offset, len; ++optind; offset = cvtnum(argv[optind]); + if (offset < 0) { + print_cvtnum_err(offset, argv[optind]); + return offset; + } ++optind; len = cvtnum(argv[optind]); + if (len < 0) { + print_cvtnum_err(len, argv[optind]); + return len; + } ret = blk_zone_mgmt(blk, BLK_ZO_CLOSE, offset, len); if (ret < 0) { printf("zone close failed: %s\n", strerror(-ret)); @@ -1830,8 +1860,16 @@ static int zone_finish_f(BlockBackend *blk, int argc, char **argv) int64_t offset, len; ++optind; offset = cvtnum(argv[optind]); + if (offset < 0) { + print_cvtnum_err(offset, argv[optind]); + return offset; + } ++optind; len = cvtnum(argv[optind]); + if (len < 0) { + print_cvtnum_err(len, argv[optind]); + return len; + } ret = blk_zone_mgmt(blk, BLK_ZO_FINISH, offset, len); if (ret < 0) { printf("zone finish failed: %s\n", strerror(-ret)); @@ -1855,8 +1893,16 @@ static int zone_reset_f(BlockBackend *blk, int argc, char **argv) int64_t offset, len; ++optind; offset = cvtnum(argv[optind]); + if (offset < 0) { + print_cvtnum_err(offset, argv[optind]); + return offset; + } ++optind; len = cvtnum(argv[optind]); + if (len < 0) { + print_cvtnum_err(len, argv[optind]); + return len; + } ret = blk_zone_mgmt(blk, BLK_ZO_RESET, offset, len); if (ret < 0) { printf("zone reset failed: %s\n", strerror(-ret)); From 10b1e09ed3c40baf9fe074e0c70a7a3b783839ff Mon Sep 17 00:00:00 2001 From: Fiona Ebner Date: Mon, 29 Apr 2024 16:19:34 +0200 Subject: [PATCH 5/8] block/copy-before-write: use uint64_t for timeout in nanoseconds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rather than the uint32_t for which the maximum is slightly more than 4 seconds and larger values would overflow. The QAPI interface allows specifying the number of seconds, so only values 0 to 4 are safe right now, other values lead to a much lower timeout than a user expects. The block_copy() call where this is used already takes a uint64_t for the timeout, so no change required there. Fixes: 6db7fd1ca9 ("block/copy-before-write: implement cbw-timeout option") Reported-by: Friedrich Weber Signed-off-by: Fiona Ebner Message-ID: <20240429141934.442154-1-f.ebner@proxmox.com> Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- block/copy-before-write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/copy-before-write.c b/block/copy-before-write.c index cd65524e26..853e01a1eb 100644 --- a/block/copy-before-write.c +++ b/block/copy-before-write.c @@ -43,7 +43,7 @@ typedef struct BDRVCopyBeforeWriteState { BlockCopyState *bcs; BdrvChild *target; OnCbwError on_cbw_error; - uint32_t cbw_timeout_ns; + uint64_t cbw_timeout_ns; bool discard_source; /* From 24687abf237e3c15816d689a8e4b08d7c3190dcb Mon Sep 17 00:00:00 2001 From: Prasad Pandit Date: Thu, 25 Apr 2024 12:34:12 +0530 Subject: [PATCH 6/8] linux-aio: add IO_CMD_FDSYNC command support Libaio defines IO_CMD_FDSYNC command to sync all outstanding asynchronous I/O operations, by flushing out file data to the disk storage. Enable linux-aio to submit such aio request. When using aio=native without fdsync() support, QEMU creates pthreads, and destroying these pthreads results in TLB flushes. In a real-time guest environment, TLB flushes cause a latency spike. This patch helps to avoid such spikes. Reviewed-by: Stefan Hajnoczi Signed-off-by: Prasad Pandit Message-ID: <20240425070412.37248-1-ppandit@redhat.com> Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- block/file-posix.c | 9 +++++++++ block/linux-aio.c | 21 ++++++++++++++++++++- include/block/raw-aio.h | 1 + 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/block/file-posix.c b/block/file-posix.c index 5c46938936..be25e35ff6 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -159,6 +159,7 @@ typedef struct BDRVRawState { bool has_discard:1; bool has_write_zeroes:1; bool use_linux_aio:1; + bool has_laio_fdsync:1; bool use_linux_io_uring:1; int page_cache_inconsistent; /* errno from fdatasync failure */ bool has_fallocate; @@ -718,6 +719,9 @@ static int raw_open_common(BlockDriverState *bs, QDict *options, ret = -EINVAL; goto fail; } + if (s->use_linux_aio) { + s->has_laio_fdsync = laio_has_fdsync(s->fd); + } #else if (s->use_linux_aio) { error_setg(errp, "aio=native was specified, but is not supported " @@ -2598,6 +2602,11 @@ static int coroutine_fn raw_co_flush_to_disk(BlockDriverState *bs) if (raw_check_linux_io_uring(s)) { return luring_co_submit(bs, s->fd, 0, NULL, QEMU_AIO_FLUSH); } +#endif +#ifdef CONFIG_LINUX_AIO + if (s->has_laio_fdsync && raw_check_linux_aio(s)) { + return laio_co_submit(s->fd, 0, NULL, QEMU_AIO_FLUSH, 0); + } #endif return raw_thread_pool_submit(handle_aiocb_flush, &acb); } diff --git a/block/linux-aio.c b/block/linux-aio.c index ec05d946f3..e3b5ec9aba 100644 --- a/block/linux-aio.c +++ b/block/linux-aio.c @@ -384,6 +384,9 @@ static int laio_do_submit(int fd, struct qemu_laiocb *laiocb, off_t offset, case QEMU_AIO_READ: io_prep_preadv(iocbs, fd, qiov->iov, qiov->niov, offset); break; + case QEMU_AIO_FLUSH: + io_prep_fdsync(iocbs, fd); + break; /* Currently Linux kernel does not support other operations */ default: fprintf(stderr, "%s: invalid AIO request type 0x%x.\n", @@ -412,7 +415,7 @@ int coroutine_fn laio_co_submit(int fd, uint64_t offset, QEMUIOVector *qiov, AioContext *ctx = qemu_get_current_aio_context(); struct qemu_laiocb laiocb = { .co = qemu_coroutine_self(), - .nbytes = qiov->size, + .nbytes = qiov ? qiov->size : 0, .ctx = aio_get_linux_aio(ctx), .ret = -EINPROGRESS, .is_read = (type == QEMU_AIO_READ), @@ -486,3 +489,19 @@ void laio_cleanup(LinuxAioState *s) } g_free(s); } + +bool laio_has_fdsync(int fd) +{ + struct iocb cb; + struct iocb *cbs[] = {&cb, NULL}; + + io_context_t ctx = 0; + io_setup(1, &ctx); + + /* check if host kernel supports IO_CMD_FDSYNC */ + io_prep_fdsync(&cb, fd); + int ret = io_submit(ctx, 1, cbs); + + io_destroy(ctx); + return (ret == -EINVAL) ? false : true; +} diff --git a/include/block/raw-aio.h b/include/block/raw-aio.h index 20e000b8ef..626706827f 100644 --- a/include/block/raw-aio.h +++ b/include/block/raw-aio.h @@ -60,6 +60,7 @@ void laio_cleanup(LinuxAioState *s); int coroutine_fn laio_co_submit(int fd, uint64_t offset, QEMUIOVector *qiov, int type, uint64_t dev_max_batch); +bool laio_has_fdsync(int); void laio_detach_aio_context(LinuxAioState *s, AioContext *old_context); void laio_attach_aio_context(LinuxAioState *s, AioContext *new_context); #endif From af206c284e4c1b17cdfb0f17e898b288c0fc1751 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Mon, 27 May 2024 11:58:50 -0400 Subject: [PATCH 7/8] block/crypto: create ciphers on demand MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ciphers are pre-allocated by qcrypto_block_init_cipher() depending on the given number of threads. The -device virtio-blk-pci,iothread-vq-mapping= feature allows users to assign multiple IOThreads to a virtio-blk device, but the association between the virtio-blk device and the block driver happens after the block driver is already open. When the number of threads given to qcrypto_block_init_cipher() is smaller than the actual number of threads at runtime, the block->n_free_ciphers > 0 assertion in qcrypto_block_pop_cipher() can fail. Get rid of qcrypto_block_init_cipher() n_thread's argument and allocate ciphers on demand. Reported-by: Qing Wang Buglink: https://issues.redhat.com/browse/RHEL-36159 Signed-off-by: Stefan Hajnoczi Message-ID: <20240527155851.892885-2-stefanha@redhat.com> Reviewed-by: Kevin Wolf Acked-by: Daniel P. Berrangé Signed-off-by: Kevin Wolf --- crypto/block-luks.c | 3 +- crypto/block-qcow.c | 2 +- crypto/block.c | 111 ++++++++++++++++++++++++++------------------ crypto/blockpriv.h | 12 +++-- 4 files changed, 78 insertions(+), 50 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 3ee928fb5a..3357852c0a 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1262,7 +1262,6 @@ qcrypto_block_luks_open(QCryptoBlock *block, luks->cipher_mode, masterkey, luks->header.master_key_len, - n_threads, errp) < 0) { goto fail; } @@ -1456,7 +1455,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, /* Setup the block device payload encryption objects */ if (qcrypto_block_init_cipher(block, luks_opts.cipher_alg, luks_opts.cipher_mode, masterkey, - luks->header.master_key_len, 1, errp) < 0) { + luks->header.master_key_len, errp) < 0) { goto error; } diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index 4d7cf36a8f..02305058e3 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -75,7 +75,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block, ret = qcrypto_block_init_cipher(block, QCRYPTO_CIPHER_ALG_AES_128, QCRYPTO_CIPHER_MODE_CBC, keybuf, G_N_ELEMENTS(keybuf), - n_threads, errp); + errp); if (ret < 0) { ret = -ENOTSUP; goto fail; diff --git a/crypto/block.c b/crypto/block.c index 506ea1d1a3..ba6d1cebc7 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -20,6 +20,7 @@ #include "qemu/osdep.h" #include "qapi/error.h" +#include "qemu/lockable.h" #include "blockpriv.h" #include "block-qcow.h" #include "block-luks.h" @@ -57,6 +58,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, { QCryptoBlock *block = g_new0(QCryptoBlock, 1); + qemu_mutex_init(&block->mutex); + block->format = options->format; if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) || @@ -76,8 +79,6 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, return NULL; } - qemu_mutex_init(&block->mutex); - return block; } @@ -92,6 +93,8 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, { QCryptoBlock *block = g_new0(QCryptoBlock, 1); + qemu_mutex_init(&block->mutex); + block->format = options->format; if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) || @@ -111,8 +114,6 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, return NULL; } - qemu_mutex_init(&block->mutex); - return block; } @@ -227,37 +228,42 @@ QCryptoCipher *qcrypto_block_get_cipher(QCryptoBlock *block) * This function is used only in test with one thread (it's safe to skip * pop/push interface), so it's enough to assert it here: */ - assert(block->n_ciphers <= 1); - return block->ciphers ? block->ciphers[0] : NULL; + assert(block->max_free_ciphers <= 1); + return block->free_ciphers ? block->free_ciphers[0] : NULL; } -static QCryptoCipher *qcrypto_block_pop_cipher(QCryptoBlock *block) +static QCryptoCipher *qcrypto_block_pop_cipher(QCryptoBlock *block, + Error **errp) { - QCryptoCipher *cipher; + /* Usually there is a free cipher available */ + WITH_QEMU_LOCK_GUARD(&block->mutex) { + if (block->n_free_ciphers > 0) { + block->n_free_ciphers--; + return block->free_ciphers[block->n_free_ciphers]; + } + } - qemu_mutex_lock(&block->mutex); - - assert(block->n_free_ciphers > 0); - block->n_free_ciphers--; - cipher = block->ciphers[block->n_free_ciphers]; - - qemu_mutex_unlock(&block->mutex); - - return cipher; + /* Otherwise allocate a new cipher */ + return qcrypto_cipher_new(block->alg, block->mode, block->key, + block->nkey, errp); } static void qcrypto_block_push_cipher(QCryptoBlock *block, QCryptoCipher *cipher) { - qemu_mutex_lock(&block->mutex); + QEMU_LOCK_GUARD(&block->mutex); - assert(block->n_free_ciphers < block->n_ciphers); - block->ciphers[block->n_free_ciphers] = cipher; + if (block->n_free_ciphers == block->max_free_ciphers) { + block->max_free_ciphers++; + block->free_ciphers = g_renew(QCryptoCipher *, + block->free_ciphers, + block->max_free_ciphers); + } + + block->free_ciphers[block->n_free_ciphers] = cipher; block->n_free_ciphers++; - - qemu_mutex_unlock(&block->mutex); } @@ -265,24 +271,31 @@ int qcrypto_block_init_cipher(QCryptoBlock *block, QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, size_t nkey, - size_t n_threads, Error **errp) + Error **errp) { - size_t i; + QCryptoCipher *cipher; - assert(!block->ciphers && !block->n_ciphers && !block->n_free_ciphers); + assert(!block->free_ciphers && !block->max_free_ciphers && + !block->n_free_ciphers); - block->ciphers = g_new0(QCryptoCipher *, n_threads); + /* Stash away cipher parameters for qcrypto_block_pop_cipher() */ + block->alg = alg; + block->mode = mode; + block->key = g_memdup2(key, nkey); + block->nkey = nkey; - for (i = 0; i < n_threads; i++) { - block->ciphers[i] = qcrypto_cipher_new(alg, mode, key, nkey, errp); - if (!block->ciphers[i]) { - qcrypto_block_free_cipher(block); - return -1; - } - block->n_ciphers++; - block->n_free_ciphers++; + /* + * Create a new cipher to validate the parameters now. This reduces the + * chance of cipher creation failing at I/O time. + */ + cipher = qcrypto_block_pop_cipher(block, errp); + if (!cipher) { + g_free(block->key); + block->key = NULL; + return -1; } + qcrypto_block_push_cipher(block, cipher); return 0; } @@ -291,19 +304,23 @@ void qcrypto_block_free_cipher(QCryptoBlock *block) { size_t i; - if (!block->ciphers) { + g_free(block->key); + block->key = NULL; + + if (!block->free_ciphers) { return; } - assert(block->n_ciphers == block->n_free_ciphers); + /* All popped ciphers were eventually pushed back */ + assert(block->n_free_ciphers == block->max_free_ciphers); - for (i = 0; i < block->n_ciphers; i++) { - qcrypto_cipher_free(block->ciphers[i]); + for (i = 0; i < block->max_free_ciphers; i++) { + qcrypto_cipher_free(block->free_ciphers[i]); } - g_free(block->ciphers); - block->ciphers = NULL; - block->n_ciphers = block->n_free_ciphers = 0; + g_free(block->free_ciphers); + block->free_ciphers = NULL; + block->max_free_ciphers = block->n_free_ciphers = 0; } QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block) @@ -311,7 +328,7 @@ QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block) /* ivgen should be accessed under mutex. However, this function is used only * in test with one thread, so it's enough to assert it here: */ - assert(block->n_ciphers <= 1); + assert(block->max_free_ciphers <= 1); return block->ivgen; } @@ -446,7 +463,10 @@ int qcrypto_block_decrypt_helper(QCryptoBlock *block, Error **errp) { int ret; - QCryptoCipher *cipher = qcrypto_block_pop_cipher(block); + QCryptoCipher *cipher = qcrypto_block_pop_cipher(block, errp); + if (!cipher) { + return -1; + } ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen, &block->mutex, sectorsize, offset, buf, @@ -465,7 +485,10 @@ int qcrypto_block_encrypt_helper(QCryptoBlock *block, Error **errp) { int ret; - QCryptoCipher *cipher = qcrypto_block_pop_cipher(block); + QCryptoCipher *cipher = qcrypto_block_pop_cipher(block, errp); + if (!cipher) { + return -1; + } ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen, &block->mutex, sectorsize, offset, buf, diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 836f3b4726..4bf6043d5d 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -32,8 +32,14 @@ struct QCryptoBlock { const QCryptoBlockDriver *driver; void *opaque; - QCryptoCipher **ciphers; - size_t n_ciphers; + /* Cipher parameters */ + QCryptoCipherAlgorithm alg; + QCryptoCipherMode mode; + uint8_t *key; + size_t nkey; + + QCryptoCipher **free_ciphers; + size_t max_free_ciphers; size_t n_free_ciphers; QCryptoIVGen *ivgen; QemuMutex mutex; @@ -130,7 +136,7 @@ int qcrypto_block_init_cipher(QCryptoBlock *block, QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, size_t nkey, - size_t n_threads, Error **errp); + Error **errp); void qcrypto_block_free_cipher(QCryptoBlock *block); From 3ab0f063e58ed9224237d69c4211ca83335164c4 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Mon, 27 May 2024 11:58:51 -0400 Subject: [PATCH 8/8] crypto/block: drop qcrypto_block_open() n_threads argument MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The n_threads argument is no longer used since the previous commit. Remove it. Signed-off-by: Stefan Hajnoczi Message-ID: <20240527155851.892885-3-stefanha@redhat.com> Reviewed-by: Kevin Wolf Acked-by: Daniel P. Berrangé Signed-off-by: Kevin Wolf --- block/crypto.c | 1 - block/qcow.c | 2 +- block/qcow2.c | 5 ++--- crypto/block-luks.c | 1 - crypto/block-qcow.c | 6 ++---- crypto/block.c | 3 +-- crypto/blockpriv.h | 1 - include/crypto/block.h | 2 -- tests/unit/test-crypto-block.c | 4 ---- 9 files changed, 6 insertions(+), 19 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 21eed909c1..4eed3ffa6a 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -363,7 +363,6 @@ static int block_crypto_open_generic(QCryptoBlockFormat format, block_crypto_read_func, bs, cflags, - 1, errp); if (!crypto->block) { diff --git a/block/qcow.c b/block/qcow.c index ca8e1d5ec8..c2f89db055 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -211,7 +211,7 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; } s->crypto = qcrypto_block_open(crypto_opts, "encrypt.", - NULL, NULL, cflags, 1, errp); + NULL, NULL, cflags, errp); if (!s->crypto) { ret = -EINVAL; goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index 956128b409..10883a2494 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -321,7 +321,7 @@ qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset, } s->crypto = qcrypto_block_open(s->crypto_opts, "encrypt.", qcow2_crypto_hdr_read_func, - bs, cflags, QCOW2_MAX_THREADS, errp); + bs, cflags, errp); if (!s->crypto) { return -EINVAL; } @@ -1701,8 +1701,7 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags, cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; } s->crypto = qcrypto_block_open(s->crypto_opts, "encrypt.", - NULL, NULL, cflags, - QCOW2_MAX_THREADS, errp); + NULL, NULL, cflags, errp); if (!s->crypto) { ret = -EINVAL; goto fail; diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 3357852c0a..5b777c15d3 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1189,7 +1189,6 @@ qcrypto_block_luks_open(QCryptoBlock *block, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, - size_t n_threads, Error **errp) { QCryptoBlockLUKS *luks = NULL; diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index 02305058e3..42e9556e42 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -44,7 +44,6 @@ qcrypto_block_qcow_has_format(const uint8_t *buf G_GNUC_UNUSED, static int qcrypto_block_qcow_init(QCryptoBlock *block, const char *keysecret, - size_t n_threads, Error **errp) { char *password; @@ -100,7 +99,6 @@ qcrypto_block_qcow_open(QCryptoBlock *block, QCryptoBlockReadFunc readfunc G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED, unsigned int flags, - size_t n_threads, Error **errp) { if (flags & QCRYPTO_BLOCK_OPEN_NO_IO) { @@ -115,7 +113,7 @@ qcrypto_block_qcow_open(QCryptoBlock *block, return -1; } return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, - n_threads, errp); + errp); } } @@ -135,7 +133,7 @@ qcrypto_block_qcow_create(QCryptoBlock *block, return -1; } /* QCow2 has no special header, since everything is hardwired */ - return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, 1, errp); + return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, errp); } diff --git a/crypto/block.c b/crypto/block.c index ba6d1cebc7..3bcc4270c3 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -53,7 +53,6 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, - size_t n_threads, Error **errp) { QCryptoBlock *block = g_new0(QCryptoBlock, 1); @@ -73,7 +72,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, block->driver = qcrypto_block_drivers[options->format]; if (block->driver->open(block, options, optprefix, - readfunc, opaque, flags, n_threads, errp) < 0) + readfunc, opaque, flags, errp) < 0) { g_free(block); return NULL; diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 4bf6043d5d..b8f77cb5eb 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -59,7 +59,6 @@ struct QCryptoBlockDriver { QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, - size_t n_threads, Error **errp); int (*create)(QCryptoBlock *block, diff --git a/include/crypto/block.h b/include/crypto/block.h index 92e823c9f2..5b5d039800 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -76,7 +76,6 @@ typedef enum { * @readfunc: callback for reading data from the volume * @opaque: data to pass to @readfunc * @flags: bitmask of QCryptoBlockOpenFlags values - * @n_threads: allow concurrent I/O from up to @n_threads threads * @errp: pointer to a NULL-initialized error object * * Create a new block encryption object for an existing @@ -113,7 +112,6 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, - size_t n_threads, Error **errp); typedef enum { diff --git a/tests/unit/test-crypto-block.c b/tests/unit/test-crypto-block.c index 6cfc817a92..42cfab6067 100644 --- a/tests/unit/test-crypto-block.c +++ b/tests/unit/test-crypto-block.c @@ -303,7 +303,6 @@ static void test_block(gconstpointer opaque) test_block_read_func, &header, 0, - 1, NULL); g_assert(blk == NULL); @@ -312,7 +311,6 @@ static void test_block(gconstpointer opaque) test_block_read_func, &header, QCRYPTO_BLOCK_OPEN_NO_IO, - 1, &error_abort); g_assert(qcrypto_block_get_cipher(blk) == NULL); @@ -327,7 +325,6 @@ static void test_block(gconstpointer opaque) test_block_read_func, &header, 0, - 1, &error_abort); g_assert(blk); @@ -384,7 +381,6 @@ test_luks_bad_header(gconstpointer data) test_block_read_func, &buf, 0, - 1, &err); g_assert(!blk); g_assert(err);