block_crypto_read_func,
bs,
cflags,
+ 1,
errp);
if (!crypto->block) {
/* Create protocol layer */
ret = bdrv_create_file(filename, opts, errp);
if (ret < 0) {
- return ret;
+ goto fail;
}
bs = bdrv_open(filename, NULL, NULL,
}
static ImageInfoSpecific *
-block_crypto_get_specific_info_luks(BlockDriverState *bs)
+block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
{
BlockCrypto *crypto = bs->opaque;
ImageInfoSpecific *spec_info;
QCryptoBlockInfo *info;
- info = qcrypto_block_get_info(crypto->block, NULL);
+ info = qcrypto_block_get_info(crypto->block, errp);
if (!info) {
return NULL;
}
- if (info->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) {
- qapi_free_QCryptoBlockInfo(info);
- return NULL;
- }
+ assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);
spec_info = g_new(ImageInfoSpecific, 1);
spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
return spec_info;
}
-BlockDriver bdrv_crypto_luks = {
+static const char *const block_crypto_strong_runtime_opts[] = {
+ BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
+
+ NULL
+};
+
+static BlockDriver bdrv_crypto_luks = {
.format_name = "luks",
.instance_size = sizeof(BlockCrypto),
.bdrv_probe = block_crypto_probe_luks,
.bdrv_open = block_crypto_open_luks,
.bdrv_close = block_crypto_close,
- .bdrv_child_perm = bdrv_format_default_perms,
+ /* This driver doesn't modify LUKS metadata except when creating image.
+ * Allow share-rw=on as a special case. */
+ .bdrv_child_perm = bdrv_filter_default_perms,
.bdrv_co_create = block_crypto_co_create_luks,
.bdrv_co_create_opts = block_crypto_co_create_opts_luks,
.bdrv_co_truncate = block_crypto_co_truncate,
.bdrv_getlength = block_crypto_getlength,
.bdrv_get_info = block_crypto_get_info_luks,
.bdrv_get_specific_info = block_crypto_get_specific_info_luks,
+
+ .strong_runtime_opts = block_crypto_strong_runtime_opts,
};
static void block_crypto_init(void)