[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/5] qcow2/qcow: protect against uninitialized e
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 1/5] qcow2/qcow: protect against uninitialized encryption key |
Date: |
Tue, 12 May 2015 12:06:17 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
On 05/12/2015 10:09 AM, Daniel P. Berrange wrote:
> When a qcow[2] file is opened, if the header reports an
> encryption method, this is used to set the 'crypt_method_header'
> field on the BDRVQcow[2]State struct, and the 'encrypted' flag
> in the BDRVState struct.
>
> When doing I/O operations, the 'crypt_method' field on the
> BDRVQcow[2]State struct is checked to determine if encryption
> needs to be applied.
>
> The crypt_method_header value is copied into crypt_method when
> the bdrv_set_key() method is called.
>
> The QEMU code which opens a block device is expected to always
> do a check
>
> if (bdrv_is_encrypted(bs)) {
> bdrv_set_key(bs, ....key...);
> }
>
> If code forgets todo this, then 'crypt_method' is never set
s/todo/to do/
> and so when I/O is performed, QEMU writes plain text data
> into a sector which is expected to contain cipher text, or
> when reading, will return cipher text instead of plain
> text.
>
> Change the qcow[2] code to consult bs->encrypted when deciding
> whether encryption is required, and assert(s->crypt_method)
> to protect against cases where the caller forgets to set the
> encryption key.
>
> Also put an assert in the set_key methods to protect against
> the case where the caller sets an encryption key on a block
> device that does not have encryption
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> block/qcow.c | 10 +++++++---
> block/qcow2-cluster.c | 3 ++-
> block/qcow2.c | 18 ++++++++++++------
> 3 files changed, 21 insertions(+), 10 deletions(-)
>
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
[Qemu-devel] [PATCH 4/5] qemu-io: prompt for encryption keys when required, Daniel P. Berrange, 2015/05/12