Re: [Qemu-devel] [PATCH 1/5] qcow2/qcow: protect against uninitialized encryption key

[Eric Blake]

On 05/12/2015 10:09 AM, Daniel P. Berrange wrote:
> When a qcow[2] file is opened, if the header reports an
> encryption method, this is used to set the 'crypt_method_header'
> field on the BDRVQcow[2]State struct, and the 'encrypted' flag
> in the BDRVState struct.
> 
> When doing I/O operations, the 'crypt_method' field on the
> BDRVQcow[2]State struct is checked to determine if encryption
> needs to be applied.
> 
> The crypt_method_header value is copied into crypt_method when
> the bdrv_set_key() method is called.
> 
> The QEMU code which opens a block device is expected to always
> do a check
> 
>    if (bdrv_is_encrypted(bs)) {
>        bdrv_set_key(bs, ....key...);
>    }
> 
> If code forgets todo this, then 'crypt_method' is never set

s/todo/to do/

> and so when I/O is performed, QEMU writes plain text data
> into a sector which is expected to contain cipher text, or
> when reading, will return cipher text instead of plain
> text.
> 
> Change the qcow[2] code to consult bs->encrypted when deciding
> whether encryption is required, and assert(s->crypt_method)
> to protect against cases where the caller forgets to set the
> encryption key.
> 
> Also put an assert in the set_key methods to protect against
> the case where the caller sets an encryption key on a block
> device that does not have encryption
> 
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
>  block/qcow.c          | 10 +++++++---
>  block/qcow2-cluster.c |  3 ++-
>  block/qcow2.c         | 18 ++++++++++++------
>  3 files changed, 21 insertions(+), 10 deletions(-)
> 

Reviewed-by: Eric Blake <address@hidden>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature