On 05/12/2015 10:09 AM, Daniel P. Berrange wrote:
> When a qcow[2] file is opened, if the header reports an
> encryption method, this is used to set the 'crypt_method_header'
> field on the BDRVQcow[2]State struct, and the 'encrypted' flag
> in the BDRVState struct.
>
> When doing I/O operations, the 'crypt_method' field on the
> BDRVQcow[2]State struct is checked to determine if encryption
> needs to be applied.
>
> The crypt_method_header value is copied into crypt_method when
> the bdrv_set_key() method is called.
>
> The QEMU code which opens a block device is expected to always
> do a check
>
> if (bdrv_is_encrypted(bs)) {
> bdrv_set_key(bs, ....key...);
> }
>
> If code forgets todo this, then 'crypt_method' is never sets/todo/to do/ > and so when I/O is performed, QEMU writes plain text data > into a sector which is expected to contain cipher text, or > when reading, will return cipher text instead of plain > text. > > Change the qcow[2] code to consult bs->encrypted when deciding > whether encryption is required, and assert(s->crypt_method) > to protect against cases where the caller forgets to set the > encryption key. > > Also put an assert in the set_key methods to protect against > the case where the caller sets an encryption key on a block > device that does not have encryption > > Signed-off-by: Daniel P. Berrange <[email protected]> > --- > block/qcow.c | 10 +++++++--- > block/qcow2-cluster.c | 3 ++- > block/qcow2.c | 18 ++++++++++++------ > 3 files changed, 21 insertions(+), 10 deletions(-) > Reviewed-by: Eric Blake <[email protected]> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
