On 06/13/2016 05:30 AM, Daniel P. Berrange wrote: > Back in the 2.3.0 release we declared qcow[2] encryption as > deprecated, warning people that it would be removed in a future > release. >
> So the safety net is correctly preventing QEMU reading cipher > text as if it were plain text, during startup and aborting QEMU > to avoid bad usage of this data. > > For added fun this bug only happens if the encrypted qcow2 > file happens to have data written to the first cluster, > otherwise the cluster won't be allocated and so qcow2 would > not try the decryption routines at all, just return all 0's. > > That no one even noticed, let alone reported, this bug that > has shipped in 2.4.0, 2.5.0 and 2.6.0 shows that the number > of actual users of qcow2 is approximately zero. > > So rather than fix the crash, and backport it to stable > releases, just go ahead with what we have warned users about > and disable any use of qcow2 encryption in the system > emulators. qemu-img/qemu-io/qemu-nbd are still able to access > qcow2 encrypted images for the sake of data conversion. > > In the future, qcow2 will gain support for the alternative > luks format, but when this happens it'll be using the > '-object secret' infrastructure for gettings keys, which s/gettings/getting/ > avoids this problematic scenario entirely. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature