On 05/12/2015 10:09 AM, Daniel P. Berrange wrote: > When a qcow[2] file is opened, if the header reports an > encryption method, this is used to set the 'crypt_method_header' > field on the BDRVQcow[2]State struct, and the 'encrypted' flag > in the BDRVState struct. > > When doing I/O operations, the 'crypt_method' field on the > BDRVQcow[2]State struct is checked to determine if encryption > needs to be applied. > > The crypt_method_header value is copied into crypt_method when > the bdrv_set_key() method is called. > > The QEMU code which opens a block device is expected to always > do a check > > if (bdrv_is_encrypted(bs)) { > bdrv_set_key(bs, ....key...); > } > > If code forgets todo this, then 'crypt_method' is never set
s/todo/to do/ > and so when I/O is performed, QEMU writes plain text data > into a sector which is expected to contain cipher text, or > when reading, will return cipher text instead of plain > text. > > Change the qcow[2] code to consult bs->encrypted when deciding > whether encryption is required, and assert(s->crypt_method) > to protect against cases where the caller forgets to set the > encryption key. > > Also put an assert in the set_key methods to protect against > the case where the caller sets an encryption key on a block > device that does not have encryption > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > block/qcow.c | 10 +++++++--- > block/qcow2-cluster.c | 3 ++- > block/qcow2.c | 18 ++++++++++++------ > 3 files changed, 21 insertions(+), 10 deletions(-) > Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature