Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-14 Thread Markus Armbruster
Fam Zheng f...@redhat.com writes: On Thu, 03/13 14:25, Markus Armbruster wrote: Fam Zheng f...@redhat.com writes: On Wed, 03/12 18:00, Markus Armbruster wrote: Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used.

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-14 Thread Markus Armbruster
Paolo Bonzini pbonz...@redhat.com writes: Il 13/03/2014 16:00, Markus Armbruster ha scritto: Paolo Bonzini pbonz...@redhat.com writes: Il 13/03/2014 14:18, Markus Armbruster ha scritto: Paolo Bonzini pbonz...@redhat.com writes: Il 12/03/2014 18:00, Markus Armbruster ha scritto: +}

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Fam Zheng
On Wed, 03/12 18:00, Markus Armbruster wrote: Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used. We have some protection against accidental use in place: you can't unpause a guest while we're missing keys. You can,

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Paolo Bonzini
Il 12/03/2014 18:00, Markus Armbruster ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH) + !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ Why not if (runstate_is_running())? Paolo +error_setg(errp, + Guest must be stopped for opening of

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Markus Armbruster
Paolo Bonzini pbonz...@redhat.com writes: Il 12/03/2014 18:00, Markus Armbruster ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH) + !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ Why not if (runstate_is_running())? The predicate actually wanted here is monitor

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Markus Armbruster
Fam Zheng f...@redhat.com writes: On Wed, 03/12 18:00, Markus Armbruster wrote: Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used. We have some protection against accidental use in place: you can't unpause a guest

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Eric Blake
On 03/13/2014 04:43 AM, Paolo Bonzini wrote: Il 12/03/2014 18:00, Markus Armbruster ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH) + !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ Why not if (runstate_is_running())? Because that lacks PRELAUNCH, but PRELAUNCH

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Paolo Bonzini
Il 13/03/2014 14:27, Eric Blake ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH) + !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ Why not if (runstate_is_running())? Because that lacks PRELAUNCH, but PRELAUNCH also needs the protection. Nope, PRELAUNCH does

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Paolo Bonzini
Il 13/03/2014 14:18, Markus Armbruster ha scritto: Paolo Bonzini pbonz...@redhat.com writes: Il 12/03/2014 18:00, Markus Armbruster ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH) + !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ Why not if

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Paolo Bonzini
Il 13/03/2014 16:00, Markus Armbruster ha scritto: Paolo Bonzini pbonz...@redhat.com writes: Il 13/03/2014 14:18, Markus Armbruster ha scritto: Paolo Bonzini pbonz...@redhat.com writes: Il 12/03/2014 18:00, Markus Armbruster ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH)

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Markus Armbruster
Paolo Bonzini pbonz...@redhat.com writes: Il 13/03/2014 14:18, Markus Armbruster ha scritto: Paolo Bonzini pbonz...@redhat.com writes: Il 12/03/2014 18:00, Markus Armbruster ha scritto: +} else if (!runstate_check(RUN_STATE_PRELAUNCH) + !runstate_check(RUN_STATE_PAUSED)) {

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-13 Thread Fam Zheng
On Thu, 03/13 14:25, Markus Armbruster wrote: Fam Zheng f...@redhat.com writes: On Wed, 03/12 18:00, Markus Armbruster wrote: Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used. We have some protection

[Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-12 Thread Markus Armbruster
Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used. We have some protection against accidental use in place: you can't unpause a guest while we're missing keys. You can, however, hot-plug block devices lacking keys into

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused

2014-03-12 Thread Eric Blake
On 03/12/2014 11:00 AM, Markus Armbruster wrote: Opening an encrypted image takes an additional step: setting the key. Between open and the key set, the image must not be used. We have some protection against accidental use in place: you can't unpause a guest while we're missing keys. You