qemu-e2k/block
Daniel P. Berrange 8336aafae1 qcow2/qcow: protect against uninitialized encryption key
When a qcow[2] file is opened, if the header reports an
encryption method, this is used to set the 'crypt_method_header'
field on the BDRVQcow[2]State struct, and the 'encrypted' flag
in the BDRVState struct.

When doing I/O operations, the 'crypt_method' field on the
BDRVQcow[2]State struct is checked to determine if encryption
needs to be applied.

The crypt_method_header value is copied into crypt_method when
the bdrv_set_key() method is called.

The QEMU code which opens a block device is expected to always
do a check

   if (bdrv_is_encrypted(bs)) {
       bdrv_set_key(bs, ....key...);
   }

If code forgets to do this, then 'crypt_method' is never set
and so when I/O is performed, QEMU writes plain text data
into a sector which is expected to contain cipher text, or
when reading, will return cipher text instead of plain
text.

Change the qcow[2] code to consult bs->encrypted when deciding
whether encryption is required, and assert(s->crypt_method)
to protect against cases where the caller forgets to set the
encryption key.

Also put an assert in the set_key methods to protect against
the case where the caller sets an encryption key on a block
device that does not have encryption

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-05-22 17:08:01 +02:00
..
accounting.c
archipelago.c
backup.c
blkdebug.c
blkverify.c
block-backend.c
bochs.c
cloop.c
commit.c
curl.c
dmg.c
gluster.c
io.c block: get_block_status: use "else" when testing the opposite condition 2015-05-22 09:37:33 +01:00
iscsi.c
linux-aio.c
Makefile.objs block: move I/O request processing to block/io.c 2015-04-28 15:36:17 +02:00
mirror.c block/mirror: Always call block_job_sleep_ns() 2015-04-28 15:36:11 +02:00
nbd-client.c
nbd-client.h
nbd.c
nfs.c
null.c
parallels.c block/parallels: improve image writing performance further 2015-05-22 09:37:32 +01:00
qapi.c qobject: Clean up around qtype_code 2015-05-11 08:59:07 -04:00
qcow2-cache.c qcow2: style fixes in qcow2-cache.c 2015-05-22 17:08:01 +02:00
qcow2-cluster.c qcow2/qcow: protect against uninitialized encryption key 2015-05-22 17:08:01 +02:00
qcow2-refcount.c qcow2: make qcow2_cache_put() a void function 2015-05-22 17:08:01 +02:00
qcow2-snapshot.c
qcow2.c qcow2/qcow: protect against uninitialized encryption key 2015-05-22 17:08:01 +02:00
qcow2.h qcow2: make qcow2_cache_put() a void function 2015-05-22 17:08:01 +02:00
qcow.c qcow2/qcow: protect against uninitialized encryption key 2015-05-22 17:08:01 +02:00
qed-check.c
qed-cluster.c
qed-gencb.c
qed-l2-cache.c
qed-table.c
qed.c
qed.h
quorum.c
raw_bsd.c
raw-aio.h
raw-posix.c block: align bounce buffers to page 2015-05-22 09:37:33 +01:00
raw-win32.c
rbd.c
sheepdog.c sheepdog: fix resource leak with sd_snapshot_create 2015-05-08 14:11:10 +03:00
snapshot.c
ssh.c
stream.c
vdi.c
vhdx-endian.c
vhdx-log.c
vhdx.c
vhdx.h
vmdk.c vmdk: Fix overflow if l1_size is 0x20000000 2015-05-22 17:08:01 +02:00
vpc.c
vvfat.c
win32-aio.c
write-threshold.c