Re: [Qemu-devel] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: Alberto Garcia <berto@igalia.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
	Max Reitz <mreitz@redhat.com>, Kevin Wolf <kwolf@redhat.com>,
	Eric Blake <eblake@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption
Date: Mon, 24 Apr 2017 17:50:37 +0100	[thread overview]
Message-ID: <20170424165037.GB453@redhat.com> (raw)
In-Reply-To: <w51mvdfbrj1.fsf@maestria.local.igalia.com>

On Tue, Feb 21, 2017 at 02:30:10PM +0100, Alberto Garcia wrote:
> On Tue 21 Feb 2017 12:55:05 PM CET, Daniel P. Berrange wrote:
> > +    switch (s->crypt_method_header) {
> > +    case QCOW_CRYPT_NONE:
> > +        break;
> > +
> > +    case QCOW_CRYPT_AES:
> > +        r->crypto_opts = block_crypto_open_opts_init(
> > +            Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp);
> > +        break;
> > +
> > +    default:
> > +        error_setg(errp, "Unsupported encryption method %d",
> > +                   s->crypt_method_header);
> > +        break;
> > +    }
> > +    if (s->crypt_method_header && !r->crypto_opts) {
> > +        ret = -EINVAL;
> > +        goto fail;
> > +    }
> 
> This last condition relies on the assumption that QCOW_CRYPT_NONE == 0.
> 
> I think it's safe to assume that its value is never going to change and
> therefore this isn't too important, but I'm just pointing it out in case
> you want to make it explicit.

Yeah, I'll make it explicit to be kinder to future reviewers :-)

> 
> > @@ -1122,6 +1145,24 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
> >          goto fail;
> >      }
> >  
> > +    if (s->crypt_method_header == QCOW_CRYPT_AES) {
> > +        unsigned int cflags = 0;
> > +        if (flags & BDRV_O_NO_IO) {
> > +            cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> > +        }
> > +        /* TODO how do we pass the same crypto opts down to the
> > +         * backing file by default, so we don't have to manually
> > +         * provide the same key-secret property against the full
> > +         * backing chain
> > +         */
> > +        s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
> > +                                       cflags, errp);
> > +        if (!s->crypto) {
> > +            ret = -EINVAL;
> > +            goto fail;
> > +        }
> > +    }
> 
> Actually this has the same problem that I mentioned for patch 9: if
> qcow2_open() fails then s->crypto is leaked.

Yep, and the crypto_opts actually


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

next prev parent reply	other threads:[~2017-04-24 16:50 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-21 11:54 [Qemu-devel] [PATCH v5 00/18] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-02-22 15:18   ` Kevin Wolf
2017-02-22 15:49     ` Daniel P. Berrange
2017-02-22 18:28       ` Eric Blake
2017-02-23 10:28         ` Kevin Wolf
2017-02-23 10:37           ` Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 07/18] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-02-22 23:46   ` Eric Blake
2017-03-07 15:44     ` Eric Blake
2017-03-07 15:45       ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-23 12:38   ` Kevin Wolf
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-21 13:19   ` Alberto Garcia
2017-04-24 16:38     ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-21 13:30   ` Alberto Garcia
2017-04-24 16:50     ` Daniel P. Berrange [this message]
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-02-21 13:33   ` Alberto Garcia
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-02-21 14:13   ` Alberto Garcia
2017-04-24 16:52     ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-02-21 14:20   ` Alberto Garcia
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-02-21 14:28   ` Alberto Garcia
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
2017-02-21 15:01   ` Alberto Garcia

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170424165037.GB453@redhat.com \
    --to=berrange@redhat.com \
    --cc=berto@igalia.com \
    --cc=eblake@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).