From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37717) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCThW-0001ak-Pp for qemu-devel@nongnu.org; Mon, 13 Jun 2016 11:22:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCThU-0002Fd-Jd for qemu-devel@nongnu.org; Mon, 13 Jun 2016 11:22:53 -0400 References: <1465817409-26542-1-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <575ECFC3.9070407@redhat.com> Date: Mon, 13 Jun 2016 09:22:43 -0600 MIME-Version: 1.0 In-Reply-To: <1465817409-26542-1-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="JuvtpJxHk2B4lsRXM4HkQmAIEw6V82jRP" Subject: Re: [Qemu-devel] [PATCH v2] block: drop support for using qcow[2] encryption with system emulators List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Markus Armbruster , Kevin Wolf , qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JuvtpJxHk2B4lsRXM4HkQmAIEw6V82jRP Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 06/13/2016 05:30 AM, Daniel P. Berrange wrote: > Back in the 2.3.0 release we declared qcow[2] encryption as > deprecated, warning people that it would be removed in a future > release. >=20 > So the safety net is correctly preventing QEMU reading cipher > text as if it were plain text, during startup and aborting QEMU > to avoid bad usage of this data. >=20 > For added fun this bug only happens if the encrypted qcow2 > file happens to have data written to the first cluster, > otherwise the cluster won't be allocated and so qcow2 would > not try the decryption routines at all, just return all 0's. >=20 > That no one even noticed, let alone reported, this bug that > has shipped in 2.4.0, 2.5.0 and 2.6.0 shows that the number > of actual users of qcow2 is approximately zero. >=20 > So rather than fix the crash, and backport it to stable > releases, just go ahead with what we have warned users about > and disable any use of qcow2 encryption in the system > emulators. qemu-img/qemu-io/qemu-nbd are still able to access > qcow2 encrypted images for the sake of data conversion. >=20 > In the future, qcow2 will gain support for the alternative > luks format, but when this happens it'll be using the > '-object secret' infrastructure for gettings keys, which s/gettings/getting/ > avoids this problematic scenario entirely. >=20 > Signed-off-by: Daniel P. Berrange > --- Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --JuvtpJxHk2B4lsRXM4HkQmAIEw6V82jRP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXXs/DAAoJEKeha0olJ0Nq6UEH/jZX6QqWTY26V4BZ6ltmS6R3 9TLrBc+jlalqEZyfrpWkqgzDvEA7zYIIwRdvsVTrw9zp4cwqN//gpDsLRZ/RFiDF 15vjJzfdyp0wawsaZ++2qAEhN8YsRmp3A4Me91LCtBGEI3DaHkX+rLyTgllGuzX0 IPuSwMUnwW9rjM7KvbMGyCrtDZmtqvQ22syfeL1GGBNmNiX+jWYMzu3J9uzfPYPs gyALF7qPZ0a108CMnivnhjQ/A6yJMrYY2KklAXAt7ZxUDedpe4YYo05OeqQWwlPG p89bf+FukXjriD29EcUEf/KpweVlUA2i4PJZgAUYKtNxViZJ1D0TsWL8b6nwn8s= =waQk -----END PGP SIGNATURE----- --JuvtpJxHk2B4lsRXM4HkQmAIEw6V82jRP--