qemu/stubs
Markus Armbruster c3adb58fe0 blockdev: Refuse to open encrypted image unless paused
Opening an encrypted image takes an additional step: setting the key.
Between open and the key set, the image must not be used.

We have some protection against accidental use in place: you can't
unpause a guest while we're missing keys.  You can, however, hot-plug
block devices lacking keys into a running guest just fine, or insert
media lacking keys.  In the latter case, notifying the guest of the
insert is delayed until the key is set, which may suffice to protect
at least some guests in common usage.

This patch makes the protection apply in more cases, in a rather
heavy-handed way: it doesn't let you open encrypted images unless
we're in a paused state.

It doesn't extend the protection to users other than the guest (block
jobs?).  Use of runstate_check() from block.c is disgusting.  Best I
can do right now.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-14 16:24:42 +01:00
..
arch-query-cpu-def.c
clock-warp.c aio / timers: Rearrange timer.h & make legacy functions call non-legacy 2013-08-22 19:14:24 +02:00
cpu-get-clock.c
cpu-get-icount.c
cpus.c cpu: Change qemu_init_vcpu() argument to CPUState 2013-06-28 13:25:13 +02:00
dump.c dump: rebase from host-private RAMBlock offsets to guest-physical addresses 2013-08-08 11:01:46 -04:00
fd-register.c
fdset-add-fd.c
fdset-find-fd.c
fdset-get-fd.c
fdset-remove-fd.c
gdbstub.c stubs: Optimize dependencies for gdbstub.c 2014-03-02 17:13:31 +04:00
get-fd.c
get-vm-name.c
iothread-lock.c
kvm.c kvm: Introduce kvm_arch_irqchip_create 2014-02-26 17:20:00 +00:00
Makefile.objs blockdev: Refuse to open encrypted image unless paused 2014-03-14 16:24:42 +01:00
migr-blocker.c
mon-is-qmp.c
mon-print-filename.c
mon-printf.c
mon-protocol-event.c
mon-set-error.c
pci-drive-hot-add.c
qtest.c main-loop: Suppress "I/O thread spun" warnings for qtest 2014-03-13 21:36:50 +01:00
reset.c
runstate-check.c blockdev: Refuse to open encrypted image unless paused 2014-03-14 16:24:42 +01:00
set-fd-handler.c
slirp.c slirp: set mainloop timeout with more precise value 2013-09-17 12:26:05 +02:00
sysbus.c
uuid.c scsi: prefer UUID to VM name for the initiator name 2013-09-12 08:46:21 +02:00
vm-stop.c cpus: Add return value for vm_stop() 2013-07-15 09:51:38 +02:00
vmstate.c