qemu/block
Daniel P. Berrange 8336aafae1 qcow2/qcow: protect against uninitialized encryption key
When a qcow[2] file is opened, if the header reports an
encryption method, this is used to set the 'crypt_method_header'
field on the BDRVQcow[2]State struct, and the 'encrypted' flag
in the BDRVState struct.

When doing I/O operations, the 'crypt_method' field on the
BDRVQcow[2]State struct is checked to determine if encryption
needs to be applied.

The crypt_method_header value is copied into crypt_method when
the bdrv_set_key() method is called.

The QEMU code which opens a block device is expected to always
do a check

   if (bdrv_is_encrypted(bs)) {
       bdrv_set_key(bs, ....key...);
   }

If code forgets to do this, then 'crypt_method' is never set
and so when I/O is performed, QEMU writes plain text data
into a sector which is expected to contain cipher text, or
when reading, will return cipher text instead of plain
text.

Change the qcow[2] code to consult bs->encrypted when deciding
whether encryption is required, and assert(s->crypt_method)
to protect against cases where the caller forgets to set the
encryption key.

Also put an assert in the set_key methods to protect against
the case where the caller sets an encryption key on a block
device that does not have encryption

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-05-22 17:08:01 +02:00
..
accounting.c block: add accounting for merged requests 2015-02-06 17:24:21 +01:00
archipelago.c block: remove superfluous '\n' around error_report/error_setg 2015-03-10 08:15:33 +03:00
backup.c block: Ensure consistent bitmap function prototypes 2015-04-28 15:36:10 +02:00
blkdebug.c blkdebug: Add bdrv_truncate() 2015-04-28 15:36:09 +02:00
blkverify.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
block-backend.c block-backend: Expose bdrv_write_zeroes() 2015-04-28 15:36:08 +02:00
bochs.c block: Use g_new() & friends to avoid multiplying sizes 2014-08-20 11:51:28 +02:00
cloop.c cloop: Handle failure for potentially large allocations 2014-08-15 15:07:15 +02:00
commit.c block: let commit blockjob run in BDS AioContext 2014-11-03 11:41:49 +00:00
curl.c block/curl: Improve type safety of s->timeout. 2014-11-03 11:41:47 +00:00
dmg.c block/dmg: improve zeroes handling 2015-02-06 17:24:21 +01:00
gluster.c block: don't convert file size to sector size 2014-09-12 15:43:06 +02:00
io.c block: get_block_status: use "else" when testing the opposite condition 2015-05-22 09:37:33 +01:00
iscsi.c block/iscsi: use the allocationmap also if cache.direct=on 2015-04-28 15:36:10 +02:00
linux-aio.c linux-aio: simplify removal of completed iocbs from the list 2014-12-12 16:57:55 +00:00
Makefile.objs block: move I/O request processing to block/io.c 2015-04-28 15:36:17 +02:00
mirror.c block/mirror: Always call block_job_sleep_ns() 2015-04-28 15:36:11 +02:00
nbd-client.c nbd: Set block size to BDRV_SECTOR_SIZE 2015-03-18 12:07:01 +01:00
nbd-client.h nbd: Set block size to BDRV_SECTOR_SIZE 2015-03-18 12:07:01 +01:00
nbd.c nbd: Fix nbd_establish_connection()'s return value 2015-03-18 12:05:38 +01:00
nfs.c block/nfs: Add create_opts 2014-12-10 10:31:19 +01:00
null.c block/null: Support reopen 2015-04-28 15:36:09 +02:00
parallels.c block/parallels: improve image writing performance further 2015-05-22 09:37:32 +01:00
qapi.c qobject: Clean up around qtype_code 2015-05-11 08:59:07 -04:00
qcow2-cache.c qcow2: style fixes in qcow2-cache.c 2015-05-22 17:08:01 +02:00
qcow2-cluster.c qcow2/qcow: protect against uninitialized encryption key 2015-05-22 17:08:01 +02:00
qcow2-refcount.c qcow2: make qcow2_cache_put() a void function 2015-05-22 17:08:01 +02:00
qcow2-snapshot.c savevm: create snapshot failed when id_str already exists 2015-04-28 15:36:08 +02:00
qcow2.c qcow2/qcow: protect against uninitialized encryption key 2015-05-22 17:08:01 +02:00
qcow2.h qcow2: make qcow2_cache_put() a void function 2015-05-22 17:08:01 +02:00
qcow.c qcow2/qcow: protect against uninitialized encryption key 2015-05-22 17:08:01 +02:00
qed-check.c block: Use g_new() & friends to avoid multiplying sizes 2014-08-20 11:51:28 +02:00
qed-cluster.c
qed-gencb.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
qed.c block: use bdrv_get_device_or_node_name() in error messages 2015-04-28 15:36:09 +02:00
qed.h qed: Really remove unused field QEDAIOCB.finished 2015-02-06 17:24:21 +01:00
quorum.c block: add bdrv_get_device_or_node_name() 2015-04-28 15:36:09 +02:00
raw_bsd.c block: Add driver methods to probe blocksizes and geometry 2015-03-10 14:02:22 +01:00
raw-aio.h linux-aio: drop return code from laio_io_unplug and ioq_submit 2014-12-12 16:57:55 +00:00
raw-posix.c block: align bounce buffers to page 2015-05-22 09:37:33 +01:00
raw-win32.c block: Remove "growable" from BDS 2015-02-16 15:07:19 +00:00
rbd.c Convert (ffs(val) - 1) to ctz32(val) 2015-04-28 15:36:08 +02:00
sheepdog.c sheepdog: fix resource leak with sd_snapshot_create 2015-05-08 14:11:10 +03:00
snapshot.c block: use bdrv_get_device_or_node_name() in error messages 2015-04-28 15:36:09 +02:00
ssh.c ssh: Don't crash if either host or path is not specified. 2014-10-03 10:30:33 +01:00
stream.c block: let stream blockjob run in BDS AioContext 2014-11-03 11:41:49 +00:00
vdi.c block: use bdrv_get_device_or_node_name() in error messages 2015-04-28 15:36:09 +02:00
vhdx-endian.c block: VHDX endian fixes 2014-08-15 15:07:14 +02:00
vhdx-log.c block: Drop some superfluous casts from void * 2014-08-20 11:51:28 +02:00
vhdx.c block: use bdrv_get_device_or_node_name() in error messages 2015-04-28 15:36:09 +02:00
vhdx.h block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec 2014-12-12 15:42:22 +00:00
vmdk.c vmdk: Fix overflow if l1_size is 0x20000000 2015-05-22 17:08:01 +02:00
vpc.c block: use bdrv_get_device_or_node_name() in error messages 2015-04-28 15:36:09 +02:00
vvfat.c block: use bdrv_get_device_or_node_name() in error messages 2015-04-28 15:36:09 +02:00
win32-aio.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
write-threshold.c block: Fix block-set-write-threshold not to use funky error class 2015-03-16 17:07:25 +01:00