qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless


From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH] blockdev: Refuse to open encrypted image unless paused
Date: Thu, 13 Mar 2014 14:25:30 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)

Fam Zheng <address@hidden> writes:

> On Wed, 03/12 18:00, Markus Armbruster wrote:
>> Opening an encrypted image takes an additional step: setting the key.
>> Between open and the key set, the image must not be used.
>> 
>> We have some protection against accidental use in place: you can't
>> unpause a guest while we're missing keys.  You can, however, hot-plug
>> block devices lacking keys into a running guest just fine, or insert
>> media lacking keys.  In the latter case, notifying the guest of the
>> insert is delayed until the key is set, which may suffice to protect
>> at least some guests in common usage.
>> 
>> This patch makes the protection apply in more cases, in a rather
>> heavy-handed way: it doesn't let you open encrypted images unless
>> we're in a paused state.
>> 
>> It doesn't extend the protection to users other than the guest (block
>> jobs?).  Use of runstate_check() from block.c is disgusting.  Best I
>> can do right now.
>> 
>> Signed-off-by: Markus Armbruster <address@hidden>
>> ---
>>  block.c                | 8 +++++++-
>>  stubs/Makefile.objs    | 1 +
>>  stubs/runstate-check.c | 6 ++++++
>>  3 files changed, 14 insertions(+), 1 deletion(-)
>>  create mode 100644 stubs/runstate-check.c
>> 
>> diff --git a/block.c b/block.c
>> index f1ef4b0..7604881 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -1388,12 +1388,18 @@ done:
>>          ret = -EINVAL;
>>          goto close_and_fail;
>>      }
>> -    QDECREF(options);
>>  
>>      if (!bdrv_key_required(bs)) {
>>          bdrv_dev_change_media_cb(bs, true);
>> +    } else if (!runstate_check(RUN_STATE_PRELAUNCH)
>> +            && !runstate_check(RUN_STATE_PAUSED)) { /* HACK */
>> +        error_setg(errp,
>> +                   "Guest must be stopped for opening of encrypted image");
>
> Changing error message here breaks qemu-iotests 087.

Crap.  I'm on vacation until Monday, just checking in to shepherd this
patch...

On *master*, "make check-block" reports

    Not run: 016 052 059 064 070 077
    Failures: 085 087
    Failed 2 of 34 tests

What am I doing wrong?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]