From patchwork Mon Feb 15 16:10:59 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 8316651 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 1ADAE9F372 for ; Mon, 15 Feb 2016 16:28:38 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3CE0A20361 for ; Mon, 15 Feb 2016 16:28:37 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2DBBC200F3 for ; Mon, 15 Feb 2016 16:28:36 +0000 (UTC) Received: from localhost ([::1]:33773 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVM0p-0004qS-Bi for patchwork-qemu-devel@patchwork.kernel.org; Mon, 15 Feb 2016 11:28:35 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36015) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVLkf-0004tC-Ql for qemu-devel@nongnu.org; Mon, 15 Feb 2016 11:12:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aVLke-0006df-AG for qemu-devel@nongnu.org; Mon, 15 Feb 2016 11:11:53 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35547) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVLke-0006dZ-3c for qemu-devel@nongnu.org; Mon, 15 Feb 2016 11:11:52 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id D309FC09FAAE for ; Mon, 15 Feb 2016 16:11:51 +0000 (UTC) Received: from t530wlan.home.berrange.com.com (dhcp-1-180.lcy.redhat.com [10.32.224.180]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u1FGBJgY017130; Mon, 15 Feb 2016 11:11:50 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Mon, 15 Feb 2016 16:10:59 +0000 Message-Id: <1455552659-14000-27-git-send-email-berrange@redhat.com> In-Reply-To: <1455552659-14000-1-git-send-email-berrange@redhat.com> References: <1455552659-14000-1-git-send-email-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: Fam Zheng Subject: [Qemu-devel] [PATCH v3 26/26] block: remove support for legecy AES qcow/qcow2 encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Refuse to use images with the legacy AES-CBC encryption format in the system emulators. They are still fully supported in the qemu-img, qemu-io & qemu-nbd tools in order to allow data to be liberated and for compatibility with older QEMU versions. Continued support in these tools is not a notable burden with the new FDE framework. Signed-off-by: Daniel P. Berrange --- block.c | 12 +++++------- block/qcow.c | 8 ++++++++ block/qcow2.c | 8 ++++++++ include/block/block.h | 1 + tests/qemu-iotests/049.out | 3 --- tests/qemu-iotests/087.out | 12 ------------ tests/qemu-iotests/134.out | 12 ------------ 7 files changed, 22 insertions(+), 34 deletions(-) diff --git a/block.c b/block.c index c291f1a..039b75f 100644 --- a/block.c +++ b/block.c @@ -313,6 +313,11 @@ static int bdrv_is_whitelisted(BlockDriver *drv, bool read_only) return 0; } +bool bdrv_uses_whitelist(void) +{ + return use_bdrv_whitelist; +} + typedef struct CreateCo { BlockDriver *drv; char *filename; @@ -1023,13 +1028,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file, goto free_and_fail; } - if (bs->encrypted) { - error_report("Encrypted images are deprecated"); - error_printf("Support for them will be removed in a future release.\n" - "You can use 'qemu-img convert' to convert your image" - " to an unencrypted one.\n"); - } - ret = refresh_total_sectors(bs, bs->total_sectors); if (ret < 0) { error_setg_errno(errp, -ret, "Could not refresh total sector count"); diff --git a/block/qcow.c b/block/qcow.c index 988078f..d7be1b2 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -181,6 +181,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, s->crypt_method_header = header.crypt_method; if (s->crypt_method_header) { if (s->crypt_method_header == QCOW_CRYPT_AES) { + if (bdrv_uses_whitelist()) { + error_setg(errp, + "Use of AES-CBC encrypted qcow images is no longer " + "supported. Please use the qcow2 LUKS format instead."); + ret = -ENOSYS; + goto fail; + } + ov = opts_visitor_new(opts); crypto_opts = g_new0(QCryptoBlockOpenOptions, 1); diff --git a/block/qcow2.c b/block/qcow2.c index 1f8ea9b..8ed7f47 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1203,6 +1203,14 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, s->crypt_method_header = header.crypt_method; if (s->crypt_method_header) { + if (bdrv_uses_whitelist() && + s->crypt_method_header == QCOW_CRYPT_AES) { + error_setg(errp, + "Use of AES-CBC encrypted qcow2 images is no longer " + "supported. Please use the qcow2 LUKS format instead."); + ret = -ENOSYS; + goto fail; + } bs->encrypted = 1; } diff --git a/include/block/block.h b/include/block/block.h index 7d7f126..46950b8 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -191,6 +191,7 @@ void bdrv_io_limits_update_group(BlockDriverState *bs, const char *group); void bdrv_init(void); void bdrv_init_with_whitelist(void); +bool bdrv_uses_whitelist(void); BlockDriver *bdrv_find_protocol(const char *filename, bool allow_protocol_prefix, Error **errp); diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out index c9f0bc5..e0bedc0 100644 --- a/tests/qemu-iotests/049.out +++ b/tests/qemu-iotests/049.out @@ -187,9 +187,6 @@ qemu-img create -f qcow2 -o encryption=off TEST_DIR/t.qcow2 64M Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16 qemu-img create -f qcow2 --object secret,id=sec0,data=123456 -o encryption=on,key-secret=sec0 TEST_DIR/t.qcow2 64M -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on cluster_size=65536 lazy_refcounts=off refcount_bits=16 key-secret=sec0 == Check lazy_refcounts option (only with v3) == diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out index 6582dda..b8842d5 100644 --- a/tests/qemu-iotests/087.out +++ b/tests/qemu-iotests/087.out @@ -38,17 +38,11 @@ QMP_VERSION === Encrypted image === -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on key-secret=sec0 Testing: -S QMP_VERSION {"return": {}} {"return": {}} -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. {"return": {}} {"return": {}} {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"} @@ -57,9 +51,6 @@ Testing: QMP_VERSION {"return": {}} {"return": {}} -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. {"return": {}} {"return": {}} {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"} @@ -67,9 +58,6 @@ You can use 'qemu-img convert' to convert your image to an unencrypted one. === Missing driver === -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on key-secret=sec0 Testing: -S QMP_VERSION diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out index 30e3f58..db58c8d 100644 --- a/tests/qemu-iotests/134.out +++ b/tests/qemu-iotests/134.out @@ -1,27 +1,15 @@ QA output created by 134 -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on key-secret=sec0 == reading whole image == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. read 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == rewriting whole image == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. wrote 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == verify pattern == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. read 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)