From patchwork Tue Mar 29 15:08:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin Wolf X-Patchwork-Id: 8688271 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 8905F9F36E for ; Tue, 29 Mar 2016 15:24:30 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 7FE422034B for ; Tue, 29 Mar 2016 15:24:29 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3A0C52027D for ; Tue, 29 Mar 2016 15:24:28 +0000 (UTC) Received: from localhost ([::1]:47858 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akvVL-00035v-IA for patchwork-qemu-devel@patchwork.kernel.org; Tue, 29 Mar 2016 11:24:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40123) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akvHI-0003Ye-UF for qemu-devel@nongnu.org; Tue, 29 Mar 2016 11:10:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1akvHH-0006GP-5f for qemu-devel@nongnu.org; Tue, 29 Mar 2016 11:09:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:4054) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akvH7-0006Co-Mz; Tue, 29 Mar 2016 11:09:45 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id 635598553D; Tue, 29 Mar 2016 15:09:45 +0000 (UTC) Received: from noname.redhat.com (ovpn-116-120.ams2.redhat.com [10.36.116.120]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2TF912u011786; Tue, 29 Mar 2016 11:09:43 -0400 From: Kevin Wolf To: qemu-block@nongnu.org Date: Tue, 29 Mar 2016 17:08:19 +0200 Message-Id: <1459264128-12761-20-git-send-email-kwolf@redhat.com> In-Reply-To: <1459264128-12761-1-git-send-email-kwolf@redhat.com> References: <1459264128-12761-1-git-send-email-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: kwolf@redhat.com, qemu-devel@nongnu.org Subject: [Qemu-devel] [PULL 19/48] block: move encryption deprecation warning into qcow code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: "Daniel P. Berrange" For a couple of releases we have been warning Encrypted images are deprecated Support for them will be removed in a future release. You can use 'qemu-img convert' to convert your image to an unencrypted one. This warning was issued by system emulators, qemu-img, qemu-nbd and qemu-io. Such a broad warning was issued because the original intention was to rip out all the code for dealing with encryption inside the QEMU block layer APIs. The new block encryption framework used for the LUKS driver does not rely on the unloved block layer API for encryption keys, instead using the QOM 'secret' object type. It is thus no longer appropriate to warn about encryption unconditionally. When the qcow/qcow2 drivers are converted to use the new encryption framework too, it will be practical to keep AES-CBC support present for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability with older QEMU versions and liberation of data from existing encrypted qcow2 files. This change moves the warning out of the generic block code and into the qcow/qcow2 drivers. Further, the warning is set to only appear when running the system emulators, since qemu-img, qemu-io, qemu-nbd are expected to support qcow2 encryption long term now that the maint burden has been eliminated. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake Signed-off-by: Kevin Wolf --- block.c | 12 +++++------- block/qcow.c | 9 +++++++++ block/qcow2.c | 8 ++++++++ include/block/block.h | 1 + tests/qemu-iotests/049.out | 6 ------ tests/qemu-iotests/087 | 3 ++- tests/qemu-iotests/087.out | 26 ++++++++------------------ tests/qemu-iotests/134.out | 18 ------------------ 8 files changed, 33 insertions(+), 50 deletions(-) diff --git a/block.c b/block.c index 5b9f33f..58acfda 100644 --- a/block.c +++ b/block.c @@ -288,6 +288,11 @@ static int bdrv_is_whitelisted(BlockDriver *drv, bool read_only) return 0; } +bool bdrv_uses_whitelist(void) +{ + return use_bdrv_whitelist; +} + typedef struct CreateCo { BlockDriver *drv; char *filename; @@ -1012,13 +1017,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file, goto free_and_fail; } - if (bs->encrypted) { - error_report("Encrypted images are deprecated"); - error_printf("Support for them will be removed in a future release.\n" - "You can use 'qemu-img convert' to convert your image" - " to an unencrypted one.\n"); - } - ret = refresh_total_sectors(bs, bs->total_sectors); if (ret < 0) { error_setg_errno(errp, -ret, "Could not refresh total sector count"); diff --git a/block/qcow.c b/block/qcow.c index 73cf8a7..a98d819 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -23,6 +23,7 @@ */ #include "qemu/osdep.h" #include "qemu-common.h" +#include "qemu/error-report.h" #include "block/block_int.h" #include "sysemu/block-backend.h" #include "qemu/module.h" @@ -157,6 +158,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, } s->crypt_method_header = header.crypt_method; if (s->crypt_method_header) { + if (bdrv_uses_whitelist() && + s->crypt_method_header == QCOW_CRYPT_AES) { + error_report("qcow built-in AES encryption is deprecated"); + error_printf("Support for it will be removed in a future release.\n" + "You can use 'qemu-img convert' to switch to an\n" + "unencrypted qcow image, or a LUKS raw image.\n"); + } + bs->encrypted = 1; } s->cluster_bits = header.cluster_bits; diff --git a/block/qcow2.c b/block/qcow2.c index cec5bd0..dad7322 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -965,6 +965,14 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, } s->crypt_method_header = header.crypt_method; if (s->crypt_method_header) { + if (bdrv_uses_whitelist() && + s->crypt_method_header == QCOW_CRYPT_AES) { + error_report("qcow2 built-in AES encryption is deprecated"); + error_printf("Support for it will be removed in a future release.\n" + "You can use 'qemu-img convert' to switch to an\n" + "unencrypted qcow2 image, or a LUKS raw image.\n"); + } + bs->encrypted = 1; } diff --git a/include/block/block.h b/include/block/block.h index a3e0d24..26ad002 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -193,6 +193,7 @@ void bdrv_io_limits_update_group(BlockDriverState *bs, const char *group); void bdrv_init(void); void bdrv_init_with_whitelist(void); +bool bdrv_uses_whitelist(void); BlockDriver *bdrv_find_protocol(const char *filename, bool allow_protocol_prefix, Error **errp); diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out index a2b6703..4673b67 100644 --- a/tests/qemu-iotests/049.out +++ b/tests/qemu-iotests/049.out @@ -187,12 +187,6 @@ qemu-img create -f qcow2 -o encryption=off TEST_DIR/t.qcow2 64M Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16 qemu-img create -f qcow2 -o encryption=on TEST_DIR/t.qcow2 64M -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on cluster_size=65536 lazy_refcounts=off refcount_bits=16 == Check lazy_refcounts option (only with v3) == diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index af44299..27cbebc 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -45,7 +45,8 @@ function do_run_qemu() function run_qemu() { - do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp | _filter_qemu \ + do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp \ + | _filter_qemu | _filter_imgfmt \ | sed -e 's/\("actual-size":\s*\)[0-9]\+/\1SIZE/g' } diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out index d0662f9..055c553 100644 --- a/tests/qemu-iotests/087.out +++ b/tests/qemu-iotests/087.out @@ -38,19 +38,14 @@ QMP_VERSION === Encrypted image === -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on Testing: -S QMP_VERSION {"return": {}} -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. +IMGFMT built-in AES encryption is deprecated +Support for it will be removed in a future release. +You can use 'qemu-img convert' to switch to an +unencrypted IMGFMT image, or a LUKS raw image. {"error": {"class": "GenericError", "desc": "blockdev-add doesn't support encrypted devices"}} {"return": {}} {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"} @@ -58,9 +53,10 @@ You can use 'qemu-img convert' to convert your image to an unencrypted one. Testing: QMP_VERSION {"return": {}} -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. +IMGFMT built-in AES encryption is deprecated +Support for it will be removed in a future release. +You can use 'qemu-img convert' to switch to an +unencrypted IMGFMT image, or a LUKS raw image. {"error": {"class": "GenericError", "desc": "Guest must be stopped for opening of encrypted image"}} {"return": {}} {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"} @@ -68,12 +64,6 @@ You can use 'qemu-img convert' to convert your image to an unencrypted one. === Missing driver === -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on Testing: -S QMP_VERSION diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out index a16acb8..6493704 100644 --- a/tests/qemu-iotests/134.out +++ b/tests/qemu-iotests/134.out @@ -1,43 +1,25 @@ QA output created by 134 -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. -qemu-img: Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on == reading whole image == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Disk image 'TEST_DIR/t.qcow2' is encrypted. password: read 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == rewriting whole image == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Disk image 'TEST_DIR/t.qcow2' is encrypted. password: wrote 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == verify pattern == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Disk image 'TEST_DIR/t.qcow2' is encrypted. password: read 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == verify pattern failure with wrong password == -Encrypted images are deprecated -Support for them will be removed in a future release. -You can use 'qemu-img convert' to convert your image to an unencrypted one. Disk image 'TEST_DIR/t.qcow2' is encrypted. password: Pattern verification failed at offset 0, 134217728 bytes