1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH] qcow2: don't permit changing encryption parameters

Daniel P. Berrange posted 1 patch 7 years, 12 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20171103143902.18039-1-berrange@redhat.com
Test checkpatch passed
Test docker passed
Test ppc passed
Test s390x passed
block/qcow2.c | 3 +++
1 file changed, 3 insertions(+)
[Qemu-devel] [PATCH] qcow2: don't permit changing encryption parameters
Posted by Daniel P. Berrange 7 years, 12 months ago 
Currently if trying to change encryption parameters on a qcow2 image, qemu-img
will abort. We already explicitly check for attempt to change encrypt.format
but missed other parameters like encrypt.key-secret. Rather than list each
parameter, just blacklist changing of all parameters with a 'encrypt.' prefix.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 block/qcow2.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index 92cb9f9bfa..8edf8ac3c7 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4062,6 +4062,9 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
                 error_report("Changing the encryption format is not supported");
                 return -ENOTSUP;
             }
+        } else if (g_str_has_prefix(desc->name, "encrypt.")) {
+            error_report("Changing the encryption parameters is not supported");
+            return -ENOTSUP;
         } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) {
             cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
                                              cluster_size);
-- 
2.13.6
Re: [Qemu-devel] [PATCH] qcow2: don't permit changing encryption parameters
Posted by Eric Blake 7 years, 12 months ago 
On 11/03/2017 09:39 AM, Daniel P. Berrange wrote:
> Currently if trying to change encryption parameters on a qcow2 image, qemu-img
> will abort. We already explicitly check for attempt to change encrypt.format
> but missed other parameters like encrypt.key-secret. Rather than list each
> parameter, just blacklist changing of all parameters with a 'encrypt.' prefix.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  block/qcow2.c | 3 +++
>  1 file changed, 3 insertions(+)

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org
Re: [Qemu-devel] [Qemu-block] [PATCH] qcow2: don't permit changing encryption parameters
Posted by Alberto Garcia 7 years, 11 months ago 
On Fri 03 Nov 2017 03:39:02 PM CET, Daniel P. Berrange wrote:
> Currently if trying to change encryption parameters on a qcow2 image, qemu-img
> will abort. We already explicitly check for attempt to change encrypt.format
> but missed other parameters like encrypt.key-secret. Rather than list each
> parameter, just blacklist changing of all parameters with a 'encrypt.' prefix.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Reviewed-by: Alberto Garcia <berto@igalia.com>

Berto
Re: [Qemu-devel] [PATCH] qcow2: don't permit changing encryption parameters
Posted by Kevin Wolf 7 years, 11 months ago 
Am 03.11.2017 um 15:39 hat Daniel P. Berrange geschrieben:
> Currently if trying to change encryption parameters on a qcow2 image, qemu-img
> will abort. We already explicitly check for attempt to change encrypt.format
> but missed other parameters like encrypt.key-secret. Rather than list each
> parameter, just blacklist changing of all parameters with a 'encrypt.' prefix.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Thanks, applied to the block branch.

Kevin

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.