From e28736d3d0b2e1a8bf4e9d0bb9c6bca8d972b043 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 29 Nov 2017 15:09:19 +0100 Subject: [PATCH 01/36] qcow2: don't permit changing encryption parameters RH-Author: Daniel P. Berrange Message-id: <20171129150920.8539-2-berrange@redhat.com> Patchwork-id: 77973 O-Subject: [RHV-7.5 qemu-kvm-rhev PATCH 1/2] qcow2: don't permit changing encryption parameters Bugzilla: 1406803 RH-Acked-by: Max Reitz RH-Acked-by: Jeffrey Cody RH-Acked-by: Kevin Wolf Currently if trying to change encryption parameters on a qcow2 image, qemu-img will abort. We already explicitly check for attempt to change encrypt.format but missed other parameters like encrypt.key-secret. Rather than list each parameter, just blacklist changing of all parameters with a 'encrypt.' prefix. Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Kevin Wolf (cherry picked from commit f66afbe26f0c093d639610d70d16d7cc3183b652) Signed-off-by: Miroslav Rezanina --- block/qcow2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/block/qcow2.c b/block/qcow2.c index b26cbbf..6e8f753 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -4044,6 +4044,9 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, error_report("Changing the encryption format is not supported"); return -ENOTSUP; } + } else if (g_str_has_prefix(desc->name, "encrypt.")) { + error_report("Changing the encryption parameters is not supported"); + return -ENOTSUP; } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) { cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE, cluster_size); -- 1.8.3.1