[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 136cd1: Describe flaws in qcow/qcow2 encrypti
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 136cd1: Describe flaws in qcow/qcow2 encryption in the doc... |
Date: |
Wed, 05 Feb 2014 09:00:07 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 136cd19d0522c03b6dccc3e344886feab6faee43
https://github.com/qemu/qemu/commit/136cd19d0522c03b6dccc3e344886feab6faee43
Author: Daniel P. Berrange <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M qemu-doc.texi
M qemu-img.texi
Log Message:
-----------
Describe flaws in qcow/qcow2 encryption in the docs
The qemu-img.texi / qemu-doc.texi files currently describe the
qcow2/qcow2 encryption thus
"Encryption uses the AES format which is very secure (128 bit
keys). Use a long password (16 characters) to get maximum
protection."
While AES is indeed a strong encryption system, the way that
QCow/QCow2 use it results in a poor/weak encryption system.
Due to the use of predictable IVs, based on the sector number
extended to 128 bits, it is vulnerable to chosen plaintext
attacks which can reveal the existence of encrypted data.
The direct use of the user passphrase as the encryption key
also leads to an inability to change the passphrase of an
image. If passphrase is ever compromised the image data will
all be vulnerable, since it cannot be re-encrypted. The admin
has to clone the image files with a new passphrase and then
use a program like shred to secure erase all the old files.
Recommend against any use of QCow/QCow2 encryption, directing
users to dm-crypt / LUKS which can meet modern cryptography
best practices.
[Changed "Qcow" to "qcow" for consistency.
--Stefan]
Signed-off-by: Daniel P. Berrange <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 55aff7f133b0eb20b2c8a2a3e1307240aab8044c
https://github.com/qemu/qemu/commit/55aff7f133b0eb20b2c8a2a3e1307240aab8044c
Author: Jeff Cody <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M block/qed.c
Log Message:
-----------
block: remove QED .bdrv_make_empty implementation
The QED .bdrv_make_empty() implementation does nothing but return
-ENOTSUP, which causes problems in bdrv_commit(). Since the function
stub exists for QED, it is called, which then always returns an error.
The proper way to not support an optional driver function stub is to
just not implement it, so let's remove the stub.
Signed-off-by: Jeff Cody <address@hidden>
Reviewed-by: Benoit Canet <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 14b4a8b9c654b625dea0f532fae5722781fd0a7d
https://github.com/qemu/qemu/commit/14b4a8b9c654b625dea0f532fae5722781fd0a7d
Author: Jeff Cody <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M block/qcow2.c
Log Message:
-----------
block: remove qcow2 .bdrv_make_empty implementation
The QCOW2 .bdrv_make_empty implementation always returns 0 for success,
but does not actually do anything.
The proper way to not support an optional driver function stub is to
just not implement it, so let's remove the stub.
Signed-off-by: Jeff Cody <address@hidden>
Reviewed-by: Benoit Canet <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: f43aa8e18ad83508c2786403e7230a584d357c8e
https://github.com/qemu/qemu/commit/f43aa8e18ad83508c2786403e7230a584d357c8e
Author: Peter Lieven <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M block/vmdk.c
Log Message:
-----------
block/vmdk: add basic .bdrv_check support
this adds a basic vmdk corruption check. it should detect severe
table corruptions and file truncation.
Signed-off-by: Peter Lieven <address@hidden>
Reviewed-by: Fam Zheng <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: fb0a078f3a84b5a609d528500eea36b69ace9b20
https://github.com/qemu/qemu/commit/fb0a078f3a84b5a609d528500eea36b69ace9b20
Author: Fam Zheng <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M tests/qemu-iotests/040
Log Message:
-----------
qemu-iotests: Drop assert_no_active_commit in case 040
It is exactly assert_no_active_block_jobs in iotests.py
Signed-off-by: Fam Zheng <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: f50159fa9b5a0ad82e30c123643ec39a1df81d9a
https://github.com/qemu/qemu/commit/f50159fa9b5a0ad82e30c123643ec39a1df81d9a
Author: Markus Armbruster <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M block/vhdx-log.c
M block/vhdx.c
Log Message:
-----------
block/vhdx: Error checking fixes
Errors are inadvertently ignored in a few places. Has always been
broken. Spotted by Coverity.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 170a60345ee84dff3114f759367badfb85680728
https://github.com/qemu/qemu/commit/170a60345ee84dff3114f759367badfb85680728
Author: Markus Armbruster <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M hw/block/dataplane/virtio-blk.c
Log Message:
-----------
dataplane: Comment fix
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 1b7650ef2f63d53cf89af25a9f323323cf2423a7
https://github.com/qemu/qemu/commit/1b7650ef2f63d53cf89af25a9f323323cf2423a7
Author: Stefan Hajnoczi <address@hidden>
Date: 2014-01-31 (Fri, 31 Jan 2014)
Changed paths:
M tests/qemu-iotests/071
Log Message:
-----------
qemu-iotests: only run 071 on qcow2
The 071 test is designed for IMGFMT=qcow2 because it uses the l2_load
blkdebug event. Its output filtering also assumes that IMGFMT is not
raw since 071.out contains "format=raw" but IMGFMT=raw would filter the
output to "format=IMGFMT".
Perhaps the test case can be rewritten to be more generic, but for now
let's document that it was only supposed to work with qcow2.
Signed-off-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Benoit Canet <address@hidden>
Commit: dc9a353cf7de78b9fae3e46410803d487fd2fc8f
https://github.com/qemu/qemu/commit/dc9a353cf7de78b9fae3e46410803d487fd2fc8f
Author: Martin Husemann <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M include/exec/softmmu_template.h
Log Message:
-----------
qemu 1.7.0 does not build on NetBSD
Do not rely on int8_t (and friends) not being preprocessor
symbols (or symbols expanding to themselves). On NetBSD (for example) the
glue(u, SDATA_TYPE) results in u__int8_t, which is undefined. There is no way
to stop cpp expanding inner macros, so just add the few lines explicitly and
get rid of the magic.
Signed-off-by: Martin Husemann <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Andreas Färber <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: 1165ae613d3482e79c56d5a05c3354b2baae6ee7
https://github.com/qemu/qemu/commit/1165ae613d3482e79c56d5a05c3354b2baae6ee7
Author: Stefan Hajnoczi <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M util/osdep.c
Log Message:
-----------
osdep: drop unused #include "trace.h"
osdep.c does not use trace_*() so we can just drop the include.
Signed-off-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Benoit Canet <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: c428c5a21ce9a9861839ee544afd10638016e3f5
https://github.com/qemu/qemu/commit/c428c5a21ce9a9861839ee544afd10638016e3f5
Author: Stefan Weil <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M hw/i386/bios-linker-loader.c
Log Message:
-----------
i386: Add missing include file for QEMU_PACKED
Instead of packing BiosLinkerLoaderEntry, an unused global variable called
QEMU_PACKED was created (detected by smatch static code analysis).
Including qemu-common.h gets the right definition and also includes some
standard include files which now can be removed here.
Cc: address@hidden
Signed-off-by: Stefan Weil <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: c6830cdb2c1053bca1e61eb242b1900489c160af
https://github.com/qemu/qemu/commit/c6830cdb2c1053bca1e61eb242b1900489c160af
Author: Richard Henderson <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M tcg/s390/tcg-target.c
Log Message:
-----------
tcg/s390: Remove sigill_handler
Commit c9baa30f42a87f61627391698f63fa4d1566d9d8 failed to
delete all of the relevant code, leading to Werrors about
unused symbols.
Signed-off-by: Richard Henderson <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: d5d1507b347b7cd6c3b82459b96f1889b29939ef
https://github.com/qemu/qemu/commit/d5d1507b347b7cd6c3b82459b96f1889b29939ef
Author: Stefan Weil <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M include/qemu/readline.h
M monitor.c
M qemu-io.c
Log Message:
-----------
readline: Add missing GCC_FMT_ATTR
This fixes a compiler warning with -Werror=missing-format-attribute
and allows improved compiler checks for variable argument lists.
Signed-off-by: Stefan Weil <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: 5eaac2f8282a066f08b5c91f43a4e2ede0e55b8c
https://github.com/qemu/qemu/commit/5eaac2f8282a066f08b5c91f43a4e2ede0e55b8c
Author: Stefan Weil <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M hw/ppc/ppc4xx_devs.c
Log Message:
-----------
hw/ppc: Remove unused defines
Signed-off-by: Stefan Weil <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: b76afd1072e02fe77e09790fbe1e831700976c5f
https://github.com/qemu/qemu/commit/b76afd1072e02fe77e09790fbe1e831700976c5f
Author: Fam Zheng <address@hidden>
Date: 2014-02-01 (Sat, 01 Feb 2014)
Changed paths:
M tests/.gitignore
Log Message:
-----------
tests/.gitignore: Ignore tests/check-qom-interface
Signed-off-by: Fam Zheng <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
Commit: e5d3df6deb664a31e6c69b36e07f1701fee7cbf5
https://github.com/qemu/qemu/commit/e5d3df6deb664a31e6c69b36e07f1701fee7cbf5
Author: Peter Maydell <address@hidden>
Date: 2014-02-05 (Wed, 05 Feb 2014)
Changed paths:
M block/qcow2.c
M block/qed.c
M block/vhdx-log.c
M block/vhdx.c
M block/vmdk.c
M hw/block/dataplane/virtio-blk.c
M qemu-doc.texi
M qemu-img.texi
M tests/qemu-iotests/040
M tests/qemu-iotests/071
Log Message:
-----------
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into
staging
Block pull request
# gpg: Signature made Fri 31 Jan 2014 21:16:43 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <address@hidden>"
# gpg: aka "Stefan Hajnoczi <address@hidden>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
qemu-iotests: only run 071 on qcow2
dataplane: Comment fix
block/vhdx: Error checking fixes
qemu-iotests: Drop assert_no_active_commit in case 040
block/vmdk: add basic .bdrv_check support
block: remove qcow2 .bdrv_make_empty implementation
block: remove QED .bdrv_make_empty implementation
Describe flaws in qcow/qcow2 encryption in the docs
Signed-off-by: Peter Maydell <address@hidden>
Commit: 31db5b3638553e616eba3391dbff88f77b8a5bc9
https://github.com/qemu/qemu/commit/31db5b3638553e616eba3391dbff88f77b8a5bc9
Author: Peter Maydell <address@hidden>
Date: 2014-02-05 (Wed, 05 Feb 2014)
Changed paths:
M hw/i386/bios-linker-loader.c
M hw/ppc/ppc4xx_devs.c
M include/exec/softmmu_template.h
M include/qemu/readline.h
M monitor.c
M qemu-io.c
M tcg/s390/tcg-target.c
M tests/.gitignore
M util/osdep.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-02-02'
into staging
trivial patches for 2014-02-02
# gpg: Signature made Sun 02 Feb 2014 16:11:37 GMT using RSA key ID 74F0C838
# gpg: Good signature from "Michael Tokarev <address@hidden>"
# gpg: aka "Michael Tokarev <address@hidden>"
# gpg: aka "Michael Tokarev <address@hidden>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: E190 8639 3B10 B51B AC2C 8B73 5253 C5AD 74F0 C838
* remotes/mjt/tags/trivial-patches-2014-02-02:
tests/.gitignore: Ignore tests/check-qom-interface
hw/ppc: Remove unused defines
readline: Add missing GCC_FMT_ATTR
tcg/s390: Remove sigill_handler
i386: Add missing include file for QEMU_PACKED
osdep: drop unused #include "trace.h"
qemu 1.7.0 does not build on NetBSD
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/2b2449f7e467...31db5b363855
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 136cd1: Describe flaws in qcow/qcow2 encryption in the doc...,
GitHub <=