• Markus Armbruster's avatar
    blockdev: Refuse to open encrypted image unless paused · c3adb58f
    Markus Armbruster authored
    Opening an encrypted image takes an additional step: setting the key.
    Between open and the key set, the image must not be used.
    
    We have some protection against accidental use in place: you can't
    unpause a guest while we're missing keys.  You can, however, hot-plug
    block devices lacking keys into a running guest just fine, or insert
    media lacking keys.  In the latter case, notifying the guest of the
    insert is delayed until the key is set, which may suffice to protect
    at least some guests in common usage.
    
    This patch makes the protection apply in more cases, in a rather
    heavy-handed way: it doesn't let you open encrypted images unless
    we're in a paused state.
    
    It doesn't extend the protection to users other than the guest (block
    jobs?).  Use of runstate_check() from block.c is disgusting.  Best I
    can do right now.
    Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
    Reviewed-by: default avatarEric Blake <eblake@redhat.com>
    Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
    c3adb58f
runstate-check.c 109 Bytes