Commit e6ff69bf authored by Daniel P. Berrangé's avatar Daniel P. Berrangé Committed by Kevin Wolf
Browse files

block: move encryption deprecation warning into qcow code 



For a couple of releases we have been warning

  Encrypted images are deprecated
  Support for them will be removed in a future release.
  You can use 'qemu-img convert' to convert your image to an unencrypted one.

This warning was issued by system emulators, qemu-img, qemu-nbd
and qemu-io. Such a broad warning was issued because the original
intention was to rip out all the code for dealing with encryption
inside the QEMU block layer APIs.

The new block encryption framework used for the LUKS driver does
not rely on the unloved block layer API for encryption keys,
instead using the QOM 'secret' object type. It is thus no longer
appropriate to warn about encryption unconditionally.

When the qcow/qcow2 drivers are converted to use the new encryption
framework too, it will be practical to keep AES-CBC support present
for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability
with older QEMU versions and liberation of data from existing encrypted
qcow2 files.

This change moves the warning out of the generic block code and
into the qcow/qcow2 drivers. Further, the warning is set to only
appear when running the system emulators, since qemu-img, qemu-io,
qemu-nbd are expected to support qcow2 encryption long term now that
the maint burden has been eliminated.

Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
Reviewed-by: default avatarEric Blake <eblake@redhat.com>
Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
parent 78368575

block.c

+5 −7
Original line number Diff line number Diff line
@@ -289,6 +289,11 @@ static int bdrv_is_whitelisted(BlockDriver *drv, bool read_only) 
    return 0;

}



bool bdrv_uses_whitelist(void)

{

    return use_bdrv_whitelist;

}



typedef struct CreateCo {

    BlockDriver *drv;

    char *filename;
@@ -1013,13 +1018,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file, 
        goto free_and_fail;

    }



    if (bs->encrypted) {

        error_report("Encrypted images are deprecated");

        error_printf("Support for them will be removed in a future release.\n"

                     "You can use 'qemu-img convert' to convert your image"

                     " to an unencrypted one.\n");

    }



    ret = refresh_total_sectors(bs, bs->total_sectors);

    if (ret < 0) {

        error_setg_errno(errp, -ret, "Could not refresh total sector count");

block/qcow.c

+9 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 
#include "qemu/osdep.h"

#include "qapi/error.h"

#include "qemu-common.h"

#include "qemu/error-report.h"

#include "block/block_int.h"

#include "sysemu/block-backend.h"

#include "qemu/module.h"
@@ -158,6 +159,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, 
    }

    s->crypt_method_header = header.crypt_method;

    if (s->crypt_method_header) {

        if (bdrv_uses_whitelist() &&

            s->crypt_method_header == QCOW_CRYPT_AES) {

            error_report("qcow built-in AES encryption is deprecated");

            error_printf("Support for it will be removed in a future release.\n"

                         "You can use 'qemu-img convert' to switch to an\n"

                         "unencrypted qcow image, or a LUKS raw image.\n");

        }



        bs->encrypted = 1;

    }

    s->cluster_bits = header.cluster_bits;

block/qcow2.c

+8 −0
Original line number Diff line number Diff line
@@ -965,6 +965,14 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, 
    }

    s->crypt_method_header = header.crypt_method;

    if (s->crypt_method_header) {

        if (bdrv_uses_whitelist() &&

            s->crypt_method_header == QCOW_CRYPT_AES) {

            error_report("qcow2 built-in AES encryption is deprecated");

            error_printf("Support for it will be removed in a future release.\n"

                         "You can use 'qemu-img convert' to switch to an\n"

                         "unencrypted qcow2 image, or a LUKS raw image.\n");

        }



        bs->encrypted = 1;

    }

include/block/block.h

+1 −0
Original line number Diff line number Diff line
@@ -193,6 +193,7 @@ void bdrv_io_limits_update_group(BlockDriverState *bs, const char *group); 


void bdrv_init(void);

void bdrv_init_with_whitelist(void);

bool bdrv_uses_whitelist(void);

BlockDriver *bdrv_find_protocol(const char *filename,

                                bool allow_protocol_prefix,

                                Error **errp);

tests/qemu-iotests/049.out

+0 −6
Original line number Diff line number Diff line
@@ -187,12 +187,6 @@ qemu-img create -f qcow2 -o encryption=off TEST_DIR/t.qcow2 64M 
Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16



qemu-img create -f qcow2 -o encryption=on TEST_DIR/t.qcow2 64M

qemu-img: Encrypted images are deprecated

Support for them will be removed in a future release.

You can use 'qemu-img convert' to convert your image to an unencrypted one.

qemu-img: Encrypted images are deprecated

Support for them will be removed in a future release.

You can use 'qemu-img convert' to convert your image to an unencrypted one.

Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on cluster_size=65536 lazy_refcounts=off refcount_bits=16



== Check lazy_refcounts option (only with v3) ==