qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Maxim Levitsky <mlevitsk@redhat.com>
To: Max Reitz <mreitz@redhat.com>, qemu-devel@nongnu.org
Cc: "Kevin Wolf" <kwolf@redhat.com>,
	"Daniel P. Berrangé" <berrange@redhat.com>,
	qemu-block@nongnu.org, "Markus Armbruster" <armbru@redhat.com>,
	"John Snow" <jsnow@redhat.com>
Subject: Re: [PATCH v2 00/11] RFC crypto/luks: encryption key managment using amend interface
Date: Fri, 08 Nov 2019 17:07:35 +0200	[thread overview]
Message-ID: <adcb2b6e5a28573c762f8b0d73541ae12d16fc0d.camel@redhat.com> (raw)
In-Reply-To: <fb2cd2e0-2718-215f-d6af-59b64b229b4f@redhat.com>

On Fri, 2019-10-04 at 21:10 +0200, Max Reitz wrote:
> On 13.09.19 00:30, Maxim Levitsky wrote:
> > This patch series is continuation of my work to add encryption
> > key managment to luks/qcow2 with luks.
> > 
> > This is second version of this patch set.
> > The changes are mostly addressing the review feedback,
> > plus I tested (and fixed sadly) the somewhat ugly code
> > that allows to still write share a raw luks device,
> > while preveting the key managment from happening in this case,
> > as it is unsafe.
> > I added a new iotest dedicated to that as well.
> > 
> > Best regards,
> > 	Maxim Levitsky
> 
> At least for an RFC looks good from my perspective.  I didn’t look at
> the crypto things very closely (assuming Dan would do so), and I didn’t
> check the iotests in detail.  (But it definitely doesn’t look like they
> lack in breadth.  Maybe I’d like to see a test that you cannot have
> other useful nodes attached to the LUKS or qcow2 node while the
> amendment process is ongoing (because CONSISTENT_READ is unshared).  But
> that’s the only thing I can think of.)
Could you elaborate on this? 

Inside the same process several users can access that luks node at the same
time while one of them changes encryption keys, since this doesn't affect IO of the data.

Two users in same process I was *I think* told that can't do the amend in the same time
since qmp is protected with a lock. However since I use a block job (to be consistent with blockdev-create)
I wonder if several qmp amend commands couldn't race one with another. These jobs is running
on the block device AIO context (I changed this recently after a review), but stil I am not sure
there can't be a race.

And when there is access to the same image from multiple processes, I do have a test that
checks that as long as more that one process has the image open, noone can change the encryption keys
(this is only relevant for raw luks format, since for qcow2 this is forbidden anyway).

I probably missed something though.

Best regards,
	Maxim Levitsky



> 
> Max
> 




  reply	other threads:[~2019-11-08 15:21 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-12 22:30 [Qemu-devel] [PATCH v2 00/11] RFC crypto/luks: encryption key managment using amend interface Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 01/11] qcrypto: add suport for amend options Maxim Levitsky
2019-09-23 13:08   ` Eric Blake
2019-09-23 13:24     ` Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 02/11] qcrypto-luks: extend the create options for upcoming encryption key management Maxim Levitsky
2019-10-04 17:42   ` Max Reitz
2019-11-08  9:28     ` Maxim Levitsky
2019-11-08 10:48       ` Max Reitz
2019-11-08 11:48         ` Maxim Levitsky
2019-10-07  7:49   ` [Qemu-devel] " Markus Armbruster
2019-11-08  9:28     ` Maxim Levitsky
2019-10-10 13:44   ` Kevin Wolf
2019-11-08 10:04     ` Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 03/11] qcrypto-luks: implement the " Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 04/11] block: amend: add 'force' option Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 05/11] block/crypto: implement the encryption key management Maxim Levitsky
2019-10-04 18:41   ` Max Reitz
2019-11-08  9:30     ` Maxim Levitsky
2019-11-08 10:49       ` Max Reitz
2019-11-08 11:04         ` Maxim Levitsky
2019-11-08 13:12           ` Max Reitz
2019-11-08 13:20             ` Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 06/11] qcow2: implement crypto amend options Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 07/11] block: add x-blockdev-amend qmp command Maxim Levitsky
2019-10-04 18:53   ` Max Reitz
2019-11-08  9:26     ` Maxim Levitsky
2019-11-08 10:36       ` Max Reitz
2019-11-08 13:37         ` Maxim Levitsky
2019-11-08  9:27     ` Maxim Levitsky
2019-10-07  7:53   ` [Qemu-devel] " Markus Armbruster
2019-11-08 15:38     ` Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 08/11] block/crypto: implement blockdev-amend Maxim Levitsky
2019-10-07  7:58   ` Markus Armbruster
2019-11-08 15:36     ` Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 09/11] block/qcow2: " Maxim Levitsky
2019-10-04 19:03   ` Max Reitz
2019-10-07  8:04     ` Markus Armbruster
2019-11-08 15:14       ` Maxim Levitsky
2019-11-08 15:18     ` Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 10/11] iotests: filter few more luks specific create options Maxim Levitsky
2019-09-12 22:30 ` [Qemu-devel] [PATCH v2 11/11] iotests : add tests for encryption key management Maxim Levitsky
2019-10-04 19:11   ` Max Reitz
2019-11-08  9:28     ` Maxim Levitsky
2019-09-20 21:14 ` [Qemu-devel] [PATCH v2 00/11] RFC crypto/luks: encryption key managment using amend interface John Snow
2019-09-22  8:17   ` Maxim Levitsky
2019-10-07  8:05     ` Markus Armbruster
2019-11-06 16:43       ` Maxim Levitsky
2019-09-30 17:11   ` Maxim Levitsky
2019-10-04 19:10 ` Max Reitz
2019-11-08 15:07   ` Maxim Levitsky [this message]
2019-11-12 11:58     ` Max Reitz
2019-11-12 12:07       ` Maxim Levitsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=adcb2b6e5a28573c762f8b0d73541ae12d16fc0d.camel@redhat.com \
    --to=mlevitsk@redhat.com \
    --cc=armbru@redhat.com \
    --cc=berrange@redhat.com \
    --cc=jsnow@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).