diff options
| author | Maxim Levitsky <mlevitsk@redhat.com> | 2020-07-19 15:20:58 +0300 |
|---|---|---|
| committer | Max Reitz <mreitz@redhat.com> | 2020-07-21 10:49:02 +0200 |
| commit | 662d0c5392a272aa0357aa7205e77fa3ca89c316 (patch) | |
| tree | cb38493b9bf17459887c7a486053c52894d3ef6f /block | |
| parent | af3d69058e09bede9900f266a618ed11f76f49f3 (diff) | |
| download | qemu-662d0c5392a272aa0357aa7205e77fa3ca89c316.zip qemu-662d0c5392a272aa0357aa7205e77fa3ca89c316.tar.gz qemu-662d0c5392a272aa0357aa7205e77fa3ca89c316.tar.bz2 | |
block/crypto: disallow write sharing by default
My commit 'block/crypto: implement the encryption key management'
accidently allowed raw luks images to be shared between different
qemu processes without share-rw=on explicit override.
Fix that.
Fixes: bbfdae91fb ("block/crypto: implement the encryption key management")
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1857490
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20200719122059.59843-2-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'block')
| -rw-r--r-- | block/crypto.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block/crypto.c b/block/crypto.c index 8725c1b..0807557 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -881,7 +881,7 @@ block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, * For backward compatibility, manually share the write * and resize permission */ - *nshared |= (BLK_PERM_WRITE | BLK_PERM_RESIZE); + *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE); /* * Since we are not fully a format driver, don't always request * the read/resize permission but only when explicitly |