<feed xmlns='http://www.w3.org/2005/Atom'>
<title>qemu/crypto, branch master</title>
<subtitle>QEMU development tree</subtitle>
<id>https://git.zx2c4.com/qemu/atom/crypto?h=master</id>
<link rel='self' href='https://git.zx2c4.com/qemu/atom/crypto?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/'/>
<updated>2024-08-19T22:49:14Z</updated>
<entry>
<title>crypto/tlscredspsk: Free username on finalize</title>
<updated>2024-08-19T22:49:14Z</updated>
<author>
<name>Peter Maydell</name>
<email>peter.maydell@linaro.org</email>
</author>
<published>2024-08-19T14:50:21Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=87e012f29f2e47dcd8c385ff8bb8188f9e06d4ea'/>
<id>urn:sha1:87e012f29f2e47dcd8c385ff8bb8188f9e06d4ea</id>
<content type='text'>
When the creds-&gt;username property is set we allocate memory
for it in qcrypto_tls_creds_psk_prop_set_username(), but
we never free this when the QCryptoTLSCredsPSK is destroyed.
Free the memory in finalize.

This fixes a LeakSanitizer complaint in migration-test:

$ (cd build/asan; ASAN_OPTIONS="fast_unwind_on_malloc=0" QTEST_QEMU_BINARY=./qemu-system-x86_64 ./tests/qtest/migration-test --tap -k -p /x86_64/migration/precopy/unix/tls/psk)

=================================================================
==3867512==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 5 byte(s) in 1 object(s) allocated from:
    #0 0x5624e5c99dee in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218edee) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3)
    #1 0x7fb199ae9738 in g_malloc debian/build/deb/../../../glib/gmem.c:128:13
    #2 0x7fb199afe583 in g_strdup debian/build/deb/../../../glib/gstrfuncs.c:361:17
    #3 0x5624e82ea919 in qcrypto_tls_creds_psk_prop_set_username /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../crypto/tlscredspsk.c:255:23
    #4 0x5624e812c6b5 in property_set_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:2277:5
    #5 0x5624e8125ce5 in object_property_set /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:1463:5
    #6 0x5624e8136e7c in object_set_properties_from_qdict /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:55:14
    #7 0x5624e81372d2 in user_creatable_add_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:112:5
    #8 0x5624e8137964 in user_creatable_add_qapi /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:157:11
    #9 0x5624e891ba3c in qmp_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/qom-qmp-cmds.c:227:5
    #10 0x5624e8af9118 in qmp_marshal_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qapi/qapi-commands-qom.c:337:5
    #11 0x5624e8bd1d49 in do_qmp_dispatch_bh /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qapi/qmp-dispatch.c:128:5
    #12 0x5624e8cb2531 in aio_bh_call /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:171:5
    #13 0x5624e8cb340c in aio_bh_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:218:13
    #14 0x5624e8c0be98 in aio_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/aio-posix.c:423:5
    #15 0x5624e8cba3ce in aio_ctx_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:360:5
    #16 0x7fb199ae0d3a in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28
    #17 0x7fb199ae0d3a in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7
    #18 0x5624e8cbe1d9 in glib_pollfds_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:287:9
    #19 0x5624e8cbcb13 in os_host_main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:310:5
    #20 0x5624e8cbc6dc in main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:589:11
    #21 0x5624e6f3f917 in qemu_main_loop /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/runstate.c:801:9
    #22 0x5624e893379c in qemu_default_main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:37:14
    #23 0x5624e89337e7 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:48:12
    #24 0x7fb197972d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #25 0x7fb197972e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #26 0x5624e5c16fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3)

SUMMARY: AddressSanitizer: 5 byte(s) leaked in 1 allocation(s).

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell &lt;peter.maydell@linaro.org&gt;
Reviewed-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
Message-ID: &lt;20240819145021.38524-1-peter.maydell@linaro.org&gt;
Signed-off-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
</content>
</entry>
<entry>
<title>crypto: propagate errors from TLS session I/O callbacks</title>
<updated>2024-07-24T09:39:10Z</updated>
<author>
<name>Daniel P. Berrangé</name>
<email>berrange@redhat.com</email>
</author>
<published>2024-03-15T14:29:11Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=97f7bf113eb50fcdaf0c73aa2ee01e5355abc073'/>
<id>urn:sha1:97f7bf113eb50fcdaf0c73aa2ee01e5355abc073</id>
<content type='text'>
GNUTLS doesn't know how to perform I/O on anything other than plain
FDs, so the TLS session provides it with some I/O callbacks. The
GNUTLS API design requires these callbacks to return a unix errno
value, which means we're currently loosing the useful QEMU "Error"
object.

This changes the I/O callbacks in QEMU to stash the "Error" object
in the QCryptoTLSSession class, and fetch it when seeing an I/O
error returned from GNUTLS, thus preserving useful error messages.

Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: push error reporting into TLS session I/O APIs</title>
<updated>2024-07-24T09:39:10Z</updated>
<author>
<name>Daniel P. Berrangé</name>
<email>berrange@redhat.com</email>
</author>
<published>2024-03-15T14:07:58Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=57941c9c86357a6a642f9ee3279d881df4043b6d'/>
<id>urn:sha1:57941c9c86357a6a642f9ee3279d881df4043b6d</id>
<content type='text'>
The current TLS session I/O APIs just return a synthetic errno
value on error, which has been translated from a gnutls error
value. This looses a large amount of valuable information that
distinguishes different scenarios.

Pushing population of the "Error *errp" object into the TLS
session I/O APIs gives more detailed error information.

Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: drop gnutls debug logging support</title>
<updated>2024-07-24T09:39:10Z</updated>
<author>
<name>Daniel P. Berrangé</name>
<email>berrange@redhat.com</email>
</author>
<published>2024-03-15T13:54:52Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=305233349b471840b00068579d0ab0af50395852'/>
<id>urn:sha1:305233349b471840b00068579d0ab0af50395852</id>
<content type='text'>
GNUTLS already supports dynamically enabling its logging at runtime by
setting the env var 'GNUTLS_DEBUG_LEVEL=10', so there is no need to
re-invent this logic in QEMU in a way that requires a re-compile.

Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto/block-luks: make range overlap check more readable</title>
<updated>2024-07-23T18:30:36Z</updated>
<author>
<name>Yao Xingtao</name>
<email>yaoxt.fnst@fujitsu.com</email>
</author>
<published>2024-07-22T04:07:40Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=7cd9b9d476e729808f3c9b82a12f51a39673d5cb'/>
<id>urn:sha1:7cd9b9d476e729808f3c9b82a12f51a39673d5cb</id>
<content type='text'>
use ranges_overlap() instead of open-coding the overlap check to improve
the readability of the code.

Signed-off-by: Yao Xingtao &lt;yaoxt.fnst@fujitsu.com&gt;
Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Tested-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Reviewed-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
Message-ID: &lt;20240722040742.11513-12-yaoxt.fnst@fujitsu.com&gt;
Signed-off-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
</content>
</entry>
<entry>
<title>crypto/block: drop qcrypto_block_open() n_threads argument</title>
<updated>2024-06-10T09:05:43Z</updated>
<author>
<name>Stefan Hajnoczi</name>
<email>stefanha@redhat.com</email>
</author>
<published>2024-05-27T15:58:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=3ab0f063e58ed9224237d69c4211ca83335164c4'/>
<id>urn:sha1:3ab0f063e58ed9224237d69c4211ca83335164c4</id>
<content type='text'>
The n_threads argument is no longer used since the previous commit.
Remove it.

Signed-off-by: Stefan Hajnoczi &lt;stefanha@redhat.com&gt;
Message-ID: &lt;20240527155851.892885-3-stefanha@redhat.com&gt;
Reviewed-by: Kevin Wolf &lt;kwolf@redhat.com&gt;
Acked-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
Signed-off-by: Kevin Wolf &lt;kwolf@redhat.com&gt;
</content>
</entry>
<entry>
<title>block/crypto: create ciphers on demand</title>
<updated>2024-06-10T09:05:43Z</updated>
<author>
<name>Stefan Hajnoczi</name>
<email>stefanha@redhat.com</email>
</author>
<published>2024-05-27T15:58:50Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=af206c284e4c1b17cdfb0f17e898b288c0fc1751'/>
<id>urn:sha1:af206c284e4c1b17cdfb0f17e898b288c0fc1751</id>
<content type='text'>
Ciphers are pre-allocated by qcrypto_block_init_cipher() depending on
the given number of threads. The -device
virtio-blk-pci,iothread-vq-mapping= feature allows users to assign
multiple IOThreads to a virtio-blk device, but the association between
the virtio-blk device and the block driver happens after the block
driver is already open.

When the number of threads given to qcrypto_block_init_cipher() is
smaller than the actual number of threads at runtime, the
block-&gt;n_free_ciphers &gt; 0 assertion in qcrypto_block_pop_cipher() can
fail.

Get rid of qcrypto_block_init_cipher() n_thread's argument and allocate
ciphers on demand.

Reported-by: Qing Wang &lt;qinwang@redhat.com&gt;
Buglink: https://issues.redhat.com/browse/RHEL-36159
Signed-off-by: Stefan Hajnoczi &lt;stefanha@redhat.com&gt;
Message-ID: &lt;20240527155851.892885-2-stefanha@redhat.com&gt;
Reviewed-by: Kevin Wolf &lt;kwolf@redhat.com&gt;
Acked-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
Signed-off-by: Kevin Wolf &lt;kwolf@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: query gcrypt for cipher availability</title>
<updated>2024-03-19T20:17:12Z</updated>
<author>
<name>Daniel P. Berrangé</name>
<email>berrange@redhat.com</email>
</author>
<published>2024-03-11T12:09:25Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=e503fc55acffccac5d2755633e7a48262e8edd9b'/>
<id>urn:sha1:e503fc55acffccac5d2755633e7a48262e8edd9b</id>
<content type='text'>
Just because a cipher is defined in the gcrypt header file, does not
imply that it can be used. Distros can filter the list of ciphers when
building gcrypt. For example, RHEL-9 disables the SM4 cipher. It is
also possible that running in FIPS mode might dynamically change what
ciphers are available at runtime.

qcrypto_cipher_supports must therefore query gcrypt directly to check
for cipher availability.

Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Reviewed-by: Thomas Huth &lt;thuth@redhat.com&gt;
Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: factor out conversion of QAPI to gcrypt constants</title>
<updated>2024-03-19T20:17:12Z</updated>
<author>
<name>Daniel P. Berrangé</name>
<email>berrange@redhat.com</email>
</author>
<published>2024-03-11T12:08:22Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=eac57306d89facbcacdb814833b57a8c9ed18d62'/>
<id>urn:sha1:eac57306d89facbcacdb814833b57a8c9ed18d62</id>
<content type='text'>
The conversion of cipher mode will shortly be required in more
than one place.

Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Reviewed-by: Thomas Huth &lt;thuth@redhat.com&gt;
Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS</title>
<updated>2024-02-09T12:50:37Z</updated>
<author>
<name>Hyman Huang</name>
<email>yong.huang@smartx.com</email>
</author>
<published>2024-01-30T05:37:24Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=0bd779e27ee7c737fdaee2e52e6d1c5951375177'/>
<id>urn:sha1:0bd779e27ee7c737fdaee2e52e6d1c5951375177</id>
<content type='text'>
When querying the LUKS disk with the qemu-img tool or other APIs,
add information about whether the LUKS header is detached.

Additionally, update the test case with the appropriate
modification.

Signed-off-by: Hyman Huang &lt;yong.huang@smartx.com&gt;
Reviewed-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
</content>
</entry>
</feed>
