From nobody Mon Feb  9 00:53:51 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1529535697060391.5231351600488;
 Wed, 20 Jun 2018 16:01:37 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id BA19780F7C;
	Wed, 20 Jun 2018 23:01:35 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 75B3E10018FF;
	Wed, 20 Jun 2018 23:01:35 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1CEC91800537;
	Wed, 20 Jun 2018 23:01:35 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
	[10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w5KN1QUW019861 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 20 Jun 2018 19:01:26 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 9BB0496131; Wed, 20 Jun 2018 23:01:26 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com
	[10.3.116.14])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5CD4F86EF0
	for <libvir-list@redhat.com>; Wed, 20 Jun 2018 23:01:26 +0000 (UTC)
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Wed, 20 Jun 2018 19:01:14 -0400
Message-Id: <20180620230119.6276-6-jferlan@redhat.com>
In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com>
References: <20180620230119.6276-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 05/10] storage: Disallow create/resize of qcow2
	encrypted images
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Wed, 20 Jun 2018 23:01:36 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.redhat.com/show_bug.cgi?id=3D1526382

Since commit c4eedd793 disallowed qcow2 encrypted images to be
used for domains, it no longer makes sense to allow a qcow2
encrypted volume to be created or resized.

Add a test that will exhibit the failure of creation as well
as the xml2xml validation of the format still being correct.

Update the documentation to note the removal of the capability
to create and use qcow/default encrypted volumes.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 docs/formatsecret.html.in                          | 22 +++++++--------
 docs/formatstorageencryption.html.in               | 29 +++++-------------=
--
 src/storage/storage_util.c                         | 22 +++++++++++++--
 tests/storagevolxml2argvtest.c                     |  4 +++
 tests/storagevolxml2xmlin/vol-qcow2-encryption.xml | 31 ++++++++++++++++++=
++++
 .../storagevolxml2xmlout/vol-qcow2-encryption.xml  | 31 ++++++++++++++++++=
++++
 tests/storagevolxml2xmltest.c                      |  1 +
 7 files changed, 104 insertions(+), 36 deletions(-)
 create mode 100644 tests/storagevolxml2xmlin/vol-qcow2-encryption.xml
 create mode 100644 tests/storagevolxml2xmlout/vol-qcow2-encryption.xml

diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 155b7c35de..defbe71731 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -51,7 +51,7 @@
=20
     <p>
       This secret is associated with a volume, whether the format is either
-      for a "qcow" or a "luks" encrypted volume. Each volume will have a
+      for a "luks" encrypted volume. Each volume will have a
       unique secret associated with it and it is safe to delete the
       secret after the volume is deleted. The
       <code>&lt;usage type=3D'volume'&gt;</code> element must contain a
@@ -83,16 +83,6 @@ Secret value set
 #
     </pre>
=20
-    <p>
-      The volume type secret can be supplied in domain XML for a qcow stor=
age
-      volume <a href=3D"formatstorageencryption.html">encryption</a> as fo=
llows:
-    </p>
-    <pre>
-&lt;encryption format=3D'qcow'&gt;
-  &lt;secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
d6f'/&gt;
-&lt;/encryption&gt;
-    </pre>
-
     <p>
       The volume type secret can be supplied either in volume XML during
       creation of a <a href=3D"formatstorage.html#StorageVol">storage volu=
me</a>
@@ -120,6 +110,16 @@ Secret value set
 #
     </pre>
=20
+    <p>
+      The volume type secret can be supplied in domain XML for a luks stor=
age
+      volume <a href=3D"formatstorageencryption.html">encryption</a> as fo=
llows:
+    </p>
+    <pre>
+&lt;encryption format=3D'luks'&gt;
+  &lt;secret type=3D'passphrase' uuid=3D'f52a81b2-424e-490c-823d-6bd4235bc=
57'/&gt;
+&lt;/encryption&gt;
+    </pre>
+
     <h3><a id=3D"CephUsageType">Usage type "ceph"</a></h3>
     <p>
       This secret is associated with a Ceph RBD (rados block device).
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 434bdb609e..ea80a87cfb 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -39,22 +39,14 @@
       specified <code>uuid</code>.
     </p>
     <h3><a id=3D"StorageEncryptionDefault">"default" format</a></h3>
-    <p>
-      <code>&lt;encryption format=3D"default"/&gt;</code> can be specified=
 only
-      when creating a qcow volume.  If the volume is successfully created,=
 the
-      encryption formats, parameters and secrets will be auto-generated by
-      libvirt and the attached <code>encryption</code> tag will be updated.
-      The unmodified contents of the <code>encryption</code> tag can be us=
ed
-      in later operations with the volume, or when setting up a domain that
-      uses the volume.
-    </p>
     <h3><a id=3D"StorageEncryptionQcow">"qcow" format</a></h3>
     <p>
-      The <code>qcow</code> format specifies that the built-in encryption
-      support in <code>qcow</code>- or <code>qcow2</code>-formatted volume
-      images should be used.  A single
-      <code>&lt;secret type=3D'passphrase'&gt;</code> element is expected.=
  Note
-      that this encryption is inherently broken and should not be used any=
 more.
+      <span class=3D"since">Since 4.5.0,</span> encryption formats
+      <code>default</code> and <code>qcow</code> may no longer be used
+      to create an encrypted volume. Usage of qcow encrypted volumes
+      in QEMU began phasing out in QEMU 2.3 and by QEMU 2.9 creation
+      of a qcow encrypted volume via qemu-img required usage of secret
+      objects, but that support was not added to libvirt.
     </p>
     <h3><a id=3D"StorageEncryptionLuks">"luks" format</a></h3>
     <p>
@@ -121,15 +113,6 @@
=20
     <h2><a id=3D"example">Examples</a></h2>
=20
-    <p>
-      Here is a simple example, specifying use of the <code>qcow</code> fo=
rmat:
-    </p>
-
-    <pre>
-&lt;encryption format=3D'qcow'&gt;
-   &lt;secret type=3D'passphrase' uuid=3D'c1f11a6d-8c5d-4a3e-ac7a-4e171c5e=
0d4a' /&gt;
-&lt;/encryption&gt;</pre>
-
     <p>
       Assuming a <a href=3D"formatsecret.html#VolumeUsageType">
       <code>luks volume type secret</code></a> is already defined,
diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c
index 90cadb9d13..6b02bb2e9a 100644
--- a/src/storage/storage_util.c
+++ b/src/storage/storage_util.c
@@ -1214,6 +1214,15 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorageP=
oolObjPtr pool,
=20
     virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, NULL);
=20
+    if (enc && (enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW ||
+                enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) =
&&
+        (vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW ||
+         vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW2)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("creation of qcow2 encrypted image is not support=
ed"));
+        goto error;
+    }
+
     if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol, &info) =
< 0)
         goto error;
=20
@@ -1232,8 +1241,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo=
olObjPtr pool,
     if (info.backingPath)
         virCommandAddArgList(cmd, "-b", info.backingPath, NULL);
=20
-    if (info.format =3D=3D VIR_STORAGE_FILE_RAW && enc &&
-        enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+    if (enc) {
         if (!info.secretPath) {
             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                            _("path to secret data file is required"));
@@ -2354,6 +2362,16 @@ storageBackendResizeQemuImg(virStoragePoolObjPtr poo=
l,
     const char *type;
     char *secretPath =3D NULL;
     char *secretAlias =3D NULL;
+    virStorageEncryptionPtr enc =3D vol->target.encryption;
+
+    if (enc && (enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW ||
+                enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) =
&&
+        (vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW ||
+         vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW2)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("resize of qcow2 encrypted image is not supported=
"));
+        return -1;
+    }
=20
     img_tool =3D virFindFileInPath("qemu-img");
     if (!img_tool) {
diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c
index b8afe4abcc..d7f5c0f51e 100644
--- a/tests/storagevolxml2argvtest.c
+++ b/tests/storagevolxml2argvtest.c
@@ -232,6 +232,10 @@ mymain(void)
             "pool-dir", "vol-file-iso",
             "iso-input", 0);
=20
+    DO_TEST_FAIL("pool-dir", "vol-qcow2-encryption",
+                 NULL, NULL,
+                 "qcow2-encryption", 0);
+
     DO_TEST("pool-dir", "vol-luks",
             NULL, NULL,
             "luks", 0);
diff --git a/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml b/tests/sto=
ragevolxml2xmlin/vol-qcow2-encryption.xml
new file mode 100644
index 0000000000..49a7de33d3
--- /dev/null
+++ b/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml
@@ -0,0 +1,31 @@
+<volume>
+  <name>OtherDemo.img</name>
+  <key>/var/lib/libvirt/images/OtherDemo.img</key>
+  <source>
+  </source>
+  <capacity unit=3D"G">5</capacity>
+  <allocation>294912</allocation>
+  <target>
+    <path>/var/lib/libvirt/images/OtherDemo.img</path>
+    <format type=3D'qcow2'/>
+    <permissions>
+      <mode>0644</mode>
+      <owner>0</owner>
+      <group>0</group>
+      <label>unconfined_u:object_r:virt_image_t:s0</label>
+    </permissions>
+    <encryption format=3D'qcow'>
+      <secret type=3D'passphrase' uuid=3D'e78d4b51-a2af-485f-b0f5-afca709a=
80f4'/>
+    </encryption>
+  </target>
+  <backingStore>
+    <path>/dev/null</path>
+    <format type=3D'raw'/>
+    <permissions>
+      <mode>0644</mode>
+      <owner>0</owner>
+      <group>0</group>
+      <label>unconfined_u:object_r:virt_image_t:s0</label>
+    </permissions>
+  </backingStore>
+</volume>
diff --git a/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml b/tests/st=
oragevolxml2xmlout/vol-qcow2-encryption.xml
new file mode 100644
index 0000000000..31dc57873c
--- /dev/null
+++ b/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml
@@ -0,0 +1,31 @@
+<volume type=3D'file'>
+  <name>OtherDemo.img</name>
+  <key>/var/lib/libvirt/images/OtherDemo.img</key>
+  <source>
+  </source>
+  <capacity unit=3D'bytes'>5368709120</capacity>
+  <allocation unit=3D'bytes'>294912</allocation>
+  <target>
+    <path>/var/lib/libvirt/images/OtherDemo.img</path>
+    <format type=3D'qcow2'/>
+    <permissions>
+      <mode>0644</mode>
+      <owner>0</owner>
+      <group>0</group>
+      <label>unconfined_u:object_r:virt_image_t:s0</label>
+    </permissions>
+    <encryption format=3D'qcow'>
+      <secret type=3D'passphrase' uuid=3D'e78d4b51-a2af-485f-b0f5-afca709a=
80f4'/>
+    </encryption>
+  </target>
+  <backingStore>
+    <path>/dev/null</path>
+    <format type=3D'raw'/>
+    <permissions>
+      <mode>0644</mode>
+      <owner>0</owner>
+      <group>0</group>
+      <label>unconfined_u:object_r:virt_image_t:s0</label>
+    </permissions>
+  </backingStore>
+</volume>
diff --git a/tests/storagevolxml2xmltest.c b/tests/storagevolxml2xmltest.c
index 426b100c27..7bac4974ae 100644
--- a/tests/storagevolxml2xmltest.c
+++ b/tests/storagevolxml2xmltest.c
@@ -106,6 +106,7 @@ mymain(void)
     DO_TEST("pool-dir", "vol-qcow2-lazy");
     DO_TEST("pool-dir", "vol-qcow2-0.10-lazy");
     DO_TEST("pool-dir", "vol-qcow2-nobacking");
+    DO_TEST("pool-dir", "vol-qcow2-encryption");
     DO_TEST("pool-dir", "vol-luks");
     DO_TEST("pool-dir", "vol-luks-cipher");
     DO_TEST("pool-disk", "vol-partition");
--=20
2.14.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list