From nobody Sat Nov 1 07:30:36 2025 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1509720176266851.5692733502909; Fri, 3 Nov 2017 07:42:56 -0700 (PDT) Received: from localhost ([::1]:37022 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eAdB4-0007Xb-Og for importer@patchew.org; Fri, 03 Nov 2017 10:42:34 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53555) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eAdAB-0007Ba-Hb for qemu-devel@nongnu.org; Fri, 03 Nov 2017 10:41:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eAdA9-0007d0-Rb for qemu-devel@nongnu.org; Fri, 03 Nov 2017 10:41:39 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38330) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eAdA4-0007ZH-9N; Fri, 03 Nov 2017 10:41:32 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4FCDC6A7E6; Fri, 3 Nov 2017 14:41:31 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.70]) by smtp.corp.redhat.com (Postfix) with ESMTP id 354DD60569; Fri, 3 Nov 2017 14:41:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4FCDC6A7E6 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=berrange@redhat.com From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Fri, 3 Nov 2017 14:41:13 +0000 Message-Id: <20171103144113.7188-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 03 Nov 2017 14:41:31 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH] qcow2: fix image corruption after committing qcow2 image into base X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" After committing the qcow2 image contents into the base image, qemu-img will call bdrv_make_empty to drop the payload in the layered image. When this is done for qcow2 images, it blows away the LUKS encryption header, making the resulting image unusable. There are two codepaths for emptying a qcow2 image, and the second (slower) codepaths leaves the LUKS header intact, so force use of that codepath. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- NB, ideally we would fix the faster codepath in make_completely_empty, but having looked at the code, I've really no idea how to even start on fixing = that to not kill the LUKS header clusters. block/qcow2.c | 3 +- tests/qemu-iotests/198 | 104 +++++++++++++++++++++++++++++++ tests/qemu-iotests/198.out | 128 +++++++++++++++++++++++++++++++++++= ++++ tests/qemu-iotests/common.filter | 4 +- tests/qemu-iotests/group | 1 + 5 files changed, 238 insertions(+), 2 deletions(-) create mode 100755 tests/qemu-iotests/198 create mode 100644 tests/qemu-iotests/198.out diff --git a/block/qcow2.c b/block/qcow2.c index 8edf8ac3c7..618aab114a 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -3594,7 +3594,8 @@ static int qcow2_make_empty(BlockDriverState *bs) l1_clusters =3D DIV_ROUND_UP(s->l1_size, s->cluster_size / sizeof(uint= 64_t)); =20 if (s->qcow_version >=3D 3 && !s->snapshots && - 3 + l1_clusters <=3D s->refcount_block_size) { + 3 + l1_clusters <=3D s->refcount_block_size && + s->crypt_method_header !=3D QCOW_CRYPT_LUKS) { /* The following function only works for qcow2 v3 images (it requi= res * the dirty flag) and only as long as there are no snapshots (bec= ause * it completely empties the image). Furthermore, the L1 table and= three diff --git a/tests/qemu-iotests/198 b/tests/qemu-iotests/198 new file mode 100755 index 0000000000..5197c90af5 --- /dev/null +++ b/tests/qemu-iotests/198 @@ -0,0 +1,104 @@ +#!/bin/bash +# +# Test commit of encrypted qcow2 files +# +# Copyright (C) 2017 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M +TEST_IMG_BASE=3D$TEST_IMG.base +SECRET0=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRET1=3D"secret,id=3Dsec1,data=3Dfurby" + +TEST_IMG_SAVE=3D$TEST_IMG +TEST_IMG=3D$TEST_IMG_BASE +echo "=3D=3D create base =3D=3D" +_make_test_img --object $SECRET0 -o "encrypt.format=3Dluks,encrypt.key-sec= ret=3Dsec0,encrypt.iter-time=3D10" $size +TEST_IMG=3D$TEST_IMG_SAVE + +IMGSPECBASE=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG_BASE,encrypt.key= -secret=3Dsec0" +IMGSPECLAYER=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,encrypt.key-sec= ret=3Dsec1" +IMGSPEC=3D"$IMGSPECLAYER,backing.driver=3D$IMGFMT,backing.file.filename=3D= $TEST_IMG_BASE,backing.encrypt.key-secret=3Dsec0" +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D writing whole image base =3D=3D" +$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPEC= BASE | _filter_qemu_io | _filter_testdir + +echo "=3D=3D create overlay =3D=3D" +_make_test_img --object $SECRET1 -o "encrypt.format=3Dluks,encrypt.key-sec= ret=3Dsec1,encrypt.iter-time=3D10" -u -b "$TEST_IMG_BASE" $size + +echo +echo "=3D=3D writing whole image layer =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0x9 0 $size" --i= mage-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern base =3D=3D" +$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECB= ASE | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern layer =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0x9 0 $size" --im= age-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D committing layer into base =3D=3D" +$QEMU_IMG commit --object $SECRET0 --object $SECRET1 --image-opts $IMGSPEC= | _filter_testdir + +echo +echo "=3D=3D verify pattern base =3D=3D" +$QEMU_IO --object $SECRET0 -c "read -P 0x9 0 $size" --image-opts $IMGSPECB= ASE | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern layer =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0x9 0 $size" --im= age-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D checking image base =3D=3D" +$QEMU_IMG info --image-opts $IMGSPECBASE | _filter_img_info | _filter_test= dir + +echo +echo "=3D=3D checking image layer =3D=3D" +$QEMU_IMG info --image-opts $IMGSPECLAYER | _filter_img_info | _filter_tes= tdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/198.out b/tests/qemu-iotests/198.out new file mode 100644 index 0000000000..fac00d2c1a --- /dev/null +++ b/tests/qemu-iotests/198.out @@ -0,0 +1,128 @@ +QA output created by 198 +=3D=3D create base =3D=3D +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypt.= format=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 + +=3D=3D writing whole image base =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +=3D=3D create overlay =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encrypt.format=3Dluks encrypt.key-secret=3Dsec1 e= ncrypt.iter-time=3D10 + +=3D=3D writing whole image layer =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern base =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern layer =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D committing layer into base =3D=3D +Image committed. + +=3D=3D verify pattern base =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern layer =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D checking image base =3D=3D +image: json:{"encrypt.key-secret": "sec0", "driver": "IMGFMT", "file": {"d= river": "file", "filename": "TEST_DIR/t.IMGFMT.base"}} +file format: IMGFMT +virtual size: 16M (16777216 bytes) +disk size: 17M +Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + encrypt: + ivgen alg: plain64 + hash alg: sha256 + cipher alg: aes-256 + uuid: 00000000-0000-0000-0000-000000000000 + format: luks + cipher mode: xts + slots: + [0]: + active: true + iters: 1024 + key offset: 4096 + stripes: 4000 + [1]: + active: false + key offset: 262144 + [2]: + active: false + key offset: 520192 + [3]: + active: false + key offset: 778240 + [4]: + active: false + key offset: 1036288 + [5]: + active: false + key offset: 1294336 + [6]: + active: false + key offset: 1552384 + [7]: + active: false + key offset: 1810432 + payload offset: 2068480 + master key iters: 1024 + corrupt: false + +=3D=3D checking image layer =3D=3D +image: json:{"encrypt.key-secret": "sec1", "driver": "IMGFMT", "file": {"d= river": "file", "filename": "TEST_DIR/t.IMGFMT"}} +file format: IMGFMT +virtual size: 16M (16777216 bytes) +disk size: 548K +backing file: TEST_DIR/t.IMGFMT.base +Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + encrypt: + ivgen alg: plain64 + hash alg: sha256 + cipher alg: aes-256 + uuid: 00000000-0000-0000-0000-000000000000 + format: luks + cipher mode: xts + slots: + [0]: + active: true + iters: 1024 + key offset: 4096 + stripes: 4000 + [1]: + active: false + key offset: 262144 + [2]: + active: false + key offset: 520192 + [3]: + active: false + key offset: 778240 + [4]: + active: false + key offset: 1036288 + [5]: + active: false + key offset: 1294336 + [6]: + active: false + key offset: 1552384 + [7]: + active: false + key offset: 1810432 + payload offset: 2068480 + master key iters: 1024 + corrupt: false +*** done diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.f= ilter index 873ca6b104..d9237799e9 100644 --- a/tests/qemu-iotests/common.filter +++ b/tests/qemu-iotests/common.filter @@ -157,7 +157,9 @@ _filter_img_info() -e "/lazy_refcounts: \\(on\\|off\\)/d" \ -e "/block_size: [0-9]\\+/d" \ -e "/block_state_zero: \\(on\\|off\\)/d" \ - -e "/log_size: [0-9]\\+/d" + -e "/log_size: [0-9]\\+/d" \ + -e "s/iters: [0-9]\\+/iters: 1024/" \ + -e "s/uuid: [-a-f0-9]\\+/uuid: 00000000-0000-0000-0000-00000000000= 0/" } =20 # filter out offsets and file names from qemu-img map; good for both diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 24e5ad1b79..83b839bbe3 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -194,3 +194,4 @@ 194 rw auto migration quick 195 rw auto quick 197 rw auto quick +198 rw auto --=20 2.13.6