From nobody Thu May 15 06:57:51 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527854816478346.024374554278; Fri, 1 Jun 2018 05:06:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B343230E91A5; Fri, 1 Jun 2018 12:06:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A2705B684; Fri, 1 Jun 2018 12:06:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 171241800C9D; Fri, 1 Jun 2018 12:06:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w51C6pbs030838 for ; Fri, 1 Jun 2018 08:06:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id ACCFE205D522; Fri, 1 Jun 2018 12:06:51 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 50312205D521 for ; Fri, 1 Jun 2018 12:06:51 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Fri, 1 Jun 2018 14:06:37 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 1/2] qemu: domain: Forbid storage with old QCOW2 encryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Fri, 01 Jun 2018 12:06:55 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The encryption was buggy and qemu actually dropped it upstream. Forbid it for all versions since it would cause other problems too. Problems with the old encryption include weak crypto, corruption of images with blockjobs and a lot of usability problems. This requires changing of the encryption type for the encrypted disk tests. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- docs/formatdomain.html.in | 4 ++++ docs/formatstorageencryption.html.in | 5 ++--- src/qemu/qemu_domain.c | 10 ++++++++++ tests/qemuxml2argvdata/encrypted-disk-usage.args | 8 +++++++- tests/qemuxml2argvdata/encrypted-disk-usage.xml | 2 +- tests/qemuxml2argvdata/encrypted-disk.args | 8 +++++++- tests/qemuxml2argvdata/encrypted-disk.xml | 2 +- tests/qemuxml2argvtest.c | 4 ++-- tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +- tests/qemuxml2xmltest.c | 4 ++-- 10 files changed, 37 insertions(+), 12 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index b5a6e33bfe..b64a843fb4 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2974,6 +2974,10 @@ See the Storage Encryption page for more information. +

+ Note that the 'qcow' format of encryption is broken and thus i= s no + longer supported for use with disk images. + (Since libvirt 4.5.0)

reservations
Since libvirt 4.4.0, the diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry= ption.html.in index 23efbf932e..434bdb609e 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -53,9 +53,8 @@ The qcow format specifies that the built-in encryption support in qcow- or qcow2-formatted volume images should be used. A single - <secret type=3D'passphrase'> element is expected.= If - the secret element is not present during volume creatio= n, - a secret is automatically generated and attached to the volume. + <secret type=3D'passphrase'> element is expected.= Note + that this encryption is inherently broken and should not be used any= more.

"luks" format

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 873bcec50d..f10bbf39c0 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4483,6 +4483,16 @@ qemuDomainValidateStorageSource(virStorageSourcePtr = src, return -1; } + if ((src->format =3D=3D VIR_STORAGE_FILE_QCOW || + src->format =3D=3D VIR_STORAGE_FILE_QCOW2) && + src->encryption && + (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFA= ULT || + src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW= )) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("old qcow/qcow2 encryption is not supported")= ); + return -1; + } + if (src->format =3D=3D VIR_STORAGE_FILE_QCOW2 && src->encryption && src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS = && diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.args b/tests/qemux= ml2argvdata/encrypted-disk-usage.args index 8c7ce3d653..32307cea71 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.args +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-i686 \ -name encryptdisk \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ -machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ -m 1024 \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ @@ -22,7 +24,11 @@ path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,serve= r,nowait \ -no-acpi \ -boot c \ -usb \ --drive file=3D/storage/guest_disks/encryptdisk,format=3Dqcow2,if=3Dnone,\ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dvirtio-disk0-luks-secret0,format=3Dqcow2,if=3Dnone,\ id=3Ddrive-virtio-disk0 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxm= l2argvdata/encrypted-disk-usage.xml index ad8f17e3df..205283b59d 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml @@ -18,7 +18,7 @@ - +

diff --git a/tests/qemuxml2argvdata/encrypted-disk.args b/tests/qemuxml2arg= vdata/encrypted-disk.args index 8c7ce3d653..32307cea71 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.args +++ b/tests/qemuxml2argvdata/encrypted-disk.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-i686 \ -name encryptdisk \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ -machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ -m 1024 \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ @@ -22,7 +24,11 @@ path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,serve= r,nowait \ -no-acpi \ -boot c \ -usb \ --drive file=3D/storage/guest_disks/encryptdisk,format=3Dqcow2,if=3Dnone,\ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dvirtio-disk0-luks-secret0,format=3Dqcow2,if=3Dnone,\ id=3Ddrive-virtio-disk0 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk.xml b/tests/qemuxml2argv= data/encrypted-disk.xml index 391461b200..275724bdaf 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.xml +++ b/tests/qemuxml2argvdata/encrypted-disk.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 2d41f78f8b..64d112be36 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1651,8 +1651,8 @@ mymain(void) DO_TEST("cpu-tsc-frequency", QEMU_CAPS_KVM); qemuTestSetHostCPU(driver.caps, NULL); - DO_TEST("encrypted-disk", NONE); - DO_TEST("encrypted-disk-usage", NONE); + DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRE= T); + DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT= _SECRET); # ifdef WITH_GNUTLS DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm= loutdata/encrypted-disk.xml index 45b9fcca55..3c9d2fbafc 100644 --- a/tests/qemuxml2xmloutdata/encrypted-disk.xml +++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 57b4c3eb0a..f53f9a7db5 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -482,8 +482,8 @@ mymain(void) DO_TEST("pci-rom-disabled-invalid", NONE); DO_TEST("pci-serial-dev-chardev", NONE); - DO_TEST("encrypted-disk", NONE); - DO_TEST("encrypted-disk-usage", NONE); + DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS); + DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS); DO_TEST("luks-disks", NONE); DO_TEST("luks-disks-source", NONE); DO_TEST("memtune", NONE); --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list