From 8f83af6823f1ecdb1ff09728e3482b1e4d09029f Mon Sep 17 00:00:00 2001 From: John Ferlan Date: Wed, 20 Jun 2018 16:21:50 -0400 Subject: [PATCH] storage: Disallow create/resize of qcow2 encrypted images https://bugzilla.redhat.com/show_bug.cgi?id=1526382 Since commit c4eedd793 disallowed qcow2 encrypted images to be used for domains, it no longer makes sense to allow a qcow2 encrypted volume to be created or resized. Add a test that will exhibit the failure of creation as well as the xml2xml validation of the format still being correct. Update the documentation to note the removal of the capability to create and use qcow/default encrypted volumes. Signed-off-by: John Ferlan ACKed-by: Michal Privoznik --- docs/formatsecret.html.in | 22 ++++++------- docs/formatstorageencryption.html.in | 29 ++++------------- src/storage/storage_util.c | 22 +++++++++++-- tests/storagevolxml2argvtest.c | 4 +++ .../vol-qcow2-encryption.xml | 31 +++++++++++++++++++ .../vol-qcow2-encryption.xml | 31 +++++++++++++++++++ tests/storagevolxml2xmltest.c | 1 + 7 files changed, 104 insertions(+), 36 deletions(-) create mode 100644 tests/storagevolxml2xmlin/vol-qcow2-encryption.xml create mode 100644 tests/storagevolxml2xmlout/vol-qcow2-encryption.xml diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in index 155b7c35de..defbe71731 100644 --- a/docs/formatsecret.html.in +++ b/docs/formatsecret.html.in @@ -51,7 +51,7 @@

This secret is associated with a volume, whether the format is either - for a "qcow" or a "luks" encrypted volume. Each volume will have a + for a "luks" encrypted volume. Each volume will have a unique secret associated with it and it is safe to delete the secret after the volume is deleted. The <usage type='volume'> element must contain a @@ -83,16 +83,6 @@ Secret value set # -

- The volume type secret can be supplied in domain XML for a qcow storage - volume encryption as follows: -

- 
-<encryption format='qcow'>
-  <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
-</encryption>
-
-

The volume type secret can be supplied either in volume XML during creation of a storage volume @@ -120,6 +110,16 @@ Secret value set # +

+ The volume type secret can be supplied in domain XML for a luks storage + volume encryption as follows: +

+ 
+<encryption format='luks'>
+  <secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc57'/>
+</encryption>
+
+

Usage type "ceph"

This secret is associated with a Ceph RBD (rados block device). diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 434bdb609e..ea80a87cfb 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -39,22 +39,14 @@ specified uuid.

"default" format

-

- <encryption format="default"/> can be specified only - when creating a qcow volume. If the volume is successfully created, the - encryption formats, parameters and secrets will be auto-generated by - libvirt and the attached encryption tag will be updated. - The unmodified contents of the encryption tag can be used - in later operations with the volume, or when setting up a domain that - uses the volume. -

"qcow" format

- The qcow format specifies that the built-in encryption - support in qcow- or qcow2-formatted volume - images should be used. A single - <secret type='passphrase'> element is expected. Note - that this encryption is inherently broken and should not be used any more. + Since 4.5.0, encryption formats + default and qcow may no longer be used + to create an encrypted volume. Usage of qcow encrypted volumes + in QEMU began phasing out in QEMU 2.3 and by QEMU 2.9 creation + of a qcow encrypted volume via qemu-img required usage of secret + objects, but that support was not added to libvirt.

"luks" format

@@ -121,15 +113,6 @@

Examples

-

- Here is a simple example, specifying use of the qcow format: -

- - 
-<encryption format='qcow'>
-   <secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' />
-</encryption>
-

Assuming a luks volume type secret is already defined, diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 90cadb9d13..6b02bb2e9a 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -1214,6 +1214,15 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr pool, virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, NULL); + if (enc && (enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW || + enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) && + (vol->target.format == VIR_STORAGE_FILE_QCOW || + vol->target.format == VIR_STORAGE_FILE_QCOW2)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("creation of qcow2 encrypted image is not supported")); + goto error; + } + if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol, &info) < 0) goto error; @@ -1232,8 +1241,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr pool, if (info.backingPath) virCommandAddArgList(cmd, "-b", info.backingPath, NULL); - if (info.format == VIR_STORAGE_FILE_RAW && enc && - enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { + if (enc) { if (!info.secretPath) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("path to secret data file is required")); @@ -2354,6 +2362,16 @@ storageBackendResizeQemuImg(virStoragePoolObjPtr pool, const char *type; char *secretPath = NULL; char *secretAlias = NULL; + virStorageEncryptionPtr enc = vol->target.encryption; + + if (enc && (enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW || + enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) && + (vol->target.format == VIR_STORAGE_FILE_QCOW || + vol->target.format == VIR_STORAGE_FILE_QCOW2)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("resize of qcow2 encrypted image is not supported")); + return -1; + } img_tool = virFindFileInPath("qemu-img"); if (!img_tool) { diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index b8afe4abcc..d7f5c0f51e 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -232,6 +232,10 @@ mymain(void) "pool-dir", "vol-file-iso", "iso-input", 0); + DO_TEST_FAIL("pool-dir", "vol-qcow2-encryption", + NULL, NULL, + "qcow2-encryption", 0); + DO_TEST("pool-dir", "vol-luks", NULL, NULL, "luks", 0); diff --git a/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml b/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml new file mode 100644 index 0000000000..49a7de33d3 --- /dev/null +++ b/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml @@ -0,0 +1,31 @@ + + OtherDemo.img + /var/lib/libvirt/images/OtherDemo.img + + + 5 + 294912 + + /var/lib/libvirt/images/OtherDemo.img + + + 0644 + 0 + 0 + + + + + + + + /dev/null + + + 0644 + 0 + 0 + + + + diff --git a/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml b/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml new file mode 100644 index 0000000000..31dc57873c --- /dev/null +++ b/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml @@ -0,0 +1,31 @@ + + OtherDemo.img + /var/lib/libvirt/images/OtherDemo.img + + + 5368709120 + 294912 + + /var/lib/libvirt/images/OtherDemo.img + + + 0644 + 0 + 0 + + + + + + + + /dev/null + + + 0644 + 0 + 0 + + + + diff --git a/tests/storagevolxml2xmltest.c b/tests/storagevolxml2xmltest.c index 426b100c27..7bac4974ae 100644 --- a/tests/storagevolxml2xmltest.c +++ b/tests/storagevolxml2xmltest.c @@ -106,6 +106,7 @@ mymain(void) DO_TEST("pool-dir", "vol-qcow2-lazy"); DO_TEST("pool-dir", "vol-qcow2-0.10-lazy"); DO_TEST("pool-dir", "vol-qcow2-nobacking"); + DO_TEST("pool-dir", "vol-qcow2-encryption"); DO_TEST("pool-dir", "vol-luks"); DO_TEST("pool-dir", "vol-luks-cipher"); DO_TEST("pool-disk", "vol-partition");