Bug 1336659
| Summary: | Core dump when re-launch guest with encrypted block device | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | yduan |
| Component: | qemu-kvm-rhev | Assignee: | Markus Armbruster <armbru> |
| Status: | CLOSED ERRATA | QA Contact: | FuXiangChun <xfu> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | chayang, hreitz, juzhang, knoel, mrezanin, virt-maint, xfu |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qemu-kvm-rhev-2.6.0-17.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-07 21:09:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
qcow2 encryption has been broken upstream (accidentally) as of qemu 2.4.0 (with exactly the failure seen here). After noticing this, upstream commit 8c0dcbc4ad2bf4f9f3b27c637b357e87cad70ec7 simply disabled qcow2 encryption support. Simply backporting that commit (and thus officially and completely disabling support) seems like the correct resolution to me. Max Fix included in qemu-kvm-rhev-2.6.0-17.el7 Reproduced with qemu-kvm-rhev-2.6.0-12.el7
Steps:
1. create an encrypted qcow2 image
2. boot guest with it attached and set password
3. after guest boot, format it and write data onto it
4. shutdown then restart
Result:
qemu-kvm core dumped:
qemu-kvm: block/qcow2.c:1467: qcow2_co_readv: Assertion `s->cipher' failed.
Program received signal SIGABRT, Aborted.
(gdb) bt
#0 0x00007fffec5031d7 in raise () from /lib64/libc.so.6
#1 0x00007fffec5048c8 in abort () from /lib64/libc.so.6
#2 0x00007fffec4fc146 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007fffec4fc1f2 in __assert_fail () from /lib64/libc.so.6
#4 0x000055555591768e in qcow2_co_readv (bs=0x555556c56800, sector_num=0, remaining_sectors=1, qiov=0x7fffffffd380) at block/qcow2.c:1467
#5 0x000055555593d02d in bdrv_aligned_preadv (bs=bs@entry=0x555556c56800, req=req@entry=0x555559d7bf00, offset=offset@entry=0, bytes=bytes@entry=512,
align=align@entry=512, qiov=0x7fffffffd380, flags=flags@entry=0) at block/io.c:938
#6 0x000055555593d3e5 in bdrv_co_do_preadv (bs=0x555556c56800, offset=0, bytes=512, qiov=<optimized out>, flags=(unknown: 0)) at block/io.c:1030
#7 0x0000555555931206 in blk_co_preadv (blk=<optimized out>, offset=<optimized out>, bytes=<optimized out>, qiov=<optimized out>, flags=<optimized out>)
at block/block-backend.c:695
#8 0x000055555593124c in blk_read_entry (opaque=0x7fffffffd3a0) at block/block-backend.c:728
#9 0x000055555599fd0a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:78
-- Verified pass with qemu-kvm-rhev-2.6.0-24.el7. qemu-kvm instance refused to start on error:
qemu-kvm: -drive file=foo.qcow2,format=qcow2,if=none,id=drive-scsi0-1-0,cache=none,aio=native: Use of AES-CBC encrypted qcow2 images is no longer supported in system emulators
You can use 'qemu-img convert' to convert your image to an alternative supported format, such as unencrypted qcow2, or raw with the LUKS format instead.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2673.html |
Description of problem: Core dump when re-launch guest with encrypted block device. VerHost: kernel: 3.10.0-401.el7.x86_64 qemu-kvm-rhev: qemu-kvm-rhev-2.6.0-1.el7.x86_64 Guest: kernel: 3.10.0-401.el7.x86_64sion-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1.Start a VM using following command: ... -device ahci,bus=pcie.0,id=ahci0 \ -drive file=/home/ahci_test_seabios/sys1.qcow2,format=qcow2,id=drive_sysdisk,if=none,cache=none,aio=native,werror=stop,rerror=stop \ -device ide-hd,drive=drive_sysdisk,bus=ahci0.0,id=device_sysdisk,ver=SYS,wwn=0x123,bootindex=1,serial=SYS-DISK \ -drive file=encryption.qcow2,format=qcow2,id=drive_datadisk,if=none,cache=none,aio=native,werror=stop,rerror=stop \ -device ide-drive,drive=drive_datadisk,bus=ahci0.1,id=device_datadisk,ver=DATA,wwn=0x456,serial=DATA-DISK \ ... 2.After provide password for the encrypted disk, re-launch the guest. Actual results: Core dump. Expected results: Guest should re-launch successfully. Additional info: 1.Not reproducible with qemu-kvm-rhev-2.3.0-31.el7_2.12.x86_64. 2. # sh en.sh qemu-kvm: -drive file=encryption.qcow2,format=qcow2,id=drive_datadisk,if=none,cache=none,aio=native,werror=stop,rerror=stop: qcow2 built-in AES encryption is deprecated Support for it will be removed in a future release. You can use 'qemu-img convert' to switch to an unencrypted qcow2 image, or a LUKS raw image. QEMU 2.5.94 monitor - type 'help' for more information (qemu) qemu-kvm: block/qcow2.c:1467: qcow2_co_readv: Assertion `s->cipher' failed. en.sh: line 38: 12117 Aborted (core dumped) (gdb) bt #0 0x00007f4e2d3085f7 in raise () from /lib64/libc.so.6 #1 0x00007f4e2d309ce8 in abort () from /lib64/libc.so.6 #2 0x00007f4e2d301566 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00007f4e2d301612 in __assert_fail () from /lib64/libc.so.6 #4 0x00007f4e3588ba0e in qcow2_co_readv (bs=0x7f4e372da800, sector_num=0, remaining_sectors=1, qiov=0x7ffdefa44b60) at block/qcow2.c:1467 #5 0x00007f4e358b12ed in bdrv_aligned_preadv (bs=bs@entry=0x7f4e372da800, req=req@entry=0x7f4e3a617f00, offset=offset@entry=0, bytes=bytes@entry=512, align=align@entry=512, qiov=0x7ffdefa44b60, flags=flags@entry=0) at block/io.c:938 #6 0x00007f4e358b16a5 in bdrv_co_do_preadv (bs=0x7f4e372da800, offset=0, bytes=512, qiov=<optimized out>, flags=(unknown: 0)) at block/io.c:1030 #7 0x00007f4e358a5586 in blk_co_preadv (blk=<optimized out>, offset=<optimized out>, bytes=<optimized out>, qiov=<optimized out>, flags=<optimized out>) at block/block-backend.c:695 #8 0x00007f4e358a55cc in blk_read_entry (opaque=0x7ffdefa44b80) at block/block-backend.c:728 #9 0x00007f4e35913a6a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:78 #10 0x00007f4e2d31a110 in ?? () from /lib64/libc.so.6 #11 0x00007ffdefa443d0 in ?? () #12 0x0000000000000000 in ?? ()