Bug 1463714 - virt-resize doesn't protect source disk from changes
Summary: virt-resize doesn't protect source disk from changes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-21 14:37 UTC by Richard W.M. Jones
Modified: 2017-08-01 22:13 UTC (History)
4 users (show)

Fixed In Version: libguestfs-1.36.3-6.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 22:13:55 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2023 normal SHIPPED_LIVE libguestfs bug fix and enhancement update 2017-08-01 19:32:01 UTC

Description Richard W.M. Jones 2017-06-21 14:37:47 UTC
Description of problem:

In this upstream commit:
https://github.com/libguestfs/libguestfs/commit/8a2b0738d1b79f288b14fc35294567430d10b7ec
we accidentally dropped the ~readonly:true flag from the
source disk in virt-resize.

As a result if you run:

  virt-resize input output

then in some circumstances virt-resize may slightly change
the input disk.  One particular case is if the input disk
contains any filesystems which were not unmounted, then
virt-resize would try to correct these filesystems (replaying
journals and so on).

virt-resize should not touch the input disk so this is a
data corruption problem.

This was noticed because virt-builder in some situations was
displaying an error that previously cached files had their
SHA512 checksums changed when that should never occur.  This
happened because virt-resize was being run with the source file
pointing at the cached file, and virt-resize was changing this file.

The fix is:

https://github.com/libguestfs/libguestfs/commit/1ca2a8b7ba41d7e4baf1aec5d65ace3b66f2dc37

Version-Release number of selected component (if applicable):

libguestfs >= 1.35.21

Comment 2 Richard W.M. Jones 2017-06-21 14:43:14 UTC
Steps to reproduce:

1. Prepare a disk image which contains uncommitted filesystem changes:

$ virt-builder fedora-25
$ guestfish -a fedora-25.img -i -- touch /test : -kill-subprocess : exit

2. Find the checksum of this image (the actual checksum you obtain
will be different from the example given here):

$ md5sum fedora-25.img 
6afc92d269906d60226abe088dad537e  fedora-25.img

3. Run virt-resize to resize the image:

$ rm -f output
$ truncate -s 10G output
$ virt-resize fedora-25.img output 
$ rm output

4. Find the checksum of the *input* file again and compare it to previous:

$ md5sum fedora-25.img 
eee42de9461bfd0853a8d986ba8280c9  fedora-25.img


If the checksum changes between step 2 & step 4 then you have
reproduced the bug.

Comment 3 Richard W.M. Jones 2017-06-21 14:46:25 UTC
Bug reproduced on RHEL 7.4 using the steps in comment 2.

Comment 4 Xianghua Chen 2017-06-22 05:46:29 UTC
I can reproduce this bug according to comment 2 with version:
libguestfs-1.36.3-5.el7.x86_64

Comment 6 Xianghua Chen 2017-06-23 07:15:19 UTC
Verified with package:
libguestfs-1.36.3-6.el7.x86_64

Steps:
1. Prepare a disk image which contains uncommitted filesystem changes:

$ virt-builder fedora-25
$ guestfish -a fedora-25.img -i -- touch /test : -kill-subprocess : exit

2. Find the checksum of this image (the actual checksum you obtain
will be different from the example given here):

$ md5sum fedora-25.img 
b909b38af1cb8a98e88f685daad5ab98  fedora-25.img

3. Run virt-resize to resize the image:

$ rm -f output
$ truncate -s 10G output
$ virt-resize fedora-25.img output 
$ rm output

4. Find the checksum of the *input* file again and compare it to previous:

$ md5sum fedora-25.img 
b909b38af1cb8a98e88f685daad5ab98  fedora-25.img


The checksum is the same between step 2&4, so verified.

Comment 7 errata-xmlrpc 2017-08-01 22:13:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2023


Note You need to log in before you can comment on or make changes to this bug.