Bug 1468422 - Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml file without 'secret' element
Summary: Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.4
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Katerina Koukiou
QA Contact: Han Han
URL:
Whiteboard:
Depends On:
Blocks: 1558351 1473046
TreeView+ depends on / blocked
 
Reported: 2017-07-07 03:33 UTC by jiyan
Modified: 2018-10-30 09:52 UTC (History)
7 users (show)

Fixed In Version: libvirt-4.5.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-30 09:49:58 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3113 None None None 2018-10-30 09:52:27 UTC

Description jiyan 2017-07-07 03:33:20 UTC
Description of problem:
Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml file without 'secret' element

Version-Release number of selected component (if applicable):
libvirt-3.2.0-14.el7.x86_64
qemu-kvm-rhev-2.9.0-14.el7.x86_64
kernel-3.10.0-689.el7.x86_64

How reproducible:
100%

Steps to reproduce:
1.Prepare a pool
# cat dirpool.xml 
<pool type="dir">
  <name>dirpool</name>
  <target>
    <path>/home/dirpool</path>
  </target>
</pool>

# virsh pool-define dirpool.xml 
Pool dirpool defined from dirpool.xml

# virsh pool-start dirpool
Pool dirpool started

2.Create luks encrypted vol via a xml file without  secret element
# cat dirvol.xml 
<volume>
	<name>dirvol</name>
	<capacity unit='G'>1</capacity>
	<target>
		<path>/home/dirpool/luks.img</path>
		<format type='raw'/>
		<encryption format='luks'>
			<cipher name='aes' size='256' mode='cbc' hash='sha256'/>
			<ivgen name='plain64' hash='sha256'/>
		</encryption>
	</target>
</volume>

# virsh vol-create dirpool dirvol.xml 
error: Disconnected from qemu:///system due to I/O error
error: Failed to create vol from dirvol.xml
error: End of file while reading data: Input/output error

Actual results:
# abrt-cli ls
id 120af61f2b6fc9ac6e1c08c2120e5f48a72b69ea
reason:         libvirtd killed by SIGSEGV
time:           Thu 06 Jul 2017 10:59:37 PM EDT
cmdline:        /usr/sbin/libvirtd
package:        libvirt-daemon-3.2.0-14.el7
uid:            0 (root)
Directory:      /var/spool/abrt/ccpp-2017-07-06-22:59:37-17335
Run 'abrt-cli report /var/spool/abrt/ccpp-2017-07-06-22:59:37-17335' for creating a case in Red Hat Customer Portal

Expected results:
1.libvirtd runs normally

2.As it is described in libvirt.org, there should be an error info such as: A single <secret type='passphrase'...> element is expected. not 'I/O error'.
http://libvirt.org/formatstorageencryption.html#StorageEncryptionLuks
The luks format is specific to a luks encrypted volume and the secret is used in order to either encrypt during volume creation or decrypt the volume for usage by the domain. A single <secret type='passphrase'...> element is expected. Since 2.1.0.


Additional info:
Program terminated with signal 11, Segmentation fault.
#0  0x00007f244b78dcb6 in storageBackendCreateQemuImgSecretPath (vol=0x7f2464002e00, pool=0x7f24140f5d00, conn=0x7f2468000b10) at storage/storage_util.c:1321
1321	    if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef,

Comment 2 Katerina Koukiou 2018-06-06 16:34:52 UTC
Fixed upstream with v4.4.0-138-gfab2e49d3c:

commit fab2e49d3c290bfd122aad39b9484f60c5354256
Author: Katerina Koukiou <kkoukiou@redhat.com>
Date:   Wed Jun 6 16:15:19 2018 +0200

    storage: fix crash in luks encrypted volume creation

Comment 4 Han Han 2018-07-10 07:51:43 UTC
Verified on libvirt-4.5.0-2.el7.x86_64:
1. Prepare a dir pool and two secret with values set:
# virsh pool-dumpxml default
<pool type='dir'>
  <name>default</name>
  <uuid>03a38a8d-a7fc-4f6a-be13-b9c4b6935758</uuid>
  <capacity unit='bytes'>330044538880</capacity>
  <allocation unit='bytes'>308607057920</allocation>
  <available unit='bytes'>21437480960</available>
  <source>
  </source>
  <target>
    <path>/var/lib/libvirt/images</path>
    <permissions>
      <mode>0711</mode>
      <owner>0</owner>
      <group>0</group>
      <label>system_u:object_r:virt_image_t:s0</label>
    </permissions>
  </target>
</pool>

# virsh secret-list 
 UUID                                  Usage
--------------------------------------------------------------------------------
 59071955-15ff-4738-88b6-86861f343811  iscsi libvirtiscsi
 6eccd51b-0694-4877-882d-50fc3ee3d30b  volume /var/lib/libvirt/images/dirvol.img

2.Prepare a volume xml, no secret in <encryption>
# cat /tmp/luks.xml                                                                                                                                         
<volume>
  <name>dirvol</name>
  <capacity unit="G">1</capacity>
  <target>
    <name>/var/lib/libvirt/images/dirvol.img</name>
    <encryption format="luks">
      <cipher name="aes" size="256" mode="cbc" hash="sha256"/>
      <cipher name="serpent" size="256" mode="cbc" hash="sha256"/>
      <ivgen name="plain64" hash="sha256"/>
    </encryption>
    <format type="raw"/>
  </target>
</volume>

# virsh vol-create --pool default /tmp/luks.xml                                                                                                                          
error: Failed to create vol from /tmp/luks.xml
error: invalid argument: A single <secret type='passphrase'...> element is expected in encryption description

Works as expected.

3. Prepare a volume xml, two secret in <encryption>
# cat /tmp/luks.xml    
<volume>
  <name>dirvol</name>
  <capacity unit="G">1</capacity>
  <target>
    <name>/var/lib/libvirt/images/dirvol.img</name>
    <encryption format="luks">
      <secret type="passphrase" uuid="59071955-15ff-4738-88b6-86861f343811"/>
      <secret type="passphrase" uuid="6eccd51b-0694-4877-882d-50fc3ee3d30b"/>
      <cipher name="aes" size="256" mode="cbc" hash="sha256"/>
      <cipher name="serpent" size="256" mode="cbc" hash="sha256"/>
      <ivgen name="plain64" hash="sha256"/>
    </encryption>
    <format type="raw"/>
  </target>
</volume>

# virsh vol-create --pool default /tmp/luks.xml                                                                                                                          
error: Failed to create vol from /tmp/luks.xml
error: invalid argument: A single <secret type='passphrase'...> element is expected in encryption description

Works as expected

Comment 6 errata-xmlrpc 2018-10-30 09:49:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3113


Note You need to log in before you can comment on or make changes to this bug.