Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1468422

Summary: Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml file without 'secret' element
Product: Red Hat Enterprise Linux 7 Reporter: jiyan <jiyan>
Component: libvirtAssignee: Katerina Koukiou <kkoukiou>
Status: CLOSED ERRATA QA Contact: Han Han <hhan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: dyuan, jdenemar, jiyan, kkoukiou, lmen, xuzhang, yisun
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-4.5.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 09:49:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1473046, 1558351    

Description jiyan 2017-07-07 03:33:20 UTC 
Description of problem:
Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml file without 'secret' element

Version-Release number of selected component (if applicable):
libvirt-3.2.0-14.el7.x86_64
qemu-kvm-rhev-2.9.0-14.el7.x86_64
kernel-3.10.0-689.el7.x86_64

How reproducible:
100%

Steps to reproduce:
1.Prepare a pool
# cat dirpool.xml 
<pool type="dir">
  <name>dirpool</name>
  <target>
    <path>/home/dirpool</path>
  </target>
</pool>

# virsh pool-define dirpool.xml 
Pool dirpool defined from dirpool.xml

# virsh pool-start dirpool
Pool dirpool started

2.Create luks encrypted vol via a xml file without  secret element
# cat dirvol.xml 
<volume>
	<name>dirvol</name>
	<capacity unit='G'>1</capacity>
	<target>
		<path>/home/dirpool/luks.img</path>
		<format type='raw'/>
		<encryption format='luks'>
			<cipher name='aes' size='256' mode='cbc' hash='sha256'/>
			<ivgen name='plain64' hash='sha256'/>
		</encryption>
	</target>
</volume>

# virsh vol-create dirpool dirvol.xml 
error: Disconnected from qemu:///system due to I/O error
error: Failed to create vol from dirvol.xml
error: End of file while reading data: Input/output error

Actual results:
# abrt-cli ls
id 120af61f2b6fc9ac6e1c08c2120e5f48a72b69ea
reason:         libvirtd killed by SIGSEGV
time:           Thu 06 Jul 2017 10:59:37 PM EDT
cmdline:        /usr/sbin/libvirtd
package:        libvirt-daemon-3.2.0-14.el7
uid:            0 (root)
Directory:      /var/spool/abrt/ccpp-2017-07-06-22:59:37-17335
Run 'abrt-cli report /var/spool/abrt/ccpp-2017-07-06-22:59:37-17335' for creating a case in Red Hat Customer Portal

Expected results:
1.libvirtd runs normally

2.As it is described in libvirt.org, there should be an error info such as: A single <secret type='passphrase'...> element is expected. not 'I/O error'.
http://libvirt.org/formatstorageencryption.html#StorageEncryptionLuks
The luks format is specific to a luks encrypted volume and the secret is used in order to either encrypt during volume creation or decrypt the volume for usage by the domain. A single <secret type='passphrase'...> element is expected. Since 2.1.0.


Additional info:
Program terminated with signal 11, Segmentation fault.
#0  0x00007f244b78dcb6 in storageBackendCreateQemuImgSecretPath (vol=0x7f2464002e00, pool=0x7f24140f5d00, conn=0x7f2468000b10) at storage/storage_util.c:1321
1321	    if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef,
Comment 2 Katerina Koukiou 2018-06-06 16:34:52 UTC 
Fixed upstream with v4.4.0-138-gfab2e49d3c:

commit fab2e49d3c290bfd122aad39b9484f60c5354256
Author: Katerina Koukiou <kkoukiou>
Date:   Wed Jun 6 16:15:19 2018 +0200

    storage: fix crash in luks encrypted volume creation
Comment 4 Han Han 2018-07-10 07:51:43 UTC 
Verified on libvirt-4.5.0-2.el7.x86_64:
1. Prepare a dir pool and two secret with values set:
# virsh pool-dumpxml default
<pool type='dir'>
  <name>default</name>
  <uuid>03a38a8d-a7fc-4f6a-be13-b9c4b6935758</uuid>
  <capacity unit='bytes'>330044538880</capacity>
  <allocation unit='bytes'>308607057920</allocation>
  <available unit='bytes'>21437480960</available>
  <source>
  </source>
  <target>
    <path>/var/lib/libvirt/images</path>
    <permissions>
      <mode>0711</mode>
      <owner>0</owner>
      <group>0</group>
      <label>system_u:object_r:virt_image_t:s0</label>
    </permissions>
  </target>
</pool>

# virsh secret-list 
 UUID                                  Usage
--------------------------------------------------------------------------------
 59071955-15ff-4738-88b6-86861f343811  iscsi libvirtiscsi
 6eccd51b-0694-4877-882d-50fc3ee3d30b  volume /var/lib/libvirt/images/dirvol.img

2.Prepare a volume xml, no secret in <encryption>
# cat /tmp/luks.xml                                                                                                                                         
<volume>
  <name>dirvol</name>
  <capacity unit="G">1</capacity>
  <target>
    <name>/var/lib/libvirt/images/dirvol.img</name>
    <encryption format="luks">
      <cipher name="aes" size="256" mode="cbc" hash="sha256"/>
      <cipher name="serpent" size="256" mode="cbc" hash="sha256"/>
      <ivgen name="plain64" hash="sha256"/>
    </encryption>
    <format type="raw"/>
  </target>
</volume>

# virsh vol-create --pool default /tmp/luks.xml                                                                                                                          
error: Failed to create vol from /tmp/luks.xml
error: invalid argument: A single <secret type='passphrase'...> element is expected in encryption description

Works as expected.

3. Prepare a volume xml, two secret in <encryption>
# cat /tmp/luks.xml    
<volume>
  <name>dirvol</name>
  <capacity unit="G">1</capacity>
  <target>
    <name>/var/lib/libvirt/images/dirvol.img</name>
    <encryption format="luks">
      <secret type="passphrase" uuid="59071955-15ff-4738-88b6-86861f343811"/>
      <secret type="passphrase" uuid="6eccd51b-0694-4877-882d-50fc3ee3d30b"/>
      <cipher name="aes" size="256" mode="cbc" hash="sha256"/>
      <cipher name="serpent" size="256" mode="cbc" hash="sha256"/>
      <ivgen name="plain64" hash="sha256"/>
    </encryption>
    <format type="raw"/>
  </target>
</volume>

# virsh vol-create --pool default /tmp/luks.xml                                                                                                                          
error: Failed to create vol from /tmp/luks.xml
error: invalid argument: A single <secret type='passphrase'...> element is expected in encryption description

Works as expected
Comment 6 errata-xmlrpc 2018-10-30 09:49:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3113