Bug 1542858 - size of luks-encrypted qcow2 image exceeds the required in qemu-img measure output.
Summary: size of luks-encrypted qcow2 image exceeds the required in qemu-img measure o...
Keywords:
Status: CLOSED DUPLICATE of bug 1655065
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: ---
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Eric Blake
QA Contact: Tingting Mao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-07 08:03 UTC by Longxiang Lyu
Modified: 2019-02-22 22:10 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-17 08:18:06 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Longxiang Lyu 2018-02-07 08:03:23 UTC 
Description of problem:
size of luks-encrypted qcow2 image exceeds the required in qemu-img measure output.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.10.0-19.el7
kernel-3.10.0-843.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. use qemu-img measure to estimate the size of newly create qcow2 image.
# qemu-img measure -O qcow2 --size 4G
Or
# qemu-img measure -O qcow2 --size 4G -o encrypt.format=luks

2. create one qcow2 encrypted with luks and a plain one.
# qemu-img create --object secret,id=sec0,data=redhat -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 test1.qcow2 4G
# qemu-img create -f qcow2 test2.qcow2 4G

3. get the size of those two images.
# ll

Actual results:
1. 
# qemu-img measure -O qcow2 --size 4G 
required size: 917504
fully allocated size: 4295884800
# qemu-img measure -O qcow2 --size 4G -o encrypt.format=luks
required size: 917504
fully allocated size: 4295884800
3. 
# ll
...
-rw-r--r-- 1 root root   2359296 Feb  7 02:45 test1.qcow2
-rw-r--r-- 1 root root    196672 Feb  7 02:45 test2.qcow2
...

luks encrypted qcow2: test1.qcow2 is about 2.3M in size, which exceeds the required size: 917504 - 0.87M. The estimation is 1/3 of the actual size allocated. 

Expected results:
qemu-img should support size estimation of luks-encrypted image thus the actual size allocated by luks-encrypted image should be smaller than the estimated.
Or 
# qemu-img measure -O qcow2 --size 4G -o encrypt.format=luks
should prompt info that suggests this is not supported.

Additional info:
Comment 2 Daniel Berrangé 2018-02-07 12:24:49 UTC 
The LUKS header has a couple of MB approx size overhead. The size is independent of the overall file size, but can vary depending on crypto parameters via a complex formula

    luks->header.payload_offset =
        (QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
         QCRYPTO_BLOCK_LUKS_SECTOR_SIZE) +
        (ROUND_UP(DIV_ROUND_UP(splitkeylen, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE),
                  (QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
                   QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) *
         QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);

and in qcow2 that then needs to be rounded up to nearest cluster size. 

IOW, to get this info reported accurately, we would need to expose some API in the internal crypto code, upto the block layer. The user would also need to set their desired crypto options (cipher, keysize, etc).
Note You need to log in before you can comment on or make changes to this bug.