Description of problem: As subject Version-Release number of selected component (if applicable): libvirt-6.0.0-16.module+el8.2.0+6139+d66dece5.x86_64 OR v6.1.0-333-g30d3565181 qemu-kvm-4.2.0-17.module+el8.2.0+6141+0f540f16.x86_64 How reproducible: 100% Steps to Reproduce: 1. Prepare a scsi block by scsi_debug 2. Prepare luks secret as https://libvirt.org/formatsecret.html . Format the scsi block with luks: # qemu-img create -f luks --object secret,data=redhat,id=sec0 -o key-secret=sec0 /dev/sdc 5M 3. Start a VM and attach the scsi disk with device type lun: # cat /tmp/pr1.xml <disk type="block" device="lun"> <driver name="qemu" type="raw"/> <source dev="/dev/sdc"> <encryption format="luks"> <secret type="passphrase" uuid="90c9b4eb-ad37-479a-95ca-baac7a62fdee"/> </encryption> <reservations managed="yes"/> </source> <target dev="sdc" bus="scsi"/> </disk> ➜ ~ virsh attach-device pc /tmp/pr1.xml error: Failed to attach device from /tmp/pr1.xml error: internal error: unable to execute QEMU command 'device_add': cannot get SG_IO version number: Operation not supported QMP: 2020-04-02 06:19:16.491+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-add","arguments":{"qom-type":"pr-manager-helper","id":"pr-helper0","props":{" path":"/var/lib/libvirt/qemu/domain-1-pc/pr-helper0.sock"}},"id":"libvirt-19"} 2020-04-02 06:19:16.492+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-add","arguments":{"driver":"host_device","filename":"/dev/sdc","pr-manager" :"pr-helper0","node-name":"libvirt-15-storage","auto-read-only":true,"discard":"unmap"},"id":"libvirt-20"} 2020-04-02 06:19:16.494+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-add","arguments":{"qom-type":"secret","id":"libvirt-15-format-encryption-secr et0","props":{"data":"A6LYmRjat/68EC0f/QghlA==","keyid":"masterKey0","iv":"kOvzS7qSOZGElAXTDgSUMw==","format":"base64"}},"id":"libvirt-21"} 2020-04-02 06:19:16.495+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-add","arguments":{"node-name":"libvirt-15-format","read-only":false,"driver ":"luks","key-secret":"libvirt-15-format-encryption-secret0","file":"libvirt-15-storage"},"id":"libvirt-22"} 2020-04-02 06:19:18.785+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"device_add","arguments":{"driver":"scsi-block","bus":"scsi0.0","channel":"0","scsi-i d":"0","lun":"2","drive":"libvirt-15-format","id":"scsi0-0-0-2"},"id":"libvirt-23"} 2020-04-02 06:19:18.786+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-del","arguments":{"node-name":"libvirt-15-format"},"id":"libvirt-24"} 2020-04-02 06:19:18.787+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-del","arguments":{"node-name":"libvirt-15-storage"},"id":"libvirt-25"} 2020-04-02 06:19:18.788+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-del","arguments":{"id":"libvirt-15-format-encryption-secret0"},"id":"libvirt- 26"} 2020-04-02 06:19:18.789+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-del","arguments":{"id":"pr-helper0"},"id":"libvirt-27"} Actual results: As subject Expected results: If qemu supports scsi-block device with format luks, the attach should be success. If no, the error should be like: error: unsupported configuration: disk device 'lun' using target 'scsi' must use **pure** 'raw' format As we know the qcow2 format is not supported in scsi-block: When attach a qcow2 lun device: <disk type="block" device="lun"> <driver name="qemu" type="qcow2"/> <source dev="/dev/sdc"> <reservations managed="yes"/> </source> <target dev="sdc" bus="scsi"/> </disk> The error will appears: error: unsupported configuration: disk device 'lun' using target 'scsi' must use 'raw' format As engineer we know that raw+luks is actually luks format not raw format. But for the users, raw+luks is raw format. So if luks it not supported in scsi-block, not only we should disallow that usage but also improve the error msg. Additional info:
The combination as mentioned above doesn't make sense. I agree that a better error should be reported.
raw+slices and raw+copy_on_read also failed. Does scsi-block device only support to refer to a raw format blockdev node?
For SG_IO to work you basically can't use any feature of the block layer since it's actually passthrough. In fact a better option would be to represent this as <hostdev> rather than disk.
Fixed upstream: 5d72c3ce28 qemu: domain: Forbid slice/encryption/copy_on_read with disk type='lun' b40ec75296 qemu: Forbid non-raw images for disk type='lun' with vitio-blk frontend
Verified on libvirt version: libvirt-6.4.0-1.module+el8.3.0+6881+88468c00.x86_64 Scenario1: lun + luks 1.Prepare secret and luks format device # qemu-img create -f luks --object secret,data=redhat,id=sec0 -o key-secret=sec0 /dev/sdd 5M # virsh secret-define block-secret.xml Secret f981dd17-143f-45bc-88e6-ed1fe20ce9da created # MYSECRET=`printf %s "redhat" | base64` # virsh secret-set-value f981dd17-143f-45bc-88e6-ed1fe20ce9da $MYSECRET error: Passing secret value as command-line argument is insecure! Secret value set # virsh secret-list UUID Usage ---------------------------------------------------------- f981dd17-143f-45bc-88e6-ed1fe20ce9da volume /dev/sdd 2.Start a guest and attach the device in lun type with luks # virsh create avocado-vt-vm1.xml Domain avocado-vt-vm1 created from avocado-vt-vm1.xml # cat attach.xml <disk type="block" device="lun"> <driver name="qemu" type="raw"/> <source dev="/dev/sdd"> <encryption format="luks"> <secret type="passphrase" uuid="f981dd17-143f-45bc-88e6-ed1fe20ce9da"/> </encryption> </source> <target dev="sdc" bus="scsi"/> </disk> # virsh attach-device avocado-vt-vm1 attach.xml error: Failed to attach device from attach.xml error: unsupported configuration: disk device 'lun' doesn't support encryption Sc2:lun + slice 1.prepare attach device: # cat attach.xml <disk type="block" device="lun"> <driver name="qemu" type="raw"/> <source dev="/dev/sdc"> <slices> <slice type="storage" offset="0" size="104857600"/> </slices> </source> <target dev="sdc" bus="scsi"/> </disk> 2.Attach the device to guest # virsh attach-device avocado-vt-vm1 attach.xml error: Failed to attach device from attach.xml error: unsupported configuration: disk device 'lun' doesn't support storage slice Sc3:lun + copy_on_read 1.Prepare attach device xml: # cat attach.xml <disk type="block" device="lun"> <driver name="qemu" type="raw" copy_on_read="on"/> <source dev="/dev/sdc"> </source> <target dev="sdc" bus="scsi"/> </disk> 2.Attach device to the guest # virsh attach-device avocado-vt-vm1 attach.xml error: Failed to attach device from attach.xml error: unsupported configuration: copy_on_read is not compatible with 'lun' disk 'sdc' Sc4:non-raw images for disk type='lun' with vitio-blk # cat attach.xml <disk type="block" device="lun"> <driver name="qemu" type="qcow2"/> <source dev="/dev/sdc"> </source> <target dev="vdc" bus="virtio"/> </disk> # virsh attach-device avocado-vt-vm1 attach.xml error: Failed to attach device from attach.xml error: unsupported configuration: disk device 'lun' must use 'raw' format All works as expected,so verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137