Bug 1820040 - 'device_add': cannot get SG_IO version number error when attach a scsi lun disk with encryption
Summary: 'device_add': cannot get SG_IO version number error when attach a scsi lun di...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: libvirt
Version: 8.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: 8.3
Assignee: Peter Krempa
QA Contact: gaojianan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-02 06:46 UTC by Han Han
Modified: 2020-11-19 09:57 UTC (History)
5 users (show)

Fixed In Version: libvirt-6.4.0-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-17 17:47:42 UTC
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Han Han 2020-04-02 06:46:16 UTC
Description of problem:
As subject

Version-Release number of selected component (if applicable):
libvirt-6.0.0-16.module+el8.2.0+6139+d66dece5.x86_64 OR v6.1.0-333-g30d3565181
qemu-kvm-4.2.0-17.module+el8.2.0+6141+0f540f16.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare a scsi block by scsi_debug
2. Prepare luks secret as https://libvirt.org/formatsecret.html .
Format the scsi block with luks:
# qemu-img create -f luks --object secret,data=redhat,id=sec0 -o key-secret=sec0 /dev/sdc 5M

3. Start a VM and attach the scsi disk with device type lun:
# cat /tmp/pr1.xml
<disk type="block" device="lun">
  <driver name="qemu" type="raw"/>
  <source dev="/dev/sdc">
    <encryption format="luks">
      <secret type="passphrase" uuid="90c9b4eb-ad37-479a-95ca-baac7a62fdee"/>
    </encryption>
    <reservations managed="yes"/>
  </source>
  <target dev="sdc" bus="scsi"/>
</disk>

➜  ~ virsh attach-device pc /tmp/pr1.xml                                       
error: Failed to attach device from /tmp/pr1.xml
error: internal error: unable to execute QEMU command 'device_add': cannot get SG_IO version number: Operation not supported

QMP:
2020-04-02 06:19:16.491+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-add","arguments":{"qom-type":"pr-manager-helper","id":"pr-helper0","props":{"
path":"/var/lib/libvirt/qemu/domain-1-pc/pr-helper0.sock"}},"id":"libvirt-19"}                                                                                                                                    
2020-04-02 06:19:16.492+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-add","arguments":{"driver":"host_device","filename":"/dev/sdc","pr-manager"
:"pr-helper0","node-name":"libvirt-15-storage","auto-read-only":true,"discard":"unmap"},"id":"libvirt-20"}                                                                                                        
2020-04-02 06:19:16.494+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-add","arguments":{"qom-type":"secret","id":"libvirt-15-format-encryption-secr
et0","props":{"data":"A6LYmRjat/68EC0f/QghlA==","keyid":"masterKey0","iv":"kOvzS7qSOZGElAXTDgSUMw==","format":"base64"}},"id":"libvirt-21"}                                                                       
2020-04-02 06:19:16.495+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-add","arguments":{"node-name":"libvirt-15-format","read-only":false,"driver
":"luks","key-secret":"libvirt-15-format-encryption-secret0","file":"libvirt-15-storage"},"id":"libvirt-22"}                                                                                                      
2020-04-02 06:19:18.785+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"device_add","arguments":{"driver":"scsi-block","bus":"scsi0.0","channel":"0","scsi-i
d":"0","lun":"2","drive":"libvirt-15-format","id":"scsi0-0-0-2"},"id":"libvirt-23"}
2020-04-02 06:19:18.786+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-del","arguments":{"node-name":"libvirt-15-format"},"id":"libvirt-24"}     
2020-04-02 06:19:18.787+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"blockdev-del","arguments":{"node-name":"libvirt-15-storage"},"id":"libvirt-25"}    
2020-04-02 06:19:18.788+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-del","arguments":{"id":"libvirt-15-format-encryption-secret0"},"id":"libvirt-
26"}
2020-04-02 06:19:18.789+0000: 10103: info : qemuMonitorIOWrite:431 : QEMU_MONITOR_IO_WRITE: mon=0x7f7130004a90 buf={"execute":"object-del","arguments":{"id":"pr-helper0"},"id":"libvirt-27"}   

Actual results:
As subject

Expected results:
If qemu supports scsi-block device with format luks, the attach should be success.


If no, the error should be like:
error: unsupported configuration: disk device 'lun' using target 'scsi' must use **pure** 'raw' format
As we know the qcow2 format is not supported in scsi-block:
When attach a qcow2 lun device:
<disk type="block" device="lun">
  <driver name="qemu" type="qcow2"/>
  <source dev="/dev/sdc">
    <reservations managed="yes"/>
  </source>
  <target dev="sdc" bus="scsi"/>
</disk>

The error will appears:
error: unsupported configuration: disk device 'lun' using target 'scsi' must use  'raw' format

As engineer we know that raw+luks is actually luks format not raw format. But for the users, raw+luks is raw format. So if luks it not supported in scsi-block, not only we should disallow that usage but also improve the error msg.

Additional info:

Comment 1 Peter Krempa 2020-04-02 07:03:21 UTC
The combination as mentioned above doesn't make sense. I agree that a better error should be reported.

Comment 2 Han Han 2020-04-02 07:50:20 UTC
raw+slices and raw+copy_on_read also failed.
Does scsi-block device only support to refer to a raw format blockdev node?

Comment 3 Peter Krempa 2020-04-02 08:02:46 UTC
For SG_IO to work you basically can't use any feature of the block layer since it's actually passthrough. In fact a better option would be to represent this as <hostdev> rather than disk.

Comment 4 Peter Krempa 2020-05-12 09:42:25 UTC
Fixed upstream:

5d72c3ce28 qemu: domain: Forbid slice/encryption/copy_on_read with disk type='lun'
b40ec75296 qemu: Forbid non-raw images for disk type='lun' with vitio-blk frontend

Comment 7 gaojianan 2020-06-10 02:20:53 UTC
Verified on libvirt version:
libvirt-6.4.0-1.module+el8.3.0+6881+88468c00.x86_64

Scenario1: lun + luks
1.Prepare secret and luks format device
# qemu-img create -f luks --object secret,data=redhat,id=sec0 -o key-secret=sec0 /dev/sdd 5M
# virsh secret-define block-secret.xml 
Secret f981dd17-143f-45bc-88e6-ed1fe20ce9da created

# MYSECRET=`printf %s "redhat" | base64`
# virsh secret-set-value f981dd17-143f-45bc-88e6-ed1fe20ce9da $MYSECRET
error: Passing secret value as command-line argument is insecure!
Secret value set

# virsh secret-list 
 UUID                                   Usage
----------------------------------------------------------
 f981dd17-143f-45bc-88e6-ed1fe20ce9da   volume /dev/sdd

2.Start a guest and attach the device in lun type with luks
# virsh create avocado-vt-vm1.xml 
Domain avocado-vt-vm1 created from avocado-vt-vm1.xml

# cat attach.xml 
<disk type="block" device="lun">
  <driver name="qemu" type="raw"/>
  <source dev="/dev/sdd">
    <encryption format="luks">
      <secret type="passphrase" uuid="f981dd17-143f-45bc-88e6-ed1fe20ce9da"/>
    </encryption>
  </source>
  <target dev="sdc" bus="scsi"/>
</disk>

# virsh attach-device avocado-vt-vm1 attach.xml 
error: Failed to attach device from attach.xml
error: unsupported configuration: disk device 'lun' doesn't support encryption

Sc2:lun + slice
1.prepare attach device:
# cat attach.xml 
<disk type="block" device="lun">
  <driver name="qemu" type="raw"/>
  <source dev="/dev/sdc">
     <slices>
          <slice type="storage" offset="0" size="104857600"/>
        </slices>  
</source>
  <target dev="sdc" bus="scsi"/>
</disk>

2.Attach the device to guest
# virsh attach-device avocado-vt-vm1 attach.xml 
error: Failed to attach device from attach.xml
error: unsupported configuration: disk device 'lun' doesn't support storage slice


Sc3:lun + copy_on_read
1.Prepare attach device xml:
# cat attach.xml 
<disk type="block" device="lun">
  <driver name="qemu" type="raw" copy_on_read="on"/>
  <source dev="/dev/sdc">
</source>
  <target dev="sdc" bus="scsi"/>
</disk>

2.Attach device to the guest
# virsh attach-device avocado-vt-vm1 attach.xml 
error: Failed to attach device from attach.xml
error: unsupported configuration: copy_on_read is not compatible with 'lun' disk 'sdc'

Sc4:non-raw images for disk type='lun' with vitio-blk
# cat attach.xml 
<disk type="block" device="lun">
  <driver name="qemu" type="qcow2"/>
  <source dev="/dev/sdc">
</source>
  <target dev="vdc" bus="virtio"/>
</disk>

# virsh attach-device avocado-vt-vm1 attach.xml 
error: Failed to attach device from attach.xml
error: unsupported configuration: disk device 'lun' must use 'raw' format


All works as expected,so verified

Comment 10 errata-xmlrpc 2020-11-17 17:47:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:5137


Note You need to log in before you can comment on or make changes to this bug.