Bug 822538 - libguestfs tools hang on qcow2 encrypted disks [NEEDINFO]
libguestfs tools hang on qcow2 encrypted disks
Status: CLOSED WONTFIX
Product: Virtualization Tools
Classification: Community
Component: libguestfs (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Richard W.M. Jones
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-17 10:53 EDT by Richard W.M. Jones
Modified: 2017-02-01 12:03 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-04-02 09:59:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
hartsjc: needinfo? (mzatko)


Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2012-05-17 10:53:28 EDT
Description of problem:

I have a disk image which is encrypted:

$ qemu-img info diff.qcow2 
Disk image 'diff.qcow2' is encrypted.
password: ^C

guestfish hangs on this:

$ guestfish -a diff.qcow2 -i
[never returns]

Version-Release number of selected component (if applicable):

1.17.40

How reproducible:

100%

Steps to Reproduce:
1. Create an encrypted qcow2 image:
   qemu-img create -o encryption test.qcow2 10M
2. Open it with guestfish or another virt tool:
   guestfish -a test.qcow2 run
   virt-df -a test.qcow2
   etc.

Actual results:

It hangs.

Expected results:

Should fail predictably, or ask for a passphrase.

Additional info:
Comment 1 Richard W.M. Jones 2012-05-17 13:31:41 EDT
This is the reproducer:

qemu-img create -f qcow2 -o encryption test.qcow2 10M
virt-df -a test.qcow2

The virt-df command hangs.  If you enable debugging (LIBGUESTFS_DEBUG=1)
then you will notice that it hangs just after qemu is started, which
is where it is asking for the passphrase.
Comment 2 Richard W.M. Jones 2012-05-17 13:46:02 EDT
It turns out the encryption key is passed to qemu using
the monitor, which we don't yet use.  However we'll need
to use it when we support hotplugging, although it's
probably easier to reserve this feature for libvirt users.
Comment 3 Maros Zatko 2015-04-02 09:59:02 EDT
https://www.berrange.com/posts/2015/03/17/qemu-qcow2-built-in-encryption-just-say-no-deprecated-now-to-be-deleted-soon/

tl;dr

"So just to sum up. Do not ever use QCow2 built-in encryption as it exists today. It is unfixably broken by design. It is deprecated in QEMU 2.3.0 and is likely to be deleted in QEMU 2.4.0."

Note You need to log in before you can comment on or make changes to this bug.