On 11/03/2017 09:41 AM, Daniel P. Berrange wrote: > After committing the qcow2 image contents into the base image, qemu-img > will call bdrv_make_empty to drop the payload in the layered image. > > When this is done for qcow2 images, it blows away the LUKS encryption > header, making the resulting image unusable. There are two codepaths > for emptying a qcow2 image, and the second (slower) codepaths leaves
s/codepaths/codepath/ > the LUKS header intact, so force use of that codepath. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > > NB, ideally we would fix the faster codepath in make_completely_empty, but > having looked at the code, I've really no idea how to even start on fixing > that > to not kill the LUKS header clusters. > > +++ b/block/qcow2.c > @@ -3594,7 +3594,8 @@ static int qcow2_make_empty(BlockDriverState *bs) > l1_clusters = DIV_ROUND_UP(s->l1_size, s->cluster_size / > sizeof(uint64_t)); > > if (s->qcow_version >= 3 && !s->snapshots && > - 3 + l1_clusters <= s->refcount_block_size) { > + 3 + l1_clusters <= s->refcount_block_size && > + s->crypt_method_header != QCOW_CRYPT_LUKS) { > /* The following function only works for qcow2 v3 images (it requires > * the dirty flag) and only as long as there are no snapshots > (because > * it completely empties the image). Furthermore, the L1 table and > three Worth updating the comment to explain why we can't use the fast path with LUKS encryption? But that's minor enough that with or without a comment tweak, I'm fine with: Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature