On 2017-11-10 18:22, Daniel P. Berrange wrote: > On Fri, Nov 10, 2017 at 10:34:59AM -0600, Eric Blake wrote: >> On 11/03/2017 09:41 AM, Daniel P. Berrange wrote: >>> After committing the qcow2 image contents into the base image, qemu-img >>> will call bdrv_make_empty to drop the payload in the layered image. >>> >>> When this is done for qcow2 images, it blows away the LUKS encryption >>> header, making the resulting image unusable. There are two codepaths >>> for emptying a qcow2 image, and the second (slower) codepaths leaves >>> the LUKS header intact, so force use of that codepath. >>> >>> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> >>> --- >>> >>> NB, ideally we would fix the faster codepath in make_completely_empty, but >>> having looked at the code, I've really no idea how to even start on fixing >>> that >>> to not kill the LUKS header clusters. >> >> Hmm - I wonder if persistent bitmaps are also corrupted in the fast path. > > I also wonder if there's anything better we can do to make us safer by > default, so we default to the slow & safe path, unless we can provide > we *only* have the subset of features that are safe for the fast path ?
I have wondered the same but I can't think of any. The only thing that
comes close would be to check for which header extensions there are; but
at the same time, we could just add a comment to qcow2_read_extensions()
("If you add a new feature to qcow2, note that you may want to adjust
the qcow2_make_empty() fastpath conditions").
Max
signature.asc
Description: OpenPGP digital signature
