ryantimwilson / rpms / systemd

Forked from rpms/systemd 3 months ago
Clone
4fbe94
From 4f9d00380ea41f5a4eb1610ae5c354a8f749cc98 Mon Sep 17 00:00:00 2001
4fbe94
From: Milan Broz <gmazyland@gmail.com>
4fbe94
Date: Mon, 27 May 2019 09:27:54 +0200
4fbe94
Subject: [PATCH] cryptsetup: Do not fallback to PLAIN mapping if LUKS data
4fbe94
 device set fails.
4fbe94
4fbe94
If crypt_load() for LUKS succeeds, we know that it is a LUKS device.
4fbe94
Failure of data device setting should fail in this case; remapping
4fbe94
as a PLAIN device late could mean data corruption.
4fbe94
4fbe94
(If a user wants to map PLAIN device over a device with LUKS header,
4fbe94
it should be said explicitly with "plain" argument type.)
4fbe94
4fbe94
Also, if there is no explicit PLAIN type requested and crypt device
4fbe94
is already initialized (crypt_data_type() is set), do not run
4fbe94
the initialization again.
4fbe94
4fbe94
(cherry picked from commit 2e4beb875bcb24e7d7d4339cc202b0b3f2953f71)
4fbe94
4fbe94
Related: #1719153
4fbe94
---
4fbe94
 src/cryptsetup/cryptsetup.c | 12 +++++++-----
4fbe94
 1 file changed, 7 insertions(+), 5 deletions(-)
4fbe94
4fbe94
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
4fbe94
index abeba44ee8..5be1469d69 100644
4fbe94
--- a/src/cryptsetup/cryptsetup.c
4fbe94
+++ b/src/cryptsetup/cryptsetup.c
4fbe94
@@ -492,11 +492,14 @@ static int attach_luks_or_plain(struct crypt_device *cd,
4fbe94
                         return r;
4fbe94
                 }
4fbe94
 
4fbe94
-                if (data_device)
4fbe94
+                if (data_device) {
4fbe94
                         r = crypt_set_data_device(cd, data_device);
4fbe94
+                        if (r < 0)
4fbe94
+                                return log_error_errno(r, "Failed to set LUKS data device %s: %m", data_device);
4fbe94
+                }
4fbe94
         }
4fbe94
 
4fbe94
-        if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
4fbe94
+        if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) {
4fbe94
                 struct crypt_params_plain params = {
4fbe94
                         .offset = arg_offset,
4fbe94
                         .skip = arg_skip,
4fbe94
@@ -543,14 +546,13 @@ static int attach_luks_or_plain(struct crypt_device *cd,
4fbe94
                  * parameters when used for plain
4fbe94
                  * mode. */
4fbe94
                 r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
4fbe94
+                if (r < 0)
4fbe94
+                        return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
4fbe94
 
4fbe94
                 /* hash == NULL implies the user passed "plain" */
4fbe94
                 pass_volume_key = (params.hash == NULL);
4fbe94
         }
4fbe94
 
4fbe94
-        if (r < 0)
4fbe94
-                return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
4fbe94
-
4fbe94
         log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
4fbe94
                  crypt_get_cipher(cd),
4fbe94
                  crypt_get_cipher_mode(cd),