teknoraver / rpms / systemd

Forked from rpms/systemd 4 months ago
Clone

Blame SOURCES/0204-cryptsetup-Do-not-fallback-to-PLAIN-mapping-if-LUKS-.patch

4bff0a
From 4f9d00380ea41f5a4eb1610ae5c354a8f749cc98 Mon Sep 17 00:00:00 2001
4bff0a
From: Milan Broz <gmazyland@gmail.com>
4bff0a
Date: Mon, 27 May 2019 09:27:54 +0200
4bff0a
Subject: [PATCH] cryptsetup: Do not fallback to PLAIN mapping if LUKS data
4bff0a
 device set fails.
4bff0a
4bff0a
If crypt_load() for LUKS succeeds, we know that it is a LUKS device.
4bff0a
Failure of data device setting should fail in this case; remapping
4bff0a
as a PLAIN device late could mean data corruption.
4bff0a
4bff0a
(If a user wants to map PLAIN device over a device with LUKS header,
4bff0a
it should be said explicitly with "plain" argument type.)
4bff0a
4bff0a
Also, if there is no explicit PLAIN type requested and crypt device
4bff0a
is already initialized (crypt_data_type() is set), do not run
4bff0a
the initialization again.
4bff0a
4bff0a
(cherry picked from commit 2e4beb875bcb24e7d7d4339cc202b0b3f2953f71)
4bff0a
4bff0a
Related: #1719153
4bff0a
---
4bff0a
 src/cryptsetup/cryptsetup.c | 12 +++++++-----
4bff0a
 1 file changed, 7 insertions(+), 5 deletions(-)
4bff0a
4bff0a
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
4bff0a
index abeba44ee8..5be1469d69 100644
4bff0a
--- a/src/cryptsetup/cryptsetup.c
4bff0a
+++ b/src/cryptsetup/cryptsetup.c
4bff0a
@@ -492,11 +492,14 @@ static int attach_luks_or_plain(struct crypt_device *cd,
4bff0a
                         return r;
4bff0a
                 }
4bff0a
 
4bff0a
-                if (data_device)
4bff0a
+                if (data_device) {
4bff0a
                         r = crypt_set_data_device(cd, data_device);
4bff0a
+                        if (r < 0)
4bff0a
+                                return log_error_errno(r, "Failed to set LUKS data device %s: %m", data_device);
4bff0a
+                }
4bff0a
         }
4bff0a
 
4bff0a
-        if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
4bff0a
+        if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) {
4bff0a
                 struct crypt_params_plain params = {
4bff0a
                         .offset = arg_offset,
4bff0a
                         .skip = arg_skip,
4bff0a
@@ -543,14 +546,13 @@ static int attach_luks_or_plain(struct crypt_device *cd,
4bff0a
                  * parameters when used for plain
4bff0a
                  * mode. */
4bff0a
                 r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
4bff0a
+                if (r < 0)
4bff0a
+                        return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
4bff0a
 
4bff0a
                 /* hash == NULL implies the user passed "plain" */
4bff0a
                 pass_volume_key = (params.hash == NULL);
4bff0a
         }
4bff0a
 
4bff0a
-        if (r < 0)
4bff0a
-                return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
4bff0a
-
4bff0a
         log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
4bff0a
                  crypt_get_cipher(cd),
4bff0a
                  crypt_get_cipher_mode(cd),