rpms / cryptsetup

Clone
Source Code
GIT

Blame SOURCES/cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   88d6bedfb51ff16a9ff069980e1191bdfa5f064f
  2.   SOURCES
  3.   cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch
Blob History Raw
ad2d76 
From b82eaf14f7a01cfd542cb95fe97b8d3a22d5ba8f Mon Sep 17 00:00:00 2001
ad2d76 
From: Ondrej Kozina <okozina@redhat.com>
ad2d76 
Date: Thu, 28 Jun 2018 15:48:13 +0200
ad2d76 
Subject: [PATCH 3/6] Allow LUKS2 repair to override blkid checks.
ad2d76
ad2d76 
Allow user to run cryptsetup repair command and explicitly do
ad2d76 
repair on corrupted LUKS2 headers where blkid decides it's no longer
ad2d76 
a LUKS2 device.
ad2d76 
---
ad2d76 
 lib/luks2/luks2.h               |  2 +-
ad2d76 
 lib/luks2/luks2_json_metadata.c | 13 +++++++------
ad2d76 
 lib/setup.c                     | 10 +++++-----
ad2d76 
 3 files changed, 13 insertions(+), 12 deletions(-)
ad2d76
ad2d76 
diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
ad2d76 
index ee57b41..c431e8f 100644
ad2d76 
--- a/lib/luks2/luks2.h
ad2d76 
+++ b/lib/luks2/luks2.h
ad2d76 
@@ -131,7 +131,7 @@ struct luks2_keyslot_params {
ad2d76 
 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
ad2d76 
 	const char *backup_file);
ad2d76
ad2d76 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr);
ad2d76 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
ad2d76 
 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
ad2d76 
 int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
ad2d76
ad2d76 
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
ad2d76 
index 125cad9..0fd6340 100644
ad2d76 
--- a/lib/luks2/luks2_json_metadata.c
ad2d76 
+++ b/lib/luks2/luks2_json_metadata.c
ad2d76 
@@ -842,7 +842,8 @@ int LUKS2_hdr_validate(json_object *hdr_jobj)
ad2d76 
 	return 0;
ad2d76 
 }
ad2d76
ad2d76 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
ad2d76 
+/* FIXME: should we expose do_recovery parameter explicitly? */
ad2d76 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair)
ad2d76 
 {
ad2d76 
 	int r;
ad2d76
ad2d76 
@@ -853,7 +854,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
ad2d76 
 		return r;
ad2d76 
 	}
ad2d76
ad2d76 
-	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
ad2d76 
+	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
ad2d76 
 	if (r == -EAGAIN) {
ad2d76 
 		/* unlikely: auto-recovery is required and failed due to read lock being held */
ad2d76 
 		device_read_unlock(crypt_metadata_device(cd));
ad2d76 
@@ -865,7 +866,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
ad2d76 
 			return r;
ad2d76 
 		}
ad2d76
ad2d76 
-		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
ad2d76 
+		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
ad2d76
ad2d76 
 		device_write_unlock(crypt_metadata_device(cd));
ad2d76 
 	} else
ad2d76 
@@ -1050,7 +1051,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
ad2d76 
 		return r;
ad2d76 
 	}
ad2d76
ad2d76 
-	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0);
ad2d76 
+	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0, 0);
ad2d76 
 	device_read_unlock(backup_device);
ad2d76 
 	device_free(backup_device);
ad2d76
ad2d76 
@@ -1089,7 +1090,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
ad2d76 
 	close(devfd);
ad2d76 
 	devfd = -1;
ad2d76
ad2d76 
-	r = LUKS2_hdr_read(cd, &tmp_hdr);
ad2d76 
+	r = LUKS2_hdr_read(cd, &tmp_hdr, 0);
ad2d76 
 	if (r == 0) {
ad2d76 
 		log_dbg("Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device));
ad2d76 
 		r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs);
ad2d76 
@@ -1176,7 +1177,7 @@ out:
ad2d76
ad2d76 
 	if (!r) {
ad2d76 
 		LUKS2_hdr_free(hdr);
ad2d76 
-		r = LUKS2_hdr_read(cd, hdr);
ad2d76 
+		r = LUKS2_hdr_read(cd, hdr, 1);
ad2d76 
 	}
ad2d76
ad2d76 
 	return r;
ad2d76 
diff --git a/lib/setup.c b/lib/setup.c
ad2d76 
index fddbe7e..a9b2eba 100644
ad2d76 
--- a/lib/setup.c
ad2d76 
+++ b/lib/setup.c
ad2d76 
@@ -644,16 +644,16 @@ struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd)
ad2d76 
 /*
ad2d76 
  * crypt_load() helpers
ad2d76 
  */
ad2d76 
-static int _crypt_load_luks2(struct crypt_device *cd, int reload)
ad2d76 
+static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
ad2d76 
 {
ad2d76 
 	int r;
ad2d76 
 	char tmp_cipher[MAX_CIPHER_LEN], tmp_cipher_mode[MAX_CIPHER_LEN],
ad2d76 
 	     *cipher = NULL, *cipher_mode = NULL, *type = NULL;
ad2d76 
 	struct luks2_hdr hdr2 = {};
ad2d76
ad2d76 
-	log_dbg("%soading LUKS2 header.", reload ? "Rel" : "L");
ad2d76 
+	log_dbg("%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
ad2d76
ad2d76 
-	r = LUKS2_hdr_read(cd, &hdr2);
ad2d76 
+	r = LUKS2_hdr_read(cd, &hdr2, repair);
ad2d76 
 	if (r)
ad2d76 
 		return r;
ad2d76
ad2d76 
@@ -713,7 +713,7 @@ static void _luks2_reload(struct crypt_device *cd)
ad2d76 
 	if (!cd || !isLUKS2(cd->type))
ad2d76 
 		return;
ad2d76
ad2d76 
-	(void) _crypt_load_luks2(cd, 1);
ad2d76 
+	(void) _crypt_load_luks2(cd, 1, 0);
ad2d76 
 }
ad2d76
ad2d76 
 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
ad2d76 
@@ -768,7 +768,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
ad2d76 
 			return -EINVAL;
ad2d76 
 		}
ad2d76
ad2d76 
-		r =  _crypt_load_luks2(cd, cd->type != NULL);
ad2d76 
+		r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
ad2d76 
 	} else
ad2d76 
 		r = -EINVAL;
ad2d76 
 out:
ad2d76 
--
ad2d76 
1.8.3.1
ad2d76

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation