rpms / cryptsetup

Clone
Source Code
GIT

Blame SOURCES/cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   8af939a77cb28a3730b200ddab1035f8306c77ad
  2.   SOURCES
  3.   cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch
Blob History Raw
8af939 
From b82eaf14f7a01cfd542cb95fe97b8d3a22d5ba8f Mon Sep 17 00:00:00 2001
8af939 
From: Ondrej Kozina <okozina@redhat.com>
8af939 
Date: Thu, 28 Jun 2018 15:48:13 +0200
8af939 
Subject: [PATCH 3/6] Allow LUKS2 repair to override blkid checks.
8af939
8af939 
Allow user to run cryptsetup repair command and explicitly do
8af939 
repair on corrupted LUKS2 headers where blkid decides it's no longer
8af939 
a LUKS2 device.
8af939 
---
8af939 
 lib/luks2/luks2.h               |  2 +-
8af939 
 lib/luks2/luks2_json_metadata.c | 13 +++++++------
8af939 
 lib/setup.c                     | 10 +++++-----
8af939 
 3 files changed, 13 insertions(+), 12 deletions(-)
8af939
8af939 
diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
8af939 
index ee57b41..c431e8f 100644
8af939 
--- a/lib/luks2/luks2.h
8af939 
+++ b/lib/luks2/luks2.h
8af939 
@@ -131,7 +131,7 @@ struct luks2_keyslot_params {
8af939 
 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
8af939 
 	const char *backup_file);
8af939
8af939 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr);
8af939 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
8af939 
 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
8af939 
 int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
8af939
8af939 
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
8af939 
index 125cad9..0fd6340 100644
8af939 
--- a/lib/luks2/luks2_json_metadata.c
8af939 
+++ b/lib/luks2/luks2_json_metadata.c
8af939 
@@ -842,7 +842,8 @@ int LUKS2_hdr_validate(json_object *hdr_jobj)
8af939 
 	return 0;
8af939 
 }
8af939
8af939 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
8af939 
+/* FIXME: should we expose do_recovery parameter explicitly? */
8af939 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair)
8af939 
 {
8af939 
 	int r;
8af939
8af939 
@@ -853,7 +854,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
8af939 
 		return r;
8af939 
 	}
8af939
8af939 
-	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
8af939 
+	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
8af939 
 	if (r == -EAGAIN) {
8af939 
 		/* unlikely: auto-recovery is required and failed due to read lock being held */
8af939 
 		device_read_unlock(crypt_metadata_device(cd));
8af939 
@@ -865,7 +866,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
8af939 
 			return r;
8af939 
 		}
8af939
8af939 
-		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
8af939 
+		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
8af939
8af939 
 		device_write_unlock(crypt_metadata_device(cd));
8af939 
 	} else
8af939 
@@ -1050,7 +1051,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
8af939 
 		return r;
8af939 
 	}
8af939
8af939 
-	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0);
8af939 
+	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0, 0);
8af939 
 	device_read_unlock(backup_device);
8af939 
 	device_free(backup_device);
8af939
8af939 
@@ -1089,7 +1090,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
8af939 
 	close(devfd);
8af939 
 	devfd = -1;
8af939
8af939 
-	r = LUKS2_hdr_read(cd, &tmp_hdr);
8af939 
+	r = LUKS2_hdr_read(cd, &tmp_hdr, 0);
8af939 
 	if (r == 0) {
8af939 
 		log_dbg("Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device));
8af939 
 		r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs);
8af939 
@@ -1176,7 +1177,7 @@ out:
8af939
8af939 
 	if (!r) {
8af939 
 		LUKS2_hdr_free(hdr);
8af939 
-		r = LUKS2_hdr_read(cd, hdr);
8af939 
+		r = LUKS2_hdr_read(cd, hdr, 1);
8af939 
 	}
8af939
8af939 
 	return r;
8af939 
diff --git a/lib/setup.c b/lib/setup.c
8af939 
index fddbe7e..a9b2eba 100644
8af939 
--- a/lib/setup.c
8af939 
+++ b/lib/setup.c
8af939 
@@ -644,16 +644,16 @@ struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd)
8af939 
 /*
8af939 
  * crypt_load() helpers
8af939 
  */
8af939 
-static int _crypt_load_luks2(struct crypt_device *cd, int reload)
8af939 
+static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
8af939 
 {
8af939 
 	int r;
8af939 
 	char tmp_cipher[MAX_CIPHER_LEN], tmp_cipher_mode[MAX_CIPHER_LEN],
8af939 
 	     *cipher = NULL, *cipher_mode = NULL, *type = NULL;
8af939 
 	struct luks2_hdr hdr2 = {};
8af939
8af939 
-	log_dbg("%soading LUKS2 header.", reload ? "Rel" : "L");
8af939 
+	log_dbg("%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
8af939
8af939 
-	r = LUKS2_hdr_read(cd, &hdr2);
8af939 
+	r = LUKS2_hdr_read(cd, &hdr2, repair);
8af939 
 	if (r)
8af939 
 		return r;
8af939
8af939 
@@ -713,7 +713,7 @@ static void _luks2_reload(struct crypt_device *cd)
8af939 
 	if (!cd || !isLUKS2(cd->type))
8af939 
 		return;
8af939
8af939 
-	(void) _crypt_load_luks2(cd, 1);
8af939 
+	(void) _crypt_load_luks2(cd, 1, 0);
8af939 
 }
8af939
8af939 
 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
8af939 
@@ -768,7 +768,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
8af939 
 			return -EINVAL;
8af939 
 		}
8af939
8af939 
-		r =  _crypt_load_luks2(cd, cd->type != NULL);
8af939 
+		r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
8af939 
 	} else
8af939 
 		r = -EINVAL;
8af939 
 out:
8af939 
--
8af939 
1.8.3.1
8af939

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation