rpms / cryptsetup

Clone
Source Code
GIT

Blame SOURCES/cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   ac737d583bae01bccdb001a7a12c4406cb1282d1
  2.   SOURCES
  3.   cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch
Blob History Raw
ac737d 
From b82eaf14f7a01cfd542cb95fe97b8d3a22d5ba8f Mon Sep 17 00:00:00 2001
ac737d 
From: Ondrej Kozina <okozina@redhat.com>
ac737d 
Date: Thu, 28 Jun 2018 15:48:13 +0200
ac737d 
Subject: [PATCH 3/6] Allow LUKS2 repair to override blkid checks.
ac737d
ac737d 
Allow user to run cryptsetup repair command and explicitly do
ac737d 
repair on corrupted LUKS2 headers where blkid decides it's no longer
ac737d 
a LUKS2 device.
ac737d 
---
ac737d 
 lib/luks2/luks2.h               |  2 +-
ac737d 
 lib/luks2/luks2_json_metadata.c | 13 +++++++------
ac737d 
 lib/setup.c                     | 10 +++++-----
ac737d 
 3 files changed, 13 insertions(+), 12 deletions(-)
ac737d
ac737d 
diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
ac737d 
index ee57b41..c431e8f 100644
ac737d 
--- a/lib/luks2/luks2.h
ac737d 
+++ b/lib/luks2/luks2.h
ac737d 
@@ -131,7 +131,7 @@ struct luks2_keyslot_params {
ac737d 
 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
ac737d 
 	const char *backup_file);
ac737d
ac737d 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr);
ac737d 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
ac737d 
 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
ac737d 
 int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
ac737d
ac737d 
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
ac737d 
index 125cad9..0fd6340 100644
ac737d 
--- a/lib/luks2/luks2_json_metadata.c
ac737d 
+++ b/lib/luks2/luks2_json_metadata.c
ac737d 
@@ -842,7 +842,8 @@ int LUKS2_hdr_validate(json_object *hdr_jobj)
ac737d 
 	return 0;
ac737d 
 }
ac737d
ac737d 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
ac737d 
+/* FIXME: should we expose do_recovery parameter explicitly? */
ac737d 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair)
ac737d 
 {
ac737d 
 	int r;
ac737d
ac737d 
@@ -853,7 +854,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
ac737d 
 		return r;
ac737d 
 	}
ac737d
ac737d 
-	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
ac737d 
+	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
ac737d 
 	if (r == -EAGAIN) {
ac737d 
 		/* unlikely: auto-recovery is required and failed due to read lock being held */
ac737d 
 		device_read_unlock(crypt_metadata_device(cd));
ac737d 
@@ -865,7 +866,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
ac737d 
 			return r;
ac737d 
 		}
ac737d
ac737d 
-		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
ac737d 
+		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
ac737d
ac737d 
 		device_write_unlock(crypt_metadata_device(cd));
ac737d 
 	} else
ac737d 
@@ -1050,7 +1051,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
ac737d 
 		return r;
ac737d 
 	}
ac737d
ac737d 
-	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0);
ac737d 
+	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0, 0);
ac737d 
 	device_read_unlock(backup_device);
ac737d 
 	device_free(backup_device);
ac737d
ac737d 
@@ -1089,7 +1090,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
ac737d 
 	close(devfd);
ac737d 
 	devfd = -1;
ac737d
ac737d 
-	r = LUKS2_hdr_read(cd, &tmp_hdr);
ac737d 
+	r = LUKS2_hdr_read(cd, &tmp_hdr, 0);
ac737d 
 	if (r == 0) {
ac737d 
 		log_dbg("Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device));
ac737d 
 		r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs);
ac737d 
@@ -1176,7 +1177,7 @@ out:
ac737d
ac737d 
 	if (!r) {
ac737d 
 		LUKS2_hdr_free(hdr);
ac737d 
-		r = LUKS2_hdr_read(cd, hdr);
ac737d 
+		r = LUKS2_hdr_read(cd, hdr, 1);
ac737d 
 	}
ac737d
ac737d 
 	return r;
ac737d 
diff --git a/lib/setup.c b/lib/setup.c
ac737d 
index fddbe7e..a9b2eba 100644
ac737d 
--- a/lib/setup.c
ac737d 
+++ b/lib/setup.c
ac737d 
@@ -644,16 +644,16 @@ struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd)
ac737d 
 /*
ac737d 
  * crypt_load() helpers
ac737d 
  */
ac737d 
-static int _crypt_load_luks2(struct crypt_device *cd, int reload)
ac737d 
+static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
ac737d 
 {
ac737d 
 	int r;
ac737d 
 	char tmp_cipher[MAX_CIPHER_LEN], tmp_cipher_mode[MAX_CIPHER_LEN],
ac737d 
 	     *cipher = NULL, *cipher_mode = NULL, *type = NULL;
ac737d 
 	struct luks2_hdr hdr2 = {};
ac737d
ac737d 
-	log_dbg("%soading LUKS2 header.", reload ? "Rel" : "L");
ac737d 
+	log_dbg("%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
ac737d
ac737d 
-	r = LUKS2_hdr_read(cd, &hdr2);
ac737d 
+	r = LUKS2_hdr_read(cd, &hdr2, repair);
ac737d 
 	if (r)
ac737d 
 		return r;
ac737d
ac737d 
@@ -713,7 +713,7 @@ static void _luks2_reload(struct crypt_device *cd)
ac737d 
 	if (!cd || !isLUKS2(cd->type))
ac737d 
 		return;
ac737d
ac737d 
-	(void) _crypt_load_luks2(cd, 1);
ac737d 
+	(void) _crypt_load_luks2(cd, 1, 0);
ac737d 
 }
ac737d
ac737d 
 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
ac737d 
@@ -768,7 +768,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
ac737d 
 			return -EINVAL;
ac737d 
 		}
ac737d
ac737d 
-		r =  _crypt_load_luks2(cd, cd->type != NULL);
ac737d 
+		r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
ac737d 
 	} else
ac737d 
 		r = -EINVAL;
ac737d 
 out:
ac737d 
--
ac737d 
1.8.3.1
ac737d

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation