|
 |
4bff0a |
From 788fb775f7deb8c456868362454e2a5f50c6068f Mon Sep 17 00:00:00 2001
|
|
|
4bff0a |
From: Milan Broz <gmazyland@gmail.com>
|
|
|
4bff0a |
Date: Mon, 27 May 2019 09:43:03 +0200
|
|
|
4bff0a |
Subject: [PATCH] cryptsetup: call crypt_load() for LUKS only once
|
|
|
4bff0a |
|
|
|
4bff0a |
The crypt_load() for LUKS2 can read a quite big area of disk
|
|
|
4bff0a |
(metadata area size is configurable and can increase up to megabytes).
|
|
|
4bff0a |
|
|
|
4bff0a |
This initialization is not needed to be repeated, just use the existing context.
|
|
|
4bff0a |
|
|
|
4bff0a |
(This patch is also required for the following change.)
|
|
|
4bff0a |
|
|
|
4bff0a |
(cherry picked from commit ea9a9d49e4af31c49e5c216e7e5e2f533e727579)
|
|
|
4bff0a |
|
|
|
4bff0a |
Related: #1719153
|
|
|
4bff0a |
---
|
|
|
4bff0a |
src/cryptsetup/cryptsetup.c | 28 ++++++++++++----------------
|
|
|
4bff0a |
1 file changed, 12 insertions(+), 16 deletions(-)
|
|
|
4bff0a |
|
|
|
4bff0a |
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
|
|
4bff0a |
index 5be1469d69..a0bd80ea65 100644
|
|
|
4bff0a |
--- a/src/cryptsetup/cryptsetup.c
|
|
|
4bff0a |
+++ b/src/cryptsetup/cryptsetup.c
|
|
|
4bff0a |
@@ -475,7 +475,6 @@ static int attach_tcrypt(
|
|
|
4bff0a |
static int attach_luks_or_plain(struct crypt_device *cd,
|
|
|
4bff0a |
const char *name,
|
|
|
4bff0a |
const char *key_file,
|
|
|
4bff0a |
- const char *data_device,
|
|
|
4bff0a |
char **passwords,
|
|
|
4bff0a |
uint32_t flags) {
|
|
|
4bff0a |
int r = 0;
|
|
|
4bff0a |
@@ -485,20 +484,6 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
|
|
4bff0a |
assert(name);
|
|
|
4bff0a |
assert(key_file || passwords);
|
|
|
4bff0a |
|
|
|
4bff0a |
- if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
|
|
|
4bff0a |
- r = crypt_load(cd, CRYPT_LUKS, NULL);
|
|
|
4bff0a |
- if (r < 0) {
|
|
|
4bff0a |
- log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
|
|
|
4bff0a |
- return r;
|
|
|
4bff0a |
- }
|
|
|
4bff0a |
-
|
|
|
4bff0a |
- if (data_device) {
|
|
|
4bff0a |
- r = crypt_set_data_device(cd, data_device);
|
|
|
4bff0a |
- if (r < 0)
|
|
|
4bff0a |
- return log_error_errno(r, "Failed to set LUKS data device %s: %m", data_device);
|
|
|
4bff0a |
- }
|
|
|
4bff0a |
- }
|
|
|
4bff0a |
-
|
|
|
4bff0a |
if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) {
|
|
|
4bff0a |
struct crypt_params_plain params = {
|
|
|
4bff0a |
.offset = arg_offset,
|
|
|
4bff0a |
@@ -687,6 +672,18 @@ int main(int argc, char *argv[]) {
|
|
|
4bff0a |
log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
|
|
|
4bff0a |
}
|
|
|
4bff0a |
|
|
|
4bff0a |
+ if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
|
|
|
4bff0a |
+ r = crypt_load(cd, CRYPT_LUKS, NULL);
|
|
|
4bff0a |
+ if (r < 0)
|
|
|
4bff0a |
+ return log_error_errno(r, "Failed to load LUKS superblock on device %s: %m", crypt_get_device_name(cd));
|
|
|
4bff0a |
+
|
|
|
4bff0a |
+ if (arg_header) {
|
|
|
4bff0a |
+ r = crypt_set_data_device(cd, argv[3]);
|
|
|
4bff0a |
+ if (r < 0)
|
|
|
4bff0a |
+ return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
|
|
|
4bff0a |
+ }
|
|
|
4bff0a |
+ }
|
|
|
4bff0a |
+
|
|
|
4bff0a |
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
|
|
|
4bff0a |
_cleanup_strv_free_erase_ char **passwords = NULL;
|
|
|
4bff0a |
|
|
|
4bff0a |
@@ -704,7 +701,6 @@ int main(int argc, char *argv[]) {
|
|
|
4bff0a |
r = attach_luks_or_plain(cd,
|
|
|
4bff0a |
argv[2],
|
|
|
4bff0a |
key_file,
|
|
|
4bff0a |
- arg_header ? argv[3] : NULL,
|
|
|
4bff0a |
passwords,
|
|
|
4bff0a |
flags);
|
|
|
4bff0a |
if (r >= 0)
|