rpms / cryptsetup

Clone
Source Code
GIT

Blame SOURCES/cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch

c7-beta
  1.   c7-beta
  2.   SOURCES
  3.   cryptsetup-2.0.4-allow-LUKS2-repair-to-override-blkid-checks.patch
Blob History Raw
7cdc99 
From b82eaf14f7a01cfd542cb95fe97b8d3a22d5ba8f Mon Sep 17 00:00:00 2001
7cdc99 
From: Ondrej Kozina <okozina@redhat.com>
7cdc99 
Date: Thu, 28 Jun 2018 15:48:13 +0200
7cdc99 
Subject: [PATCH 3/6] Allow LUKS2 repair to override blkid checks.
7cdc99
7cdc99 
Allow user to run cryptsetup repair command and explicitly do
7cdc99 
repair on corrupted LUKS2 headers where blkid decides it's no longer
7cdc99 
a LUKS2 device.
7cdc99 
---
7cdc99 
 lib/luks2/luks2.h               |  2 +-
7cdc99 
 lib/luks2/luks2_json_metadata.c | 13 +++++++------
7cdc99 
 lib/setup.c                     | 10 +++++-----
7cdc99 
 3 files changed, 13 insertions(+), 12 deletions(-)
7cdc99
7cdc99 
diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
7cdc99 
index ee57b41..c431e8f 100644
7cdc99 
--- a/lib/luks2/luks2.h
7cdc99 
+++ b/lib/luks2/luks2.h
7cdc99 
@@ -131,7 +131,7 @@ struct luks2_keyslot_params {
7cdc99 
 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
7cdc99 
 	const char *backup_file);
7cdc99
7cdc99 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr);
7cdc99 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
7cdc99 
 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
7cdc99 
 int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
7cdc99
7cdc99 
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
7cdc99 
index 125cad9..0fd6340 100644
7cdc99 
--- a/lib/luks2/luks2_json_metadata.c
7cdc99 
+++ b/lib/luks2/luks2_json_metadata.c
7cdc99 
@@ -842,7 +842,8 @@ int LUKS2_hdr_validate(json_object *hdr_jobj)
7cdc99 
 	return 0;
7cdc99 
 }
7cdc99
7cdc99 
-int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
7cdc99 
+/* FIXME: should we expose do_recovery parameter explicitly? */
7cdc99 
+int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair)
7cdc99 
 {
7cdc99 
 	int r;
7cdc99
7cdc99 
@@ -853,7 +854,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
7cdc99 
 		return r;
7cdc99 
 	}
7cdc99
7cdc99 
-	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
7cdc99 
+	r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
7cdc99 
 	if (r == -EAGAIN) {
7cdc99 
 		/* unlikely: auto-recovery is required and failed due to read lock being held */
7cdc99 
 		device_read_unlock(crypt_metadata_device(cd));
7cdc99 
@@ -865,7 +866,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
7cdc99 
 			return r;
7cdc99 
 		}
7cdc99
7cdc99 
-		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, 1);
7cdc99 
+		r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair);
7cdc99
7cdc99 
 		device_write_unlock(crypt_metadata_device(cd));
7cdc99 
 	} else
7cdc99 
@@ -1050,7 +1051,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
7cdc99 
 		return r;
7cdc99 
 	}
7cdc99
7cdc99 
-	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0);
7cdc99 
+	r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0, 0);
7cdc99 
 	device_read_unlock(backup_device);
7cdc99 
 	device_free(backup_device);
7cdc99
7cdc99 
@@ -1089,7 +1090,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
7cdc99 
 	close(devfd);
7cdc99 
 	devfd = -1;
7cdc99
7cdc99 
-	r = LUKS2_hdr_read(cd, &tmp_hdr);
7cdc99 
+	r = LUKS2_hdr_read(cd, &tmp_hdr, 0);
7cdc99 
 	if (r == 0) {
7cdc99 
 		log_dbg("Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device));
7cdc99 
 		r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs);
7cdc99 
@@ -1176,7 +1177,7 @@ out:
7cdc99
7cdc99 
 	if (!r) {
7cdc99 
 		LUKS2_hdr_free(hdr);
7cdc99 
-		r = LUKS2_hdr_read(cd, hdr);
7cdc99 
+		r = LUKS2_hdr_read(cd, hdr, 1);
7cdc99 
 	}
7cdc99
7cdc99 
 	return r;
7cdc99 
diff --git a/lib/setup.c b/lib/setup.c
7cdc99 
index fddbe7e..a9b2eba 100644
7cdc99 
--- a/lib/setup.c
7cdc99 
+++ b/lib/setup.c
7cdc99 
@@ -644,16 +644,16 @@ struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd)
7cdc99 
 /*
7cdc99 
  * crypt_load() helpers
7cdc99 
  */
7cdc99 
-static int _crypt_load_luks2(struct crypt_device *cd, int reload)
7cdc99 
+static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
7cdc99 
 {
7cdc99 
 	int r;
7cdc99 
 	char tmp_cipher[MAX_CIPHER_LEN], tmp_cipher_mode[MAX_CIPHER_LEN],
7cdc99 
 	     *cipher = NULL, *cipher_mode = NULL, *type = NULL;
7cdc99 
 	struct luks2_hdr hdr2 = {};
7cdc99
7cdc99 
-	log_dbg("%soading LUKS2 header.", reload ? "Rel" : "L");
7cdc99 
+	log_dbg("%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
7cdc99
7cdc99 
-	r = LUKS2_hdr_read(cd, &hdr2);
7cdc99 
+	r = LUKS2_hdr_read(cd, &hdr2, repair);
7cdc99 
 	if (r)
7cdc99 
 		return r;
7cdc99
7cdc99 
@@ -713,7 +713,7 @@ static void _luks2_reload(struct crypt_device *cd)
7cdc99 
 	if (!cd || !isLUKS2(cd->type))
7cdc99 
 		return;
7cdc99
7cdc99 
-	(void) _crypt_load_luks2(cd, 1);
7cdc99 
+	(void) _crypt_load_luks2(cd, 1, 0);
7cdc99 
 }
7cdc99
7cdc99 
 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
7cdc99 
@@ -768,7 +768,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
7cdc99 
 			return -EINVAL;
7cdc99 
 		}
7cdc99
7cdc99 
-		r =  _crypt_load_luks2(cd, cd->type != NULL);
7cdc99 
+		r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
7cdc99 
 	} else
7cdc99 
 		r = -EINVAL;
7cdc99 
 out:
7cdc99 
--
7cdc99 
1.8.3.1
7cdc99

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation