|
 |
a3e2b5 |
From 4f9d00380ea41f5a4eb1610ae5c354a8f749cc98 Mon Sep 17 00:00:00 2001
|
|
|
a3e2b5 |
From: Milan Broz <gmazyland@gmail.com>
|
|
|
a3e2b5 |
Date: Mon, 27 May 2019 09:27:54 +0200
|
|
|
a3e2b5 |
Subject: [PATCH] cryptsetup: Do not fallback to PLAIN mapping if LUKS data
|
|
|
a3e2b5 |
device set fails.
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
If crypt_load() for LUKS succeeds, we know that it is a LUKS device.
|
|
|
a3e2b5 |
Failure of data device setting should fail in this case; remapping
|
|
|
a3e2b5 |
as a PLAIN device late could mean data corruption.
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
(If a user wants to map PLAIN device over a device with LUKS header,
|
|
|
a3e2b5 |
it should be said explicitly with "plain" argument type.)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Also, if there is no explicit PLAIN type requested and crypt device
|
|
|
a3e2b5 |
is already initialized (crypt_data_type() is set), do not run
|
|
|
a3e2b5 |
the initialization again.
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
(cherry picked from commit 2e4beb875bcb24e7d7d4339cc202b0b3f2953f71)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Related: #1719153
|
|
|
a3e2b5 |
---
|
|
|
a3e2b5 |
src/cryptsetup/cryptsetup.c | 12 +++++++-----
|
|
|
a3e2b5 |
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
|
|
a3e2b5 |
index abeba44ee8..5be1469d69 100644
|
|
|
a3e2b5 |
--- a/src/cryptsetup/cryptsetup.c
|
|
|
a3e2b5 |
+++ b/src/cryptsetup/cryptsetup.c
|
|
|
a3e2b5 |
@@ -492,11 +492,14 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
|
|
a3e2b5 |
return r;
|
|
|
a3e2b5 |
}
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
- if (data_device)
|
|
|
a3e2b5 |
+ if (data_device) {
|
|
|
a3e2b5 |
r = crypt_set_data_device(cd, data_device);
|
|
|
a3e2b5 |
+ if (r < 0)
|
|
|
a3e2b5 |
+ return log_error_errno(r, "Failed to set LUKS data device %s: %m", data_device);
|
|
|
a3e2b5 |
+ }
|
|
|
a3e2b5 |
}
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
- if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
|
|
|
a3e2b5 |
+ if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) {
|
|
|
a3e2b5 |
struct crypt_params_plain params = {
|
|
|
a3e2b5 |
.offset = arg_offset,
|
|
|
a3e2b5 |
.skip = arg_skip,
|
|
|
a3e2b5 |
@@ -543,14 +546,13 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
|
|
a3e2b5 |
* parameters when used for plain
|
|
|
a3e2b5 |
* mode. */
|
|
|
a3e2b5 |
r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, ¶ms);
|
|
|
a3e2b5 |
+ if (r < 0)
|
|
|
a3e2b5 |
+ return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
/* hash == NULL implies the user passed "plain" */
|
|
|
a3e2b5 |
pass_volume_key = (params.hash == NULL);
|
|
|
a3e2b5 |
}
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
- if (r < 0)
|
|
|
a3e2b5 |
- return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
|
|
|
a3e2b5 |
-
|
|
|
a3e2b5 |
log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
|
|
|
a3e2b5 |
crypt_get_cipher(cd),
|
|
|
a3e2b5 |
crypt_get_cipher_mode(cd),
|