diff options
-rw-r--r-- | utility/mount-encrypted.c | 19 | ||||
-rw-r--r-- | utility/mount-helpers.c | 8 | ||||
-rw-r--r-- | utility/mount-helpers.h | 2 |
3 files changed, 21 insertions, 8 deletions
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c index 8d347924..e67f7df3 100644 --- a/utility/mount-encrypted.c +++ b/utility/mount-encrypted.c @@ -60,6 +60,7 @@ static const char * const kStaticKeyDefault = "default unsafe static key"; static const char * const kStaticKeyFactory = "factory unsafe static key"; static const int kModeProduction = 0; static const int kModeFactory = 1; +static const int kCryptAllowDiscard = 1; enum migration_method { MIGRATE_TEST_ONLY, @@ -761,9 +762,21 @@ static int setup_encrypted(int mode) /* Mount loopback device with dm-crypt using the encryption key. */ INFO("Setting up dm-crypt %s as %s.", lodev, dmcrypt_dev); if (!dm_setup(sectors, encryption_key, dmcrypt_name, lodev, - dmcrypt_dev)) { - ERROR("dm_setup failed"); - goto lo_cleanup; + dmcrypt_dev, kCryptAllowDiscard)) { + /* If dm_setup() fails, it could be due to lacking + * "allow_discard" support, so try again with discard + * disabled. There doesn't seem to be a way to query + * the kernel for this feature short of a fallible + * version test or just trying to set up the dm table + * again, so do the latter. + */ + if (!dm_setup(sectors, encryption_key, dmcrypt_name, lodev, + dmcrypt_dev, !kCryptAllowDiscard)) { + ERROR("dm_setup failed"); + goto lo_cleanup; + } + INFO("%s: dm-crypt does not support discard; disabling.", + dmcrypt_dev); } /* Decide now if any migration will happen. If so, we will not diff --git a/utility/mount-helpers.c b/utility/mount-helpers.c index 9a472bb9..1abbb934 100644 --- a/utility/mount-helpers.c +++ b/utility/mount-helpers.c @@ -297,16 +297,16 @@ failed: } int dm_setup(size_t sectors, const gchar *encryption_key, const char *name, - const gchar *device, const char *path) + const gchar *device, const char *path, int discard) { /* Mount loopback device with dm-crypt using the encryption key. */ gchar *table = g_strdup_printf("0 %zu crypt " \ "aes-cbc-essiv:sha256 %s " \ - "0 %s 0 " \ - "1 allow_discards", + "0 %s 0%s", sectors, encryption_key, - device); + device, + discard ? " 1 allow_discards" : ""); if (!table) { PERROR("g_strdup_printf"); return 0; diff --git a/utility/mount-helpers.h b/utility/mount-helpers.h index 19f6242f..ee745359 100644 --- a/utility/mount-helpers.h +++ b/utility/mount-helpers.h @@ -22,7 +22,7 @@ int loop_detach_name(const char *name); /* Encrypted device mapper setup/teardown. */ int dm_setup(size_t sectors, const gchar *encryption_key, const char *name, - const gchar *device, const char *path); + const gchar *device, const char *path, int discard); int dm_teardown(const gchar *device); char *dm_get_key(const gchar *device); |