diff options
| author | Milan Broz <gmazyland@gmail.com> | 2019-05-27 09:27:54 +0200 |
|---|---|---|
| committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | 2019-07-26 10:51:52 +0200 |
| commit | 4f9d00380ea41f5a4eb1610ae5c354a8f749cc98 (patch) | |
| tree | 8b243e50312e06bdc1d0022ab81d3639ccbc7b39 | |
| parent | fffbf1f90be5236b310bc0b10034815b1051f0ac (diff) | |
| download | systemd-4f9d00380ea41f5a4eb1610ae5c354a8f749cc98.tar.gz | |
cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails.
If crypt_load() for LUKS succeeds, we know that it is a LUKS device.
Failure of data device setting should fail in this case; remapping
as a PLAIN device late could mean data corruption.
(If a user wants to map PLAIN device over a device with LUKS header,
it should be said explicitly with "plain" argument type.)
Also, if there is no explicit PLAIN type requested and crypt device
is already initialized (crypt_data_type() is set), do not run
the initialization again.
(cherry picked from commit 2e4beb875bcb24e7d7d4339cc202b0b3f2953f71)
Related: #1719153
| -rw-r--r-- | src/cryptsetup/cryptsetup.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index abeba44ee8..5be1469d69 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -492,11 +492,14 @@ static int attach_luks_or_plain(struct crypt_device *cd, return r; } - if (data_device) + if (data_device) { r = crypt_set_data_device(cd, data_device); + if (r < 0) + return log_error_errno(r, "Failed to set LUKS data device %s: %m", data_device); + } } - if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) { + if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) { struct crypt_params_plain params = { .offset = arg_offset, .skip = arg_skip, @@ -543,14 +546,13 @@ static int attach_luks_or_plain(struct crypt_device *cd, * parameters when used for plain * mode. */ r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, ¶ms); + if (r < 0) + return log_error_errno(r, "Loading of cryptographic parameters failed: %m"); /* hash == NULL implies the user passed "plain" */ pass_volume_key = (params.hash == NULL); } - if (r < 0) - return log_error_errno(r, "Loading of cryptographic parameters failed: %m"); - log_info("Set cipher %s, mode %s, key size %i bits for device %s.", crypt_get_cipher(cd), crypt_get_cipher_mode(cd), |