Fix setting of integrity persistent flags (no-journal).

We have to query and set flags also for underlying dm-integrity device, otherwise activation flags applied there are ignored.
2025-12-16 13:20:11 +01:00 · 2018-11-25 12:46:41 +01:00
parent 2f6d0c006c
commit 3d2fd06035
2 changed files with 15 additions and 4 deletions
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -1263,10 +1263,12 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
 	jobj_flags = json_object_new_array();
 	for (i = 0; persistent_flags[i].description; i++) {
-		if (flags & persistent_flags[i].flag)
+		if (flags & persistent_flags[i].flag) {
 			log_dbg("Setting persistent flag: %s.", persistent_flags[i].description);
 			json_object_array_add(jobj_flags,
 				json_object_new_string(persistent_flags[i].description));
 		}
 	}
 	/* Replace or add new flags array */
 	json_object_object_add(jobj_config, "flags", jobj_flags);
@@ -1912,7 +1914,7 @@ int LUKS2_activate(struct crypt_device *cd,
 		}
 		snprintf(dm_int_name, sizeof(dm_int_name), "%s_dif", name);
-		r = INTEGRITY_activate(cd, dm_int_name, NULL, NULL, NULL, NULL, flags);
+		r = INTEGRITY_activate(cd, dm_int_name, NULL, NULL, NULL, NULL, dmd.flags);
 		if (r)
 			return r;
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -3337,13 +3337,14 @@ int crypt_deactivate(struct crypt_device *cd, const char *name)
 int crypt_get_active_device(struct crypt_device *cd, const char *name,
 			    struct crypt_active_device *cad)
 {
-	struct crypt_dm_active_device dmd;
+	struct crypt_dm_active_device dmd = {}, dmdi = {};
 	const char *namei = NULL;
 	int r;
 	if (!cd || !name || !cad)
 		return -EINVAL;
-	r = dm_query_device(cd, name, 0, &dmd);
+	r = dm_query_device(cd, name, DM_ACTIVE_DEVICE, &dmd);
 	if (r < 0)
 		return r;
@@ -3352,6 +3353,14 @@ int crypt_get_active_device(struct crypt_device *cd, const char *name,
 	    dmd.target != DM_INTEGRITY)
 		return -ENOTSUP;
 	/* For LUKS2 with integrity we need flags from underlying dm-integrity */
 	if (isLUKS2(cd->type) && crypt_get_integrity_tag_size(cd)) {
 		namei = device_dm_name(dmd.data_device);
 		if (namei && dm_query_device(cd, namei, 0, &dmdi) >= 0)
 			dmd.flags |= dmdi.flags;
 	}
 	device_free(dmd.data_device);
 	if (cd && isTCRYPT(cd->type)) {
 		cad->offset	= TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);
 		cad->iv_offset	= TCRYPT_get_iv_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);