From 773ac1ce555782af49bc6666049d83358cf9f308 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Fri, 30 May 2025 14:59:52 +0200
Subject: [PATCH] Support encryption with reduced device size and data shift.

The only mising bit in library is a check if reduced data
size is smaller than real device size minus data shift.
---
 lib/luks2/luks2_reencrypt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
index f36211cc..74da7e00 100644
--- a/lib/luks2/luks2_reencrypt.c
+++ b/lib/luks2/luks2_reencrypt.c
@@ -3071,7 +3071,13 @@ static int reencrypt_init(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
-	if (!data_size_bytes && params->mode == CRYPT_REENCRYPT_ENCRYPT &&
+	if (data_size_bytes && params->mode == CRYPT_REENCRYPT_ENCRYPT &&
+	    move_first_segment && data_shift_bytes) {
+		if (data_size_bytes > device_size_bytes - data_shift_bytes) {
+			log_err(cd, _("Reduced data size is larger than real device size."));
+			return -EINVAL;
+		}
+	} else if (!data_size_bytes && params->mode == CRYPT_REENCRYPT_ENCRYPT &&
 	    move_first_segment && data_shift_bytes)
 		data_size_bytes = device_size_bytes - data_shift_bytes;
 	else if (!data_size_bytes)