diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c index f2097cd1..b7c1c110 100644 --- a/lib/integrity/integrity.c +++ b/lib/integrity/integrity.c @@ -213,7 +213,7 @@ int INTEGRITY_create_dmd_device(struct crypt_device *cd, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, struct crypt_dm_active_device *dmd, - uint32_t flags) + uint32_t flags, uint32_t sb_flags) { int r; @@ -224,6 +224,10 @@ int INTEGRITY_create_dmd_device(struct crypt_device *cd, .flags = flags, }; + /* Workaround for kernel dm-integrity table bug */ + if (sb_flags & SB_FLAG_RECALCULATING) + dmd->flags |= CRYPT_ACTIVATE_RECALCULATE; + r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd), crypt_get_data_offset(cd) * SECTOR_SIZE, &dmd->size); if (r < 0) @@ -287,7 +291,8 @@ int INTEGRITY_activate(struct crypt_device *cd, uint32_t flags, uint32_t sb_flags) { struct crypt_dm_active_device dmd = {}; - int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key, journal_mac_key, &dmd, flags); + int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key, + journal_mac_key, &dmd, flags, sb_flags); if (r < 0) return r; diff --git a/lib/integrity/integrity.h b/lib/integrity/integrity.h index 6b399dbb..38c4c5ee 100644 --- a/lib/integrity/integrity.h +++ b/lib/integrity/integrity.h @@ -91,7 +91,7 @@ int INTEGRITY_create_dmd_device(struct crypt_device *cd, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, struct crypt_dm_active_device *dmd, - uint32_t flags); + uint32_t flags, uint32_t sb_flags); int INTEGRITY_activate_dmd_device(struct crypt_device *cd, const char *name, diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 29c03615..aac53088 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -2156,7 +2156,7 @@ int LUKS2_activate(struct crypt_device *cd, return -EINVAL; } - r = INTEGRITY_create_dmd_device(cd, NULL, NULL, NULL, NULL, &dmdi, dmd.flags); + r = INTEGRITY_create_dmd_device(cd, NULL, NULL, NULL, NULL, &dmdi, dmd.flags, 0); if (r) return r;