eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Harden online reencryption checks in initialization phase.

Browse Source 
Verify the data device supports O_DIRECT io flag in
the initialization phase. Online reencryption is not
safe unless we can read and write the data in direct
mode.
This commit is contained in:
Ondrej Kozina
2024-08-26 10:44:50 +02:00
committed by Milan Broz
parent 4cdd022ba4
commit 9991cbc306
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/luks2/luks2_reencrypt.c
View File

@@ -3788,6 +3788,13 @@ static int reencrypt_init_by_passphrase(struct crypt_device *cd,
if (flags & CRYPT_REENCRYPT_RECOVERY)
return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size);
if (name && !device_direct_io(crypt_data_device(cd))) {
log_dbg(cd, "Device %s does not support direct I/O.", device_path(crypt_data_device(cd)));
/* FIXME: Add more specific error mesage for translation later. */
log_err(cd, _("Failed to initialize reencryption device stack."));
return -EINVAL;
}
if (cipher && !crypt_cipher_wrapped_key(cipher, cipher_mode)) {
r = crypt_keyslot_get_key_size(cd, keyslot_new);
if (r < 0)