eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 11:50:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Wipe data device in crypt_format with auth. encryption.

Browse Source 
crypt_wipe_device was called incorrectly on metadata device even
though integrity header is always on data device from cryptsetup
pov. During LUKS2 crypt_format with detached header scenario we
would wiped first 8 sectors of metadata device instead of data
device.
This commit is contained in:
Ondrej Kozina
2018-08-07 14:58:38 +02:00
committed by Milan Broz
parent 0e7b068061
commit c8ce996872
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/setup.c
View File

@@ -182,6 +182,11 @@ static const char *mdata_device_path(struct crypt_device *cd)
return device_path(cd->metadata_device ?: cd->device); return device_path(cd->metadata_device ?: cd->device);
} }
static const char *data_device_path(struct crypt_device *cd)
{
return device_path(cd->device);
}
/* internal only */ /* internal only */
struct device *crypt_metadata_device(struct crypt_device *cd) struct device *crypt_metadata_device(struct crypt_device *cd)
{ {
@@ -1612,28 +1617,28 @@ static int _crypt_format_luks2(struct crypt_device *cd,
/* Wipe integrity superblock and create integrity superblock */ /* Wipe integrity superblock and create integrity superblock */
if (crypt_get_integrity_tag_size(cd)) { if (crypt_get_integrity_tag_size(cd)) {
/* FIXME: this should be locked. */ /* FIXME: this should be locked. */
r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_ZERO,
crypt_get_data_offset(cd) * SECTOR_SIZE, crypt_get_data_offset(cd) * SECTOR_SIZE,
8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL); 8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
if (r < 0) { if (r < 0) {
if (r == -EBUSY) if (r == -EBUSY)
log_err(cd, _("Cannot format device %s which is still in use."), log_err(cd, _("Cannot format device %s which is still in use."),
mdata_device_path(cd)); data_device_path(cd));
else if (r == -EACCES) { else if (r == -EACCES) {
log_err(cd, _("Cannot format device %s, permission denied."), log_err(cd, _("Cannot format device %s, permission denied."),
mdata_device_path(cd)); data_device_path(cd));
r = -EINVAL; r = -EINVAL;
} else } else
log_err(cd, _("Cannot wipe header on device %s."), log_err(cd, _("Cannot wipe header on device %s."),
mdata_device_path(cd)); data_device_path(cd));
goto out; goto out;
} }
r = device_write_lock(cd, crypt_metadata_device(cd)); r = device_write_lock(cd, crypt_data_device(cd));
if (r) { if (r) {
log_err(cd, _("Failed to acquire write lock on device %s."), log_err(cd, _("Failed to acquire write lock on device %s."),
mdata_device_path(cd)); data_device_path(cd));
r = -EINVAL; r = -EINVAL;
goto out; goto out;
} }
@@ -1641,9 +1646,9 @@ static int _crypt_format_luks2(struct crypt_device *cd,
r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL); r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL);
if (r) if (r)
log_err(cd, _("Cannot format integrity for device %s."), log_err(cd, _("Cannot format integrity for device %s."),
mdata_device_path(cd)); data_device_path(cd));
device_write_unlock(crypt_metadata_device(cd)); device_write_unlock(crypt_data_device(cd));
} }
if (r < 0) if (r < 0)