eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allocate buffer for checksum resilience on-demand.

Browse Source
This commit is contained in:
Ondrej Kozina
2022-05-30 11:53:03 +02:00
parent 007e56727c
commit e8ec3e1005
2 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/luks2/luks2_keyslot_reenc.c
View File

@@ -434,13 +434,6 @@ static int load_checksum_protection(struct crypt_device *cd,
rp->p.csum.block_size = crypt_jobj_get_uint32(jobj_block_size);
rp->p.csum.checksums_len = area_length;
if (posix_memalign(&rp->p.csum.checksums, device_alignment(crypt_metadata_device(cd)),
rp->p.csum.checksums_len)) {
crypt_hash_destroy(rp->p.csum.ch);
rp->p.csum.ch = NULL;
return -ENOMEM;
}
rp->type = REENC_PROTECTION_CHECKSUM;
return 0;
}

30
lib/luks2/luks2_reencrypt.c
View File

@@ -1227,6 +1227,24 @@ static int reencrypt_update_flag(struct crypt_device *cd, int enable, bool commi
return LUKS2_config_set_requirements(cd, hdr, reqs, commit);
}
static int reencrypt_hotzone_protect_ready(struct crypt_device *cd,
struct reenc_protection *rp)
{
assert(rp);
if (rp->type != REENC_PROTECTION_CHECKSUM)
return 0;
if (!rp->p.csum.checksums) {
log_dbg(cd, "Allocating buffer for storing resilience checksums.");
if (posix_memalign(&rp->p.csum.checksums, device_alignment(crypt_metadata_device(cd)),
rp->p.csum.checksums_len))
return -ENOMEM;
}
return 0;
}
static int reencrypt_recover_segment(struct crypt_device *cd,
struct luks2_hdr *hdr,
struct luks2_reencrypt *rh,
@@ -1252,6 +1270,12 @@ static int reencrypt_recover_segment(struct crypt_device *cd,
if (rseg < 0 || rh->length < 512)
return -EINVAL;
r = reencrypt_hotzone_protect_ready(cd, rp);
if (r) {
log_err(cd, _("Failed to initialize hotzone protection."));
return -EINVAL;
}
vk_new = crypt_volume_key_by_id(vks, rh->digest_new);
if (!vk_new && rh->mode != CRYPT_REENCRYPT_DECRYPT)
return -EINVAL;
@@ -3226,6 +3250,12 @@ static reenc_status_t reencrypt_step(struct crypt_device *cd,
}
}
r = reencrypt_hotzone_protect_ready(cd, rp);
if (r) {
log_err(cd, _("Failed to initialize hotzone protection."));
return REENC_ROLLBACK;
}
if (online) {
r = reencrypt_refresh_overlay_devices(cd, hdr, rh->overlay_name, rh->hotzone_name, rh->vks, rh->device_size, rh->flags);
/* Teardown overlay devices with dm-error. None bio shall pass! */