Ondrej Kozina
c646832bfe
Add hard and soft memory limit to reencrypt hotzone size.
...
Currently hard memory limit is 1 GiB. Soft limit is
1/4 of system memory.
Note that --hotzone-size cryptsetup parameter can only further
lower hard and soft memory limit on hotzone size and not bypass
it.
2019-10-04 12:20:22 +02:00
Ondrej Kozina
539d4756f2
Do not flush and freeze fs while swapping in/out overlay device.
2019-10-04 12:20:16 +02:00
Ondrej Kozina
8714e115ad
Remove unused parameter from reencrypt_swap_backing_device.
...
It always loads dm-linear mapping in original device that maps 1:1
to helper overlay device (holding original table).
2019-10-04 12:20:12 +02:00
Ondrej Kozina
9c38e09ad3
Retain activation flags during and after online reencryption.
2019-10-04 12:20:06 +02:00
Ondrej Kozina
5628d7d8b5
Drop duplicite flag in LUKS2 device reload after reencryption.
...
Reload operation implicictly requires shared flag anyway and it's
added later.
2019-10-04 12:19:39 +02:00
Yuri Chornoivan
f26a9abddb
Fix minor typos
2019-09-02 09:20:47 +00:00
Ondrej Kozina
d13a6f7487
Take optimal io size in account with LUKS2 reencryption.
...
If device properly exposes optimal io size, let's align
reencryption hotzone to it. Otherwise device-mapper driver
complaints about misaligned tables and reencryption performance
is not optimal.
2019-08-30 09:39:35 +02:00
Ondrej Kozina
ea1dbfe961
Fix minimal size check for device in LUKS2 reencryption.
...
Commit 4c73da314c73da31
2019-08-13 20:34:14 +02:00
Milan Broz
4c73da31ba
Fix bugs found by Coverity.
2019-08-13 12:20:18 +02:00
Ondrej Kozina
a23e1cf729
LUKS2 code cleanup.
...
- drop unused code
- drop unused function declarations
- remove local routines from internal api
2019-08-05 18:29:37 +02:00
Ondrej Kozina
91879960e6
Move most of crypt_reencrypt_status to reencryption file.
2019-08-05 18:29:37 +02:00
Ondrej Kozina
cbb3ca01f4
Reencryption code cleanup.
...
- Remove all 'LUKS2_' name prefixes from internal routines
- Make all internal routines prefixed with 'reencrypt_' instead
- Drop few static routines by refactoring
- Rename all variables and routines containing 'pre' prefix to
contain 'hot' prefix instead (when referring to segments
undergoing reencryption)
- Rename all variables and routines containing 'after' prefix to
contain 'post' prefix instead
- Rename all routines prefixed with '_' to 'reencrypt_' instead
2019-08-05 18:29:35 +02:00
Ondrej Kozina
9845d6fd40
Shorten reencryption parameters debug message.
2019-08-05 18:28:15 +02:00
Ondrej Kozina
e5a59d6925
Remove json debug reencryption metadata fragments.
2019-08-05 18:28:15 +02:00
Ondrej Kozina
b3af88708d
Change reencryption mode parameter type to enum.
2019-08-01 15:40:53 +02:00
Ondrej Kozina
97ea39404a
Allow reencryption to parse names prefixed with /dev.
2019-08-01 10:43:57 +02:00
Ondrej Kozina
3bea349f9e
Optionaly check device table before reencryption initialization.
2019-08-01 10:43:57 +02:00
Ondrej Kozina
98e0c8d609
Extend device table check in-before reencryption.
2019-08-01 10:43:57 +02:00
Ondrej Kozina
0886bc7afd
Check for error sooner while assigning reencryption segments.
...
Also wraps function parameters definition.
2019-07-31 14:58:55 +02:00
Ondrej Kozina
e16319a290
Fail encryption initialization when data device too small.
2019-07-26 16:09:38 +02:00
Ondrej Kozina
c033643f07
Fix corner case bug in encryption with data shift.
...
If we initialized encryption with data shift and only single
segment the resulting metadata were missing
CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT flag and also segments json section was
invalid.
2019-07-26 16:06:03 +02:00
Ondrej Kozina
607e2248c8
Simplify LUKS2_reencrypt_direction function.
2019-07-26 16:06:03 +02:00
Ondrej Kozina
1b82e70fc1
Fix bug in minimal device size calculation for reencryption.
2019-07-26 16:06:03 +02:00
Ondrej Kozina
35068c2e6e
Fix broken segments calculation for backward data shift reencryption.
2019-07-26 16:06:03 +02:00
Ondrej Kozina
7460d1a446
Fix backward reencryption with data shift.
...
The device has to be shrunk the data shift size during activation.
Otherwise the online reencryption would fail with incorrect device
size.
2019-07-26 16:04:27 +02:00
Ondrej Kozina
c851205f83
Fix bug in reencryption digest to segment assignement.
2019-07-23 17:28:26 +02:00
Ondrej Kozina
dd0e073159
Fill direction field in crypt_reencrypt_status.
2019-07-23 17:28:26 +02:00
Ondrej Kozina
3f85da0098
Fix datashift calculation in reencryption initialization.
2019-07-23 17:28:25 +02:00
Ondrej Kozina
dad28f3dfe
Move exclusive open for offline reencryption in initialization.
2019-07-23 17:28:25 +02:00
Ondrej Kozina
e8e1da3fb5
Do not callback progress twice in reencryption loop.
2019-07-23 17:28:25 +02:00
Ondrej Kozina
330f9daade
Pass max_hotzone_size inside reencryption parameters in sectors.
2019-07-12 15:37:18 +02:00
Ondrej Kozina
4a232bc868
Pass device size inside reencryption parameters in sectors.
...
it was mistake in reencryption API. All other device sizes
related to device mapper devices are always in 512b setctors.
2019-07-12 15:37:18 +02:00
Ondrej Kozina
e3e6e75d40
Improvements to LUKS2 reencryption error messages.
...
- make error messages propagated to users more comprehensible
- drop some error messages completely
- replace many error messages with debug logs only
Fixes #458 .
2019-07-01 10:18:55 +02:00
Yuri Chornoivan
4143d9871e
Fix minor typos
2019-06-28 12:02:39 +00:00
Ondrej Kozina
d4682b3b38
Cleanup translated messages id.
...
- minimize count of almost identical message ids
- unify style for some messages
- remove some useless messages
2019-06-27 10:23:42 +02:00
Ondrej Kozina
2f4a50064f
Add direction hint in reencryption hotzone device name.
2019-06-27 10:23:36 +02:00
Ondrej Kozina
292a5f50b2
Allow offline reencryption on files without root privileges.
...
If userspace block ciphers are not available try kcapi first.
2019-06-27 10:19:23 +02:00
Ondrej Kozina
c25ce7c585
Allow disabling of reencryption locks via crypt_metadata_locking()
2019-06-27 10:19:18 +02:00
Ondrej Kozina
b22c9a86a9
Add internal crypt_zalloc routine (calloc wrapper).
2019-06-27 10:19:14 +02:00
Ondrej Kozina
614f671b92
Introduce SUBDEV internal device type.
...
LUKS2 and other device types allow stacking of dm devices
underneath public top level device.
The new type identifies clearly those private devices in respective
device stack so that they can be easily removed while removing
top level public device.
Switch LUKS2 reencryption device stack to use SUBDEV type immmediately
for hotzone and overlay devices. Other devices will follow in later
releases.
2019-06-27 10:19:01 +02:00
Ondrej Kozina
4e19719bdd
Check hotzone size and device size alignment earlier.
...
It failed later but it was difficult to understand what went wrong.
2019-06-27 10:18:44 +02:00
Ondrej Kozina
3cabf608ca
Unify reencryption context load error messages.
2019-06-27 10:18:37 +02:00
Guilhem Moulin
70c4ce199d
Fix minor spelling errors in manpage and messages.
...
Reported by lintian(1) - Static analysis tool for Debian packages:
accidentaly -> accidentally
trigerring -> triggering
alocate -> allocate
alignemnt -> alignment
initalize -> initialize
2019-06-18 09:42:28 +02:00
Ondrej Kozina
44aabc3ae4
Drop reload of metadata in reencryption initialization.
2019-06-12 12:36:50 +02:00
Ondrej Kozina
bbdf9b2745
Read and compare metadata sequence id after taking write lock.
2019-06-12 12:36:46 +02:00
Ondrej Kozina
96a87170f7
Return usage count from device locking functions.
2019-06-12 11:51:08 +02:00
Ondrej Kozina
4c4cc55bb7
Wipe backup segment data after reencryption is finished.
2019-05-27 16:05:21 +02:00
Ondrej Kozina
0c725a257d
Compare moved segment specific size against real device size only.
2019-05-24 17:29:56 +02:00
Ondrej Kozina
bd6af68bc5
Add support for explicit reencryption recovery in request.
2019-05-24 17:07:37 +02:00
Ondrej Kozina
13050f73c1
Properly finished reencryption after recovery.
2019-05-24 17:07:37 +02:00
