Prepare version 2.3.4.

cipher[31] and cipher_mode[31] buffers were passed to
crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s",
cipher, cipher_mode) was called.

In corner case it could cause terminating 0 byte written beyond
respective arrays.

.travis.yml

@@ -1,7 +1,9 @@
 language: c
 
 sudo: required
-dist: bionic
+os: linux
+dist: focal
+group: edge
 
 compiler:
   - gcc
@@ -15,6 +17,7 @@ branches:
   only:
     - master
     - wip-luks2
+    - v2.3.x
 
 before_install:
   - uname -a

FAQ

@@ -112,7 +112,7 @@ A. Contributors
   characters may have different encoding depending on system configuration
   and your passphrase will not work with a different encoding.  A table of
   the standardized first 128 ASCII characters can, e.g.  be found on
-  http://en.wikipedia.org/wiki/ASCII
+  https://en.wikipedia.org/wiki/ASCII
 
   KEYBOARD NUM-PAD: Apparently some pre-boot authentication environments
   (these are done by the distro, not by cryptsetup, so complain there)
@@ -173,7 +173,7 @@ A. Contributors
   which means distribution is unlimited, you may create derived works, but
   attributions to original authors and this license statement must be
   retained and the derived work must be under the same license.  See
-  http://creativecommons.org/licenses/by-sa/3.0/ for more details of the
+  https://creativecommons.org/licenses/by-sa/3.0/ for more details of the
   license.
 
   Side note: I did text license research some time ago and I think this
@@ -191,7 +191,7 @@ A. Contributors
 
   * 1.7 Is there a mailing-list?
 
-  Instructions on how to subscribe to the mailing-list are at on the
+  Instructions on how to subscribe to the mailing-list are on the
   project website.  People are generally helpful and friendly on the
   list.
 
@@ -241,7 +241,7 @@ A. Contributors
   * 2.1 LUKS Container Setup mini-HOWTO
 
   This item tries to give you a very brief list of all the steps you
-  should go though when creating a new LUKS encrypted container, i.e. 
+  should go through when creating a new LUKS encrypted container, i.e.
   encrypted disk, partition or loop-file.
 
   01) All data will be lost, if there is data on the target, make a
@@ -268,7 +268,7 @@ A. Contributors
 
   This can take a while.  To get a progress indicator, you can use the
   tool dd_rescue (->google) instead or use my stream meter "wcs" (source
-  here: http://www.tansi.org/tools/index.html) in the following fashion:
+  here: https://www.tansi.org/tools/index.html) in the following fashion:
 
     cat /dev/zero | wcs > <target device>
 
@@ -295,7 +295,7 @@ A. Contributors
 
   Just follow the on-screen instructions.
 
-  Note: Passprase iteration count is based on time and hence security
+  Note: Passphrase iteration count is based on time and hence security
   level depends on CPU power of the system the LUKS container is created
   on.  For example on a Raspberry Pi and LUKS1, I found some time ago that
   the iteration count is 15 times lower than for a regular PC (well, for
@@ -343,7 +343,7 @@ A. Contributors
       See Section 6 for details.
 
   Done.  You can now use the encrypted file system to store data.  Be sure
-  to read though the rest of the FAQ, these are just the very basics.  In
+  to read through the rest of the FAQ, these are just the very basics.  In
   particular, there are a number of mistakes that are easy to make, but
   will compromise your security.
 
@@ -473,7 +473,7 @@ A. Contributors
   That is it. Reboot or start it manually to activate encrypted swap. 
   Manual start would look like this:
 
-    /etc/init.d/crypdisks start
+    /etc/init.d/cryptdisks start
     swapon /dev/mapper/swap
 
 
@@ -677,7 +677,7 @@ A. Contributors
   A bit more information on the process by which transactional guarantees
   are implemented can be found here:
 
-  http://lwn.net/Articles/400541/
+  https://lwn.net/Articles/400541/
 
   Please note that these "guarantees" are weaker than they appear to be. 
   One problem is that quite a few disks lie to the OS about having flushed
@@ -787,7 +787,7 @@ A. Contributors
   The conventional recommendation if you want to do more than just a
   zero-wipe is to use something like
 
-    cat /dev/urandom >  <taget-device>
+    cat /dev/urandom >  <target-device>
 
   That used to very slow and painful at 10-20MB/s on a fast computer, but
   newer kernels can give you > 200MB/s (depending on hardware).  An
@@ -811,7 +811,7 @@ A. Contributors
     dd_rescue -w /dev/zero /dev/mapper/to_be_wiped
 
   Progress-indicator by my "wcs" stream meter (available from
-  http://www.tansi.org/tools/index.html ):
+  https://www.tansi.org/tools/index.html ):
 
     cat /dev/zero | wcs > /dev/mapper/to_be_wiped
 
@@ -821,7 +821,7 @@ A. Contributors
   Remove the mapping at the end and you are done.
 
 
-  * 2.20 How to I wipe only the LUKS header?
+  * 2.20 How do I wipe only the LUKS header?
 
   This does _not_ describe an emergency wipe procedure, see Item 5.4 for
   that.  This procedure here is intended to be used when the data should
@@ -911,10 +911,10 @@ A. Contributors
   much longer.  Also take into account that up to 8 key-slots (LUKS2: up
   to 32 key-slots) have to be tried in order to find the right one.
 
-  If this is problem, you can add another key-slot using the slow machine
-  with the same passphrase and then remove the old key-slot.  The new
-  key-slot will have the unlock time adjusted to the slow machine.  Use
-  luksKeyAdd and then luksKillSlot or luksRemoveKey.  You can also use 
+  If this is the problem, you can add another key-slot using the slow
+  machine with the same passphrase and then remove the old key-slot.  The
+  new key-slot will have the unlock time adjusted to the slow machine.
+  Use luksKeyAdd and then luksKillSlot or luksRemoveKey.  You can also use
   the -i option to reduce iteration time (and security level) when setting 
   a passphrase.  Default is 1000 (1 sec) for LUKS1 and 2000 (2sec) for
   LUKS2.
@@ -991,7 +991,7 @@ A. Contributors
   LUKS and dm-crypt can give the RAM quite a workout, especially when
   combined with software RAID.  In particular the combination RAID5 +
   LUKS1 + XFS seems to uncover RAM problems that do not cause obvious
-  problems otherwise.  Symptoms vary, but often the problem manifest
+  problems otherwise.  Symptoms vary, but often the problem manifests
   itself when copying large amounts of data, typically several times
   larger than your main memory.
 
@@ -1085,7 +1085,7 @@ A. Contributors
 5. Security Aspects
 
 
-  * 5.1 How long is a secure passphrase ?
+  * 5.1 How long is a secure passphrase?
 
   This is just the short answer.  For more info and explanation of some of
   the terms used in this item, read the rest of Section 5.  The actual
@@ -1124,7 +1124,7 @@ A. Contributors
   i.e.  I estimated the attack to be too easy.  Nobody noticed ;-) On the
   plus side, the tables are now (2017) pretty much accurate.
 
-  More references can be found a the end of this document.  Note that
+  More references can be found at the end of this document.  Note that
   these are estimates from the defender side, so assuming something is
   easier than it actually is is fine.  An attacker may still have
   significantly higher cost than estimated here.
@@ -1215,7 +1215,7 @@ A. Contributors
   already lock you up.  Hidden containers (encryption hidden within
   encryption), as possible with Truecrypt, do not help either.  They will
   just assume the hidden container is there and unless you hand over the
-  key, you will stay locked up.  Don't have a hidden container?  Though
+  key, you will stay locked up.  Don't have a hidden container?  Tough
   luck.  Anybody could claim that.
 
   Still, if you are concerned about the LUKS header, use plain dm-crypt
@@ -1271,7 +1271,7 @@ A. Contributors
   single overwrite could be enough.  If in doubt, use physical destruction
   in addition.  Here is a link to some current research results on erasing
   SSDs and FLASH drives:
-  http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
+  https://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
 
   Keep in mind to also erase all backups.
 
@@ -1295,7 +1295,7 @@ A. Contributors
   medium.
 
   If your backup is on magnetic tape, I advise physical destruction by
-  shredding or burning, after (!) overwriting .  The problem with magnetic
+  shredding or burning, after (!) overwriting.  The problem with magnetic
   tape is that it has a higher dynamic range than HDDs and older data may
   well be recoverable after overwrites.  Also write-head alignment issues
   can lead to data not actually being deleted during overwrites.
@@ -1317,7 +1317,7 @@ A. Contributors
   Overwriting the LUKS header in part or in full is the most common reason
   why access to LUKS containers is lost permanently.  Overwriting can be
   done in a number of fashions, like creating a new filesystem on the raw
-  LUKS partition, making the raw partition part of a raid array and just
+  LUKS partition, making the raw partition part of a RAID array and just
   writing to the raw partition.
 
   The LUKS1 header contains a 256 bit "salt" per key-slot and without that
@@ -1409,7 +1409,7 @@ A. Contributors
   combination of 12 truly random letters and digits.
 
   For passphrase generation, do not use lines from very well-known texts
-  (religious texts, Harry potter, etc.) as they are too easy to guess. 
+  (religious texts, Harry Potter, etc.) as they are too easy to guess.
   For example, the total Harry Potter has about 1'500'000 words (my
   estimation).  Trying every 64 character sequence starting and ending at
   a word boundary would take only something like 20 days on a single CPU
@@ -1701,8 +1701,9 @@ A. Contributors
   can demand encryption keys.
 
   Here is an additional reference for some problems with plausible
-  deniability: http://www.schneier.com/paper-truecrypt-dfs.pdf I strongly
-  suggest you read it.
+  deniability:
+  https://www.schneier.com/academic/paperfiles/paper-truecrypt-dfs.pdf
+  I strongly suggest you read it.
 
   So, no, I will not provide any instructions on how to do it with plain
   dm-crypt or LUKS.  If you insist on shooting yourself in the foot, you
@@ -1847,7 +1848,7 @@ A. Contributors
   document.  It does require advanced skills in this age of pervasive
   surveillance.)
 
-  Hence, LUKS has not kill option because it would do much more harm than
+  Hence, LUKS has no kill option because it would do much more harm than
   good.
 
   Still, if you have a good use-case (i.e.  non-abstract real-world
@@ -1917,7 +1918,7 @@ A. Contributors
 
     cryptsetup --header <file> luksOpen <device> </dev/mapper/name>
 
-  If that unlocks your keys-lot, you are good. Do not forget to close
+  If that unlocks your key-slot, you are good. Do not forget to close
   the device again.
 
   Under some circumstances (damaged header), this fails.  Then use the
@@ -2037,7 +2038,7 @@ A. Contributors
 
 
   * 6.5 Do I need a backup of the full partition? Would the header
-    and  key-slots not be enough?
+    and key-slots not be enough?
 
   Backup protects you against two things: Disk loss or corruption and user
   error.  By far the most questions on the dm-crypt mailing list about how
@@ -2780,7 +2781,7 @@ offset  length  name                  data type  description
 
   Mostly not.  The header has changed in its structure, but the
   crytpgraphy is the same.  The one exception is that PBKDF2 has been
-  replaced by Argon2 to give better resilience against attacks attacks by
+  replaced by Argon2 to give better resilience against attacks by
   graphics cards and other hardware with lots of computing power but
   limited local memory per computing element.
 
@@ -2827,7 +2828,7 @@ offset  length  name                  data type  description
   there to prevent precomputation.
 
   The problem with that is that if you use a graphics card, you can massively
-  speed up these computations as PBKDF2 needs very little memeory to compute
+  speed up these computations as PBKDF2 needs very little memory to compute
   it.  A graphics card is (grossly simplified) a mass of small CPUs with some
   small very fast local memory per CPU and a large slow memory (the 4/6/8 GB
   a current card may have).  If you can keep a computation in the small,
@@ -2840,7 +2841,7 @@ offset  length  name                  data type  description
   if you set, for example, 4GB of memory, computing Argon2 on a graphics card
   with around 100kB of memory per "CPU" makes no sense at all because it is
   far too slow.  An attacker has hence to use real CPUs and furthermore is
-  limited by main memory bandwith.
+  limited by main memory bandwidth.
 
   Hence the large amount of memory used is a security feature and should not
   be turned off or reduced.  If you really (!) understand what you are doing
@@ -2864,7 +2865,7 @@ offset  length  name                  data type  description
   second/slot unlock time, LUKS2 adjusts the memory parameter down if
   needed.  In the other direction, it will respect available memory and not
   exceed it.  On a current PC, the memory parameter will be somewhere around
-  1GB, which should quite generous.  The minimum I was able to set in an
+  1GB, which should be quite generous.  The minimum I was able to set in an
   experiment with "-i 1" was 400kB of memory and that is too low to be
   secure.  A Raspberry Pi would probably end up somewhere around 50MB (have
   not tried it) and that should still be plenty.
@@ -2994,7 +2995,7 @@ offset  length  name                  data type  description
 
   - http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
 
-  - http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes
+  - https://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes
 
   * Tools
 

README

@@ -14,7 +14,7 @@ FAQ:
 MAILING LIST:
 
       E-MAIL: dm-crypt@saout.de
-      URL:    http://www.saout.de/mailman/listinfo/dm-crypt
+      URL:    https://www.saout.de/mailman/listinfo/dm-crypt
 
 DOWNLOAD:
 
@@ -28,4 +28,4 @@ SOURCE CODE:
 NLS (PO TRANSLATIONS):
 
       PO files are maintained by:
-          http://translationproject.org/domain/cryptsetup.html
+          https://translationproject.org/domain/cryptsetup.html

README.md

@@ -73,7 +73,7 @@ For libcryptsetup documentation see [libcryptsetup API](https://mbroz.fedorapeop
 
 The libcryptsetup API/ABI changes are tracked in [compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/).
 
-NLS PO files are maintained by [TranslationProject](http://translationproject.org/domain/cryptsetup.html).
+NLS PO files are maintained by [TranslationProject](https://translationproject.org/domain/cryptsetup.html).
 
 Help!
 -----
@@ -82,5 +82,5 @@ For cryptsetup and LUKS related questions, please use the dm-crypt mailing list,
 
 If you want to subscribe just send an empty mail to [dm-crypt-subscribe@saout.de](mailto:dm-crypt-subscribe@saout.de).
 
-You can also browse [list archive](http://www.saout.de/pipermail/dm-crypt/) or read it through
+You can also browse [list archive](https://www.saout.de/pipermail/dm-crypt/) or read it through
 [web interface](https://marc.info/?l=dm-crypt).

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.3.3])
+AC_INIT([cryptsetup],[2.3.4])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)

docs/v2.3.4-ReleaseNotes

@@ -0,0 +1,112 @@
+Cryptsetup 2.3.4 Release Notes
+==============================
+Stable bug-fix release with a security fix (32-bit only).
+
+All users of cryptsetup 2.2.x and later should upgrade to this version.
+
+Changes since version 2.3.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix a possible out-of-bounds memory write while validating LUKS2 data
+  segments metadata (CVE-2020-14382).
+
+  This problem can be triggered only on 32-bit builds (64-bit systems
+  are not affected).
+
+  LUKS2 format validation code contains a bug in segments validation code
+  where the code does not check for possible overflow on memory allocation.
+
+  Due to the bug, the libcryptsetup can be tricked to expect such allocation
+  was successful. Later it may read data from image crafted by an attacker and
+  actually write such data beyond allocated memory.
+
+  The bug was introduced in cryptsetup 2.2.0. All later releases until 2.3.4
+  are affected.
+
+  If you only backport the fix for this CVE, these master branch git commits
+  should be backported:
+    52f5cb8cedf22fb3e14c744814ec8af7614146c7
+    46ee71edcd13e1dad50815ad65c28779aa6f7503
+    752c9a52798f11d3b765b673ebaa3058eb25316e
+
+  Thanks to Tobias Stoeckmann for discovering this issue.
+
+* Ignore reported optimal IO size if not aligned to minimal page size.
+
+  Some USB enclosures report bogus block device topology (see lsblk -t) that
+  prevents LUKS2 format with 4k sector size (reported values are not correctly
+  aligned). The code now ignores such values and uses the default alignment.
+
+* Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
+
+  These performance options, introduced in kernel 5.9, configure dm-crypt
+  to bypass read or write workqueues and run encryption synchronously.
+
+  Use --perf-no_read_workqueue or --perf-no_write_workqueue cryptsetup arguments
+  to use these dm-crypt flags.
+
+  These options are available only for low-level dm-crypt performance tuning,
+  use only if you need a change to default dm-crypt behavior.
+
+  For LUKS2, these flags can be persistently stored in metadata with
+  the --persistent option.
+
+* Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
+
+  Veritysetup now supports --panic-on-corruption argument that configures
+  the dm-verity device to panics kernel if a corruption is detected.
+
+  This option is intended for specific configurations, do not use it in
+  standard configurations.
+
+* Support --master-key-file option for online LUKS2 reencryption
+
+  This can be used for reencryption of devices that uses protected key AES cipher
+  on some mainframes crypto accelerators.
+
+* Always return EEXIST error code if a device already exists.
+
+  Some libcryptsetup functions (activate_by*) now return EEXIST error code,
+  so the caller can distinguish that call fails because some parallel process
+  already activated the device.
+  Previously all fails returned EINVAL (invalid value).
+
+* Fix a problem in integritysetup if a hash algorithm has dash in the name.
+
+  If users want to use blake2b/blake2s, the kernel algorithm name includes
+  a dash (like "blake2s-256").
+  Theses algorithms can now be used for integritysetup devices.
+
+* Fix crypto backend to properly handle ECB mode.
+
+  Even though it should never be used, it should still work for testing :)
+  This fixes a bug introduced in cryptsetup version 2.3.2.
+
+* TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
+  with a larger sector.
+
+  TrueCrypt/VeraCrypt always uses 512-byte sector for encryption, but for devices
+  with a larger native sector, it stores this value in the header.
+
+  This patch allows activation of such devices, basically ignoring
+  the mentioned sector size.
+
+* LUKS2: Do not create excessively large headers.
+
+  When creating a LUKS2 header with a specified --offset larger than
+  the LUKS2 header size, do not create a larger file than needed.
+
+* Fix unspecified sector size for BitLocker compatible mode.
+
+  Some BitLocker devices can contain zeroed sector size in the header.
+  In this case, the 512-byte sector should be used.
+  The bug was introduced in version 2.3.3.
+
+* Fix reading key data size in metadata for BitLocker compatible mode.
+
+  Such devices with an unexpected entry in metadata can now be activated.
+
+  Thanks to all users reporting these problems, BitLocker metadata documentation
+  is not publicly available, and we depend only on these reports.
+
+* Fix typos in documentation.

lib/bitlk/bitlk.c

@@ -506,6 +506,11 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 	}
 
 	params->sector_size = le16_to_cpu(sig.sector_size);
+	if (params->sector_size == 0) {
+		log_dbg(cd, "Got sector size 0, assuming 512.");
+		params->sector_size = SECTOR_SIZE;
+	}
+
 	if (!(params->sector_size == 512 || params->sector_size == 4096)) {
 		log_err(cd, _("Unsupported sector size %" PRIu16 "."), params->sector_size);
 		r = -EINVAL;
@@ -908,7 +913,7 @@ static int decrypt_key(struct crypt_device *cd,
 {
 	char *outbuf;
 	int r;
-	uint32_t key_size = 0;
+	uint16_t key_size = 0;
 
 	outbuf = crypt_safe_alloc(enc_key->keylength);
 	if (!outbuf)
@@ -923,10 +928,12 @@ static int decrypt_key(struct crypt_device *cd,
 	}
 
 	/* key_data has it's size as part of the metadata */
-	memcpy(&key_size, outbuf, 4);
-	key_size = le32_to_cpu(key_size);
+	memcpy(&key_size, outbuf, 2);
+	key_size = le16_to_cpu(key_size);
 	if (enc_key->keylength != key_size) {
-		log_err(cd, _("Wrong key size."));
+		log_err(cd, _("Unexpected key data size."));
+		log_dbg(cd, "Expected key data size: %zu, got %" PRIu16 "", enc_key->keylength, key_size);
+
 		r = -EINVAL;
 		goto out;
 	}

lib/crypto_backend/argon2/argon2.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/argon2.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/blake2/blake2-impl.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/blake2/blake2.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/blake2/blake2b.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/blake2/blamka-round-opt.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/blake2/blamka-round-ref.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/core.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/core.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/encoding.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/encoding.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/opt.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/ref.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/thread.c

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/argon2/thread.h

@@ -8,8 +8,8 @@
  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
  * these licenses can be found at:
  *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
  *
  * You should have received a copy of both of these licenses along with this
  * software. If not, they may be obtained at the above URLs.

lib/crypto_backend/crypto_backend.h

@@ -109,7 +109,7 @@ int crypt_cipher_check_kernel(const char *name, const char *mode,
 /* Storage encryption wrappers */
 int crypt_storage_init(struct crypt_storage **ctx, size_t sector_size,
 		       const char *cipher, const char *cipher_mode,
-		       const void *key, size_t key_length);
+		       const void *key, size_t key_length, bool large_iv);
 void crypt_storage_destroy(struct crypt_storage *ctx);
 int crypt_storage_decrypt(struct crypt_storage *ctx, uint64_t iv_offset,
 			  uint64_t length, char *buffer);

lib/crypto_backend/crypto_gcrypt.c

@@ -53,7 +53,7 @@ struct crypt_cipher {
 
 /*
  * Test for wrong Whirlpool variant,
- * Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
+ * Ref: https://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
  */
 static void crypt_hash_test_whirlpool_bug(void)
 {

lib/crypto_backend/crypto_storage.c

@@ -40,7 +40,7 @@ struct crypt_sector_iv {
 
 /* Block encryption storage context */
 struct crypt_storage {
-	unsigned sector_shift;
+	size_t sector_size;
 	unsigned iv_shift;
 	struct crypt_cipher *cipher;
 	struct crypt_sector_iv cipher_iv;
@@ -56,14 +56,15 @@ static int int_log2(unsigned int x)
 
 static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,
 			 const char *cipher_name, const char *mode_name,
-			 const char *iv_name, const void *key, size_t key_length, size_t sector_size)
+			 const char *iv_name, const void *key, size_t key_length,
+			 size_t sector_size)
 {
 	int r;
 
 	memset(ctx, 0, sizeof(*ctx));
 
 	ctx->iv_size = crypt_cipher_ivsize(cipher_name, mode_name);
-	if (ctx->iv_size < 8)
+	if (ctx->iv_size < 0 || (strcmp(mode_name, "ecb") && ctx->iv_size < 8))
 		return -ENOENT;
 
 	if (!strcmp(cipher_name, "cipher_null") ||
@@ -212,7 +213,8 @@ int crypt_storage_init(struct crypt_storage **ctx,
 		       size_t sector_size,
 		       const char *cipher,
 		       const char *cipher_mode,
-		       const void *key, size_t key_length)
+		       const void *key, size_t key_length,
+		       bool large_iv)
 {
 	struct crypt_storage *s;
 	char mode_name[64];
@@ -250,8 +252,8 @@ int crypt_storage_init(struct crypt_storage **ctx,
 		return r;
 	}
 
-	s->sector_shift = int_log2(sector_size);
-	s->iv_shift = s->sector_shift - SECTOR_SHIFT;
+	s->sector_size = sector_size;
+	s->iv_shift = large_iv ? int_log2(sector_size) - SECTOR_SHIFT : 0;
 
 	*ctx = s;
 	return 0;
@@ -264,19 +266,20 @@ int crypt_storage_decrypt(struct crypt_storage *ctx,
 	uint64_t i;
 	int r = 0;
 
-	if (length & ((1 << ctx->sector_shift) - 1))
+	if (length & (ctx->sector_size - 1))
 		return -EINVAL;
 
-	length >>= ctx->sector_shift;
+	if (iv_offset & ((ctx->sector_size >> SECTOR_SHIFT) - 1))
+		return -EINVAL;
 
-	for (i = 0; i < length; i++) {
-		r = crypt_sector_iv_generate(&ctx->cipher_iv, iv_offset + (uint64_t)(i << ctx->iv_shift));
+	for (i = 0; i < length; i += ctx->sector_size) {
+		r = crypt_sector_iv_generate(&ctx->cipher_iv, (iv_offset + (i >> SECTOR_SHIFT)) >> ctx->iv_shift);
 		if (r)
 			break;
 		r = crypt_cipher_decrypt(ctx->cipher,
-					 &buffer[i << ctx->sector_shift],
-					 &buffer[i << ctx->sector_shift],
-					 1 << ctx->sector_shift,
+					 &buffer[i],
+					 &buffer[i],
+					 ctx->sector_size,
 					 ctx->cipher_iv.iv,
 					 ctx->cipher_iv.iv_size);
 		if (r)
@@ -293,19 +296,20 @@ int crypt_storage_encrypt(struct crypt_storage *ctx,
 	uint64_t i;
 	int r = 0;
 
-	if (length & ((1 << ctx->sector_shift) - 1))
+	if (length & (ctx->sector_size - 1))
 		return -EINVAL;
 
-	length >>= ctx->sector_shift;
+	if (iv_offset & ((ctx->sector_size >> SECTOR_SHIFT) - 1))
+		return -EINVAL;
 
-	for (i = 0; i < length; i++) {
-		r = crypt_sector_iv_generate(&ctx->cipher_iv, iv_offset + (i << ctx->iv_shift));
+	for (i = 0; i < length; i += ctx->sector_size) {
+		r = crypt_sector_iv_generate(&ctx->cipher_iv, (iv_offset + (i >> SECTOR_SHIFT)) >> ctx->iv_shift);
 		if (r)
 			break;
 		r = crypt_cipher_encrypt(ctx->cipher,
-					 &buffer[i << ctx->sector_shift],
-					 &buffer[i << ctx->sector_shift],
-					 1 << ctx->sector_shift,
+					 &buffer[i],
+					 &buffer[i],
+					 ctx->sector_size,
 					 ctx->cipher_iv.iv,
 					 ctx->cipher_iv.iv_size);
 		if (r)

lib/libcryptsetup.h

@@ -1103,6 +1103,12 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_SUSPENDED (1 << 21)
 /** use IV sector counted in sector_size instead of default 512 bytes sectors */
 #define CRYPT_ACTIVATE_IV_LARGE_SECTORS (1 << 22)
+/** dm-verity: panic_on_corruption flag - panic kernel on corruption */
+#define CRYPT_ACTIVATE_PANIC_ON_CORRUPTION (1 << 23)
+/** dm-crypt: bypass internal workqueue and process read requests synchronously. */
+#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (1 << 24)
+/** dm-crypt: bypass internal workqueue and process write requests synchronously. */
+#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (1 << 25)
 
 /**
  * Active device runtime attributes

lib/libdevmapper.c

@@ -174,6 +174,9 @@ static void _dm_set_crypt_compat(struct crypt_device *cd,
 	if (_dm_satisfies_version(1, 20, 0, crypt_maj, crypt_min, crypt_patch))
 		_dm_flags |= DM_BITLK_ELEPHANT_SUPPORTED;
 
+	if (_dm_satisfies_version(1, 22, 0, crypt_maj, crypt_min, crypt_patch))
+		_dm_flags |= DM_CRYPT_NO_WORKQUEUE_SUPPORTED;
+
 	_dm_crypt_checked = true;
 }
 
@@ -205,6 +208,9 @@ static void _dm_set_verity_compat(struct crypt_device *cd,
 	if (_dm_satisfies_version(1, 5, 0, verity_maj, verity_min, verity_patch))
 		_dm_flags |= DM_VERITY_SIGNATURE_SUPPORTED;
 
+	if (_dm_satisfies_version(1, 7, 0, verity_maj, verity_min, verity_patch))
+		_dm_flags |= DM_VERITY_PANIC_CORRUPTION_SUPPORTED;
+
 	_dm_verity_checked = true;
 }
 
@@ -615,6 +621,10 @@ static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags)
 		num_options++;
 	if (flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)
 		num_options++;
+	if (flags & CRYPT_ACTIVATE_NO_READ_WORKQUEUE)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE)
+		num_options++;
 	if (flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS)
 		num_options++;
 	if (tgt->u.crypt.integrity)
@@ -627,10 +637,12 @@ static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags)
 		*sector_feature = '\0';
 
 	if (num_options) {
-		snprintf(features, sizeof(features)-1, " %d%s%s%s%s%s%s", num_options,
+		snprintf(features, sizeof(features)-1, " %d%s%s%s%s%s%s%s%s", num_options,
 		(flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? " allow_discards" : "",
 		(flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? " same_cpu_crypt" : "",
 		(flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? " submit_from_crypt_cpus" : "",
+		(flags & CRYPT_ACTIVATE_NO_READ_WORKQUEUE) ? " no_read_workqueue" : "",
+		(flags & CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) ? " no_write_workqueue" : "",
 		(flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS) ? " iv_large_sectors" : "",
 		sector_feature, integrity_dm);
 	} else
@@ -693,14 +705,19 @@ static char *get_dm_verity_params(const struct dm_target *tgt, uint32_t flags)
 	vp = tgt->u.verity.vp;
 
 	/* These flags are not compatible */
+	if ((flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) &&
+	    (flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION))
+		flags &= ~CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
 	if ((flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) &&
-	    (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION))
+	    (flags & (CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|CRYPT_ACTIVATE_PANIC_ON_CORRUPTION)))
 		flags &= ~CRYPT_ACTIVATE_IGNORE_CORRUPTION;
 
 	if (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION)
 		num_options++;
 	if (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION)
 		num_options++;
+	if (flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION)
+		num_options++;
 	if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
 		num_options++;
 	if (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE)
@@ -723,9 +740,10 @@ static char *get_dm_verity_params(const struct dm_target *tgt, uint32_t flags)
 		*verity_verify_args = '\0';
 
 	if (num_options)
-		snprintf(features, sizeof(features)-1, " %d%s%s%s%s", num_options,
+		snprintf(features, sizeof(features)-1, " %d%s%s%s%s%s", num_options,
 		(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
 		(flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "",
+		(flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION) ? " panic_on_corruption" : "",
 		(flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "",
 		(flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? " check_at_most_once" : "");
 	else
@@ -1305,6 +1323,12 @@ err:
 	return r;
 }
 
+static bool dm_device_exists(struct crypt_device *cd, const char *name)
+{
+	int r = dm_status_device(cd, name);
+	return (r >= 0 || r == -EEXIST);
+}
+
 static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
 			     const char *uuid, struct crypt_dm_active_device *dmd)
 {
@@ -1354,8 +1378,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
 	if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
 		goto out;
 
-	if (!dm_task_run(dmt))
+	if (!dm_task_run(dmt)) {
+		if (dm_device_exists(cd, name))
+			r = -EEXIST;
 		goto out;
+	}
 
 	if (dm_task_get_info(dmt, &dmi))
 		r = 0;
@@ -1592,6 +1619,14 @@ static int check_retry(struct crypt_device *cd, uint32_t *dmd_flags, uint32_t dm
 		ret = 1;
 	}
 
+	/* Drop no workqueue options if not supported */
+	if ((*dmd_flags & (CRYPT_ACTIVATE_NO_READ_WORKQUEUE | CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE)) &&
+	    !(dmt_flags & DM_CRYPT_NO_WORKQUEUE_SUPPORTED)) {
+		log_dbg(cd, "dm-crypt does not support performance options");
+		*dmd_flags = *dmd_flags & ~(CRYPT_ACTIVATE_NO_READ_WORKQUEUE | CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE);
+		ret = 1;
+	}
+
 	return ret;
 }
 
@@ -1614,14 +1649,21 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 		goto out;
 
 	if (r && (dmd->segment.type == DM_CRYPT || dmd->segment.type == DM_LINEAR || dmd->segment.type == DM_ZERO) &&
-		check_retry(cd, &dmd->flags, dmt_flags))
+		check_retry(cd, &dmd->flags, dmt_flags)) {
+		log_dbg(cd, "Retrying open without incompatible options.");
 		r = _dm_create_device(cd, name, type, dmd->uuid, dmd);
+	}
 
 	if (r == -EINVAL &&
 	    dmd->flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
 	    !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
 		log_err(cd, _("Requested dm-crypt performance options are not supported."));
 
+	if (r == -EINVAL &&
+	    dmd->flags & (CRYPT_ACTIVATE_NO_READ_WORKQUEUE | CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) &&
+	    !(dmt_flags & DM_CRYPT_NO_WORKQUEUE_SUPPORTED))
+		log_err(cd, _("Requested dm-crypt performance options are not supported."));
+
 	if (r == -EINVAL && dmd->flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
 					  CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
 					  CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS|
@@ -1629,6 +1671,10 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	    !(dmt_flags & DM_VERITY_ON_CORRUPTION_SUPPORTED))
 		log_err(cd, _("Requested dm-verity data corruption handling options are not supported."));
 
+	if (r == -EINVAL && dmd->flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION &&
+	    !(dmt_flags & DM_VERITY_PANIC_CORRUPTION_SUPPORTED))
+		log_err(cd, _("Requested dm-verity data corruption handling options are not supported."));
+
 	if (r == -EINVAL && dmd->segment.type == DM_VERITY &&
 	    dmd->segment.u.verity.fec_device && !(dmt_flags & DM_VERITY_FEC_SUPPORTED))
 		log_err(cd, _("Requested dm-verity FEC options are not supported."));
@@ -1675,7 +1721,10 @@ int dm_reload_device(struct crypt_device *cd, const char *name,
 
 	if (r == -EINVAL && (dmd->segment.type == DM_CRYPT || dmd->segment.type == DM_LINEAR)) {
 		if ((dmd->flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) &&
-	    !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
+		    !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED | DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
+			log_err(cd, _("Requested dm-crypt performance options are not supported."));
+		if ((dmd->flags & (CRYPT_ACTIVATE_NO_READ_WORKQUEUE | CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE)) &&
+		    !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & DM_CRYPT_NO_WORKQUEUE_SUPPORTED))
 			log_err(cd, _("Requested dm-crypt performance options are not supported."));
 		if ((dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
 		    !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & DM_DISCARDS_SUPPORTED))
@@ -1720,6 +1769,7 @@ static int dm_status_dmi(const char *name, struct dm_info *dmi,
 		goto out;
 	}
 
+	r = -EEXIST;
 	dm_get_next_target(dmt, NULL, &start, &length,
 			   &target_type, &params);
 
@@ -1918,6 +1968,10 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
 				*act_flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT;
 			else if (!strcasecmp(arg, "submit_from_crypt_cpus"))
 				*act_flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
+			else if (!strcasecmp(arg, "no_read_workqueue"))
+				*act_flags |= CRYPT_ACTIVATE_NO_READ_WORKQUEUE;
+			else if (!strcasecmp(arg, "no_write_workqueue"))
+				*act_flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
 			else if (!strcasecmp(arg, "iv_large_sectors"))
 				*act_flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS;
 			else if (sscanf(arg, "integrity:%u:", &val) == 1) {
@@ -2168,6 +2222,8 @@ static int _dm_target_query_verity(struct crypt_device *cd,
 				*act_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
 			else if (!strcasecmp(arg, "restart_on_corruption"))
 				*act_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+			else if (!strcasecmp(arg, "panic_on_corruption"))
+				*act_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
 			else if (!strcasecmp(arg, "ignore_zero_blocks"))
 				*act_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
 			else if (!strcasecmp(arg, "check_at_most_once"))

lib/luks1/keyencryption.c

@@ -153,7 +153,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 		return -EINVAL;
 
 	/* Encrypt buffer */
-	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength);
+	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength, false);
 
 	if (r)
 		log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).",
@@ -218,7 +218,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
 	if (MISALIGNED_512(dstLength))
 		return -EINVAL;
 
-	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength);
+	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength, false);
 
 	if (r)
 		log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).",

lib/luks2/luks2.h

@@ -523,7 +523,7 @@ int LUKS2_check_metadata_area_size(uint64_t metadata_size);
 int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);
 
 int LUKS2_wipe_header_areas(struct crypt_device *cd,
-	struct luks2_hdr *hdr);
+	struct luks2_hdr *hdr, bool detached_header);
 
 uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr);
 int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic);

lib/luks2/luks2_json_format.c

@@ -337,7 +337,7 @@ err:
 }
 
 int LUKS2_wipe_header_areas(struct crypt_device *cd,
-	struct luks2_hdr *hdr)
+	struct luks2_hdr *hdr, bool detached_header)
 {
 	int r;
 	uint64_t offset, length;
@@ -352,7 +352,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
 		return -EINVAL;
 
 	/* On detached header wipe at least the first 4k */
-	if (length == 0) {
+	if (detached_header) {
 		length = 4096;
 		wipe_block = 4096;
 	}

lib/luks2/luks2_json_metadata.c

@@ -594,9 +594,9 @@ static bool validate_segment_intervals(struct crypt_device *cd,
 static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
 {
 	json_object *jobj_segments, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags, *jobj;
-	struct interval *intervals;
 	uint64_t offset, size;
 	int i, r, count, first_backup = -1;
+	struct interval *intervals = NULL;
 
 	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) {
 		log_dbg(cd, "Missing segments section.");
@@ -676,10 +676,18 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
 		return 1;
 	}
 
+	/* avoid needlessly large allocation when first backup segment is invalid */
+	if (first_backup >= count) {
+		log_dbg(cd, "Gap between last regular segment and backup segment at key %d.", first_backup);
+		return 1;
+	}
+
 	if (first_backup < 0)
 		first_backup = count;
 
-	intervals = malloc(first_backup * sizeof(*intervals));
+	if ((size_t)first_backup < SIZE_MAX / sizeof(*intervals))
+		intervals = malloc(first_backup * sizeof(*intervals));
+
 	if (!intervals) {
 		log_dbg(cd, "Not enough memory.");
 		return 1;
@@ -1289,6 +1297,8 @@ static const struct  {
 	{ CRYPT_ACTIVATE_SAME_CPU_CRYPT,         "same-cpu-crypt" },
 	{ CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS, "submit-from-crypt-cpus" },
 	{ CRYPT_ACTIVATE_NO_JOURNAL,             "no-journal" },
+	{ CRYPT_ACTIVATE_NO_READ_WORKQUEUE,      "no-read-workqueue" },
+	{ CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE,     "no-write-workqueue" },
 	{ 0, NULL }
 };
 

lib/luks2/luks2_keyslot_luks2.c

@@ -48,7 +48,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
 		return -EINVAL;
 
 	/* Encrypt buffer */
-	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength);
+	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength, false);
 	if (r) {
 		log_err(cd, _("Cannot use %s-%s cipher for keyslot encryption."), cipher, cipher_mode);
 		return r;
@@ -103,7 +103,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
 	if (MISALIGNED_512(dstLength))
 		return -EINVAL;
 
-	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength);
+	r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength, false);
 	if (r) {
 		log_err(cd, _("Cannot use %s-%s cipher for keyslot encryption."), cipher, cipher_mode);
 		return r;

lib/luks2/luks2_luks1_convert.c

@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
 int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
 {
 	size_t buf_size, buf_offset;
-	char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
+	char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
 	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
 	const char *hash;
 	size_t len;
@@ -824,8 +824,10 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 	if (r < 0)
 		return r;
 
-	strncpy(hdr1->cipherName, cipher, sizeof(hdr1->cipherName) - 1);
-	strncpy(hdr1->cipherMode, cipher_mode, sizeof(hdr1->cipherMode) - 1);
+	strncpy(hdr1->cipherName, cipher, LUKS_CIPHERNAME_L - 1);
+	hdr1->cipherName[LUKS_CIPHERNAME_L-1] = '\0';
+	strncpy(hdr1->cipherMode, cipher_mode, LUKS_CIPHERMODE_L - 1);
+	hdr1->cipherMode[LUKS_CIPHERMODE_L-1] = '\0';
 
 	if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
 		return -EINVAL;

lib/luks2/luks2_reencrypt.c

@@ -2882,7 +2882,7 @@ static int reencrypt_init_by_passphrase(struct crypt_device *cd,
 	if (flags & CRYPT_REENCRYPT_RECOVERY)
 		return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size);
 
-	if (cipher) {
+	if (cipher && !crypt_cipher_wrapped_key(cipher, cipher_mode)) {
 		r = crypt_keyslot_get_key_size(cd, keyslot_new);
 		if (r < 0)
 			return r;

lib/setup.c

@@ -1874,7 +1874,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
 			goto out;
 	}
 
-	r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr);
+	r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL);
 	if (r < 0) {
 		log_err(cd, _("Cannot wipe header on device %s."),
 			mdata_device_path(cd));
@@ -4161,21 +4161,26 @@ static int _activate_loopaes(struct crypt_device *cd,
 
 static int _activate_check_status(struct crypt_device *cd, const char *name, unsigned reload)
 {
-	crypt_status_info ci;
+	int r;
 
 	if (!name)
 		return 0;
 
-	ci = crypt_status(cd, name);
-	if (ci == CRYPT_INVALID) {
-		log_err(cd, _("Cannot use device %s, name is invalid or still in use."), name);
-		return -EINVAL;
-	} else if (ci >= CRYPT_ACTIVE && !reload) {
+	r = dm_status_device(cd, name);
+
+	if (r >= 0 && reload)
+		return 0;
+
+	if (r >= 0 || r == -EEXIST) {
 		log_err(cd, _("Device %s already exists."), name);
 		return -EEXIST;
 	}
 
-	return 0;
+	if (r == -ENODEV)
+		return 0;
+
+	log_err(cd, _("Cannot use device %s, name is invalid or still in use."), name);
+	return r;
 }
 
 // activation/deactivation of device mapping

lib/tcrypt/tcrypt.c

@@ -749,7 +749,7 @@ int TCRYPT_activate(struct crypt_device *cd,
 		return -ENOTSUP;
 	}
 
-	if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) {
+	if (hdr->d.sector_size % SECTOR_SIZE) {
 		log_err(cd, _("Activation is not supported for %d sector size."),
 			hdr->d.sector_size);
 		return -ENOTSUP;
@@ -769,15 +769,12 @@ int TCRYPT_activate(struct crypt_device *cd,
 	if (!algs)
 		return -EINVAL;
 
-	if (hdr->d.sector_size == 0)
-		return -EINVAL;
-
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
 		dmd.size = 0;
 	else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
-		dmd.size = hdr->d.hidden_volume_size / hdr->d.sector_size;
+		dmd.size = hdr->d.hidden_volume_size / SECTOR_SIZE;
 	else
-		dmd.size = hdr->d.volume_size / hdr->d.sector_size;
+		dmd.size = hdr->d.volume_size / SECTOR_SIZE;
 
 	if (dmd.flags & CRYPT_ACTIVATE_SHARED)
 		device_check = DEV_OK;
@@ -1042,11 +1039,11 @@ uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
 
 		if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
 			if (hdr->d.version > 3)
-				return (hdr->d.mk_offset / hdr->d.sector_size);
+				return (hdr->d.mk_offset / SECTOR_SIZE);
 			if (device_size(crypt_metadata_device(cd), &size) < 0)
 				return 0;
 			return (size - hdr->d.hidden_volume_size +
-				(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size;
+				(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE;
 		}
 		goto hdr_offset;
 	}
@@ -1055,11 +1052,11 @@ uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
 		if (device_size(crypt_metadata_device(cd), &size) < 0)
 			return 0;
 		return (size - hdr->d.hidden_volume_size +
-			(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size;
+			(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE;
 	}
 
 hdr_offset:
-	return hdr->d.mk_offset / hdr->d.sector_size;
+	return hdr->d.mk_offset / SECTOR_SIZE;
 }
 
 uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
@@ -1073,7 +1070,7 @@ uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
 	else if (params->mode && !strncmp(params->mode, "lrw", 3))
 		iv_offset = 0;
 	else
-		iv_offset = hdr->d.mk_offset / hdr->d.sector_size;
+		iv_offset = hdr->d.mk_offset / SECTOR_SIZE;
 
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
 		iv_offset += crypt_dev_partition_offset(device_path(crypt_metadata_device(cd)));

lib/utils_crypt.c

@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <ctype.h>
 #include <errno.h>
 
 #include "libcryptsetup.h"
@@ -76,8 +77,10 @@ int crypt_parse_hash_integrity_mode(const char *s, char *integrity)
 		return -EINVAL;
 
 	r = sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", mode, hash);
-	if (r == 2)
+	if (r == 2 && !isdigit(hash[0]))
 		r = snprintf(integrity, MAX_CIPHER_LEN, "%s(%s)", mode, hash);
+	else if (r == 2)
+		r = snprintf(integrity, MAX_CIPHER_LEN, "%s-%s", mode, hash);
 	else if (r == 1)
 		r = snprintf(integrity, MAX_CIPHER_LEN, "%s", mode);
 	else

lib/utils_device.c

@@ -520,10 +520,16 @@ void device_topology_alignment(struct crypt_device *cd,
 
 	temp_alignment = (unsigned long)min_io_size;
 
-	/* Ignore bogus opt-io that could break alignment */
+	/*
+	 * Ignore bogus opt-io that could break alignment.
+	 * Also real opt_io_size should be aligned to minimal page size (4k).
+	 * Some bogus USB enclosures reports wrong data here.
+	 */
 	if ((temp_alignment < (unsigned long)opt_io_size) &&
-	    !((unsigned long)opt_io_size % temp_alignment))
+	    !((unsigned long)opt_io_size % temp_alignment) && !MISALIGNED_4K(opt_io_size))
 		temp_alignment = (unsigned long)opt_io_size;
+	else if (opt_io_size)
+		log_err(cd, _("Ignoring bogus optimal-io size for data device (%u bytes)."), opt_io_size);
 
 	/* If calculated alignment is multiple of default, keep default */
 	if (temp_alignment && (default_alignment % temp_alignment))

lib/utils_dm.h

@@ -69,6 +69,8 @@ static inline uint32_t act2dmflags(uint32_t act_flags)
 #define DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */
 #define DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */
 #define DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */
+#define DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption  */
+#define DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues  */
 
 typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
 enum tdirection { TARGET_SET = 1, TARGET_QUERY };

lib/utils_storage_wrappers.c

@@ -62,7 +62,7 @@ static int crypt_storage_backend_init(struct crypt_device *cd,
 	struct crypt_storage *s;
 
 	/* iv_start, sector_size */
-	r = crypt_storage_init(&s, sector_size, cipher, cipher_mode, vk->key, vk->keylength);
+	r = crypt_storage_init(&s, sector_size, cipher, cipher_mode, vk->key, vk->keylength, flags & LARGE_IV);
 	if (r)
 		return r;
 

lib/utils_storage_wrappers.h

@@ -31,6 +31,7 @@ struct crypt_device;
 #define DISABLE_KCAPI	(1 << 1)
 #define DISABLE_DMCRYPT	(1 << 2)
 #define OPEN_READONLY	(1 << 3)
+#define LARGE_IV	(1 << 4)
 
 typedef enum {
 	NONE = 0,

lib/utils_wipe.c

@@ -26,7 +26,7 @@
 
 /*
  * Wipe using Peter Gutmann method described in
- * http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
+ * https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
  * Note: used only for rotational device (and even there it is not needed today...)
  */
 static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)

man/cryptsetup.8

@@ -146,7 +146,8 @@ Mandatory parametrs are identical to those of an open action for respective
 device type.
 
 You may change following parameters on all devices \-\-perf\-same_cpu_crypt,
-\-\-perf\-submit_from_crypt_cpus and \-\-allow\-discards.
+\-\-perf\-submit_from_crypt_cpus, \-\-perf-no_read_workqueue, \-\-no_write_workqueue
+and \-\-allow\-discards.
 
 Refreshing device without any optional parameter will refresh the device
 with default setting (respective to device type).
@@ -199,7 +200,7 @@ as soon as possible and mounted (used) before full data area encryption is compl
 
 Action supports following additional \fB<options>\fR [\-\-encrypt, \-\-decrypt, \-\-device\-size,
 \-\-resilience, \-\-resilience-hash, \-\-hotzone-size, \-\-init\-only, \-\-resume\-only,
-\-\-reduce\-device\-size].
+\-\-reduce\-device\-size, \-\-master\-key\-file, \-\-key\-size].
 
 .SH PLAIN MODE
 Plain dm-crypt encrypts the device sector-by-sector with a
@@ -1209,6 +1210,15 @@ This option is only relevant for \fIopen\fR action.
 performance tuning, use only if you need a change to default dm-crypt
 behaviour. Needs kernel 4.0 or later.
 .TP
+.B "\-\-perf\-no_read_workqueue, \-\-perf\-no_write_workqueue\fR"
+Bypass dm-crypt internal workqueue and process read or write requests
+synchronously.
+This option is only relevant for \fIopen\fR action.
+
+\fBNOTE:\fR These options are available only for low-level dm-crypt
+performance tuning, use only if you need a change to default dm-crypt
+behaviour. Needs kernel 5.9 or later.
+.TP
 .B "\-\-test\-passphrase\fR"
 Do not activate the device, just verify passphrase.
 This option is only relevant for \fIopen\fR action (the device
@@ -1325,7 +1335,8 @@ the flag you want to remove (e.g. to disable persistently stored discard flag,
 use \fI\-\-persistent\fR without \fI\-\-allow-discards\fR).
 
 Only \fI\-\-allow-discards\fR, \fI\-\-perf\-same_cpu_crypt\fR,
-\fI\-\-perf\-submit_from_crypt_cpus\fR and \fI\-\-integrity\-no\-journal\fR
+\fI\-\-perf\-submit_from_crypt_cpus\fR, \fI\-\-perf\-no_read_workqueue\fR,
+\fI\-\-perf\-no_write_workqueue\fR and \fI\-\-integrity\-no\-journal\fR
 can be stored persistently.
 .TP
 .B "\-\-refresh"

man/veritysetup.8

@@ -40,8 +40,8 @@ Creates a mapping with <name> backed by device <data_device> and using
 The <root_hash> is a hexadecimal string.
 
 \fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
-\-\-ignore-corruption or \-\-restart-on-corruption, \-\-ignore-zero-blocks,
-\-\-check-at-most-once, \-\-root-hash-signature]
+\-\-ignore-corruption or \-\-restart-on-corruption, \-\-panic-on-corruption,
+\-\-ignore-zero-blocks, \-\-check-at-most-once, \-\-root-hash-signature]
 
 If option \-\-no-superblock is used, you have to use as the same options
 as in initial format operation.
@@ -117,12 +117,13 @@ Use the provided UUID for format command instead of generating new one.
 The UUID must be provided in standard UUID format,
 e.g. 12345678-1234-1234-1234-123456789abc.
 .TP
-.B "\-\-ignore-corruption", "\-\-restart-on-corruption"
+.B "\-\-ignore-corruption", "\-\-restart-on-corruption", "\-\-panic-on-corruption"
 Defines what to do if data integrity problem is detected (data corruption).
 
 Without these options kernel fails the IO operation with I/O error.
 With \-\-ignore-corruption option the corruption is only logged.
-With \-\-restart-on-corruption the kernel is restarted immediately.
+With \-\-restart-on-corruption or  \-\-panic-on-corruption the kernel
+is restarted (panicked) immediately.
 (You have to provide way how to avoid restart loops.)
 
 \fBWARNING:\fR Use these options only for very specific cases.

src/cryptsetup.c

@@ -64,6 +64,8 @@ static int opt_shared = 0;
 static int opt_allow_discards = 0;
 static int opt_perf_same_cpu_crypt = 0;
 static int opt_perf_submit_from_crypt_cpus = 0;
+static int opt_perf_no_read_workqueue = 0;
+static int opt_perf_no_write_workqueue = 0;
 static int opt_test_passphrase = 0;
 static int opt_tcrypt_hidden = 0;
 static int opt_tcrypt_system = 0;
@@ -182,6 +184,12 @@ static void _set_activation_flags(uint32_t *flags)
 	if (opt_perf_submit_from_crypt_cpus)
 		*flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
 
+	if (opt_perf_no_read_workqueue)
+		*flags |= CRYPT_ACTIVATE_NO_READ_WORKQUEUE;
+
+	if (opt_perf_no_write_workqueue)
+		*flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
+
 	if (opt_integrity_nojournal)
 		*flags |= CRYPT_ACTIVATE_NO_JOURNAL;
 
@@ -815,11 +823,15 @@ static int action_status(void)
 					   (cad.flags & CRYPT_ACTIVATE_SUSPENDED) ? " (suspended)" : "");
 		if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS|
 				 CRYPT_ACTIVATE_SAME_CPU_CRYPT|
-				 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS))
-			log_std("  flags:   %s%s%s\n",
+				 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS|
+				 CRYPT_ACTIVATE_NO_READ_WORKQUEUE|
+				 CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE))
+			log_std("  flags:   %s%s%s%s%s\n",
 				(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : "",
 				(cad.flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? "same_cpu_crypt " : "",
-				(cad.flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? "submit_from_crypt_cpus" : "");
+				(cad.flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? "submit_from_crypt_cpus " : "",
+				(cad.flags & CRYPT_ACTIVATE_NO_READ_WORKQUEUE) ? "no_read_workqueue " : "",
+				(cad.flags & CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) ? "no_write_workqueue" : "");
 	}
 out:
 	crypt_free(cd);
@@ -3119,7 +3131,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 {
 	size_t i, vk_size, kp_size;
 	int r, keyslot_old = CRYPT_ANY_SLOT, keyslot_new = CRYPT_ANY_SLOT, key_size;
-	char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk;
+	char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk = NULL;
 	const char *active_name = NULL;
 	struct keyslot_passwords *kp;
 	struct crypt_params_luks2 luks2_params = {};
@@ -3161,6 +3173,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 
 	if (!key_size)
 		return -EINVAL;
+	vk_size = key_size;
 
 	r = crypt_keyslot_max(CRYPT_LUKS2);
 	if (r < 0)
@@ -3175,11 +3188,11 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 	if (r)
 		goto err;
 
-	vk_size = key_size;
-	vk = crypt_safe_alloc(vk_size);
-	if (!vk) {
-		r = -ENOMEM;
-		goto err;
+	if (opt_master_key_file) {
+		r = tools_read_mk(opt_master_key_file, &vk, key_size);
+
+		if (r < 0)
+			goto err;
 	}
 
 	r = -ENOENT;
@@ -3189,7 +3202,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 			r = set_keyslot_params(cd, i);
 			if (r < 0)
 				break;
-			r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size,
+			r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size,
 					kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT);
 			tools_keyslot_msg(r, CREATED);
 			if (r < 0)
@@ -3198,9 +3211,17 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 			kp[i].new = r;
 			keyslot_new = r;
 			keyslot_old = i;
-			r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen);
-			if (r < 0)
-				break;
+			if (!vk) {
+				/* key generated in crypt_keyslot_add_by_key() call above */
+				vk = crypt_safe_alloc(key_size);
+				if (!vk) {
+					r = -ENOMEM;
+					break;
+				}
+				r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen);
+				if (r < 0)
+					break;
+			}
 			r = assign_tokens(cd, i, r);
 			if (r < 0)
 				break;
@@ -3220,8 +3241,6 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 		}
 	}
 
-	crypt_safe_free(vk);
-
 	if (r < 0)
 		goto err;
 
@@ -3241,6 +3260,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
 			kp[keyslot_old].passwordLen, keyslot_old, kp[keyslot_old].new,
 			cipher, mode, &params);
 err:
+	crypt_safe_free(vk);
 	for (i = 0; i < kp_size; i++) {
 		crypt_safe_free(kp[i].password);
 		if (r < 0 && kp[i].new >= 0 &&
@@ -3527,6 +3547,8 @@ int main(int argc, const char **argv)
 		{ "force-password",    '\0', POPT_ARG_NONE, &opt_force_password,        0, N_("Disable password quality check (if enabled)"), NULL },
 		{ "perf-same_cpu_crypt",'\0', POPT_ARG_NONE, &opt_perf_same_cpu_crypt,  0, N_("Use dm-crypt same_cpu_crypt performance compatibility option"), NULL },
 		{ "perf-submit_from_crypt_cpus",'\0', POPT_ARG_NONE, &opt_perf_submit_from_crypt_cpus,0,N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option"), NULL },
+		{ "perf-no_read_workqueue",'\0', POPT_ARG_NONE, &opt_perf_no_read_workqueue,0,N_("Bypass dm-crypt workqueue and process read requests synchronously"), NULL },
+		{ "perf-no_write_workqueue",'\0', POPT_ARG_NONE, &opt_perf_no_write_workqueue,0,N_("Bypass dm-crypt workqueue and process write requests synchronously"), NULL },
 		{ "deferred",          '\0', POPT_ARG_NONE, &opt_deferred_remove,       0, N_("Device removal is deferred until the last user closes it"), NULL },
 		{ "serialize-memory-hard-pbkdf", '\0', POPT_ARG_NONE, &opt_serialize_memory_hard_pbkdf, 0, N_("Use global lock to serialize memory hard PBKDF (OOM workaround)"), NULL },
 		{ "iter-time",         'i',  POPT_ARG_INT, &opt_iteration_time,         0, N_("PBKDF iteration time for LUKS (in ms)"), N_("msecs") },

src/veritysetup.c

@@ -37,6 +37,7 @@ static uint64_t hash_offset = 0;
 static uint64_t fec_offset = 0;
 static const char *opt_uuid = NULL;
 static int opt_restart_on_corruption = 0;
+static int opt_panic_on_corruption = 0;
 static int opt_ignore_corruption = 0;
 static int opt_ignore_zero_blocks = 0;
 static int opt_check_at_most_once = 0;
@@ -153,6 +154,8 @@ static int _activate(const char *dm_device,
 		activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
 	if (opt_restart_on_corruption)
 		activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+	if (opt_panic_on_corruption)
+		activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
 	if (opt_ignore_zero_blocks)
 		activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
 	if (opt_check_at_most_once)
@@ -349,11 +352,13 @@ static int action_status(int arg)
 
 		if (cad.flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
 				 CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+				 CRYPT_ACTIVATE_PANIC_ON_CORRUPTION|
 				 CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS|
 				 CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE))
-			log_std("  flags:       %s%s%s%s\n",
+			log_std("  flags:       %s%s%s%s%s\n",
 				(cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "",
 				(cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION) ? "panic_on_corruption " : "",
 				(cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks " : "",
 				(cad.flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? "check_at_most_once" : "");
 	}
@@ -477,6 +482,7 @@ int main(int argc, const char **argv)
 		{ "uuid",            '\0', POPT_ARG_STRING, &opt_uuid,       0, N_("UUID for device to use"), NULL },
 		{ "root-hash-signature",'\0', POPT_ARG_STRING, &opt_root_hash_signature,  0, N_("Path to root hash signature file"), NULL },
 		{ "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
+		{ "panic-on-corruption", 0,POPT_ARG_NONE, &opt_panic_on_corruption, 0, N_("Panic kernel if corruption is detected"), NULL },
 		{ "ignore-corruption", 0,  POPT_ARG_NONE, &opt_ignore_corruption,  0, N_("Ignore corruption, log it only"), NULL },
 		{ "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
 		{ "check-at-most-once", 0, POPT_ARG_NONE, &opt_check_at_most_once, 0, N_("Verify data block only the first time it is read"), NULL },
@@ -592,6 +598,11 @@ int main(int argc, const char **argv)
 		_("Option --ignore-corruption and --restart-on-corruption cannot be used together."),
 		poptGetInvocationName(popt_context));
 
+	if (opt_panic_on_corruption && opt_restart_on_corruption)
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --panic-on-corruption and --restart-on-corruption cannot be used together."),
+		poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

tests/align-test2

@@ -100,7 +100,7 @@ format() # expected [forced] [encryption_sector_size]
 
 	if [ -z "$2" ] ; then
 		echo -n "Formatting using topology info$_smsg..."
-		echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --sector-size $_sec_size >/dev/null || fail
+		echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --sector-size $_sec_size >/dev/null 2>&1 || fail
 	else
 		echo -n "Formatting using forced sector alignment $2$_smsg..."
 		echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --align-payload=$2 --sector-size $_sec_size >/dev/null || fail
@@ -222,6 +222,31 @@ format $EXPCT $EXPCT s2048
 format $EXPCT $EXPCT s4096
 cleanup
 
+echo "# Create drive with misaligned opt-io to page-size (some bad USB enclosures)"
+echo "# (logical_block_size=512, physical_block_size=512, alignment_offset=0, opt-io=33553920)"
+add_device dev_size_mb=32 sector_size=512 num_tgts=1 opt_blks=65535
+format $EXPCT
+format $EXPCT s1024
+format $EXPCT s2048
+format $EXPCT s4096
+format $EXPCT 1
+format $EXPCT 1 s1024
+format $EXPCT 1 s2048
+format $EXPCT 1 s4096
+format $EXPCT 8
+format $EXPCT 8 s1024
+format $EXPCT 8 s2048
+format $EXPCT 8 s4096
+format $((EXPCT+1)) $((EXPCT+1))
+format_fail $((EXPCT+1)) $((EXPCT+1)) s1024
+format_fail $((EXPCT+1)) $((EXPCT+1)) s2048
+format_fail $((EXPCT+1)) $((EXPCT+1)) s4096
+format $EXPCT $EXPCT
+format $EXPCT $EXPCT s1024
+format $EXPCT $EXPCT s2048
+format $EXPCT $EXPCT s4096
+cleanup
+
 echo "# Create desktop-class 4K drive w/ 1-sector shift (original bug report)"
 echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=512)"
 add_device dev_size_mb=32 sector_size=512 physblk_exp=3 lowest_aligned=1 num_tgts=1

tests/api-test-2.c

@@ -3675,6 +3675,12 @@ static void Luks2Reencryption(void)
 		.luks2 = &params2,
 	};
 
+	const char *mk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+	size_t key_size = strlen(mk_hex) / 2;
+	char key[128];
+
+	crypt_decode_key(key, mk_hex, key_size);
+
 	/* reencryption currently depends on kernel keyring support in dm-crypt */
 	if (!t_dm_crypt_keyring_support())
 		return;
@@ -4317,6 +4323,33 @@ static void Luks2Reencryption(void)
 	OK_(crypt_deactivate(cd, CDEVICE_1));
 	CRYPT_FREE(cd);
 
+	_cleanup_dmdevices();
+	OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
+
+	rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
+	rparams.direction = CRYPT_REENCRYPT_FORWARD;
+	rparams.resilience = "none";
+	rparams.hash = NULL;
+	rparams.data_shift = 0;
+	rparams.max_hotzone_size = 0;
+	rparams.device_size = 0;
+	rparams.luks2 = &params2;
+	rparams.flags = 0;
+
+	/* Test support for specific key reencryption */
+	OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+	OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+	OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+	EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 3);
+	EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
+	EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10);
+	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 3, 9, "aes", "xts-plain64", &rparams));
+	OK_(crypt_reencrypt(cd, NULL));
+	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+	OK_(crypt_keyslot_destroy(cd, 9));
+	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+	crypt_free(cd);
+
 	_cleanup_dmdevices();
 #endif
 }

tests/compat-test2

@@ -713,6 +713,12 @@ $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail
 $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
 $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail
 echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
+rm $HEADER_IMG || fail
+# create exactly 16 MiBs LUKS2 header
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --luks2-keyslots-size 16352k --luks2-metadata-size 16k --offset 131072 >/dev/null || fail
+SIZE=$(stat --printf=%s $HEADER_IMG)
+test $SIZE -eq 16777216 || fail
+$CRYPTSETUP -q luksDump  $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[bytes\]" || fail
 
 prepare "[29] Repair metadata" wipe
 xz -dk $HEADER_LUKS2_PV.xz
@@ -1017,5 +1023,14 @@ echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher
 [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:"    | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail
 [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail
 
+prepare "[42] Some encryption compatibility mode tests" wipe
+CIPHERS="aes-ecb aes-cbc-null aes-cbc-plain64 aes-cbc-essiv:sha256 aes-xts-plain64"
+key_size=256
+for cipher in $CIPHERS ; do
+	echo -n "[$cipher/$key_size]"
+	$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --cipher $cipher --key-size $key_size || fail
+done
+echo
+
 remove_mapping
 exit 0

tests/crypto-vectors.c

@@ -660,31 +660,37 @@ struct cipher_iv_test_vector {
 	const char in_sha256[32];
 	struct {
 		size_t sector_size;
+		bool large_iv;
 		const char out_sha256[32];
-	} out[4];
+	} out[7];
 };
 
 static struct cipher_iv_test_vector cipher_iv_test_vectors[] = {
 {
 	"aes", "cbc",
 	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
-	"null", 0, 8192,
+	"null", UINT32_MAX-7, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
+	{	512, false,
 		"\xfd\x05\xd0\x4d\x51\xb9\xd4\x87\xa4\x57\x9a\x62\x07\x39\xc9\x4a"
 		"\x00\x90\x3e\xaf\xe8\xb2\xac\x12\xca\xeb\x58\xf9\x48\xf6\xef\x08"
-	},{
-		1024,
+	},{	1024, false,
 		"\x55\x87\x5c\xde\x86\x6a\x8b\xab\x08\xbe\x5b\x38\x17\x53\xdf\xe5"
 		"\x7e\xb9\x5f\x59\xaf\x07\xa4\xca\x6a\x24\xd1\x12\xa9\x15\x25\xf4"
-	},{
-		2048,
+	},{	1024, true,
+		"\x55\x87\x5c\xde\x86\x6a\x8b\xab\x08\xbe\x5b\x38\x17\x53\xdf\xe5"
+		"\x7e\xb9\x5f\x59\xaf\x07\xa4\xca\x6a\x24\xd1\x12\xa9\x15\x25\xf4"
+	},{	2048, false,
 		"\x55\x5b\x8e\x74\x90\x9d\x0d\x4b\x74\x8c\x16\x7e\x29\xcf\xa9\xa3"
 		"\xf3\x42\x8b\x62\xda\x2d\x8c\xda\xc9\x32\xc8\x78\xe2\x7e\xd2\x70"
-	},{
-		4096,
+	},{	2048, true,
+		"\x55\x5b\x8e\x74\x90\x9d\x0d\x4b\x74\x8c\x16\x7e\x29\xcf\xa9\xa3"
+		"\xf3\x42\x8b\x62\xda\x2d\x8c\xda\xc9\x32\xc8\x78\xe2\x7e\xd2\x70"
+	},{	4096, false,
+		"\xc6\x45\xba\xe0\x40\x3a\x96\x09\x5e\x46\x0d\x19\x9d\x58\x4b\x93"
+		"\x78\xc5\x3f\xa4\x2e\x9e\xb0\x19\x04\x4b\x73\x26\xf4\xa6\xb5\xc3"
+	},{	4096, true,
 		"\xc6\x45\xba\xe0\x40\x3a\x96\x09\x5e\x46\x0d\x19\x9d\x58\x4b\x93"
 		"\x78\xc5\x3f\xa4\x2e\x9e\xb0\x19\x04\x4b\x73\x26\xf4\xa6\xb5\xc3"
 	},
@@ -692,73 +698,88 @@ static struct cipher_iv_test_vector cipher_iv_test_vectors[] = {
 {
 	"aes", "cbc",
 	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
-	"plain", UINT32_MAX-1, 8192,
+	"plain", UINT32_MAX-7, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
-		"\x4e\xa0\x9e\x5b\xf2\x27\x88\xdb\xe9\x05\xfb\x34\xa1\x88\x3b\xa3"
-		"\xda\x3e\x98\x50\x5d\x52\x68\x72\xc8\xac\x21\x88\x77\x35\x67\xad"
-	},{
-		1024,
-		"\x0e\x4d\xba\x93\xef\x44\x06\x3b\xac\x92\x29\x97\xde\x75\xe7\x18"
-		"\x26\x06\x5c\x8f\x23\xf2\xf8\xe5\xee\xfe\xf7\x9a\xdf\xc7\xd4\x2d"
-	},{
-		2048,
-		"\x6f\xd7\x56\x23\x51\x65\x20\x8f\xd2\x11\x35\xe1\xd2\x05\x40\xc3"
-		"\xd3\x18\xc1\xed\xf0\x1c\xbe\x0e\xdd\xd5\xca\x39\x21\xe0\xe4\x68"
-	},{
-		4096,
-		"\x80\xaa\x75\x69\x39\x29\x8f\x93\xbd\x09\x51\x96\x9b\x7d\x0f\xd0"
-		"\xf5\xb5\xdf\xf4\x48\x8c\x21\x26\x2e\xa7\x5c\x52\x75\xaa\xfc\xe3"
+	{	512, false,
+		"\x43\xfd\x6e\x25\x80\xb2\x13\xf5\xca\x71\x79\x18\xe4\x12\x91\xe0"
+		"\x6e\x37\x24\x32\xfd\x40\x4b\x42\xcb\xc1\x72\x1a\xc7\x5a\x19\xc8"
+	},{	1024, false,
+		"\x18\x79\x8d\xad\xf2\x7b\x38\x03\x27\xa5\x76\x19\x07\xcd\x12\x62"
+		"\x03\x36\x57\x85\x88\x50\xd0\x6c\xf6\xdf\xf1\xcf\xb8\xcf\x01\x77"
+	},{	1024, true,
+		"\xd0\x21\xcf\xb2\x7a\x01\xa8\x94\xb2\x87\x49\xc4\x9f\x9c\xb2\x3a"
+		"\x7c\xc4\x0d\x50\x08\xea\x4d\xfb\x87\xe4\x49\x8c\x1a\xd6\xec\x16"
+	},{	2048, false,
+		"\xa4\x89\x72\xb9\xcf\x78\x0c\x2a\xc8\x20\x4f\xd5\x13\xcb\x75\x30"
+		"\x90\xd2\x4a\xfd\xd3\xb2\xe8\xf0\xd2\xb7\x9d\x07\xbd\xa9\x70\x97"
+	},{	2048, true,
+		"\x2a\xcf\x07\x57\xc8\xea\x64\xc7\xd0\xd5\x28\xe6\xd1\x9a\xb5\x7d"
+		"\xe4\xb9\x63\xa2\x66\x5a\x3d\x14\xbd\x27\xc7\x09\xc0\x3c\xd9\x00"
+	},{	4096, false,
+		"\x12\x1b\x00\x54\x6e\x2d\x08\xc1\x15\x8b\x15\x57\xc5\x11\x30\x8b"
+		"\x63\x33\x64\xa0\xd1\x45\xd6\xcb\xdd\x49\x91\x04\x29\xe6\x93\x08"
+	},{	4096, true,
+		"\x44\xaa\xf1\x23\x0c\x34\x32\x2a\xfa\xe3\xf7\x95\x7a\x7c\xa8\x8b"
+		"\x34\x78\xbd\x12\x5c\xae\x4a\x65\x23\x8a\x6f\x3a\x96\x05\xfa\xae"
 	},
 }},
 {
 	"aes", "cbc",
 	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
-	"plain64", UINT32_MAX-1, 8192,
+	"plain64", UINT32_MAX-7, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
-		"\x60\xe5\xc9\xf8\xcd\x48\x06\x3c\x96\x11\xc8\xbf\x1e\x67\x60\x21"
-		"\x0c\x1f\x1a\x8b\x03\x00\x0d\xc1\x39\xc9\x27\xb8\xa8\x73\x17\x69"
-	},{
-		1024,
-		"\x25\xc1\x6b\x78\x8a\x22\x72\xb5\x5c\xfb\x3f\xe9\x16\x8b\x89\x96"
-		"\xfa\x80\xed\xf4\x83\xab\x1c\x79\xd2\xc7\x44\x27\x89\x99\xbb\x83"
-	},{
-		2048,
-		"\xb3\x42\x15\xd7\x86\xf6\xdf\x45\x49\x78\x18\x73\xa8\x7f\x3e\xb3"
-		"\x0b\xb8\x64\x91\x7c\xf1\x5a\x5b\x6d\x20\xbc\x0b\xe2\xab\x9b\xe6"
-	},{
-		4096,
-		"\x6b\x45\x5c\x24\x97\xb4\x87\x49\x99\x16\x69\x59\x72\x6b\xd7\xc9"
-		"\xc9\x90\xec\x7f\x3b\xfb\xe9\xea\x9d\xb4\x39\x62\x4d\x22\xe5\x43"
+	{	512, false,
+		"\xb3\x65\x7e\x6c\xba\xe0\x39\xcd\x1e\x1d\xaf\x65\xae\xb7\xda\x20"
+		"\x25\x17\x6a\x38\x75\x79\x68\x4c\x9a\x75\xc7\xfb\x2b\xa2\x17\xd2"
+	},{	1024, false,
+		"\x0a\xa3\x23\x72\x80\xd3\x76\x33\x8b\x2b\xae\x01\x03\x99\xa5\xca"
+		"\xcd\x95\x27\x40\x27\xec\x14\x90\xfd\x58\xb0\x08\x9b\x99\x27\xe2"
+	},{	1024, true,
+		"\xd0\x21\xcf\xb2\x7a\x01\xa8\x94\xb2\x87\x49\xc4\x9f\x9c\xb2\x3a"
+		"\x7c\xc4\x0d\x50\x08\xea\x4d\xfb\x87\xe4\x49\x8c\x1a\xd6\xec\x16"
+	},{	2048, false,
+		"\x67\x87\xeb\xed\xe1\x16\x85\x0a\x3f\xb2\x5c\xbc\x27\x61\x99\x52"
+		"\xfe\x64\xb9\xab\x24\xdd\x2c\x1a\x2c\xff\xcd\x7e\x2e\x74\xb5\xd4"
+	},{	2048, true,
+		"\x2a\xcf\x07\x57\xc8\xea\x64\xc7\xd0\xd5\x28\xe6\xd1\x9a\xb5\x7d"
+		"\xe4\xb9\x63\xa2\x66\x5a\x3d\x14\xbd\x27\xc7\x09\xc0\x3c\xd9\x00"
+	},{	4096, false,
+		"\xb2\xf1\x0e\x66\xd4\x58\x4e\x93\xe7\x98\xae\x9c\x3e\xa7\xad\xf2"
+		"\x93\x1a\xaa\x3c\xc4\x90\x12\x05\x00\x58\x25\x8f\x1f\x5d\xc6\x67"
+	},{	4096, true,
+		"\x44\xaa\xf1\x23\x0c\x34\x32\x2a\xfa\xe3\xf7\x95\x7a\x7c\xa8\x8b"
+		"\x34\x78\xbd\x12\x5c\xae\x4a\x65\x23\x8a\x6f\x3a\x96\x05\xfa\xae"
 	},
 }},
 {
 	"aes", "cbc",
 	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
-	"plain64be", UINT32_MAX-1, 8192,
+	"plain64be", UINT32_MAX-7, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
-		"\x7f\xf9\xdb\xe1\xf6\x8c\x4d\xb4\x33\x9d\x61\x7b\x67\x5c\xef\x69"
-		"\xea\x94\x32\x3d\xa7\x70\x01\xe0\x06\x4c\xf8\x56\x64\xd0\xb7\xdf"
-	},{
-		1024,
-		"\x8e\x33\x0b\xa2\x45\x78\x5a\x3d\x5e\xf7\x74\xf9\x75\xb5\xbd\x06"
-		"\x38\x78\x74\x4f\xd8\xec\x11\x96\xf7\x92\x2b\xb1\x9a\xc2\xc3\xef"
-	},{
-		2048,
-		"\xad\x94\xcb\x8d\x96\x47\x10\x5c\x54\xce\x74\xca\xc8\xa3\xbd\x3e"
-		"\xdf\xa7\xf5\x14\x2a\x77\x4c\x50\xb8\x01\x46\xc3\x89\x50\xa7\x46"
-	},{
-		4096,
-		"\x3b\xdb\xbe\x01\x09\xd9\xda\xf7\x77\x85\xe2\x30\xaf\x21\xe7\x70"
-		"\x51\x2c\x6b\xcc\x75\x40\x7e\x8d\xdc\x90\xab\xaf\x6d\x2e\x0b\x49"
+	{	512, false,
+		"\x28\xbf\x09\xe1\x68\xcc\x05\x1b\x20\xaf\x8d\x01\x36\x21\x8a\x8d"
+		"\x7a\x94\x98\xa8\x99\xe9\xf4\x66\xd8\xb7\x99\xca\x04\x58\x83\x90"
+	},{	1024, false,
+		"\x9b\x74\xf7\xd5\x5a\x6b\xb2\x3a\xd2\x09\xdd\x80\x59\x28\x70\x8f"
+		"\x3a\x61\xf2\x14\xc3\x0d\xa8\xd7\xd9\xcb\x57\x26\x73\x88\x93\xd2"
+	},{	1024, true,
+		"\x36\xb5\x68\x08\x29\x55\xb9\xe9\x01\xc1\xa8\xcf\x3e\x5b\x00\x28"
+		"\xb6\xd1\x35\xc5\xf7\x0c\xf6\x59\xb5\x8f\xb9\xa2\x00\x43\x29\x48"
+	},{	2048, false,
+		"\x94\x4f\xc8\xb4\xfe\xad\xdc\x56\xf0\x62\x00\x8d\x52\x0b\x2d\x58"
+		"\xc0\x05\xd6\x1d\x47\x35\xc6\x6a\x42\xec\x98\xee\x21\x74\x7b\xe5"
+	},{	2048, true,
+		"\x14\x6b\xaa\x2f\xf4\xa8\x24\x3f\x4e\x92\x97\x1a\xca\x1c\xbb\x46"
+		"\xa7\x08\xbb\xc5\x95\xac\x73\x81\x25\x34\x33\x41\x95\x71\xd9\xe7"
+	},{	4096, false,
+		"\xa8\x17\x5d\x84\xc8\x16\x06\x7f\xa2\x68\xdd\x1e\x7d\x63\x34\x93"
+		"\x7b\x45\x2d\xf4\x10\x0b\x90\xfa\x14\x8b\x73\x86\xbc\x09\x4a\xe3"
+	},{	4096, true,
+		"\xe2\xc3\x30\xd8\xa1\xb3\xa8\xeb\xde\xdc\xfe\x9b\xe0\x0b\x62\x4e"
+		"\x38\x2f\xa1\x45\x0e\x8f\x6c\xf0\x4e\x88\x58\x17\x13\xb5\x10\x98"
 	},
 }},
 {
@@ -767,22 +788,27 @@ static struct cipher_iv_test_vector cipher_iv_test_vectors[] = {
 	"essiv:sha256", 0, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
+	{	512, false,
 		"\xa5\x3e\x74\xc4\x1a\x5c\xf3\x6b\x63\x49\xd5\xd9\xbb\x7a\x89\x5a"
 		"\xd5\x3e\x76\x6f\x4c\x2d\x0b\xd3\x8b\x5e\x0e\x91\xa3\x8c\x2a\xde"
-	},{
-		1024,
+	},{	1024, false,
 		"\x41\x6b\xc6\x75\x2e\x99\x76\xa1\x83\xea\xd5\x97\x64\x0e\x24\x8c"
 		"\x91\x17\x03\x38\xe7\xd8\x66\x64\xaa\xd7\x27\x50\x2a\xd3\x0b\xe6"
-	},{
-		2048,
+	},{	1024, true,
+		"\x02\x3c\xbe\xe6\x1e\x9a\xf3\x14\xab\x16\xff\x6f\xb6\xa2\x3e\x03"
+		"\xa1\xbd\xe9\xe4\xfa\x44\x5b\x22\xc6\x53\xe8\x60\x58\x15\x99\xea"
+	},{	2048, false,
 		"\x84\xdc\x45\xd3\x61\x03\xa8\x51\x85\x5b\xef\xf8\x92\x6b\x12\x06"
 		"\x2c\xfe\x75\x3e\xcf\x28\xd1\x8b\x4d\xcb\x88\x9e\x31\xb0\x0b\x92"
-	},{
-		4096,
+	},{	2048, true,
+		"\x4b\x9d\xe4\x3c\xe2\x4e\x7a\x13\x72\x02\x48\xf8\x7a\x7e\x15\xe8"
+		"\x3a\xc3\x92\x0b\xe8\x30\xac\xb7\x9a\xe0\xcf\xf9\xb1\xf5\x61\x5b"
+	},{	4096, false,
 		"\xbb\x1b\xa3\xa9\x41\xbf\x17\xd8\x76\x19\x08\x8e\x3f\x50\xed\xfd"
 		"\x57\x1d\xd2\xc2\x8a\x32\x01\xb9\xd9\x8a\xcc\x0d\xa0\x65\x8b\x6d"
+	},{	4096, true,
+		"\xa6\xdc\x7d\xc8\xc4\x9b\x78\x81\x72\xe9\xdd\x35\x6c\x07\xeb\x7b"
+		"\xd6\x56\x9e\xe4\xdf\xf5\xdd\x2e\x2c\x19\x8f\x63\x58\xdb\xa7\xd0"
 	},
 }},
 {
@@ -791,22 +817,27 @@ static struct cipher_iv_test_vector cipher_iv_test_vectors[] = {
 	"benbi", 0, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
+	{	512, false,
 		"\x3c\xe3\x94\xe3\x6d\x68\x5b\xdb\x5a\x8d\x71\xbf\xd3\xa6\x68\xb9"
 		"\x1f\x33\x0f\x97\xe2\xd6\xe8\xe2\xe1\xfc\x7e\x80\x28\xf1\x73\xbd"
-	},{
-		1024,
+	},{	1024, false,
 		"\x0f\x27\xa7\xae\x31\x9e\x71\x02\x12\x16\x44\x5f\xbb\xc6\xcb\x78"
 		"\xd4\x84\x49\xe0\x88\x85\x04\xbf\x6d\xea\x60\x76\x98\x34\x0a\x7e"
-	},{
-		2048,
+	},{	1024, true,
+		"\x3e\xf3\x08\x8d\x3b\x20\x4b\x51\x54\xde\x7f\x77\x5b\xcf\x02\x8b"
+		"\x0e\xb0\x74\x2e\x8e\x29\xfa\x5e\x86\xb4\xab\x65\x18\x59\x48\xb1"
+	},{	2048, false,
 		"\xb0\x9a\xe5\x31\x5f\x2e\x9d\x13\x04\x08\x2a\x02\x71\x3d\xdb\x5d"
 		"\xb2\xc9\x68\x5b\xdc\xd1\x38\xc2\x96\xb3\x3b\x72\xda\x9d\xcb\xe6"
-	},{
-		4096,
+	},{	2048, true,
+		"\x6f\x34\xf0\xc1\xea\x72\xe4\xdc\x91\x91\x78\xb3\x7c\xb0\x9d\x41"
+		"\x94\xf6\xb8\xad\x05\xc4\x0e\x49\x05\x31\x90\xf0\x56\xfe\x21\x3f"
+	},{	4096, false,
 		"\xaa\x74\x7d\xd6\x73\xa7\x77\xe1\x7f\xb9\x76\xf7\x5c\xcf\xc0\xb7"
 		"\xfa\x7b\xed\x15\xc2\x32\x7c\x27\xbb\x35\xfc\xfe\x12\xee\x14\x2d"
+	},{	4096, true,
+		"\x71\x1b\x3d\x26\xf4\x44\x82\x72\x1b\x7a\x65\x0b\x37\x8c\x94\x5b"
+		"\x1c\xd3\x30\x2f\xf6\xce\xa4\x24\x25\xeb\x9b\xb9\x83\xe5\x71\xbb"
 	},
 }},
 {
@@ -815,22 +846,27 @@ static struct cipher_iv_test_vector cipher_iv_test_vectors[] = {
 	"eboiv", 0, 8192,
 	"\x9f\x1d\xcb\xc3\x5c\x35\x0d\x60\x27\xf9\x8b\xe0\xf5\xc8\xb4\x3b"
 	"\x42\xca\x52\xb7\x60\x44\x59\xc0\xc4\x2b\xe3\xaa\x88\x91\x3d\x47", {
-	{
-		512,
+	{	512, false,
 		"\x04\x4e\x92\x9f\x79\x66\xfe\x93\x1b\xa5\xb8\x02\xfe\x7e\xf9\x26"
 		"\x7b\x64\x39\xe7\xb3\xca\xc4\x6e\xca\x27\xa0\x2f\xe2\xea\x91\x16"
-	},{
-		1024,
+	},{	1024, false,
 		"\xb0\x4a\xa4\xb5\xd6\x45\x7a\x86\xe9\x43\x3d\xd6\x01\xf7\x68\x8e"
 		"\xe6\x81\x8d\x50\x55\x18\x8e\x4b\xb6\xa7\x89\xdf\xe2\x4b\x94\xe2"
-	},{
-		2048,
+	},{	1024, true,
+		"\x95\x08\x4d\x4e\x89\xab\x91\x4e\xae\x56\x5d\xec\xf2\x78\x13\xb1"
+		"\x82\xf7\xc8\xb5\x03\xd6\xfa\xb0\xe3\xf9\xc1\x01\xc0\x0c\x35\xa4"
+	},{	2048, false,
 		"\xd4\x00\x1f\x26\x18\xd1\x6d\xd5\xc4\xbf\x4a\x13\x30\xae\xd7\x4b"
 		"\x33\x1e\xd5\xe8\x43\x2d\x95\x84\x67\x39\x04\x51\x5f\x1f\x49\xe4"
-	},{
-		4096,
+	},{	2048, true,
+		"\x89\x8d\xa2\xec\x45\x7f\xf0\xac\xfc\x70\xb6\x36\xf0\x89\xca\x86"
+		"\x6b\xbf\x09\xd2\x54\xa0\x7c\xbc\x17\xd3\x4e\xb8\x10\x8a\x3f\x5d"
+	},{	4096, false,
 		"\xd1\xd7\x4f\x70\x9a\xa0\x22\x27\x60\xdb\x40\x5a\x84\xce\x89\x2c"
 		"\x4f\x98\x55\xd2\x2d\xd1\xea\x9e\x47\xae\x8a\x83\xb5\x90\xbb\x49"
+	},{	4096, true,
+		"\xdb\xe7\xd2\x25\xb0\x4f\x5d\x36\x20\xc4\xc2\xb4\xe8\x7e\xae\xe9"
+		"\x95\x10\x45\x5d\xdd\xc4\xcd\x33\xad\xbd\x39\x49\xf2\x85\x82\x4c"
 	},
 }}};
 
@@ -1106,12 +1142,12 @@ static int cipher_iv_test(void)
 
 			snprintf(mode_iv, sizeof(mode_iv)-2, "%s-%s", vector->cipher_mode, vector->iv_name);
 			r = crypt_storage_init(&storage, vector->out[j].sector_size, vector->cipher_name, mode_iv,
-					       vector->key, vector->key_length);
+					       vector->key, vector->key_length, vector->out[j].large_iv);
 			if (r == -ENOENT || r == -ENOTSUP) {
 				printf("[N/A]");
 				continue;
 			} else {
-				printf("[%i]", (int)vector->out[j].sector_size);
+				printf("[%i%s]", (int)vector->out[j].sector_size, vector->out[j].large_iv ? "L" : "");
 				if (r)
 					return EXIT_FAILURE;
 			}

tests/device-test

@@ -38,6 +38,7 @@ skip()
 
 function dm_crypt_features()
 {
+	modprobe dm-crypt || fail "dm-crypt failed to load"
 	VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
 	[ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
 
@@ -61,6 +62,9 @@ function dm_crypt_features()
 	if [ $VER_MIN -gt 18 -o \( $VER_MIN -eq 18 -a $VER_PTC -ge 1 \) ]; then
 		 test -d /proc/sys/kernel/keys && DM_KEYRING=1
 	fi
+
+	[ $VER_MIN -lt 22 ] && return
+	DM_PERF_NO_WORKQUEUE=1
 }
 
 function dm_crypt_keyring_support()
@@ -119,11 +123,12 @@ if [ -z "$DM_PERF_CPU" ]; then
 	echo "TEST SKIPPED: dmcrypt options not available"
 	SKIP_COUNT=$((SKIP_COUNT+1))
 else
-	# plain
+	echo -n "PLAIN: same_cpu_crypt submit_from_cpus "
 	echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
 	$CRYPTSETUP close $DEV_NAME || fail
+	echo -n "allow_discards "
 	echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
@@ -141,12 +146,21 @@ else
 	$CRYPTSETUP status $DEV_NAME | grep -q discards && fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
 	echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail
+	if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
+		echo -n "no_read_workqueue no_write_workqueue"
+		echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+	fi
 	$CRYPTSETUP close $DEV_NAME || fail
-	# LUKS
+	echo
+
+	echo -n "LUKS: same_cpu_crypt submit_from_cpus "
 	echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
 	$CRYPTSETUP close $DEV_NAME || fail
+	echo -n "allow_discards "
 	echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
@@ -162,9 +176,17 @@ else
 	$CRYPTSETUP status $DEV_NAME | grep -q discards && fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
 	echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
+	if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
+		echo -n "no_read_workqueue no_write_workqueue"
+		echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME  --perf-no_read_workqueue --perf-no_write_workqueue || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+	fi
 	$CRYPTSETUP close $DEV_NAME || fail
+	echo
 
 	format luks2
+	echo -n "LUKS2: same_cpu_crypt submit_from_cpus "
 	echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
@@ -174,6 +196,7 @@ else
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
 	$CRYPTSETUP close $DEV_NAME || fail
+	echo -n "allow_discards [persistent flags] "
 	echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
@@ -211,11 +234,23 @@ else
 	echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --disable-keyring || fail
 	$CRYPTSETUP status $DEV_NAME | grep -q keyring && fail
 	if [ -n "$DM_KEYRING" ]; then
+		echo -n "keyring "
 		echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
 		$CRYPTSETUP status $DEV_NAME | grep -q keyring || fail
 	fi
+	if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
+		echo -n "no_read_workqueue no_write_workqueue"
+		echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue --persistent || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+		$CRYPTSETUP close $DEV_NAME || fail
+		echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+	fi
 	echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
 	$CRYPTSETUP close $DEV_NAME || fail
+	echo
 fi
 
 echo "[3] Kernel dmcrypt sector size options"

tests/generators/generate-luks2-segment-wrong-backup-key-0.img.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate primary header with wrong backup segment id
+#
+# secondary header is corrupted on purpose as well
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function prepare()
+{
+	cp $SRC_IMG $TGT_IMG
+	test -d $TMPDIR || mkdir $TMPDIR
+	read_luks2_json0 $TGT_IMG $TMPDIR/json0
+	read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
+	read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
+}
+
+function generate()
+{
+	# create illegal backup segment key (used to be bug in 32bit implementations)
+	json_str=$(jq -c '.segments[(.segments | length + 1 | tostring)] = { "type" : "linear", "offset" : "512", "size" : "512", "flags":["backup-x"]}' $TMPDIR/json0)
+	test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+	write_luks2_json "$json_str" $TMPDIR/json0
+
+	merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
+	erase_checksum $TMPDIR/area0
+	chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
+	write_checksum $chks0 $TMPDIR/area0
+	write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
+	kill_bin_hdr $TMPDIR/hdr1
+	write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+}
+
+function check()
+{
+	read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
+	local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
+	test "$str_res1" = "VACUUM" || exit 2
+
+	read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+	jq -c 'if .segments | length < 2
+	       then error("Unexpected segments count") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+function cleanup()
+{
+	rm -f $TMPDIR/*
+	rm -fd $TMPDIR
+}
+
+test $# -eq 2 || exit 1
+
+TGT_IMG=$1/$(test_img_name $0)
+SRC_IMG=$2
+
+prepare
+generate
+check
+cleanup

tests/generators/generate-luks2-segment-wrong-backup-key-1.img.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate primary header with wrong backup segment id
+#
+# secondary header is corrupted on purpose as well
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function prepare()
+{
+	cp $SRC_IMG $TGT_IMG
+	test -d $TMPDIR || mkdir $TMPDIR
+	read_luks2_json0 $TGT_IMG $TMPDIR/json0
+	read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
+	read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
+}
+
+function generate()
+{
+	# create illegal backup segment key (used to be bug in 32bit implementations)
+	json_str=$(jq -c '(.segments."0".offset | tonumber) as $i | .segments[range(1;65) | tostring] = { "type" : "linear", "offset" : ($i + 512 | tostring), "size" : "512" } | .segments."268435472" = { "type":"linear","offset":"512","size":"512","flags":["backup-x"]}' $TMPDIR/json0)
+	test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+	write_luks2_json "$json_str" $TMPDIR/json0
+
+	merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
+	erase_checksum $TMPDIR/area0
+	chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
+	write_checksum $chks0 $TMPDIR/area0
+	write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
+	kill_bin_hdr $TMPDIR/hdr1
+	write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+}
+
+function check()
+{
+	read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
+	local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
+	test "$str_res1" = "VACUUM" || exit 2
+
+	read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+	jq -c 'if .segments | length < 64
+	       then error("Unexpected segments count") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+function cleanup()
+{
+	rm -f $TMPDIR/*
+	rm -fd $TMPDIR
+}
+
+test $# -eq 2 || exit 1
+
+TGT_IMG=$1/$(test_img_name $0)
+SRC_IMG=$2
+
+prepare
+generate
+check
+cleanup

tests/integrity-compat-test

@@ -30,7 +30,7 @@ cleanup() {
 
 fail()
 {
-	echo
+	[ -n "$1" ] && echo "$1"
 	echo "FAILED backtrace:"
 	while caller $frame; do ((frame++)); done
 	cleanup
@@ -157,7 +157,15 @@ intformat() # alg alg_out tagsize outtagsize sector_size csum [keyfile keysize]
 
 	echo -n "[INTEGRITY:$2:$4:$5]"
 	echo -n "[FORMAT]"
-	$INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null || fail "Cannot format device."
+	$INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null 2>&1
+	if [ $? -ne 0 ] ; then
+		if ! grep -q $1 /proc/crypto ; then
+			echo "[N/A]"
+			return
+		fi
+		fail "Cannot format device."
+	fi
+
 	dump_check "tag_size" $4
 	dump_check "sector_size" $5
 	echo -n "[ACTIVATE]"
@@ -316,6 +324,8 @@ modprobe dm-integrity >/dev/null 2>&1
 dm_integrity_features
 
 add_device
+intformat blake2s-256 blake2s-256    32 32  512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11
+intformat blake2b-256 blake2b-256    32 32  512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11
 intformat crc32c      crc32c          0  4  512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
 intformat crc32       crc32           0  4  512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
 intformat sha1        sha1            0 20  512 6eedd6344dab8875cd185fcd6565dfc869ab36bc57e577f40c685290b1fa7fe7

tests/luks2-reencryption-test

@@ -19,6 +19,7 @@ DEV_NAME2=reenc97682
 IMG=reenc-data
 IMG_HDR=/tmp/$IMG.hdr
 KEY1=key1
+VKEY1=vkey1
 PWD1="93R4P4pIqAH8"
 PWD2="1cND4319812f"
 PWD3="1-9Qu5Ejfnqv"
@@ -96,7 +97,7 @@ function remove_mapping()
 	[ -b /dev/mapper/$OVRDEV-err ] && dmsetup remove --retry $OVRDEV-err 2>/dev/null
 	[ -n "$LOOPDEV" ] && losetup -d $LOOPDEV
 	unset LOOPDEV
-	rm -f $IMG $IMG_HDR $KEY1 $DEVBIG >/dev/null 2>&1
+	rm -f $IMG $IMG_HDR $KEY1 $VKEY1 $DEVBIG >/dev/null 2>&1
 	rmmod scsi_debug 2> /dev/null
 	scsi_debug_teardown $DEV
 }
@@ -173,6 +174,11 @@ function prepare() # $1 dev1_siz
 		dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
 	fi
 
+	if [ ! -e $VKEY1 ]; then
+		echo -n $'\x44\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$VKEY1
+		echo -n $'\x9c\x03\xba\xbe\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$VKEY1
+	fi
+
 	add_scsi_device $@
 }
 
@@ -1366,5 +1372,17 @@ echo -e "$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV --resume-only -q 2>/dev/null && fail
 echo -e "$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1" | $CRYPTSETUP reencrypt $DEV -q  || fail
 
+echo "[23] Reencryption with specified new volume key"
+prepare dev_size_mb=32
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 256 -c aes-cbc-essiv:sha256 --offset 8192 $FAST_PBKDF_ARGON $DEV || fail
+echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON $DEV || fail
+wipe $PWD1
+check_hash $PWD1 $HASH1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -S0 $FAST_PBKDF_ARGON --master-key-file $VKEY1 -s 128 || fail
+check_hash $PWD1 $HASH1
+$CRYPTSETUP luksErase -q $DEV || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_ARGON --master-key-file $VKEY1 -s 128 $DEV || fail
+check_hash $PWD1 $HASH1
+
 remove_mapping
 exit 0

tests/luks2-validation-test

@@ -199,6 +199,8 @@ RUN luks2-segment-unknown-type.img			"R" "Validation rejected segment with all m
 RUN luks2-segment-two.img				"R" "Validation rejected two valid segments"
 RUN luks2-segment-wrong-flags.img			"F" "Failed to detect invalid flags field"
 RUN luks2-segment-wrong-flags-element.img		"F" "Failed to detect invalid flags content"
+RUN luks2-segment-wrong-backup-key-0.img		"F" "Failed to detect gap in backup segments"
+RUN luks2-segment-wrong-backup-key-1.img		"F" "Failed to detect gap in backup segments"
 
 echo "[6] Test metadata size and keyslots size (config section)"
 RUN luks2-invalid-keyslots-size-c0.img			"F" "Failed to detect too large keyslots_size in config section"

tests/test_utils.c

@@ -279,7 +279,14 @@ void global_log_callback(int level, const char *msg, void *usrptr)
 	if (level <= CRYPT_LOG_DEBUG)
 		return;
 
-	strncat(global_log, msg, sizeof(global_log) - strlen(global_log));
+	len = strlen(global_log);
+
+	if (len + strlen(msg) > sizeof(global_log)) {
+			printf("Log buffer is too small, fix the test.\n");
+			return;
+	}
+
+	strncat(global_log, msg, sizeof(global_log) - len);
 	global_lines++;
 	if (level == CRYPT_LOG_ERROR) {
 		len = strlen(msg);

tests/verity-compat-test

@@ -399,6 +399,9 @@ if check_version 1 3; then
 	if check_version 1 4; then
 		check_option 512 $HASH $SALT 1 sha256 "--check-at-most-once" "check_at_most_once"
 	fi
+	if check_version 1 7; then
+		check_option 512 $HASH $SALT 1 sha256 "--panic-on-corruption" "panic_on_corruption"
+	fi
 fi
 
 echo "Veritysetup [hash-offset bigger than 2G works] "