cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails.

If crypt_load() for LUKS succeeds, we know that it is a LUKS device. Failure of data device setting should fail in this case; remapping as a PLAIN device late could mean data corruption. (If a user wants to map PLAIN device over a device with LUKS header, it should be said explicitly with "plain" argument type.) Also, if there is no explicit PLAIN type requested and crypt device is already initialized (crypt_data_type() is set), do not run the initialization again.
2019-05-27 09:27:54 +02:00 · 2019-05-27 09:27:54 +02:00 · 2e4beb875b
parent 6bf901a9b5
commit 2e4beb875b
1 changed files with 7 additions and 4 deletions
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@ -502,11 +502,14 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                if (r < 0)
                        return log_error_errno(r, "Failed to load LUKS superblock on device %s: %m", crypt_get_device_name(cd));

-                if (data_device)
+                if (data_device) {
                        r = crypt_set_data_device(cd, data_device);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to set LUKS data device %s: %m", data_device);
+                }
        }

-        if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
+        if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) {
                struct crypt_params_plain params = {
                        .offset = arg_offset,
                        .skip = arg_skip,
@ -547,12 +550,12 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                /* In contrast to what the name crypt_setup() might suggest this doesn't actually format
                 * anything, it just configures encryption parameters when used for plain mode. */
                r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
+                if (r < 0)
+                        return log_error_errno(r, "Loading of cryptographic parameters failed: %m");

                /* hash == NULL implies the user passed "plain" */
                pass_volume_key = (params.hash == NULL);
        }
-        if (r < 0)
-                return log_error_errno(r, "Loading of cryptographic parameters failed: %m");

        log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
                 crypt_get_cipher(cd),