ac1f3ad05f
Opening a verity device is an expensive operation. The kernelspace operations are mostly sequential with a global lock held regardless of which device is being opened. In userspace jumps in and out of multiple libraries are required. When signatures are used, there's the additional cryptographic checks. We know when two devices are identical: they have the same root hash. If libcrypsetup returns EEXIST, double check that the hashes are really the same, and that either both or none have a signature, and if everything matches simply remount the already open device. The kernel will do reference counting for us. In order to quickly and reliably discover if a device is already open, change the node naming scheme from '/dev/mapper/major:minor-verity' to '/dev/mapper/$roothash-verity'. Unfortunately libdevmapper is not 100% reliable, so in some case it will say that the device already exists and it is active, but in reality it is not usable. Fallback to an individually-activated unique device name in those cases for robustness.
5 lines
104 B
C
5 lines
104 B
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
int dm_deferred_remove_cancel(const char *name);
|