rpms/cryptsetup-luks/devel cryptsetup-fix-fd.patch, NONE, 1.1 cryptsetup-remove-udev.patch, NONE, 1.1 cryptsetup-luks.spec, 1.60, 1.61
Milan Broz
mbroz at fedoraproject.org
Sun Sep 7 08:55:22 UTC 2008
Author: mbroz
Update of /cvs/pkgs/rpms/cryptsetup-luks/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4962
Modified Files:
cryptsetup-luks.spec
Added Files:
cryptsetup-fix-fd.patch cryptsetup-remove-udev.patch
Log Message:
Fix close of zero decriptor.
Fix udevsettle delays - use temporary crypt device remapping.
cryptsetup-fix-fd.patch:
--- NEW FILE cryptsetup-fix-fd.patch ---
Close file descriptor even if it is 0.
--- cryptsetup-1.0.6.old/luks/keyencryption.c 2008-01-25 23:00:30.000000000 +0100
+++ cryptsetup-1.0.6/luks/keyencryption.c 2008-09-06 14:24:21.000000000 +0200
@@ -97,12 +97,13 @@ static int clear_mapping(const char *nam
/* I miss closures in C! */
static struct setup_backend *cleaner_backend=NULL;
static const char *cleaner_name=NULL;
-static int devfd=0;
+static int devfd=-1;
static void sigint_handler(int sig)
{
- if(devfd)
+ if(devfd >= 0)
close(devfd);
+ devfd = -1;
if(cleaner_backend && cleaner_name)
clear_mapping(cleaner_name, cleaner_backend);
signal(SIGINT, SIG_DFL);
@@ -160,7 +161,7 @@ static int LUKS_endec_template(char *src
r = 0;
out3:
close(devfd);
- devfd = 0;
+ devfd = -1;
out2:
clear_mapping(name,backend);
out1:
cryptsetup-remove-udev.patch:
--- NEW FILE cryptsetup-remove-udev.patch ---
Replace udevsettle with remmaping to error target.
--- cryptsetup-1.0.6.old/lib/internal.h 2007-10-25 09:11:19.000000000 +0200
+++ cryptsetup-1.0.6/lib/internal.h 2008-09-06 14:27:41.000000000 +0200
@@ -40,7 +40,7 @@ struct setup_backend {
const char *key);
int (*status)(int details, struct crypt_options *options,
char **key);
- int (*remove)(struct crypt_options *options);
+ int (*remove)(int force, struct crypt_options *options);
const char * (*dir)(void);
};
--- cryptsetup-1.0.6.old/lib/libdevmapper.c 2007-10-25 09:11:19.000000000 +0200
+++ cryptsetup-1.0.6/lib/libdevmapper.c 2008-09-06 14:28:56.000000000 +0200
@@ -17,13 +17,7 @@
#define DEVICE_DIR "/dev"
#define CRYPT_TARGET "crypt"
-
-#define UDEVSETTLE "/sbin/udevsettle"
-
-static void run_udevsettle(void)
-{
- system(UDEVSETTLE);
-}
+#define RETRY_COUNT 5
static void set_dm_error(int level, const char *file, int line,
const char *f, ...)
@@ -50,16 +44,6 @@ static void dm_exit(void)
dm_lib_release();
}
-static void flush_dm_workqueue(void)
-{
- /*
- * Unfortunately this is the only way to trigger libdevmapper's
- * update_nodes function
- */
- dm_exit();
- dm_init();
-}
-
static char *__lookup_dev(char *path, dev_t dev)
{
struct dirent *entry;
@@ -152,6 +136,89 @@ out:
return params;
}
+/* DM helpers */
+static int _dm_simple(int task, const char *name)
+{
+ int r = 0;
+ struct dm_task *dmt;
+
+ if (!(dmt = dm_task_create(task)))
+ return 0;
+
+ if (!dm_task_set_name(dmt, name))
+ goto out;
+
+ r = dm_task_run(dmt);
+
+ out:
+ dm_task_destroy(dmt);
+ return r;
+}
+
+static int _error_device(struct crypt_options *options)
+{
+ struct dm_task *dmt;
+ int r = 0;
+
+ if (!(dmt = dm_task_create(DM_DEVICE_RELOAD)))
+ return 0;
+
+ if (!dm_task_set_name(dmt, options->name))
+ goto error;
+
+ if (!dm_task_add_target(dmt, UINT64_C(0), options->size, "error", ""))
+ goto error;
+
+ if (!dm_task_set_ro(dmt))
+ goto error;
+
+ if (!dm_task_no_open_count(dmt))
+ goto error;
+
+ if (!dm_task_run(dmt))
+ goto error;
+
+ if (!_dm_simple(DM_DEVICE_RESUME, options->name)) {
+ _dm_simple(DM_DEVICE_CLEAR, options->name);
+ goto error;
+ }
+
+ r = 1;
+
+error:
+ dm_task_destroy(dmt);
+ return r;
+}
+
+static int _dm_remove(struct crypt_options *options, int force)
+{
+ int r = -EINVAL;
+ int retries = force ? RETRY_COUNT : 1;
+
+ /* If force flag is set, replace device with error, read-only target.
+ * it should stop processes from reading it and also removed underlying
+ * device from mapping, so it is usable again.
+ * Force flag should be used only for temporary devices, which are
+ * intended to work inside cryptsetup only!
+ * Anyway, if some process try to read temporary cryptsetup device,
+ * it is bug - no other process should try touch it (e.g. udev).
+ */
+ if (force) {
+ _error_device(options);
+ retries = RETRY_COUNT;
+ }
+
+ do {
+ r = _dm_simple(DM_DEVICE_REMOVE, options->name) ? 0 : -EINVAL;
+ if (--retries)
+ sleep(1);
+ } while (r == -EINVAL && retries);
+
+ dm_task_update_nodes();
+
+ return r;
+}
+
static int dm_create_device(int reload, struct crypt_options *options,
const char *key)
{
@@ -191,24 +258,14 @@ static int dm_create_device(int reload,
if (dmi.read_only)
options->flags |= CRYPT_FLAG_READONLY;
- /* run udevsettle to avoid a race in libdevmapper causing busy dm devices */
- run_udevsettle();
-
r = 0;
-
out:
if (r < 0 && !reload) {
char *error = (char *)get_error();
if (error)
error = strdup(error);
- if (dmt)
- dm_task_destroy(dmt);
- if (!(dmt = dm_task_create(DM_DEVICE_REMOVE)))
- goto out_restore_error;
- if (!dm_task_set_name(dmt, options->name))
- goto out_restore_error;
- if (!dm_task_run(dmt))
+ if (!_dm_remove(options, 0))
goto out_restore_error;
out_restore_error:
@@ -224,7 +281,7 @@ out_no_removal:
dm_task_destroy(dmt);
if(dmt_query)
dm_task_destroy(dmt_query);
- flush_dm_workqueue();
+ dm_task_update_nodes();
return r;
}
@@ -352,25 +409,12 @@ out:
return r;
}
-static int dm_remove_device(struct crypt_options *options)
+static int dm_remove_device(int force, struct crypt_options *options)
{
- struct dm_task *dmt;
- int r = -EINVAL;
+ if (!options || !options->name)
+ return -EINVAL;
- if (!(dmt = dm_task_create(DM_DEVICE_REMOVE)))
- goto out;
- if (!dm_task_set_name(dmt, options->name))
- goto out;
- if (!dm_task_run(dmt))
- goto out;
-
- r = 0;
-
-out:
- if (dmt)
- dm_task_destroy(dmt);
- flush_dm_workqueue();
- return r;
+ return _dm_remove(options, force);;
}
--- cryptsetup-1.0.6.old/lib/setup.c 2008-09-06 14:20:24.000000000 +0200
+++ cryptsetup-1.0.6/lib/setup.c 2008-09-06 14:27:41.000000000 +0200
@@ -369,7 +369,7 @@ static int __crypt_remove_device(int arg
return -EBUSY;
}
- return backend->remove(options);
+ return backend->remove(0, options);
}
static int __crypt_luks_format(int arg, struct setup_backend *backend, struct crypt_options *options)
--- cryptsetup-1.0.6.old/luks/keyencryption.c 2008-09-06 14:24:21.000000000 +0200
+++ cryptsetup-1.0.6/luks/keyencryption.c 2008-09-06 14:27:41.000000000 +0200
@@ -50,10 +50,8 @@ static int setup_mapping(const char *cip
const char *key, size_t keyLength,
unsigned int sector, size_t srcLength,
struct setup_backend *backend,
- int mode)
+ int mode, struct crypt_options *options)
{
- struct crypt_options k;
- struct crypt_options *options = &k;
int device_sector_size = sector_size_for_device(device);
int r;
@@ -87,16 +85,14 @@ static int setup_mapping(const char *cip
return r;
}
-static int clear_mapping(const char *name, struct setup_backend *backend)
+static int clear_mapping(struct crypt_options *options, struct setup_backend *backend)
{
- struct crypt_options options;
- options.name=name;
- return backend->remove(&options);
+ return backend->remove(1, options);
}
/* I miss closures in C! */
static struct setup_backend *cleaner_backend=NULL;
-static const char *cleaner_name=NULL;
+static struct crypt_options *cleaner_options = NULL;
static int devfd=-1;
static void sigint_handler(int sig)
@@ -104,8 +100,8 @@ static void sigint_handler(int sig)
if(devfd >= 0)
close(devfd);
devfd = -1;
- if(cleaner_backend && cleaner_name)
- clear_mapping(cleaner_name, cleaner_backend);
+ if(cleaner_backend && cleaner_options)
+ clear_mapping(cleaner_options, cleaner_backend);
signal(SIGINT, SIG_DFL);
kill(getpid(), SIGINT);
}
@@ -120,6 +116,7 @@ static int LUKS_endec_template(char *src
ssize_t (*func)(int, void *, size_t),
int mode)
{
+ struct crypt_options options = {0};
char *name = NULL;
char *fullpath = NULL;
char *dmCipherSpec = NULL;
@@ -138,10 +135,11 @@ static int LUKS_endec_template(char *src
}
signal(SIGINT, sigint_handler);
- cleaner_name = name;
+ options.name = name;
+ cleaner_options = &options;
cleaner_backend = backend;
- r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode);
+ r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode,&options);
if(r < 0) {
if(!get_error())
set_error("Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors",
@@ -163,10 +161,10 @@ static int LUKS_endec_template(char *src
close(devfd);
devfd = -1;
out2:
- clear_mapping(name,backend);
+ clear_mapping(&options,backend);
out1:
signal(SIGINT, SIG_DFL);
- cleaner_name = NULL;
+ cleaner_options = NULL;
cleaner_backend = NULL;
free(dmCipherSpec);
free(fullpath);
Index: cryptsetup-luks.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cryptsetup-luks/devel/cryptsetup-luks.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- cryptsetup-luks.spec 28 May 2008 13:26:25 -0000 1.60
+++ cryptsetup-luks.spec 7 Sep 2008 08:54:51 -0000 1.61
@@ -3,16 +3,20 @@
Summary: A utility for setting up encrypted filesystems
Name: cryptsetup-luks
Version: 1.0.6
-Release: 3%{?devrelease:.%{devrelease}}%{?dist}
+Release: 4%{?devrelease:.%{devrelease}}%{?dist}
License: GPLv2
Group: Applications/System
URL: http://luks.endorphin.org/
Source: http://luks.endorphin.org/source/cryptsetup-%{version}%{?devrelease:-%{devrelease}}.tar.bz2
# 2008-04-15: sent to upstream via personal e-mail to Clemens Fruhwirth
-Patch: cryptsetup-prompt.patch
+Patch0: cryptsetup-prompt.patch
# 2008-05-28: sent to upstream via newsgroup:
# http://permalink.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2735
Patch1: cryptsetup-luks-1.0.6-duplicate_sentence.patch
+# http://permalink.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2803
+Patch2: cryptsetup-fix-fd.patch
+# http://permalink.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2804
+Patch3: cryptsetup-remove-udev.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libgcrypt-devel, popt-devel, device-mapper-devel
BuildRequires: libgpg-error-devel, e2fsprogs-devel, libsepol-devel
@@ -40,8 +44,10 @@
%prep
%setup -q -n cryptsetup-%{version}%{?devrelease:-%{devrelease}}
-%patch -p1 -b .prompt
+%patch0 -p1 -b .prompt
%patch1 -p1 -b .duplicate_sentence
+%patch2 -p1 -b .fd
+%patch3 -p1 -b .udev
iconv -f latin1 -t utf8 ChangeLog > ChangeLog.new
mv -f ChangeLog.new ChangeLog
@@ -86,6 +92,10 @@
%changelog
+* Sat Sep 06 2008 Milan Broz <mbroz at redhat.com> - 1.0.6-4
+- Fix close of zero decriptor.
+- Fix udevsettle delays - use temporary crypt device remapping.
+
* Wed May 28 2008 Till Maas <opensource till name> - 1.0.6-3
- remove a duplicate sentence from the manpage (RH #448705)
- add patch metadata about upstream status
More information about the fedora-extras-commits
mailing list