Bug 1029032
Summary: | cryptsetup fails to write LUKS header to fs on top of 4KiB sector sized bdev | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ondrej Kozina <okozina> |
Component: | cryptsetup | Assignee: | Ondrej Kozina <okozina> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Release Test Team <release-test-team-automation> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | agk, coughlan, gmazyland, okozina, pholica, pjanda, prajnoha, pvrabec, qcai, xiaoli, xni |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | cryptsetup-1.6.3-1.el7 | Doc Type: | Known Issue |
Doc Text: |
The cryptsetup library interchanges the loop device with its underlying regular file during writing the LUKS header to the regular file. The process fails if the file system is on top of a block device with 4KiB sectors.
In the following examples, the cryptsetup luksFormat command of a detached header fails if /path/to/hdr_file is a regular file in a file system residing on top of a block device with 4KiB sectors.
cryptsetup luksFormat --header /path/to/hdr_file /dev/device
cryptsetup luksFormat /path/to/hdr_file
To work around this problem, the cryptsetup-reencrypt utility needs to be started from a file system on top of a block device with 512-byte sectors. The user can back up the header using the luksHeaderBackup command after formatting the block device using the luksFormat command without a detached header.
Also, the cryptsetup-reencrypt utility fails if the user runs it from a working directory on a file system on top of a block device with 4KiB sectors. The user must start cryptsetup-reencrypt from a working directory on a file system on top of a block device with 512-byte sectors.
|
Story Points: | --- |
Clone Of: | 809563 | Environment: | |
Last Closed: | 2014-06-13 11:26:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 809563, 1025505 |
Comment 4
Ondrej Kozina
2013-11-22 10:02:31 UTC
Ok finally I got simple reproducer for this issue and it has nothing to do with multipath: Steps to reproduce: 1) modprobe scsi_debug sector_size=4096 dev_size_mb=50 (let's say you will get device /dev/sdd) 2) mkfs.xfs /dev/sdd (even with ext4, it doesn't matter) 3) mount /dev/sdd /mnt/test 4) fallocate -l $[8*1024*1024] /mnt/test/hdr_file 5) echo aaa | cryptsetup --force-password luksFormat /mnt/test/hdr_file the command will fail w/ error message about being unable to update the header in file /mnt/test/hdr_file. It's caused by internal error in cryptsetup library. Trying to write luks header to regular file, It will get block device sector size from loop device (512B) and after that, it will try to write w/ O_DIRECT flag to actual regular file (the loop device backend) instead of to the loop device itself. Naturally, the FS residing on top of 4KiB sector sized block device forbids that operation. This mainly affects cryptsetup-reencrypt utility (more on that in comments above by Xiao) as it uses headers stored in actual working directory. Xiao, thank you again for help! Fixed in upstream: http://code.google.com/p/cryptsetup/source/detail?r=004dc271a4e0bd201479b82454b976c4e1ebb801 This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |