Bug 2223409

Summary: stratisd may potentially overwrite LUKS2 metadata of a block device of an encrypted pool
Product: Red Hat Enterprise Linux 9 Reporter: Bryan Gurney <bgurney>
Component: stratisdAssignee: Bryan Gurney <bgurney>
Status: ON_QA --- QA Contact: Filip Suba <fsuba>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: amulhern, cwei, dkeefe
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: stratisd-3.5.8-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bryan Gurney 2023-07-17 17:22:48 UTC 
Description of problem:
It is possible for stratisd to overwrite LUKS2 metadata, rendering the
device's data inaccessible.

Version-Release number of selected component (if applicable):
stratisd-3.5.7-1.el9

How reproducible:
The bug occurs consistently but under specific conditions which are
very hard to reproduce. What needs to happen is that stratisd fails to
unlock all devices when starting an encrypted pool and then fails to
teardown all the encrypted devices when rolling back the unlock
actions, leaving at least one device in an unlocked state. At this
point the pool is not fully set up. But, if the pool is then setup and
if stratisd writes Stratis pool level metadata to the pool devices, it
will overwrite the LUKS metadata on one of the devices in the pool,
rendering that device unopenable once it has been closed.


Steps to Reproduce:
Not specified. Chaotically starting and stopping a pool while
simultaneously but intermittently reading data from the opened crypt
devices in the pool might work.


Actual results:
Pool can not be started because pool data device can not be unlocked
because LUKS2 metadata has been overwritten.

Expected results:
It should always be possible to start an encrypted pool, so long as an
appropriate unlock mechanism is in place.
Comment 1 Bryan Gurney 2023-07-31 22:11:57 UTC 
Posted CentOS Stream merge request:
https://gitlab.com/redhat/centos-stream/rpms/stratisd/-/merge_requests/22