Bug 2223409 - stratisd may potentially overwrite LUKS2 metadata of a block device of an encrypted pool
Summary: stratisd may potentially overwrite LUKS2 metadata of a block device of an enc...
Keywords:
Status: ON_QA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: stratisd
Version: 9.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Bryan Gurney
QA Contact: Filip Suba
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-17 17:22 UTC by Bryan Gurney
Modified: 2023-08-14 11:32 UTC (History)
3 users (show)

Fixed In Version: stratisd-3.5.8-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-162494 0 None None None 2023-07-17 17:24:54 UTC

Description Bryan Gurney 2023-07-17 17:22:48 UTC
Description of problem:
It is possible for stratisd to overwrite LUKS2 metadata, rendering the
device's data inaccessible.

Version-Release number of selected component (if applicable):
stratisd-3.5.7-1.el9

How reproducible:
The bug occurs consistently but under specific conditions which are
very hard to reproduce. What needs to happen is that stratisd fails to
unlock all devices when starting an encrypted pool and then fails to
teardown all the encrypted devices when rolling back the unlock
actions, leaving at least one device in an unlocked state. At this
point the pool is not fully set up. But, if the pool is then setup and
if stratisd writes Stratis pool level metadata to the pool devices, it
will overwrite the LUKS metadata on one of the devices in the pool,
rendering that device unopenable once it has been closed.


Steps to Reproduce:
Not specified. Chaotically starting and stopping a pool while
simultaneously but intermittently reading data from the opened crypt
devices in the pool might work.


Actual results:
Pool can not be started because pool data device can not be unlocked
because LUKS2 metadata has been overwritten.

Expected results:
It should always be possible to start an encrypted pool, so long as an
appropriate unlock mechanism is in place.

Comment 1 Bryan Gurney 2023-07-31 22:11:57 UTC
Posted CentOS Stream merge request:
https://gitlab.com/redhat/centos-stream/rpms/stratisd/-/merge_requests/22


Note You need to log in before you can comment on or make changes to this bug.