mount-encrypted: handle lack of dm-crypt "allow_discard"

On kernels prior to 3.1, the "allow_discard" option does not exist. Allow for this by attempting to set up the table twice if the allow_discard attempt fails. BUG=chrome-os-partner:11529 TEST=link build, boots 3.2 ok, falls back when option is invalid. Change-Id: I904d3770543ebdeb0eace9ffa8e6c654cf97976d Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/28024 Reviewed-by: Elly Jones <ellyjones@chromium.org>
2025-11-27 03:33:50 +00:00 · 2012-07-20 10:16:31 -07:00
parent b1aa7aea2d
commit 7b20efdc4a
3 changed files with 21 additions and 8 deletions
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -60,6 +60,7 @@ static const char * const kStaticKeyDefault = "default unsafe static key";
 static const char * const kStaticKeyFactory = "factory unsafe static key";
 static const int kModeProduction = 0;
 static const int kModeFactory = 1;
+static const int kCryptAllowDiscard = 1;

 enum migration_method {
 	MIGRATE_TEST_ONLY,
@@ -761,10 +762,22 @@ static int setup_encrypted(int mode)
 	/* Mount loopback device with dm-crypt using the encryption key. */
 	INFO("Setting up dm-crypt %s as %s.", lodev, dmcrypt_dev);
 	if (!dm_setup(sectors, encryption_key, dmcrypt_name, lodev,
-		      dmcrypt_dev)) {
+		      dmcrypt_dev, kCryptAllowDiscard)) {
+		/* If dm_setup() fails, it could be due to lacking
+		 * "allow_discard" support, so try again with discard
+		 * disabled. There doesn't seem to be a way to query
+		 * the kernel for this feature short of a fallible
+		 * version test or just trying to set up the dm table
+		 * again, so do the latter.
+		 */
+		if (!dm_setup(sectors, encryption_key, dmcrypt_name, lodev,
+			      dmcrypt_dev, !kCryptAllowDiscard)) {
 			ERROR("dm_setup failed");
 			goto lo_cleanup;
 		}
+		INFO("%s: dm-crypt does not support discard; disabling.",
+		     dmcrypt_dev);
+	}

 	/* Decide now if any migration will happen. If so, we will not
 	 * grow the new filesystem in the background, since we need to
--- a/utility/mount-helpers.c
+++ b/utility/mount-helpers.c
@@ -297,16 +297,16 @@ failed:
 }

 int dm_setup(size_t sectors, const gchar *encryption_key, const char *name,
-		const gchar *device, const char *path)
+		const gchar *device, const char *path, int discard)
 {
 	/* Mount loopback device with dm-crypt using the encryption key. */
 	gchar *table = g_strdup_printf("0 %zu crypt " \
 				       "aes-cbc-essiv:sha256 %s " \
-				       "0 %s 0 " \
-				       "1 allow_discards",
+				       "0 %s 0%s",
 				       sectors,
 				       encryption_key,
-				       device);
+				       device,
+				       discard ? " 1 allow_discards" : "");
 	if (!table) {
 		PERROR("g_strdup_printf");
 		return 0;
--- a/utility/mount-helpers.h
+++ b/utility/mount-helpers.h
@@ -22,7 +22,7 @@ int loop_detach_name(const char *name);

 /* Encrypted device mapper setup/teardown. */
 int dm_setup(size_t sectors, const gchar *encryption_key, const char *name,
-		const gchar *device, const char *path);
+		const gchar *device, const char *path, int discard);
 int dm_teardown(const gchar *device);
 char *dm_get_key(const gchar *device);